Python SingleTenant updates (#3932)

* Python SingleTenant updates * Python deployments now default to Python 3.9 --------- Co-authored-by: Tracy Boehrer <trboehre@microsoft.com>
2024-04-17 13:19:21 -05:00 · 2024-04-17 13:19:21 -05:00 · 9c1640835f
--- a/samples/python/02.echo-bot/config.py
+++ b/samples/python/02.echo-bot/config.py
@ -13,3 +13,5 @@ class DefaultConfig:
    PORT = 3978
    APP_ID = os.environ.get("MicrosoftAppId", "")
    APP_PASSWORD = os.environ.get("MicrosoftAppPassword", "")
+    APP_TYPE = os.environ.get("MicrosoftAppType", "MultiTenant")
+    APP_TENANTID = os.environ.get("MicrosoftAppTenantId", "")
--- a/samples/python/02.echo-bot/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-AzureBot-with-rg.json
+++ b/samples/python/02.echo-bot/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-AzureBot-with-rg.json
@ -14,8 +14,14 @@
        "botEndpoint": {
            "value": ""
        },
+        "appType": {
+          "value": "MultiTenant"
+        },
        "appId": {
            "value": ""
+        },
+        "tenantId": {
+          "value": ""
        }
    }
 }
--- a/samples/python/02.echo-bot/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-BotApp-with-rg.json
+++ b/samples/python/02.echo-bot/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-BotApp-with-rg.json
@ -26,11 +26,17 @@
                "capacity": 1
            }
        },
+        "appType": {
+            "value": "MultiTenant"
+        },
        "appId": {
            "value": ""
        },
        "appSecret": {
            "value": ""
+        },
+        "tenantId": {
+            "value": ""
+          }
        }
-    }
 }
--- a/samples/python/02.echo-bot/deploymentTemplates/deployUseExistResourceGroup/readme.md
+++ b/samples/python/02.echo-bot/deploymentTemplates/deployUseExistResourceGroup/readme.md
@ -14,13 +14,17 @@ BotApp must be deployed prior to AzureBot.
  - **newAppServicePlanName**:          The name of the App Service Plan.
  - **newAppServicePlanLocation**:      The location of the App Service Plan.
  - **newAppServicePlanSku**:           The SKU of the App Service Plan. Defaults to Standard values.
- **appId**: (required)                 Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
- **appSecret**: (required)             Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. **Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.**
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **appSecret**: (required for MultiTenant and SingleTenant)  Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.

 ## Parameters for template-AzureBot-with-rg.json:

- **azureBotId**: (required)            The globally unique and immutable bot ID.
- **azureBotSku**:                      The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
- **azureBotRegion**:                   Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
- **botEndpoint**:                      Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
- **appId**: (required)                 Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **azureBotId**: (required)          The globally unique and immutable bot ID.
+- **azureBotSku**:                    The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
+- **azureBotRegion**:                 Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
+- **botEndpoint**:                    Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
+- **appType**:   Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **tenantId**:  The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.
--- a/samples/python/02.echo-bot/deploymentTemplates/deployUseExistResourceGroup/template-AzureBot-with-rg.json
+++ b/samples/python/02.echo-bot/deploymentTemplates/deployUseExistResourceGroup/template-AzureBot-with-rg.json
@ -29,15 +29,47 @@
        "description": "Use to handle client messages, Such as https://<botappServiceName>.azurewebsites.net/api/messages."
      }
    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
        "description": "Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings."
      }
+    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
    }
  },
  "variables": {
-    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]"
+    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]",
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "msiResourceId": ""
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "msiResourceId": ""
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]"
+    }
  },
  "resources": [
    {
@ -55,6 +87,8 @@
        "iconUrl": "https://docs.botframework.com/static/devportal/client/images/bot-framework-default.png",
        "endpoint": "[variables('botEndpoint')]",
        "msaAppId": "[parameters('appId')]",
+        "msaAppTenantId": "[variables('appType').tenantId]",
+        "msaAppType": "[parameters('appType')]",
        "luisAppIds": [],
        "schemaTransformationVersion": "1.3",
        "isCmekEnabled": false,
--- a/samples/python/02.echo-bot/deploymentTemplates/deployUseExistResourceGroup/template-BotApp-with-rg.json
+++ b/samples/python/02.echo-bot/deploymentTemplates/deployUseExistResourceGroup/template-BotApp-with-rg.json
@ -49,6 +49,17 @@
        "description": "The SKU of the App Service Plan. Defaults to Standard values."
      }
    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
@ -61,12 +72,34 @@
      "metadata": {
        "description": "Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings. Required for MultiTenant and SingleTenant app types. Defaults to \"\"."
      }
+    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
    }
  },
  "variables": {
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
    "useExistingServicePlan": "[not(empty(parameters('existingAppServicePlanName')))]",
    "servicePlanName": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanName'), parameters('newAppServicePlanName'))]",
-    "servicePlanLocation": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanLocation'), parameters('newAppServicePlanLocation'))]"
+    "servicePlanLocation": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanLocation'), parameters('newAppServicePlanLocation'))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "identity": { "type": "None" }
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "identity": { "type": "None" }
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]",
+      "identity": "[variables('appTypeDef')[parameters('appType')].identity]"
+    }
  },
  "resources": [
    {
@ -90,12 +123,13 @@
      "comments": "Create a Web App using an App Service Plan",
      "type": "Microsoft.Web/sites",
      "apiVersion": "2015-08-01",
-      "name": "[parameters('appServiceName')]",
      "location": "[variables('servicePlanLocation')]",
      "kind": "app,linux",
      "dependsOn": [
        "[resourceId('Microsoft.Web/serverfarms', variables('servicePlanName'))]"
      ],
+      "name": "[parameters('appServiceName')]",
+      "identity": "[variables('appType').identity]",
      "properties": {
        "enabled": true,
        "hostNameSslStates": [
@ -125,6 +159,10 @@
              "name": "SCM_DO_BUILD_DURING_DEPLOYMENT",
              "value": "true"
            },
+            {
+              "name": "MicrosoftAppType",
+              "value": "[parameters('appType')]"
+            },
            {
              "name": "MicrosoftAppId",
              "value": "[parameters('appId')]"
@ -132,6 +170,10 @@
            {
              "name": "MicrosoftAppPassword",
              "value": "[parameters('appSecret')]"
+            },
+            {
+              "name": "MicrosoftAppTenantId",
+              "value": "[variables('appType').tenantId]"
            }
          ],
          "cors": {
@ -168,7 +210,7 @@
        "phpVersion": "",
        "pythonVersion": "",
        "nodeVersion": "",
-        "linuxFxVersion": "PYTHON|3.7",
+        "linuxFxVersion": "PYTHON|3.9",
        "requestTracingEnabled": false,
        "remoteDebuggingEnabled": false,
        "remoteDebuggingVersion": "VS2017",
--- a/samples/python/02.echo-bot/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-AzureBot-new-rg.json
+++ b/samples/python/02.echo-bot/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-AzureBot-new-rg.json
@ -20,8 +20,14 @@
        "botEndpoint": {
            "value": ""
        },
-        "appId": {
+        "appType": {
+            "value": "MultiTenant"
+          },
+          "appId": {
+              "value": ""
+          },
+          "tenantId": {
            "value": ""
-        }
-    }
+          }
+      }
 }
--- a/samples/python/02.echo-bot/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-BotApp-new-rg.json
+++ b/samples/python/02.echo-bot/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-BotApp-new-rg.json
@ -26,11 +26,17 @@
                "capacity": 1
            }
        },
+        "appType": {
+            "value": "MultiTenant"
+        },
        "appId": {
            "value": ""
        },
        "appSecret": {
            "value": ""
+        },
+        "tenantId": {
+            "value": ""
        }
    }
 }
--- a/samples/python/02.echo-bot/deploymentTemplates/deployWithNewResourceGroup/readme.md
+++ b/samples/python/02.echo-bot/deploymentTemplates/deployWithNewResourceGroup/readme.md
@ -9,19 +9,33 @@ BotApp must be deployed prior to AzureBot.

 - **groupName**: (required)           The name of the new Resource Group.
 - **groupLocation**: (required)       The location of the new Resource Group.
- **appServiceName**: (required)      The location of the App Service Plan.
- **appServicePlanName**: (required)  The name of the App Service Plan.
- **appServicePlanLocation**:         The location of the App Service Plan. Defaults to use groupLocation.
- **appServicePlanSku**:              The SKU of the App Service Plan. Defaults to Standard values.
- **appId**: (required)               Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+
+- **appServiceName**: (required)          The location of the App Service Plan.
+- **appServicePlanName**: (required)      The name of the App Service Plan.
+- **appServicePlanLocation**:             The location of the App Service Plan. Defaults to use groupLocation.
+- **appServicePlanSku**:                  The SKU of the App Service Plan. Defaults to Standard values.
+
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
 - **appSecret**: (required for MultiTenant and SingleTenant)  Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to <Subscription Tenant ID>.
+
+More info: https://docs.microsoft.com/en-us/azure/bot-service/tutorial-provision-a-bot?view=azure-bot-service-4.0&tabs=userassigned%2Cnewgroup#create-an-identity-resource
+
+

