Share via

Securing Azure Container App Endpoints Used by Azure Communication Services (Call Automation + Media Streaming)

Balar, Nishilkumar 0 Reputation points
2026-03-30T09:03:51.38+00:00

Background

I have a Python-based real-time voice bot running on Azure Container Apps. It uses ACS Call Automation SDK with bidirectional media streaming. The app exposes 3 endpoints:

  • POST /api/incomingCall - receives incoming call events from ACS via Event Grid webhook
  • POST /api/callbacks/{contextId} - receives call automation callback events from ACS
  • WSS /ws - receives bidirectional audio media stream initiated by ACS

Currently the Container App is publicly accessible. I have implemented application-level security (webhook secret header validation, payload validation, ..), but we have a strict data security requirement: the Container App must not be publicly accessible - no public IP, no direct internet routing to the container under any circumstance.

Core Problem

I want to make the Container App fully private (internal VNet ingress only, no public IP) while still allowing ACS to reach all 3 endpoints. The challenge is:

  1. No ACS Service Tag for NSG - I cannot find AzureCommunicationServices as an available service tag when configuring NSG inbound rules. This means I cannot IP-restrict at the network layer to ACS only.
  2. ACS initiates the WSS connection - For media streaming, ACS dials INTO my /ws endpoint. I cannot reverse this direction or use a pull-based model.

What I Have Tried

  • API Management: Adds a public layer but doesn't remove public exposure
  • App-level token auth: HMAC-signed WS tokens, webhook secret validation - good but not a network-level solution

Specific Questions

  1. Is there an official Azure-supported way to restrict inbound access to a Container App to ACS only at the network level?
  2. Does ACS Call Automation support connecting to a private endpoint or VNet-integrated backend for media streaming (WSS)? Is Private Link for ACS media streaming on the roadmap?
  3. Is AzureCommunicationServices available as an NSG Service Tag for inbound rules? I can find it in the downloadable JSON but not in the Azure Portal NSG rule builder.
  4. Is there any recommended architecture pattern from Microsoft for securing Container Apps that serve as ACS Call Automation backends - specifically covering both webhook endpoints and WSS media streaming?

Current Architecture

ACS / Event Grid

  │

  │ (public internet)

  ▼
 Container App (public ingress) ← want to eliminate this

   /api/incomingCall

   /api/callbacks

   /ws (WSS media stream)

Desired Architecture

ACS / Event Grid

  │

  ▼
 [Some Azure-native mechanism]

  │

  │ (private only)

  ▼
 Container App (internal VNet, no public IP)

Environment

  • Language/Framework: Python, FastAPI
  • ACS Feature: Call Automation SDK, bidirectional media streaming
  • Container App: Currently public ingress, no VNet integration
  • Region: Any (reproducible across regions)

Any guidance from the ACS product team or community experts would be greatly appreciated. Happy to provide additional details.

Tags: azure-communication-services azure-container-apps azure-networking call-automation security

Azure Communication Services

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Golla Venkata Pavani 3,415 Reputation points Microsoft External Staff Moderator
    2026-04-01T17:28:40.33+00:00

    Hi @Balar, Nishilkuma

    Thank you for reaching us regarding the issue.
    At this time, Azure Communication Services (ACS) Call Automation – including webhook delivery and bidirectional media streaming (WSS) – requires publicly reachable endpoints. There is no supported way today to have ACS initiate calls, callbacks, or media streaming into a private‑only (VNet‑internal) Azure Container App with no public ingress.

    1. Is there an official Azure-supported way to restrict inbound access to a Container App to ACS only at the network level?
      No. ACS requires publicly reachable HTTPS/WebSocket endpoints. You can use VNet integration + internal ingress on Container Apps, but ACS cannot reach a fully private endpoint. Network-level restriction to “ACS only” is not supported.
    2. Does ACS Call Automation support connecting to a private endpoint or VNet-integrated backend for media streaming (WSS)? Is Private Link on the roadmap?
      No. ACS does not support private endpoints or Private Link for callbacks or bidirectional media streaming (WSS). The callback URI and media Transport URI must be public with a valid HTTPS certificate. No Private Link roadmap is documented.
    3. Is AzureCommunicationServices available as an NSG Service Tag for inbound rules?
      It appears in the downloadable IP ranges JSON, but it is not available as a selectable service tag in the Azure Portal NSG rule builder. Do not rely on it for inbound restrictions.
    4. Is there any recommended architecture pattern from Microsoft for securing Container Apps as ACS Call Automation backends (webhooks + WSS)?
      Yes, Use internal ingress + VNet integration for the Container App, then front it with Azure Application Gateway (with WAF) or Azure Front Door. Route only your required paths (/api/incomingCall, /api/callbacks/{contextId}, /ws). Keep strong app-level validation (JWT, secrets, HMAC). This is the recommended layered pattern.

