nat.plugins.a365.front_end.front_end_config

Configuration for Microsoft Agent 365 front-end.

Attributes

logger

Classes

A365FrontEndConfig

Microsoft Agent 365 front-end configuration.

Module Contents

logger

class A365FrontEndConfig

Bases: nat.data_models.front_end.FrontEndBaseConfig

Microsoft Agent 365 front-end configuration.

This front-end integrates NAT workflows with Microsoft Agent 365 hosting framework, enabling workflows to receive notifications from Teams, Email, and Office 365 apps.

Authentication uses Entra ID (Azure AD) App Registration credentials (app_id and app_password) created when registering your bot in Azure Portal. The Microsoft Agents SDK authenticates with Entra ID via MsalConnectionManager to enable bot communication with Teams and Office 365.

host: str = None

port: int = None

app_id: str = None

app_password: nat.data_models.common.OptionalSecretStr = None

tenant_id: str | None = None

allowed_audiences: list[str] = None

log_level: str = None

enable_notifications: bool = None

notification_workflow: str | None = None

runner_class: str | None = None

validate_security_configuration()

Validate security configuration to prevent accidental misconfigurations.

classmethod normalize_allowed_audiences(value)

Accept YAML lists or comma-delimited strings for audience aliases.

classmethod warn_on_suspicious_allowed_audiences(value: list[str]) → list[str]

Warn (don’t reject) on entries that don’t look like real audiences.

Real Microsoft audiences are either a GUID (the bot’s app_id or another registered app’s), a fully-qualified URL such as https://api.botframework.com, or a Microsoft resource ID. Anything much shorter or containing internal whitespace is almost certainly a typo.

We emit a warning instead of raising because Microsoft may introduce new canonical audiences in the future and we shouldn’t gate config load on a heuristic. The warning surfaces the typo early; the deployment still loads.