 ## Parameters for template-AzureBot-new-rg.json:

 - **groupName**: (required)           The name of the new Resource Group.
 - **groupLocation**: (required)       The location of the new Resource Group.
+
 - **azureBotId**: (required)          The globally unique and immutable bot ID. Also used to configure the displayName of the bot, which is mutable.
 - **azureBotSku**:                    The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
 - **azureBotRegion**:                 Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
 - **botEndpoint**:                    Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
- **appId**: (required)               Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.
+
+More info: https://docs.microsoft.com/en-us/azure/bot-service/tutorial-provision-a-bot?view=azure-bot-service-4.0&tabs=userassigned%2Cnewgroup#create-an-identity-resource
--- a/samples/python/02.echo-bot/deploymentTemplates/deployWithNewResourceGroup/template-AzureBot-new-rg.json
+++ b/samples/python/02.echo-bot/deploymentTemplates/deployWithNewResourceGroup/template-AzureBot-new-rg.json
@ -41,15 +41,48 @@
        "description": "Use to handle client messages, Such as https://<botappServiceName>.azurewebsites.net/api/messages."
      }
    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
        "description": "Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings."
      }
+    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
    }
  },
  "variables": {
-    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]"
+    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]",
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
+    "msiResourceId": "[if(empty(parameters('UMSIName')), '', concat(subscription().id, '/resourceGroups/', parameters('UMSIResourceGroupName'), '/providers/', 'Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('UMSIName')))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "msiResourceId": ""
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "msiResourceId": ""
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]"
+    }
  },
  "resources": [
    {
@ -90,6 +123,8 @@
                "iconUrl": "https://docs.botframework.com/static/devportal/client/images/bot-framework-default.png",
                "endpoint": "[variables('botEndpoint')]",
                "msaAppId": "[parameters('appId')]",
+                "msaAppTenantId": "[variables('appType').tenantId]",
+                "msaAppType": "[parameters('appType')]",
                "luisAppIds": [],
                "schemaTransformationVersion": "1.3",
                "isCmekEnabled": false,
--- a/samples/python/02.echo-bot/deploymentTemplates/deployWithNewResourceGroup/template-BotApp-new-rg.json
+++ b/samples/python/02.echo-bot/deploymentTemplates/deployWithNewResourceGroup/template-BotApp-new-rg.json
@ -46,6 +46,24 @@
        "description": "The SKU of the App Service Plan. Defaults to Standard values."
      }
    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
+    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
@ -60,10 +78,26 @@
    }
  },
  "variables": {
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
    "appServicePlanName": "[parameters('appServicePlanName')]",
    "resourcesLocation": "[if(empty(parameters('appServicePlanLocation')), parameters('groupLocation'), parameters('appServicePlanLocation'))]",
    "appServiceName": "[parameters('appServiceName')]",
-    "resourceGroupId": "[concat(subscription().id, '/resourceGroups/', parameters('groupName'))]"
+    "resourceGroupId": "[concat(subscription().id, '/resourceGroups/', parameters('groupName'))]",
+    "msiResourceId": "[if(empty(parameters('UMSIName')), '', concat(subscription().id, '/resourceGroups/', parameters('UMSIResourceGroupName'), '/providers/', 'Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('UMSIName')))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "identity": { "type": "None" }
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "identity": { "type": "None" }
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]",
+      "identity": "[variables('appTypeDef')[parameters('appType')].identity]"
+    }
  },
  "resources": [
    {
@ -115,6 +149,7 @@
                "[concat(variables('resourceGroupId'), '/providers/Microsoft.Web/serverfarms/', variables('appServicePlanName'))]"
              ],
              "name": "[variables('appServiceName')]",
+              "identity": "[variables('appType').identity]",
              "properties": {
                "name": "[variables('appServiceName')]",
                "hostNameSslStates": [
@ -137,12 +172,19 @@
                      "value": "true"
                    },
                    {
+                      "name": "MicrosoftAppType",
+                      "value": "[parameters('appType')]"
+                    },                    {
                      "name": "MicrosoftAppId",
                      "value": "[parameters('appId')]"
                    },
                    {
                      "name": "MicrosoftAppPassword",
                      "value": "[parameters('appSecret')]"
+                    },
+                    {
+                      "name": "MicrosoftAppTenantId",
+                      "value": "[variables('appType').tenantId]"
                    }
                  ],
                  "cors": {
@ -180,7 +222,7 @@
                "phpVersion": "",
                "pythonVersion": "",
                "nodeVersion": "",
-                "linuxFxVersion": "PYTHON|3.7",
+                "linuxFxVersion": "PYTHON|3.9",
                "requestTracingEnabled": false,
                "remoteDebuggingEnabled": false,
                "remoteDebuggingVersion": "VS2017",
--- a/samples/python/02.echo-bot/requirements.txt
+++ b/samples/python/02.echo-bot/requirements.txt
@ -1 +1 @@
-botbuilder-integration-aiohttp>=4.14.0
+botbuilder-integration-aiohttp==4.15.0
--- a/samples/python/03.welcome-user/config.py
+++ b/samples/python/03.welcome-user/config.py
@ -13,3 +13,5 @@ class DefaultConfig:
    PORT = 3978
    APP_ID = os.environ.get("MicrosoftAppId", "")
    APP_PASSWORD = os.environ.get("MicrosoftAppPassword", "")
+    APP_TYPE = os.environ.get("MicrosoftAppType", "MultiTenant")
+    APP_TENANTID = os.environ.get("MicrosoftAppTenantId", "")
--- a/samples/python/03.welcome-user/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-AzureBot-with-rg.json
+++ b/samples/python/03.welcome-user/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-AzureBot-with-rg.json
@ -14,8 +14,14 @@
        "botEndpoint": {
            "value": ""
        },
+        "appType": {
+          "value": "MultiTenant"
+        },
        "appId": {
            "value": ""
+        },
+        "tenantId": {
+          "value": ""
        }
    }
 }
--- a/samples/python/03.welcome-user/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-BotApp-with-rg.json
+++ b/samples/python/03.welcome-user/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-BotApp-with-rg.json
@ -26,11 +26,17 @@
                "capacity": 1
            }
        },
+        "appType": {
+            "value": "MultiTenant"
+        },
        "appId": {
            "value": ""
        },
        "appSecret": {
            "value": ""
+        },
+        "tenantId": {
+            "value": ""
+          }
        }
-    }
 }
--- a/samples/python/03.welcome-user/deploymentTemplates/deployUseExistResourceGroup/readme.md
+++ b/samples/python/03.welcome-user/deploymentTemplates/deployUseExistResourceGroup/readme.md
@ -14,13 +14,17 @@ BotApp must be deployed prior to AzureBot.
  - **newAppServicePlanName**:          The name of the App Service Plan.
  - **newAppServicePlanLocation**:      The location of the App Service Plan.
  - **newAppServicePlanSku**:           The SKU of the App Service Plan. Defaults to Standard values.
- **appId**: (required)                 Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
- **appSecret**: (required)             Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. **Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.**
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **appSecret**: (required for MultiTenant and SingleTenant)  Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.

 ## Parameters for template-AzureBot-with-rg.json:

- **azureBotId**: (required)            The globally unique and immutable bot ID.
- **azureBotSku**:                      The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
- **azureBotRegion**:                   Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
- **botEndpoint**:                      Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
- **appId**: (required)                 Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **azureBotId**: (required)          The globally unique and immutable bot ID.
+- **azureBotSku**:                    The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
+- **azureBotRegion**:                 Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
+- **botEndpoint**:                    Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
+- **appType**:   Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **tenantId**:  The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.
--- a/samples/python/03.welcome-user/deploymentTemplates/deployUseExistResourceGroup/template-AzureBot-with-rg.json
+++ b/samples/python/03.welcome-user/deploymentTemplates/deployUseExistResourceGroup/template-AzureBot-with-rg.json
@ -29,15 +29,47 @@
        "description": "Use to handle client messages, Such as https://<botappServiceName>.azurewebsites.net/api/messages."
      }
    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
        "description": "Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings."
      }
+    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
    }
  },
  "variables": {
-    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]"
+    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]",
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "msiResourceId": ""
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "msiResourceId": ""
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]"
+    }
  },
  "resources": [
    {
@ -55,6 +87,8 @@
        "iconUrl": "https://docs.botframework.com/static/devportal/client/images/bot-framework-default.png",
        "endpoint": "[variables('botEndpoint')]",
        "msaAppId": "[parameters('appId')]",
+        "msaAppTenantId": "[variables('appType').tenantId]",
+        "msaAppType": "[parameters('appType')]",
        "luisAppIds": [],
        "schemaTransformationVersion": "1.3",
        "isCmekEnabled": false,
--- a/samples/python/03.welcome-user/deploymentTemplates/deployUseExistResourceGroup/template-BotApp-with-rg.json
+++ b/samples/python/03.welcome-user/deploymentTemplates/deployUseExistResourceGroup/template-BotApp-with-rg.json
@ -49,6 +49,17 @@
        "description": "The SKU of the App Service Plan. Defaults to Standard values."
      }
    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
@ -61,12 +72,34 @@
      "metadata": {
        "description": "Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings. Required for MultiTenant and SingleTenant app types. Defaults to \"\"."
      }
+    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
    }
  },
  "variables": {
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
    "useExistingServicePlan": "[not(empty(parameters('existingAppServicePlanName')))]",
    "servicePlanName": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanName'), parameters('newAppServicePlanName'))]",
-    "servicePlanLocation": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanLocation'), parameters('newAppServicePlanLocation'))]"
+    "servicePlanLocation": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanLocation'), parameters('newAppServicePlanLocation'))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "identity": { "type": "None" }
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "identity": { "type": "None" }
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]",
+      "identity": "[variables('appTypeDef')[parameters('appType')].identity]"
+    }
  },
  "resources": [
    {
@ -90,12 +123,13 @@
      "comments": "Create a Web App using an App Service Plan",
      "type": "Microsoft.Web/sites",
      "apiVersion": "2015-08-01",
-      "name": "[parameters('appServiceName')]",
      "location": "[variables('servicePlanLocation')]",
      "kind": "app,linux",
      "dependsOn": [
        "[resourceId('Microsoft.Web/serverfarms', variables('servicePlanName'))]"
      ],
+      "name": "[parameters('appServiceName')]",
+      "identity": "[variables('appType').identity]",
      "properties": {
        "enabled": true,
        "hostNameSslStates": [
@ -125,6 +159,10 @@
              "name": "SCM_DO_BUILD_DURING_DEPLOYMENT",
              "value": "true"
            },
+            {
+              "name": "MicrosoftAppType",
+              "value": "[parameters('appType')]"
+            },
            {
              "name": "MicrosoftAppId",
              "value": "[parameters('appId')]"
@ -132,6 +170,10 @@
            {
              "name": "MicrosoftAppPassword",
              "value": "[parameters('appSecret')]"
+            },
+            {
+              "name": "MicrosoftAppTenantId",
+              "value": "[variables('appType').tenantId]"
            }
          ],
          "cors": {
@ -168,7 +210,7 @@
        "phpVersion": "",
        "pythonVersion": "",
        "nodeVersion": "",
-        "linuxFxVersion": "PYTHON|3.7",
+        "linuxFxVersion": "PYTHON|3.9",
        "requestTracingEnabled": false,
        "remoteDebuggingEnabled": false,
        "remoteDebuggingVersion": "VS2017",
--- a/samples/python/03.welcome-user/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-AzureBot-new-rg.json
+++ b/samples/python/03.welcome-user/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-AzureBot-new-rg.json
@ -20,8 +20,14 @@
        "botEndpoint": {
            "value": ""
        },
-        "appId": {
+        "appType": {
+            "value": "MultiTenant"
+          },
+          "appId": {
+              "value": ""
+          },
+          "tenantId": {
            "value": ""
-        }
-    }
+          }
+      }
 }
--- a/samples/python/03.welcome-user/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-BotApp-new-rg.json
+++ b/samples/python/03.welcome-user/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-BotApp-new-rg.json
@ -26,11 +26,17 @@
                "capacity": 1
            }
        },
+        "appType": {
+            "value": "MultiTenant"
+        },
        "appId": {
            "value": ""
        },
        "appSecret": {
            "value": ""
+        },
+        "tenantId": {
+            "value": ""
        }
    }
 }
--- a/samples/python/03.welcome-user/deploymentTemplates/deployWithNewResourceGroup/readme.md
+++ b/samples/python/03.welcome-user/deploymentTemplates/deployWithNewResourceGroup/readme.md
@ -9,19 +9,33 @@ BotApp must be deployed prior to AzureBot.

