[docs]: add regional config section to user authentication (#2684)

lilyydu · lilydu · web-flow · commit 237bbc3ce224 · 2025-12-09T16:17:09.000-08:00
added typescript and python as .NET implementation will be delayed with
other refactorings

---------

Co-authored-by: lilydu &lt;lilydu+odspmdb@microsoft.com&gt;
diff --git a/teams.md/src/components/include/in-depth-guides/user-authentication/csharp.incl.md b/teams.md/src/components/include/in-depth-guides/user-authentication/csharp.incl.md
@@ -88,3 +88,6 @@ teams.OnMessage("/signout", async context =>
     await context.Send("you have been signed out!");
 });
 ```
+<!-- regional-bot -->
+
+N/A
diff --git a/teams.md/src/components/include/in-depth-guides/user-authentication/python.incl.md b/teams.md/src/components/include/in-depth-guides/user-authentication/python.incl.md
@@ -85,3 +85,38 @@ async def handle_signout_message(ctx: ActivityContext[MessageActivity]):
     await ctx.sign_out()
     await ctx.send("You have been signed out!")
 ```
+
+<!-- regional-bot -->
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+## Regional Configs
+You may be building a regional bot that is deployed in a specific Azure region (such as West Europe, East US, etc.) rather than global. This is important for organizations that have data residency requirements or want to reduce latency by keeping data and authentication flows within a specific area.
+
+These examples use West Europe, but follow the equivalent for other regions.
+
+<Tabs>
+<TabItem value="portal" label="Azure Portal">
+To configure a new regional bot in Azure, you must setup your resoures in the desired region. Your resource group must also be in the same region. 
+
+1. Deploy a new App Registration in `westeurope`.
+2. Deploy and link a new Enterprise Application (Service Principal) on Microsoft Entra in `westeurope`.
+3. Deploy and link a new Azure Bot in `westeurope`.
+4. In your App Registration, in the `Authentication (Preview)` tab, add a `Redirect URI` for the Platform Type `Web` to your regional endpoint (e.g., `https://europe.token.botframework.com/.auth/web/redirect`)
+
+![Authentication Tab](/screenshots/regional-auth.png)
+
+5. In your `.env` file (or wherever you set your environment variables), add your `OAUTH_URL`. For example:
+`OAUTH_URL=https://europe.token.botframework.com`
+</TabItem>
+
+<TabItem value="atk" label="Agents Toolkit">
+To configure a new regional bot with ATK, you will need to make a few updates. Note that this assumes you have not yet deployed the bot previously.
+
+1. In `azurebot.bicep`, replace all `global` occurrences to `westeurope`
+2. In `manifest.json`, in `validDomains`, `*.botframework.com` should be replaced by `europe.token.botframework.com`
+3. In `aad.manifest.json`, replace `https://token.botframework.com/.auth/web/redirect` with `https://europe.token.botframework.com/.auth/web/redirect`
+4. In your `.env` file, add your `OAUTH_URL`. For example:
+`OAUTH_URL=https://europe.token.botframework.com`.
+</TabItem>
+</Tabs>
diff --git a/teams.md/src/components/include/in-depth-guides/user-authentication/typescript.incl.md b/teams.md/src/components/include/in-depth-guides/user-authentication/typescript.incl.md
@@ -86,3 +86,38 @@ app.message('/signout', async ({ send, signout, isSignedIn }) => {
   await send('you have been signed out!');
 });
 ```
+
+<!-- regional-bot -->
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+## Regional Configs
+You may be building a regional bot that is deployed in a specific Azure region (such as West Europe, East US, etc.) rather than global. This is important for organizations that have data residency requirements or want to reduce latency by keeping data and authentication flows within a specific area.
+
+These examples use West Europe, but follow the equivalent for other regions.
+
+<Tabs>
+<TabItem value="portal" label="Azure Portal">
+To configure a new regional bot in Azure, you must setup your resoures in the desired region. Your resource group must also be in the same region. 
+
+1. Deploy a new App Registration in `westeurope`.
+2. Deploy and link a new Enterprise Application (Service Principal) on Microsoft Entra in `westeurope`.
+3. Deploy and link a new Azure Bot in `westeurope`.
+4. In your App Registration, in the `Authentication (Preview)` tab, add a `Redirect URI` for the Platform Type `Web` to your regional endpoint (e.g., `https://europe.token.botframework.com/.auth/web/redirect`)
+
+![Authentication Tab](/screenshots/regional-auth.png)
+
+5. In your `.env` file (or wherever you set your environment variables), add your `OAUTH_URL`. For example:
+`OAUTH_URL=https://europe.token.botframework.com`
+</TabItem>
+
+<TabItem value="atk" label="Agents Toolkit">
+To configure a new regional bot with ATK, you will need to make a few updates. Note that this assumes you have not yet deployed the bot previously.
+
+1. In `azurebot.bicep`, replace all `global` occurrences to `westeurope`
+2. In `manifest.json`, in `validDomains`, `*.botframework.com` should be replaced by `europe.token.botframework.com`
+3. In `aad.manifest.json`, replace `https://token.botframework.com/.auth/web/redirect` with `https://europe.token.botframework.com/.auth/web/redirect`
+4. In your `.env` file, add your `OAUTH_URL`. For example:
+`OAUTH_URL=https://europe.token.botframework.com`
+</TabItem>
+</Tabs>
diff --git a/teams.md/src/pages/templates/in-depth-guides/user-authentication.mdx b/teams.md/src/pages/templates/in-depth-guides/user-authentication.mdx
@@ -96,6 +96,8 @@ You can signout by calling the `signout` method, this will remove the token from
 
 <LanguageInclude section="signing-out" />
 
+<LanguageInclude section="regional-bot" />
+
 ## Resources
 
 [User Authentication Basics](https://learn.microsoft.com/en-us/azure/bot-service/bot-builder-concept-authentication?view=azure-bot-service-4.0)
diff --git a/teams.md/static/screenshots/regional-auth.png b/teams.md/static/screenshots/regional-auth.png