    Reference:
    https://dori-uw-1.kuma-moon.com/en-us/azure/communication-services/how-tos/call-automation/secure-webhook-endpoint?pivots=programming-language-javascript
    https://dori-uw-1.kuma-moon.com/en-us/azure/container-apps/waf-app-gateway?tabs=default-domain
    https://dori-uw-1.kuma-moon.com/en-us/azure/application-gateway/application-gateway-websocket

    Kindly let us know if the above helps or you need further assistance on this issue.

    Please "upvote" if the information helped you. This will help us and others in the community as well.

    0 comments
  2. Q&A Assist
    2026-03-30T09:04:17.8933333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more
    1. There’s no documented, Azure-supported way in the provided material to restrict Azure Container Apps ingress “to ACS only” at the network layer. The available guidance for Container Apps focuses on:
      • Using internal ingress and VNet integration, plus NSGs and firewalls, to restrict access in general.
      • Fronting web-facing workloads with a WAF-capable entry point when external ingress is required.
      The material explicitly notes that when using built-in external ingress, the ingress point can’t be fully placed behind a WAF or DDoS plan, and recommends “Front all web-facing workloads with a web application firewall” instead of a service-tag-only restriction.
    2. The provided ACS Call Automation documentation requires that:
      • IncomingCall events are delivered via Event Grid to a webhook endpoint.
      • Mid-call Call Automation events are delivered via HTTPS webhooks to a callback URI that “must be a public endpoint with a valid HTTPS certificate, DNS name, and IP address with the correct firewall ports open.”
      • For WebSocket media, ACS initiates the WebSocket connection to the application’s WSS endpoint, and security is handled by:
        • Validating a JWT token in the WebSocket headers.
        • Optionally restricting connections by IP ranges/FQDNs for “Call Automation media” and “Call Automation callback URLs.”
      There’s no mention in the context of ACS Call Automation supporting:
      • Private endpoints / Private Link to reach a backend.
      • Direct connectivity to a VNet-only or private-ingress-only Container App.
      Instead, the guidance is to secure the public endpoint with:
      • HTTPS and certificate validation.
      • JWT validation for WebSocket connections.
      • IP allowlisting using the documented ACS media and callback IP ranges and FQDNs.
    3. The context lists IP ranges and FQDNs for ACS media and callback traffic, but does not state that an AzureCommunicationServices NSG service tag is available or supported for inbound rules. The recommended network-level control in the ACS docs is IP/FQDN allowlisting, not a service tag.
    4. For an architecture pattern, the relevant guidance from the context is:
      • For Container Apps:
        • Use internal ingress and VNet integration plus NSGs when workloads must not be broadly exposed, but when external ingress is used, front it with a WAF (for example, Application Gateway or Azure Front Door) and other network security features such as NSGs, UDRs, and private endpoints for downstream services.
        • Avoid storing state in the Container Apps environment; use external state stores.
      • For ACS Call Automation:
        • Webhook callback URIs and WebSocket endpoints must be public HTTPS endpoints.
        • Secure them with:
          • Event Grid’s support for Microsoft Entra–protected endpoints for IncomingCall events.
          • JWT validation on WebSocket connections.
          • IP/FQDN allowlisting for ACS media and callback traffic.
      Combining these, the pattern implied by the documentation is:
      • Keep a public HTTPS/WebSocket surface that ACS can reach (for webhooks and media), but harden it:
        • Front with WAF (Application Gateway or Azure Front Door) as the only public entry point.
        • Use Container Apps network security features (NSGs, rule-based routing, custom domains, firewall integration) behind that entry point.
        • Use JWT validation and IP/FQDN allowlisting for ACS media and callbacks.
      • Use internal networking and private endpoints only for downstream dependencies (databases, caches, etc.), not for the ACS-facing endpoints themselves.
      The context does not describe a fully private, no-public-IP Container App being directly reachable by ACS Call Automation for webhooks and WebSocket media.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.