 - **groupName**: (required)           The name of the new Resource Group.
 - **groupLocation**: (required)       The location of the new Resource Group.
- **appServiceName**: (required)      The location of the App Service Plan.
- **appServicePlanName**: (required)  The name of the App Service Plan.
- **appServicePlanLocation**:         The location of the App Service Plan. Defaults to use groupLocation.
- **appServicePlanSku**:              The SKU of the App Service Plan. Defaults to Standard values.
- **appId**: (required)               Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+
+- **appServiceName**: (required)          The location of the App Service Plan.
+- **appServicePlanName**: (required)      The name of the App Service Plan.
+- **appServicePlanLocation**:             The location of the App Service Plan. Defaults to use groupLocation.
+- **appServicePlanSku**:                  The SKU of the App Service Plan. Defaults to Standard values.
+
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
 - **appSecret**: (required for MultiTenant and SingleTenant)  Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to <Subscription Tenant ID>.
+
+More info: https://docs.microsoft.com/en-us/azure/bot-service/tutorial-provision-a-bot?view=azure-bot-service-4.0&tabs=userassigned%2Cnewgroup#create-an-identity-resource
+
+

 ## Parameters for template-AzureBot-new-rg.json:

 - **groupName**: (required)           The name of the new Resource Group.
 - **groupLocation**: (required)       The location of the new Resource Group.
+
 - **azureBotId**: (required)          The globally unique and immutable bot ID. Also used to configure the displayName of the bot, which is mutable.
 - **azureBotSku**:                    The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
 - **azureBotRegion**:                 Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
 - **botEndpoint**:                    Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
- **appId**: (required)               Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.
+
+More info: https://docs.microsoft.com/en-us/azure/bot-service/tutorial-provision-a-bot?view=azure-bot-service-4.0&tabs=userassigned%2Cnewgroup#create-an-identity-resource
--- a/samples/python/03.welcome-user/deploymentTemplates/deployWithNewResourceGroup/template-AzureBot-new-rg.json
+++ b/samples/python/03.welcome-user/deploymentTemplates/deployWithNewResourceGroup/template-AzureBot-new-rg.json
@ -41,15 +41,48 @@
        "description": "Use to handle client messages, Such as https://<botappServiceName>.azurewebsites.net/api/messages."
      }
    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
        "description": "Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings."
      }
+    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
    }
  },
  "variables": {
-    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]"
+    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]",
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
+    "msiResourceId": "[if(empty(parameters('UMSIName')), '', concat(subscription().id, '/resourceGroups/', parameters('UMSIResourceGroupName'), '/providers/', 'Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('UMSIName')))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "msiResourceId": ""
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "msiResourceId": ""
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]"
+    }
  },
  "resources": [
    {
@ -90,6 +123,8 @@
                "iconUrl": "https://docs.botframework.com/static/devportal/client/images/bot-framework-default.png",
                "endpoint": "[variables('botEndpoint')]",
                "msaAppId": "[parameters('appId')]",
+                "msaAppTenantId": "[variables('appType').tenantId]",
+                "msaAppType": "[parameters('appType')]",
                "luisAppIds": [],
                "schemaTransformationVersion": "1.3",
                "isCmekEnabled": false,
--- a/samples/python/03.welcome-user/deploymentTemplates/deployWithNewResourceGroup/template-BotApp-new-rg.json
+++ b/samples/python/03.welcome-user/deploymentTemplates/deployWithNewResourceGroup/template-BotApp-new-rg.json
@ -46,6 +46,24 @@
        "description": "The SKU of the App Service Plan. Defaults to Standard values."
      }
    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
+    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
@ -60,10 +78,26 @@
    }
  },
  "variables": {
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
    "appServicePlanName": "[parameters('appServicePlanName')]",
    "resourcesLocation": "[if(empty(parameters('appServicePlanLocation')), parameters('groupLocation'), parameters('appServicePlanLocation'))]",
    "appServiceName": "[parameters('appServiceName')]",
-    "resourceGroupId": "[concat(subscription().id, '/resourceGroups/', parameters('groupName'))]"
+    "resourceGroupId": "[concat(subscription().id, '/resourceGroups/', parameters('groupName'))]",
+    "msiResourceId": "[if(empty(parameters('UMSIName')), '', concat(subscription().id, '/resourceGroups/', parameters('UMSIResourceGroupName'), '/providers/', 'Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('UMSIName')))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "identity": { "type": "None" }
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "identity": { "type": "None" }
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]",
+      "identity": "[variables('appTypeDef')[parameters('appType')].identity]"
+    }
  },
  "resources": [
    {
@ -115,6 +149,7 @@
                "[concat(variables('resourceGroupId'), '/providers/Microsoft.Web/serverfarms/', variables('appServicePlanName'))]"
              ],
              "name": "[variables('appServiceName')]",
+              "identity": "[variables('appType').identity]",
              "properties": {
                "name": "[variables('appServiceName')]",
                "hostNameSslStates": [
@ -137,12 +172,19 @@
                      "value": "true"
                    },
                    {
+                      "name": "MicrosoftAppType",
+                      "value": "[parameters('appType')]"
+                    },                    {
                      "name": "MicrosoftAppId",
                      "value": "[parameters('appId')]"
                    },
                    {
                      "name": "MicrosoftAppPassword",
                      "value": "[parameters('appSecret')]"
+                    },
+                    {
+                      "name": "MicrosoftAppTenantId",
+                      "value": "[variables('appType').tenantId]"
                    }
                  ],
                  "cors": {
@ -180,7 +222,7 @@
                "phpVersion": "",
                "pythonVersion": "",
                "nodeVersion": "",
-                "linuxFxVersion": "PYTHON|3.7",
+                "linuxFxVersion": "PYTHON|3.9",
                "requestTracingEnabled": false,
                "remoteDebuggingEnabled": false,
                "remoteDebuggingVersion": "VS2017",
--- a/samples/python/05.multi-turn-prompt/config.py
+++ b/samples/python/05.multi-turn-prompt/config.py
@ -13,3 +13,5 @@ class DefaultConfig:
    PORT = 3978
    APP_ID = os.environ.get("MicrosoftAppId", "")
    APP_PASSWORD = os.environ.get("MicrosoftAppPassword", "")
+    APP_TYPE = os.environ.get("MicrosoftAppType", "MultiTenant")
+    APP_TENANTID = os.environ.get("MicrosoftAppTenantId", "")
--- a/samples/python/05.multi-turn-prompt/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-AzureBot-with-rg.json
+++ b/samples/python/05.multi-turn-prompt/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-AzureBot-with-rg.json
@ -14,8 +14,14 @@
        "botEndpoint": {
            "value": ""
        },
+        "appType": {
+          "value": "MultiTenant"
+        },
        "appId": {
            "value": ""
+        },
+        "tenantId": {
+          "value": ""
        }
    }
 }
--- a/samples/python/05.multi-turn-prompt/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-BotApp-with-rg.json
+++ b/samples/python/05.multi-turn-prompt/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-BotApp-with-rg.json
@ -26,11 +26,17 @@
                "capacity": 1
            }
        },
+        "appType": {
+            "value": "MultiTenant"
+        },
        "appId": {
            "value": ""
        },
        "appSecret": {
            "value": ""
+        },
+        "tenantId": {
+            "value": ""
+          }
        }
-    }
 }
--- a/samples/python/05.multi-turn-prompt/deploymentTemplates/deployUseExistResourceGroup/readme.md
+++ b/samples/python/05.multi-turn-prompt/deploymentTemplates/deployUseExistResourceGroup/readme.md
@ -14,13 +14,17 @@ BotApp must be deployed prior to AzureBot.
  - **newAppServicePlanName**:          The name of the App Service Plan.
  - **newAppServicePlanLocation**:      The location of the App Service Plan.
  - **newAppServicePlanSku**:           The SKU of the App Service Plan. Defaults to Standard values.
- **appId**: (required)                 Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
- **appSecret**: (required)             Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. **Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.**
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **appSecret**: (required for MultiTenant and SingleTenant)  Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.

 ## Parameters for template-AzureBot-with-rg.json:

- **azureBotId**: (required)            The globally unique and immutable bot ID.
- **azureBotSku**:                      The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
- **azureBotRegion**:                   Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
- **botEndpoint**:                      Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
- **appId**: (required)                 Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **azureBotId**: (required)          The globally unique and immutable bot ID.
+- **azureBotSku**:                    The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
+- **azureBotRegion**:                 Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
+- **botEndpoint**:                    Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
+- **appType**:   Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **tenantId**:  The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.
--- a/samples/python/05.multi-turn-prompt/deploymentTemplates/deployUseExistResourceGroup/template-AzureBot-with-rg.json
+++ b/samples/python/05.multi-turn-prompt/deploymentTemplates/deployUseExistResourceGroup/template-AzureBot-with-rg.json
@ -29,15 +29,47 @@
        "description": "Use to handle client messages, Such as https://<botappServiceName>.azurewebsites.net/api/messages."
      }
    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
        "description": "Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings."
      }
+    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
    }
  },
  "variables": {
-    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]"
+    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]",
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "msiResourceId": ""
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "msiResourceId": ""
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]"
+    }
  },
  "resources": [
    {
@ -55,6 +87,8 @@
        "iconUrl": "https://docs.botframework.com/static/devportal/client/images/bot-framework-default.png",
        "endpoint": "[variables('botEndpoint')]",
        "msaAppId": "[parameters('appId')]",
+        "msaAppTenantId": "[variables('appType').tenantId]",
+        "msaAppType": "[parameters('appType')]",
        "luisAppIds": [],
        "schemaTransformationVersion": "1.3",
        "isCmekEnabled": false,
--- a/samples/python/05.multi-turn-prompt/deploymentTemplates/deployUseExistResourceGroup/template-BotApp-with-rg.json
+++ b/samples/python/05.multi-turn-prompt/deploymentTemplates/deployUseExistResourceGroup/template-BotApp-with-rg.json
@ -49,6 +49,17 @@
        "description": "The SKU of the App Service Plan. Defaults to Standard values."
      }
    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
@ -61,12 +72,34 @@
      "metadata": {
        "description": "Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings. Required for MultiTenant and SingleTenant app types. Defaults to \"\"."
      }
+    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
    }
  },
  "variables": {
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
    "useExistingServicePlan": "[not(empty(parameters('existingAppServicePlanName')))]",
    "servicePlanName": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanName'), parameters('newAppServicePlanName'))]",
-    "servicePlanLocation": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanLocation'), parameters('newAppServicePlanLocation'))]"
+    "servicePlanLocation": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanLocation'), parameters('newAppServicePlanLocation'))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "identity": { "type": "None" }
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "identity": { "type": "None" }
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]",
+      "identity": "[variables('appTypeDef')[parameters('appType')].identity]"
+    }
  },
  "resources": [
    {
@ -90,12 +123,13 @@
      "comments": "Create a Web App using an App Service Plan",
      "type": "Microsoft.Web/sites",
      "apiVersion": "2015-08-01",
-      "name": "[parameters('appServiceName')]",
      "location": "[variables('servicePlanLocation')]",
      "kind": "app,linux",
      "dependsOn": [
        "[resourceId('Microsoft.Web/serverfarms', variables('servicePlanName'))]"
      ],
+      "name": "[parameters('appServiceName')]",
+      "identity": "[variables('appType').identity]",
      "properties": {
        "enabled": true,
        "hostNameSslStates": [
@ -125,6 +159,10 @@
              "name": "SCM_DO_BUILD_DURING_DEPLOYMENT",
              "value": "true"
            },
+            {
+              "name": "MicrosoftAppType",
+              "value": "[parameters('appType')]"
+            },
            {
              "name": "MicrosoftAppId",
              "value": "[parameters('appId')]"
@ -132,6 +170,10 @@
            {
              "name": "MicrosoftAppPassword",
              "value": "[parameters('appSecret')]"
+            },
+            {
+              "name": "MicrosoftAppTenantId",
+              "value": "[variables('appType').tenantId]"
            }
          ],
          "cors": {
@ -168,7 +210,7 @@
        "phpVersion": "",
        "pythonVersion": "",
        "nodeVersion": "",
-        "linuxFxVersion": "PYTHON|3.7",
+        "linuxFxVersion": "PYTHON|3.9",
        "requestTracingEnabled": false,
        "remoteDebuggingEnabled": false,
        "remoteDebuggingVersion": "VS2017",
--- a/samples/python/05.multi-turn-prompt/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-AzureBot-new-rg.json
+++ b/samples/python/05.multi-turn-prompt/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-AzureBot-new-rg.json
@ -20,8 +20,14 @@
        "botEndpoint": {
            "value": ""
        },
-        "appId": {
+        "appType": {
+            "value": "MultiTenant"
+          },
+          "appId": {
+              "value": ""
+          },
+          "tenantId": {
            "value": ""
-        }
-    }
+          }
+      }
 }
--- a/samples/python/05.multi-turn-prompt/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-BotApp-new-rg.json
+++ b/samples/python/05.multi-turn-prompt/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-BotApp-new-rg.json
@ -26,11 +26,17 @@
                "capacity": 1
            }
        },
+        "appType": {
+            "value": "MultiTenant"
+        },
        "appId": {
            "value": ""
        },
        "appSecret": {
            "value": ""
+        },
+        "tenantId": {
+            "value": ""
        }
    }
 }
--- a/samples/python/05.multi-turn-prompt/deploymentTemplates/deployWithNewResourceGroup/readme.md
+++ b/samples/python/05.multi-turn-prompt/deploymentTemplates/deployWithNewResourceGroup/readme.md
@ -9,19 +9,33 @@ BotApp must be deployed prior to AzureBot.

 - **groupName**: (required)           The name of the new Resource Group.
 - **groupLocation**: (required)       The location of the new Resource Group.
- **appServiceName**: (required)      The location of the App Service Plan.
- **appServicePlanName**: (required)  The name of the App Service Plan.
- **appServicePlanLocation**:         The location of the App Service Plan. Defaults to use groupLocation.
- **appServicePlanSku**:              The SKU of the App Service Plan. Defaults to Standard values.
- **appId**: (required)               Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+
+- **appServiceName**: (required)          The location of the App Service Plan.
+- **appServicePlanName**: (required)      The name of the App Service Plan.
+- **appServicePlanLocation**:             The location of the App Service Plan. Defaults to use groupLocation.
+- **appServicePlanSku**:                  The SKU of the App Service Plan. Defaults to Standard values.
+
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
 - **appSecret**: (required for MultiTenant and SingleTenant)  Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to <Subscription Tenant ID>.
+
+More info: https://docs.microsoft.com/en-us/azure/bot-service/tutorial-provision-a-bot?view=azure-bot-service-4.0&tabs=userassigned%2Cnewgroup#create-an-identity-resource
+
+

 ## Parameters for template-AzureBot-new-rg.json:

 - **groupName**: (required)           The name of the new Resource Group.
 - **groupLocation**: (required)       The location of the new Resource Group.
+
 - **azureBotId**: (required)          The globally unique and immutable bot ID. Also used to configure the displayName of the bot, which is mutable.
 - **azureBotSku**:                    The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
 - **azureBotRegion**:                 Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
 - **botEndpoint**:                    Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
- **appId**: (required)               Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.
+
+More info: https://docs.microsoft.com/en-us/azure/bot-service/tutorial-provision-a-bot?view=azure-bot-service-4.0&tabs=userassigned%2Cnewgroup#create-an-identity-resource
--- a/samples/python/05.multi-turn-prompt/deploymentTemplates/deployWithNewResourceGroup/template-AzureBot-new-rg.json
+++ b/samples/python/05.multi-turn-prompt/deploymentTemplates/deployWithNewResourceGroup/template-AzureBot-new-rg.json
@ -41,15 +41,48 @@
        "description": "Use to handle client messages, Such as https://<botappServiceName>.azurewebsites.net/api/messages."
      }
    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
        "description": "Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings."
      }
+    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
    }
  },
  "variables": {
-    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]"
+    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]",
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
+    "msiResourceId": "[if(empty(parameters('UMSIName')), '', concat(subscription().id, '/resourceGroups/', parameters('UMSIResourceGroupName'), '/providers/', 'Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('UMSIName')))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "msiResourceId": ""
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "msiResourceId": ""
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]"
+    }
  },
  "resources": [
    {
@ -90,6 +123,8 @@
                "iconUrl": "https://docs.botframework.com/static/devportal/client/images/bot-framework-default.png",
                "endpoint": "[variables('botEndpoint')]",
                "msaAppId": "[parameters('appId')]",
+                "msaAppTenantId": "[variables('appType').tenantId]",
+                "msaAppType": "[parameters('appType')]",
                "luisAppIds": [],
                "schemaTransformationVersion": "1.3",
                "isCmekEnabled": false,
--- a/samples/python/05.multi-turn-prompt/deploymentTemplates/deployWithNewResourceGroup/template-BotApp-new-rg.json
+++ b/samples/python/05.multi-turn-prompt/deploymentTemplates/deployWithNewResourceGroup/template-BotApp-new-rg.json
@ -46,6 +46,24 @@
        "description": "The SKU of the App Service Plan. Defaults to Standard values."
      }
    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
+    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
@ -60,10 +78,26 @@
    }
  },
  "variables": {
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
    "appServicePlanName": "[parameters('appServicePlanName')]",
    "resourcesLocation": "[if(empty(parameters('appServicePlanLocation')), parameters('groupLocation'), parameters('appServicePlanLocation'))]",
    "appServiceName": "[parameters('appServiceName')]",
-    "resourceGroupId": "[concat(subscription().id, '/resourceGroups/', parameters('groupName'))]"
+    "resourceGroupId": "[concat(subscription().id, '/resourceGroups/', parameters('groupName'))]",
+    "msiResourceId": "[if(empty(parameters('UMSIName')), '', concat(subscription().id, '/resourceGroups/', parameters('UMSIResourceGroupName'), '/providers/', 'Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('UMSIName')))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "identity": { "type": "None" }
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "identity": { "type": "None" }
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]",
+      "identity": "[variables('appTypeDef')[parameters('appType')].identity]"
+    }
  },
  "resources": [
    {
@ -115,6 +149,7 @@
                "[concat(variables('resourceGroupId'), '/providers/Microsoft.Web/serverfarms/', variables('appServicePlanName'))]"
              ],
              "name": "[variables('appServiceName')]",
+              "identity": "[variables('appType').identity]",
              "properties": {
                "name": "[variables('appServiceName')]",
                "hostNameSslStates": [
@ -137,12 +172,19 @@
                      "value": "true"
                    },
                    {
+                      "name": "MicrosoftAppType",
+                      "value": "[parameters('appType')]"
+                    },                    {
                      "name": "MicrosoftAppId",
                      "value": "[parameters('appId')]"
                    },
                    {
                      "name": "MicrosoftAppPassword",
                      "value": "[parameters('appSecret')]"
+                    },
+                    {
+                      "name": "MicrosoftAppTenantId",
+                      "value": "[variables('appType').tenantId]"
                    }
                  ],
                  "cors": {
@ -180,7 +222,7 @@
                "phpVersion": "",
                "pythonVersion": "",
                "nodeVersion": "",
-                "linuxFxVersion": "PYTHON|3.7",
+                "linuxFxVersion": "PYTHON|3.9",
                "requestTracingEnabled": false,
                "remoteDebuggingEnabled": false,
                "remoteDebuggingVersion": "VS2017",
--- a/samples/python/06.using-cards/config.py
+++ b/samples/python/06.using-cards/config.py
@ -13,3 +13,5 @@ class DefaultConfig:
    PORT = 3978
    APP_ID = os.environ.get("MicrosoftAppId", "")
    APP_PASSWORD = os.environ.get("MicrosoftAppPassword", "")
+    APP_TYPE = os.environ.get("MicrosoftAppType", "MultiTenant")
+    APP_TENANTID = os.environ.get("MicrosoftAppTenantId", "")
--- a/samples/python/06.using-cards/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-AzureBot-with-rg.json
+++ b/samples/python/06.using-cards/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-AzureBot-with-rg.json
@ -14,8 +14,14 @@
        "botEndpoint": {
            "value": ""
        },
+        "appType": {
+          "value": "MultiTenant"
+        },
        "appId": {
            "value": ""
+        },
+        "tenantId": {
+          "value": ""
        }
    }
 }
--- a/samples/python/06.using-cards/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-BotApp-with-rg.json
+++ b/samples/python/06.using-cards/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-BotApp-with-rg.json
@ -26,11 +26,17 @@
                "capacity": 1
            }
        },
+        "appType": {
+            "value": "MultiTenant"
+        },
        "appId": {
            "value": ""
        },
        "appSecret": {
            "value": ""
+        },
+        "tenantId": {
+            "value": ""
+          }
        }
-    }
 }
--- a/samples/python/06.using-cards/deploymentTemplates/deployUseExistResourceGroup/readme.md
+++ b/samples/python/06.using-cards/deploymentTemplates/deployUseExistResourceGroup/readme.md
@ -14,13 +14,17 @@ BotApp must be deployed prior to AzureBot.
  - **newAppServicePlanName**:          The name of the App Service Plan.
  - **newAppServicePlanLocation**:      The location of the App Service Plan.
  - **newAppServicePlanSku**:           The SKU of the App Service Plan. Defaults to Standard values.
- **appId**: (required)                 Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
- **appSecret**: (required)             Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. **Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.**
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **appSecret**: (required for MultiTenant and SingleTenant)  Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.

 ## Parameters for template-AzureBot-with-rg.json:

- **azureBotId**: (required)            The globally unique and immutable bot ID.
- **azureBotSku**:                      The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
- **azureBotRegion**:                   Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
- **botEndpoint**:                      Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
- **appId**: (required)                 Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **azureBotId**: (required)          The globally unique and immutable bot ID.
+- **azureBotSku**:                    The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
+- **azureBotRegion**:                 Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
+- **botEndpoint**:                    Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
+- **appType**:   Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **tenantId**:  The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.
--- a/samples/python/06.using-cards/deploymentTemplates/deployUseExistResourceGroup/template-AzureBot-with-rg.json
+++ b/samples/python/06.using-cards/deploymentTemplates/deployUseExistResourceGroup/template-AzureBot-with-rg.json
@ -29,15 +29,47 @@
        "description": "Use to handle client messages, Such as https://<botappServiceName>.azurewebsites.net/api/messages."
      }
    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
        "description": "Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings."
      }
+    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
    }
  },
  "variables": {
-    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]"
+    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]",
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "msiResourceId": ""
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "msiResourceId": ""
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]"
+    }
  },
  "resources": [
    {
@ -55,6 +87,8 @@
        "iconUrl": "https://docs.botframework.com/static/devportal/client/images/bot-framework-default.png",
        "endpoint": "[variables('botEndpoint')]",
        "msaAppId": "[parameters('appId')]",
+        "msaAppTenantId": "[variables('appType').tenantId]",
+        "msaAppType": "[parameters('appType')]",
        "luisAppIds": [],
        "schemaTransformationVersion": "1.3",
        "isCmekEnabled": false,
--- a/samples/python/06.using-cards/deploymentTemplates/deployUseExistResourceGroup/template-BotApp-with-rg.json
+++ b/samples/python/06.using-cards/deploymentTemplates/deployUseExistResourceGroup/template-BotApp-with-rg.json
@ -49,6 +49,17 @@
        "description": "The SKU of the App Service Plan. Defaults to Standard values."
      }
    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
@ -61,12 +72,34 @@
      "metadata": {
        "description": "Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings. Required for MultiTenant and SingleTenant app types. Defaults to \"\"."
      }
+    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
    }
  },
  "variables": {
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
    "useExistingServicePlan": "[not(empty(parameters('existingAppServicePlanName')))]",
    "servicePlanName": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanName'), parameters('newAppServicePlanName'))]",
-    "servicePlanLocation": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanLocation'), parameters('newAppServicePlanLocation'))]"
+    "servicePlanLocation": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanLocation'), parameters('newAppServicePlanLocation'))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "identity": { "type": "None" }
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "identity": { "type": "None" }
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]",
+      "identity": "[variables('appTypeDef')[parameters('appType')].identity]"
+    }
  },
  "resources": [
    {
@ -90,12 +123,13 @@
      "comments": "Create a Web App using an App Service Plan",
      "type": "Microsoft.Web/sites",
      "apiVersion": "2015-08-01",
-      "name": "[parameters('appServiceName')]",
      "location": "[variables('servicePlanLocation')]",
      "kind": "app,linux",
      "dependsOn": [
        "[resourceId('Microsoft.Web/serverfarms', variables('servicePlanName'))]"
      ],
+      "name": "[parameters('appServiceName')]",
+      "identity": "[variables('appType').identity]",
      "properties": {
        "enabled": true,
        "hostNameSslStates": [
@ -125,6 +159,10 @@
              "name": "SCM_DO_BUILD_DURING_DEPLOYMENT",
              "value": "true"
            },
+            {
+              "name": "MicrosoftAppType",
+              "value": "[parameters('appType')]"
+            },
            {
              "name": "MicrosoftAppId",
              "value": "[parameters('appId')]"
@ -132,6 +170,10 @@
            {
              "name": "MicrosoftAppPassword",
              "value": "[parameters('appSecret')]"
+            },
+            {
+              "name": "MicrosoftAppTenantId",
+              "value": "[variables('appType').tenantId]"
            }
          ],
          "cors": {
@ -168,7 +210,7 @@
        "phpVersion": "",
        "pythonVersion": "",
        "nodeVersion": "",
-        "linuxFxVersion": "PYTHON|3.7",
+        "linuxFxVersion": "PYTHON|3.9",
        "requestTracingEnabled": false,
        "remoteDebuggingEnabled": false,
        "remoteDebuggingVersion": "VS2017",
--- a/samples/python/06.using-cards/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-AzureBot-new-rg.json
+++ b/samples/python/06.using-cards/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-AzureBot-new-rg.json
@ -20,8 +20,14 @@
        "botEndpoint": {
            "value": ""
        },
-        "appId": {
+        "appType": {
+            "value": "MultiTenant"
+          },
+          "appId": {
+              "value": ""
+          },
+          "tenantId": {
            "value": ""
-        }
-    }
+          }
+      }
 }
--- a/samples/python/06.using-cards/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-BotApp-new-rg.json
+++ b/samples/python/06.using-cards/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-BotApp-new-rg.json
@ -26,11 +26,17 @@
                "capacity": 1
            }
        },
+        "appType": {
+            "value": "MultiTenant"
+        },
        "appId": {
            "value": ""
        },
        "appSecret": {
            "value": ""
+        },
+        "tenantId": {
+            "value": ""
        }
    }
 }
--- a/samples/python/06.using-cards/deploymentTemplates/deployWithNewResourceGroup/readme.md
+++ b/samples/python/06.using-cards/deploymentTemplates/deployWithNewResourceGroup/readme.md
@ -9,19 +9,33 @@ BotApp must be deployed prior to AzureBot.

 - **groupName**: (required)           The name of the new Resource Group.
 - **groupLocation**: (required)       The location of the new Resource Group.
- **appServiceName**: (required)      The location of the App Service Plan.
- **appServicePlanName**: (required)  The name of the App Service Plan.
- **appServicePlanLocation**:         The location of the App Service Plan. Defaults to use groupLocation.
- **appServicePlanSku**:              The SKU of the App Service Plan. Defaults to Standard values.
- **appId**: (required)               Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+
+- **appServiceName**: (required)          The location of the App Service Plan.
+- **appServicePlanName**: (required)      The name of the App Service Plan.
+- **appServicePlanLocation**:             The location of the App Service Plan. Defaults to use groupLocation.
+- **appServicePlanSku**:                  The SKU of the App Service Plan. Defaults to Standard values.
+
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
 - **appSecret**: (required for MultiTenant and SingleTenant)  Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to <Subscription Tenant ID>.
+
+More info: https://docs.microsoft.com/en-us/azure/bot-service/tutorial-provision-a-bot?view=azure-bot-service-4.0&tabs=userassigned%2Cnewgroup#create-an-identity-resource
+
+

 ## Parameters for template-AzureBot-new-rg.json:

 - **groupName**: (required)           The name of the new Resource Group.
 - **groupLocation**: (required)       The location of the new Resource Group.
+
 - **azureBotId**: (required)          The globally unique and immutable bot ID. Also used to configure the displayName of the bot, which is mutable.
 - **azureBotSku**:                    The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
 - **azureBotRegion**:                 Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
 - **botEndpoint**:                    Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
- **appId**: (required)               Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.
+
+More info: https://docs.microsoft.com/en-us/azure/bot-service/tutorial-provision-a-bot?view=azure-bot-service-4.0&tabs=userassigned%2Cnewgroup#create-an-identity-resource
--- a/samples/python/06.using-cards/deploymentTemplates/deployWithNewResourceGroup/template-AzureBot-new-rg.json
+++ b/samples/python/06.using-cards/deploymentTemplates/deployWithNewResourceGroup/template-AzureBot-new-rg.json
@ -41,15 +41,48 @@
        "description": "Use to handle client messages, Such as https://<botappServiceName>.azurewebsites.net/api/messages."
      }
    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
        "description": "Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings."
      }
+    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
    }
  },
  "variables": {
-    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]"
+    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]",
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
+    "msiResourceId": "[if(empty(parameters('UMSIName')), '', concat(subscription().id, '/resourceGroups/', parameters('UMSIResourceGroupName'), '/providers/', 'Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('UMSIName')))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "msiResourceId": ""
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "msiResourceId": ""
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]"
+    }
  },
  "resources": [
    {
@ -90,6 +123,8 @@
                "iconUrl": "https://docs.botframework.com/static/devportal/client/images/bot-framework-default.png",
                "endpoint": "[variables('botEndpoint')]",
                "msaAppId": "[parameters('appId')]",
+                "msaAppTenantId": "[variables('appType').tenantId]",
+                "msaAppType": "[parameters('appType')]",
                "luisAppIds": [],
                "schemaTransformationVersion": "1.3",
                "isCmekEnabled": false,
--- a/samples/python/06.using-cards/deploymentTemplates/deployWithNewResourceGroup/template-BotApp-new-rg.json
+++ b/samples/python/06.using-cards/deploymentTemplates/deployWithNewResourceGroup/template-BotApp-new-rg.json
@ -46,6 +46,24 @@
        "description": "The SKU of the App Service Plan. Defaults to Standard values."
      }
    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
+    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
@ -60,10 +78,26 @@
    }
  },
  "variables": {
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
    "appServicePlanName": "[parameters('appServicePlanName')]",
    "resourcesLocation": "[if(empty(parameters('appServicePlanLocation')), parameters('groupLocation'), parameters('appServicePlanLocation'))]",
    "appServiceName": "[parameters('appServiceName')]",
-    "resourceGroupId": "[concat(subscription().id, '/resourceGroups/', parameters('groupName'))]"
+    "resourceGroupId": "[concat(subscription().id, '/resourceGroups/', parameters('groupName'))]",
+    "msiResourceId": "[if(empty(parameters('UMSIName')), '', concat(subscription().id, '/resourceGroups/', parameters('UMSIResourceGroupName'), '/providers/', 'Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('UMSIName')))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "identity": { "type": "None" }
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "identity": { "type": "None" }
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]",
+      "identity": "[variables('appTypeDef')[parameters('appType')].identity]"
+    }
  },
  "resources": [
    {
@ -115,6 +149,7 @@
                "[concat(variables('resourceGroupId'), '/providers/Microsoft.Web/serverfarms/', variables('appServicePlanName'))]"
              ],
              "name": "[variables('appServiceName')]",
+              "identity": "[variables('appType').identity]",
              "properties": {
                "name": "[variables('appServiceName')]",
                "hostNameSslStates": [
@ -137,12 +172,19 @@
                      "value": "true"
                    },
                    {
+                      "name": "MicrosoftAppType",
+                      "value": "[parameters('appType')]"
+                    },                    {
                      "name": "MicrosoftAppId",
                      "value": "[parameters('appId')]"
                    },
                    {
                      "name": "MicrosoftAppPassword",
                      "value": "[parameters('appSecret')]"
+                    },
+                    {
+                      "name": "MicrosoftAppTenantId",
+                      "value": "[variables('appType').tenantId]"
                    }
                  ],
                  "cors": {
@ -180,7 +222,7 @@
                "phpVersion": "",
                "pythonVersion": "",
                "nodeVersion": "",
-                "linuxFxVersion": "PYTHON|3.7",
+                "linuxFxVersion": "PYTHON|3.9",
                "requestTracingEnabled": false,
                "remoteDebuggingEnabled": false,
                "remoteDebuggingVersion": "VS2017",
--- a/samples/python/07.using-adaptive-cards/config.py
+++ b/samples/python/07.using-adaptive-cards/config.py
@ -13,3 +13,5 @@ class DefaultConfig:
    PORT = 3978
    APP_ID = os.environ.get("MicrosoftAppId", "")
    APP_PASSWORD = os.environ.get("MicrosoftAppPassword", "")
+    APP_TYPE = os.environ.get("MicrosoftAppType", "MultiTenant")
+    APP_TENANTID = os.environ.get("MicrosoftAppTenantId", "")
--- a/samples/python/07.using-adaptive-cards/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-AzureBot-with-rg.json
+++ b/samples/python/07.using-adaptive-cards/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-AzureBot-with-rg.json
@ -14,8 +14,14 @@
        "botEndpoint": {
            "value": ""
        },
+        "appType": {
+          "value": "MultiTenant"
+        },
        "appId": {
            "value": ""
+        },
+        "tenantId": {
+          "value": ""
        }
    }
 }
--- a/samples/python/07.using-adaptive-cards/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-BotApp-with-rg.json
+++ b/samples/python/07.using-adaptive-cards/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-BotApp-with-rg.json
@ -26,11 +26,17 @@
                "capacity": 1
            }
        },
+        "appType": {
+            "value": "MultiTenant"
+        },
        "appId": {
            "value": ""
        },
        "appSecret": {
            "value": ""
+        },
+        "tenantId": {
+            "value": ""
+          }
        }
-    }
 }
--- a/samples/python/07.using-adaptive-cards/deploymentTemplates/deployUseExistResourceGroup/readme.md
+++ b/samples/python/07.using-adaptive-cards/deploymentTemplates/deployUseExistResourceGroup/readme.md
@ -14,13 +14,17 @@ BotApp must be deployed prior to AzureBot.
  - **newAppServicePlanName**:          The name of the App Service Plan.
  - **newAppServicePlanLocation**:      The location of the App Service Plan.
  - **newAppServicePlanSku**:           The SKU of the App Service Plan. Defaults to Standard values.
- **appId**: (required)                 Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
- **appSecret**: (required)             Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. **Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.**
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **appSecret**: (required for MultiTenant and SingleTenant)  Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.

 ## Parameters for template-AzureBot-with-rg.json:

- **azureBotId**: (required)            The globally unique and immutable bot ID.
- **azureBotSku**:                      The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
- **azureBotRegion**:                   Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
- **botEndpoint**:                      Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
- **appId**: (required)                 Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **azureBotId**: (required)          The globally unique and immutable bot ID.
+- **azureBotSku**:                    The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
+- **azureBotRegion**:                 Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
+- **botEndpoint**:                    Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
+- **appType**:   Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **tenantId**:  The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.
--- a/samples/python/07.using-adaptive-cards/deploymentTemplates/deployUseExistResourceGroup/template-AzureBot-with-rg.json
+++ b/samples/python/07.using-adaptive-cards/deploymentTemplates/deployUseExistResourceGroup/template-AzureBot-with-rg.json
@ -29,15 +29,47 @@
        "description": "Use to handle client messages, Such as https://<botappServiceName>.azurewebsites.net/api/messages."
      }
    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
        "description": "Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings."
      }
+    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
    }
  },
  "variables": {
-    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]"
+    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]",
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "msiResourceId": ""
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "msiResourceId": ""
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]"
+    }
  },
  "resources": [
    {
@ -55,6 +87,8 @@
        "iconUrl": "https://docs.botframework.com/static/devportal/client/images/bot-framework-default.png",
        "endpoint": "[variables('botEndpoint')]",
        "msaAppId": "[parameters('appId')]",
+        "msaAppTenantId": "[variables('appType').tenantId]",
+        "msaAppType": "[parameters('appType')]",
        "luisAppIds": [],
        "schemaTransformationVersion": "1.3",
        "isCmekEnabled": false,
--- a/samples/python/07.using-adaptive-cards/deploymentTemplates/deployUseExistResourceGroup/template-BotApp-with-rg.json
+++ b/samples/python/07.using-adaptive-cards/deploymentTemplates/deployUseExistResourceGroup/template-BotApp-with-rg.json
@ -49,6 +49,17 @@
        "description": "The SKU of the App Service Plan. Defaults to Standard values."
      }
    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
@ -61,12 +72,34 @@
      "metadata": {
        "description": "Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings. Required for MultiTenant and SingleTenant app types. Defaults to \"\"."
      }
+    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
    }
  },
  "variables": {
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
    "useExistingServicePlan": "[not(empty(parameters('existingAppServicePlanName')))]",
    "servicePlanName": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanName'), parameters('newAppServicePlanName'))]",
-    "servicePlanLocation": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanLocation'), parameters('newAppServicePlanLocation'))]"
+    "servicePlanLocation": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanLocation'), parameters('newAppServicePlanLocation'))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "identity": { "type": "None" }
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "identity": { "type": "None" }
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]",
+      "identity": "[variables('appTypeDef')[parameters('appType')].identity]"
+    }
  },
  "resources": [
    {
@ -90,12 +123,13 @@
      "comments": "Create a Web App using an App Service Plan",
      "type": "Microsoft.Web/sites",
      "apiVersion": "2015-08-01",
-      "name": "[parameters('appServiceName')]",
      "location": "[variables('servicePlanLocation')]",
      "kind": "app,linux",
      "dependsOn": [
        "[resourceId('Microsoft.Web/serverfarms', variables('servicePlanName'))]"
      ],
+      "name": "[parameters('appServiceName')]",
+      "identity": "[variables('appType').identity]",
      "properties": {
        "enabled": true,
        "hostNameSslStates": [
@ -125,6 +159,10 @@
              "name": "SCM_DO_BUILD_DURING_DEPLOYMENT",
              "value": "true"
            },
+            {
+              "name": "MicrosoftAppType",
+              "value": "[parameters('appType')]"
+            },
            {
              "name": "MicrosoftAppId",
              "value": "[parameters('appId')]"
@ -132,6 +170,10 @@
            {
              "name": "MicrosoftAppPassword",
              "value": "[parameters('appSecret')]"
+            },
+            {
+              "name": "MicrosoftAppTenantId",
+              "value": "[variables('appType').tenantId]"
            }
          ],
          "cors": {
@ -168,7 +210,7 @@
        "phpVersion": "",
        "pythonVersion": "",
        "nodeVersion": "",
-        "linuxFxVersion": "PYTHON|3.7",
+        "linuxFxVersion": "PYTHON|3.9",
        "requestTracingEnabled": false,
        "remoteDebuggingEnabled": false,
        "remoteDebuggingVersion": "VS2017",
--- a/samples/python/07.using-adaptive-cards/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-AzureBot-new-rg.json
+++ b/samples/python/07.using-adaptive-cards/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-AzureBot-new-rg.json
@ -20,8 +20,14 @@
        "botEndpoint": {
            "value": ""
        },
-        "appId": {
+        "appType": {
+            "value": "MultiTenant"
+          },
+          "appId": {
+              "value": ""
+          },
+          "tenantId": {
            "value": ""
-        }
-    }
+          }
+      }
 }
--- a/samples/python/07.using-adaptive-cards/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-BotApp-new-rg.json
+++ b/samples/python/07.using-adaptive-cards/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-BotApp-new-rg.json
@ -26,11 +26,17 @@
                "capacity": 1
            }
        },
+        "appType": {
+            "value": "MultiTenant"
+        },
        "appId": {
            "value": ""
        },
        "appSecret": {
            "value": ""
+        },
+        "tenantId": {
+            "value": ""
        }
    }
 }
--- a/samples/python/07.using-adaptive-cards/deploymentTemplates/deployWithNewResourceGroup/readme.md
+++ b/samples/python/07.using-adaptive-cards/deploymentTemplates/deployWithNewResourceGroup/readme.md
@ -9,19 +9,33 @@ BotApp must be deployed prior to AzureBot.

 - **groupName**: (required)           The name of the new Resource Group.
 - **groupLocation**: (required)       The location of the new Resource Group.
- **appServiceName**: (required)      The location of the App Service Plan.
- **appServicePlanName**: (required)  The name of the App Service Plan.
- **appServicePlanLocation**:         The location of the App Service Plan. Defaults to use groupLocation.
- **appServicePlanSku**:              The SKU of the App Service Plan. Defaults to Standard values.
- **appId**: (required)               Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+
+- **appServiceName**: (required)          The location of the App Service Plan.
+- **appServicePlanName**: (required)      The name of the App Service Plan.
+- **appServicePlanLocation**:             The location of the App Service Plan. Defaults to use groupLocation.
+- **appServicePlanSku**:                  The SKU of the App Service Plan. Defaults to Standard values.
+
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
 - **appSecret**: (required for MultiTenant and SingleTenant)  Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to <Subscription Tenant ID>.
+
+More info: https://docs.microsoft.com/en-us/azure/bot-service/tutorial-provision-a-bot?view=azure-bot-service-4.0&tabs=userassigned%2Cnewgroup#create-an-identity-resource
+
+

 ## Parameters for template-AzureBot-new-rg.json:

 - **groupName**: (required)           The name of the new Resource Group.
 - **groupLocation**: (required)       The location of the new Resource Group.
+
 - **azureBotId**: (required)          The globally unique and immutable bot ID. Also used to configure the displayName of the bot, which is mutable.
 - **azureBotSku**:                    The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
 - **azureBotRegion**:                 Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
 - **botEndpoint**:                    Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
- **appId**: (required)               Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.
+
+More info: https://docs.microsoft.com/en-us/azure/bot-service/tutorial-provision-a-bot?view=azure-bot-service-4.0&tabs=userassigned%2Cnewgroup#create-an-identity-resource
--- a/samples/python/07.using-adaptive-cards/deploymentTemplates/deployWithNewResourceGroup/template-AzureBot-new-rg.json
+++ b/samples/python/07.using-adaptive-cards/deploymentTemplates/deployWithNewResourceGroup/template-AzureBot-new-rg.json
@ -41,15 +41,48 @@
        "description": "Use to handle client messages, Such as https://<botappServiceName>.azurewebsites.net/api/messages."
      }
    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
        "description": "Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings."
      }
+    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
    }
  },
  "variables": {
-    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]"
+    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]",
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
+    "msiResourceId": "[if(empty(parameters('UMSIName')), '', concat(subscription().id, '/resourceGroups/', parameters('UMSIResourceGroupName'), '/providers/', 'Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('UMSIName')))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "msiResourceId": ""
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "msiResourceId": ""
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]"
+    }
  },
  "resources": [
    {
@ -90,6 +123,8 @@
                "iconUrl": "https://docs.botframework.com/static/devportal/client/images/bot-framework-default.png",
                "endpoint": "[variables('botEndpoint')]",
                "msaAppId": "[parameters('appId')]",
+                "msaAppTenantId": "[variables('appType').tenantId]",
+                "msaAppType": "[parameters('appType')]",
                "luisAppIds": [],
                "schemaTransformationVersion": "1.3",
                "isCmekEnabled": false,
--- a/samples/python/07.using-adaptive-cards/deploymentTemplates/deployWithNewResourceGroup/template-BotApp-new-rg.json
+++ b/samples/python/07.using-adaptive-cards/deploymentTemplates/deployWithNewResourceGroup/template-BotApp-new-rg.json
@ -46,6 +46,24 @@
        "description": "The SKU of the App Service Plan. Defaults to Standard values."
      }
    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
+    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
@ -60,10 +78,26 @@
    }
  },
  "variables": {
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
    "appServicePlanName": "[parameters('appServicePlanName')]",
    "resourcesLocation": "[if(empty(parameters('appServicePlanLocation')), parameters('groupLocation'), parameters('appServicePlanLocation'))]",
    "appServiceName": "[parameters('appServiceName')]",
-    "resourceGroupId": "[concat(subscription().id, '/resourceGroups/', parameters('groupName'))]"
+    "resourceGroupId": "[concat(subscription().id, '/resourceGroups/', parameters('groupName'))]",
+    "msiResourceId": "[if(empty(parameters('UMSIName')), '', concat(subscription().id, '/resourceGroups/', parameters('UMSIResourceGroupName'), '/providers/', 'Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('UMSIName')))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "identity": { "type": "None" }
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "identity": { "type": "None" }
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]",
+      "identity": "[variables('appTypeDef')[parameters('appType')].identity]"
+    }
  },
  "resources": [
    {
@ -115,6 +149,7 @@
                "[concat(variables('resourceGroupId'), '/providers/Microsoft.Web/serverfarms/', variables('appServicePlanName'))]"
              ],
              "name": "[variables('appServiceName')]",
+              "identity": "[variables('appType').identity]",
              "properties": {
                "name": "[variables('appServiceName')]",
                "hostNameSslStates": [
@ -137,12 +172,19 @@
                      "value": "true"
                    },
                    {
+                      "name": "MicrosoftAppType",
+                      "value": "[parameters('appType')]"
+                    },                    {
                      "name": "MicrosoftAppId",
                      "value": "[parameters('appId')]"
                    },
                    {
                      "name": "MicrosoftAppPassword",
                      "value": "[parameters('appSecret')]"
+                    },
+                    {
+                      "name": "MicrosoftAppTenantId",
+                      "value": "[variables('appType').tenantId]"
                    }
                  ],
                  "cors": {
@ -180,7 +222,7 @@
                "phpVersion": "",
                "pythonVersion": "",
                "nodeVersion": "",
-                "linuxFxVersion": "PYTHON|3.7",
+                "linuxFxVersion": "PYTHON|3.9",
                "requestTracingEnabled": false,
                "remoteDebuggingEnabled": false,
                "remoteDebuggingVersion": "VS2017",
--- a/samples/python/08.suggested-actions/config.py
+++ b/samples/python/08.suggested-actions/config.py
@ -13,3 +13,5 @@ class DefaultConfig:
    PORT = 3978
    APP_ID = os.environ.get("MicrosoftAppId", "")
    APP_PASSWORD = os.environ.get("MicrosoftAppPassword", "")
+    APP_TYPE = os.environ.get("MicrosoftAppType", "MultiTenant")
+    APP_TENANTID = os.environ.get("MicrosoftAppTenantId", "")
--- a/samples/python/08.suggested-actions/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-AzureBot-with-rg.json
+++ b/samples/python/08.suggested-actions/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-AzureBot-with-rg.json
@ -14,8 +14,14 @@
        "botEndpoint": {
            "value": ""
        },
+        "appType": {
+          "value": "MultiTenant"
+        },
        "appId": {
            "value": ""
+        },
+        "tenantId": {
+          "value": ""
        }
    }
 }
--- a/samples/python/08.suggested-actions/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-BotApp-with-rg.json
+++ b/samples/python/08.suggested-actions/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-BotApp-with-rg.json
@ -26,11 +26,17 @@
                "capacity": 1
            }
        },
+        "appType": {
+            "value": "MultiTenant"
+        },
        "appId": {
            "value": ""
        },
        "appSecret": {
            "value": ""
+        },
+        "tenantId": {
+            "value": ""
+          }
        }
-    }
 }
--- a/samples/python/08.suggested-actions/deploymentTemplates/deployUseExistResourceGroup/readme.md
+++ b/samples/python/08.suggested-actions/deploymentTemplates/deployUseExistResourceGroup/readme.md
@ -14,13 +14,17 @@ BotApp must be deployed prior to AzureBot.
  - **newAppServicePlanName**:          The name of the App Service Plan.
  - **newAppServicePlanLocation**:      The location of the App Service Plan.
  - **newAppServicePlanSku**:           The SKU of the App Service Plan. Defaults to Standard values.
- **appId**: (required)                 Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
- **appSecret**: (required)             Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. **Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.**
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **appSecret**: (required for MultiTenant and SingleTenant)  Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.

 ## Parameters for template-AzureBot-with-rg.json:

- **azureBotId**: (required)            The globally unique and immutable bot ID.
- **azureBotSku**:                      The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
- **azureBotRegion**:                   Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
- **botEndpoint**:                      Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
- **appId**: (required)                 Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **azureBotId**: (required)          The globally unique and immutable bot ID.
+- **azureBotSku**:                    The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
+- **azureBotRegion**:                 Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
+- **botEndpoint**:                    Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
+- **appType**:   Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **tenantId**:  The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.
--- a/samples/python/08.suggested-actions/deploymentTemplates/deployUseExistResourceGroup/template-AzureBot-with-rg.json
+++ b/samples/python/08.suggested-actions/deploymentTemplates/deployUseExistResourceGroup/template-AzureBot-with-rg.json
@ -29,15 +29,47 @@
        "description": "Use to handle client messages, Such as https://<botappServiceName>.azurewebsites.net/api/messages."
      }
    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
        "description": "Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings."
      }
+    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
    }
  },
  "variables": {
-    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]"
+    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]",
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "msiResourceId": ""
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "msiResourceId": ""
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]"
+    }
  },
  "resources": [
    {
@ -55,6 +87,8 @@
        "iconUrl": "https://docs.botframework.com/static/devportal/client/images/bot-framework-default.png",
        "endpoint": "[variables('botEndpoint')]",
        "msaAppId": "[parameters('appId')]",
+        "msaAppTenantId": "[variables('appType').tenantId]",
+        "msaAppType": "[parameters('appType')]",
        "luisAppIds": [],
        "schemaTransformationVersion": "1.3",
        "isCmekEnabled": false,
--- a/samples/python/08.suggested-actions/deploymentTemplates/deployUseExistResourceGroup/template-BotApp-with-rg.json
+++ b/samples/python/08.suggested-actions/deploymentTemplates/deployUseExistResourceGroup/template-BotApp-with-rg.json
@ -49,6 +49,17 @@
        "description": "The SKU of the App Service Plan. Defaults to Standard values."
      }
    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
@ -61,12 +72,34 @@
      "metadata": {
        "description": "Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings. Required for MultiTenant and SingleTenant app types. Defaults to \"\"."
      }
+    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
    }
  },
  "variables": {
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
    "useExistingServicePlan": "[not(empty(parameters('existingAppServicePlanName')))]",
    "servicePlanName": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanName'), parameters('newAppServicePlanName'))]",
-    "servicePlanLocation": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanLocation'), parameters('newAppServicePlanLocation'))]"
+    "servicePlanLocation": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanLocation'), parameters('newAppServicePlanLocation'))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "identity": { "type": "None" }
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "identity": { "type": "None" }
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]",
+      "identity": "[variables('appTypeDef')[parameters('appType')].identity]"
+    }
  },
  "resources": [
    {
@ -90,12 +123,13 @@
      "comments": "Create a Web App using an App Service Plan",
      "type": "Microsoft.Web/sites",
      "apiVersion": "2015-08-01",
-      "name": "[parameters('appServiceName')]",
      "location": "[variables('servicePlanLocation')]",
      "kind": "app,linux",
      "dependsOn": [
        "[resourceId('Microsoft.Web/serverfarms', variables('servicePlanName'))]"
      ],
+      "name": "[parameters('appServiceName')]",
+      "identity": "[variables('appType').identity]",
      "properties": {
        "enabled": true,
        "hostNameSslStates": [
@ -125,6 +159,10 @@
              "name": "SCM_DO_BUILD_DURING_DEPLOYMENT",
              "value": "true"
            },
+            {
+              "name": "MicrosoftAppType",
+              "value": "[parameters('appType')]"
+            },
            {
              "name": "MicrosoftAppId",
              "value": "[parameters('appId')]"
@ -132,6 +170,10 @@
            {
              "name": "MicrosoftAppPassword",
              "value": "[parameters('appSecret')]"
+            },
+            {
+              "name": "MicrosoftAppTenantId",
+              "value": "[variables('appType').tenantId]"
            }
          ],
          "cors": {
@ -168,7 +210,7 @@
        "phpVersion": "",
        "pythonVersion": "",
        "nodeVersion": "",
-        "linuxFxVersion": "PYTHON|3.7",
+        "linuxFxVersion": "PYTHON|3.9",
        "requestTracingEnabled": false,
        "remoteDebuggingEnabled": false,
        "remoteDebuggingVersion": "VS2017",
--- a/samples/python/08.suggested-actions/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-AzureBot-new-rg.json
+++ b/samples/python/08.suggested-actions/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-AzureBot-new-rg.json
@ -20,8 +20,14 @@
        "botEndpoint": {
            "value": ""
        },
-        "appId": {
+        "appType": {
+            "value": "MultiTenant"
+          },
+          "appId": {
+              "value": ""
+          },
+          "tenantId": {
            "value": ""
-        }
-    }
+          }
+      }
 }
--- a/samples/python/08.suggested-actions/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-BotApp-new-rg.json
+++ b/samples/python/08.suggested-actions/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-BotApp-new-rg.json
@ -26,11 +26,17 @@
                "capacity": 1
            }
        },
+        "appType": {
+            "value": "MultiTenant"
+        },
        "appId": {
            "value": ""
        },
        "appSecret": {
            "value": ""
+        },
+        "tenantId": {
+            "value": ""
        }
    }
 }
--- a/samples/python/08.suggested-actions/deploymentTemplates/deployWithNewResourceGroup/readme.md
+++ b/samples/python/08.suggested-actions/deploymentTemplates/deployWithNewResourceGroup/readme.md
@ -9,19 +9,33 @@ BotApp must be deployed prior to AzureBot.

 - **groupName**: (required)           The name of the new Resource Group.
 - **groupLocation**: (required)       The location of the new Resource Group.
- **appServiceName**: (required)      The location of the App Service Plan.
- **appServicePlanName**: (required)  The name of the App Service Plan.
- **appServicePlanLocation**:         The location of the App Service Plan. Defaults to use groupLocation.
- **appServicePlanSku**:              The SKU of the App Service Plan. Defaults to Standard values.
- **appId**: (required)               Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+
+- **appServiceName**: (required)          The location of the App Service Plan.
+- **appServicePlanName**: (required)      The name of the App Service Plan.
+- **appServicePlanLocation**:             The location of the App Service Plan. Defaults to use groupLocation.
+- **appServicePlanSku**:                  The SKU of the App Service Plan. Defaults to Standard values.
+
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
 - **appSecret**: (required for MultiTenant and SingleTenant)  Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to <Subscription Tenant ID>.
+
+More info: https://docs.microsoft.com/en-us/azure/bot-service/tutorial-provision-a-bot?view=azure-bot-service-4.0&tabs=userassigned%2Cnewgroup#create-an-identity-resource
+
+

 ## Parameters for template-AzureBot-new-rg.json:

 - **groupName**: (required)           The name of the new Resource Group.
 - **groupLocation**: (required)       The location of the new Resource Group.
+
 - **azureBotId**: (required)          The globally unique and immutable bot ID. Also used to configure the displayName of the bot, which is mutable.
 - **azureBotSku**:                    The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
 - **azureBotRegion**:                 Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
 - **botEndpoint**:                    Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
- **appId**: (required)               Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.
+
+More info: https://docs.microsoft.com/en-us/azure/bot-service/tutorial-provision-a-bot?view=azure-bot-service-4.0&tabs=userassigned%2Cnewgroup#create-an-identity-resource
--- a/samples/python/08.suggested-actions/deploymentTemplates/deployWithNewResourceGroup/template-AzureBot-new-rg.json
+++ b/samples/python/08.suggested-actions/deploymentTemplates/deployWithNewResourceGroup/template-AzureBot-new-rg.json
@ -41,15 +41,48 @@
        "description": "Use to handle client messages, Such as https://<botappServiceName>.azurewebsites.net/api/messages."
      }
    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
        "description": "Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings."
      }
+    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
    }
  },
  "variables": {
-    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]"
+    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]",
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
+    "msiResourceId": "[if(empty(parameters('UMSIName')), '', concat(subscription().id, '/resourceGroups/', parameters('UMSIResourceGroupName'), '/providers/', 'Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('UMSIName')))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "msiResourceId": ""
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "msiResourceId": ""
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]"
+    }
  },
  "resources": [
    {
@ -90,6 +123,8 @@
                "iconUrl": "https://docs.botframework.com/static/devportal/client/images/bot-framework-default.png",
                "endpoint": "[variables('botEndpoint')]",
                "msaAppId": "[parameters('appId')]",
+                "msaAppTenantId": "[variables('appType').tenantId]",
+                "msaAppType": "[parameters('appType')]",
                "luisAppIds": [],
                "schemaTransformationVersion": "1.3",
                "isCmekEnabled": false,
--- a/samples/python/08.suggested-actions/deploymentTemplates/deployWithNewResourceGroup/template-BotApp-new-rg.json
+++ b/samples/python/08.suggested-actions/deploymentTemplates/deployWithNewResourceGroup/template-BotApp-new-rg.json
@ -46,6 +46,24 @@
        "description": "The SKU of the App Service Plan. Defaults to Standard values."
      }
    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
+    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
@ -60,10 +78,26 @@
    }
  },
  "variables": {
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
    "appServicePlanName": "[parameters('appServicePlanName')]",
    "resourcesLocation": "[if(empty(parameters('appServicePlanLocation')), parameters('groupLocation'), parameters('appServicePlanLocation'))]",
    "appServiceName": "[parameters('appServiceName')]",
-    "resourceGroupId": "[concat(subscription().id, '/resourceGroups/', parameters('groupName'))]"
+    "resourceGroupId": "[concat(subscription().id, '/resourceGroups/', parameters('groupName'))]",
+    "msiResourceId": "[if(empty(parameters('UMSIName')), '', concat(subscription().id, '/resourceGroups/', parameters('UMSIResourceGroupName'), '/providers/', 'Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('UMSIName')))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "identity": { "type": "None" }
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "identity": { "type": "None" }
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]",
+      "identity": "[variables('appTypeDef')[parameters('appType')].identity]"
+    }
  },
  "resources": [
    {
@ -115,6 +149,7 @@
                "[concat(variables('resourceGroupId'), '/providers/Microsoft.Web/serverfarms/', variables('appServicePlanName'))]"
              ],
              "name": "[variables('appServiceName')]",
+              "identity": "[variables('appType').identity]",
              "properties": {
                "name": "[variables('appServiceName')]",
                "hostNameSslStates": [
@ -137,12 +172,19 @@
                      "value": "true"
                    },
                    {
+                      "name": "MicrosoftAppType",
+                      "value": "[parameters('appType')]"
+                    },                    {
                      "name": "MicrosoftAppId",
                      "value": "[parameters('appId')]"
                    },
                    {
                      "name": "MicrosoftAppPassword",
                      "value": "[parameters('appSecret')]"
+                    },
+                    {
+                      "name": "MicrosoftAppTenantId",
+                      "value": "[variables('appType').tenantId]"
                    }
                  ],
                  "cors": {
@ -180,7 +222,7 @@
                "phpVersion": "",
                "pythonVersion": "",
                "nodeVersion": "",
-                "linuxFxVersion": "PYTHON|3.7",
+                "linuxFxVersion": "PYTHON|3.9",
                "requestTracingEnabled": false,
                "remoteDebuggingEnabled": false,
                "remoteDebuggingVersion": "VS2017",
--- a/samples/python/13.core-bot/config.py
+++ b/samples/python/13.core-bot/config.py
@ -13,6 +13,8 @@ class DefaultConfig:
    PORT = 3978
    APP_ID = os.environ.get("MicrosoftAppId", "")
    APP_PASSWORD = os.environ.get("MicrosoftAppPassword", "")
+    APP_TYPE = os.environ.get("MicrosoftAppType", "MultiTenant")
+    APP_TENANTID = os.environ.get("MicrosoftAppTenantId", "")
    LUIS_APP_ID = os.environ.get("LuisAppId", "")
    LUIS_API_KEY = os.environ.get("LuisAPIKey", "")
    # LUIS endpoint host name, ie "westus.api.cognitive.microsoft.com"
--- a/samples/python/13.core-bot/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-AzureBot-with-rg.json
+++ b/samples/python/13.core-bot/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-AzureBot-with-rg.json
@ -14,8 +14,14 @@
        "botEndpoint": {
            "value": ""
        },
+        "appType": {
+          "value": "MultiTenant"
+        },
        "appId": {
            "value": ""
+        },
+        "tenantId": {
+          "value": ""
        }
    }
 }
--- a/samples/python/13.core-bot/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-BotApp-with-rg.json
+++ b/samples/python/13.core-bot/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-BotApp-with-rg.json
@ -26,11 +26,17 @@
                "capacity": 1
            }
        },
+        "appType": {
+            "value": "MultiTenant"
+        },
        "appId": {
            "value": ""
        },
        "appSecret": {
            "value": ""
+        },
+        "tenantId": {
+            "value": ""
+          }
        }
-    }
 }
--- a/samples/python/13.core-bot/deploymentTemplates/deployUseExistResourceGroup/readme.md
+++ b/samples/python/13.core-bot/deploymentTemplates/deployUseExistResourceGroup/readme.md
@ -14,13 +14,17 @@ BotApp must be deployed prior to AzureBot.
  - **newAppServicePlanName**:          The name of the App Service Plan.
  - **newAppServicePlanLocation**:      The location of the App Service Plan.
  - **newAppServicePlanSku**:           The SKU of the App Service Plan. Defaults to Standard values.
- **appId**: (required)                 Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
- **appSecret**: (required)             Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. **Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.**
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **appSecret**: (required for MultiTenant and SingleTenant)  Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.

 ## Parameters for template-AzureBot-with-rg.json:

- **azureBotId**: (required)            The globally unique and immutable bot ID.
- **azureBotSku**:                      The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
- **azureBotRegion**:                   Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
- **botEndpoint**:                      Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
- **appId**: (required)                 Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **azureBotId**: (required)          The globally unique and immutable bot ID.
+- **azureBotSku**:                    The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
+- **azureBotRegion**:                 Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
+- **botEndpoint**:                    Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
+- **appType**:   Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **tenantId**:  The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.
--- a/samples/python/13.core-bot/deploymentTemplates/deployUseExistResourceGroup/template-AzureBot-with-rg.json
+++ b/samples/python/13.core-bot/deploymentTemplates/deployUseExistResourceGroup/template-AzureBot-with-rg.json
@ -29,15 +29,47 @@
        "description": "Use to handle client messages, Such as https://<botappServiceName>.azurewebsites.net/api/messages."
      }
    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
        "description": "Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings."
      }
+    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
    }
  },
  "variables": {
-    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]"
+    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]",
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "msiResourceId": ""
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "msiResourceId": ""
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]"
+    }
  },
  "resources": [
    {
@ -55,6 +87,8 @@
        "iconUrl": "https://docs.botframework.com/static/devportal/client/images/bot-framework-default.png",
        "endpoint": "[variables('botEndpoint')]",
        "msaAppId": "[parameters('appId')]",
+        "msaAppTenantId": "[variables('appType').tenantId]",
+        "msaAppType": "[parameters('appType')]",
        "luisAppIds": [],
        "schemaTransformationVersion": "1.3",
        "isCmekEnabled": false,
--- a/samples/python/13.core-bot/deploymentTemplates/deployUseExistResourceGroup/template-BotApp-with-rg.json
+++ b/samples/python/13.core-bot/deploymentTemplates/deployUseExistResourceGroup/template-BotApp-with-rg.json
@ -49,6 +49,17 @@
        "description": "The SKU of the App Service Plan. Defaults to Standard values."
      }
    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
@ -61,12 +72,34 @@
      "metadata": {
        "description": "Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings. Required for MultiTenant and SingleTenant app types. Defaults to \"\"."
      }
+    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
    }
  },
  "variables": {
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
    "useExistingServicePlan": "[not(empty(parameters('existingAppServicePlanName')))]",
    "servicePlanName": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanName'), parameters('newAppServicePlanName'))]",
-    "servicePlanLocation": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanLocation'), parameters('newAppServicePlanLocation'))]"
+    "servicePlanLocation": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanLocation'), parameters('newAppServicePlanLocation'))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "identity": { "type": "None" }
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "identity": { "type": "None" }
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]",
+      "identity": "[variables('appTypeDef')[parameters('appType')].identity]"
+    }
  },
  "resources": [
    {
@ -90,12 +123,13 @@
      "comments": "Create a Web App using an App Service Plan",
      "type": "Microsoft.Web/sites",
      "apiVersion": "2015-08-01",
-      "name": "[parameters('appServiceName')]",
      "location": "[variables('servicePlanLocation')]",
      "kind": "app,linux",
      "dependsOn": [
        "[resourceId('Microsoft.Web/serverfarms', variables('servicePlanName'))]"
      ],
+      "name": "[parameters('appServiceName')]",
+      "identity": "[variables('appType').identity]",
      "properties": {
        "enabled": true,
        "hostNameSslStates": [
@ -125,6 +159,10 @@
              "name": "SCM_DO_BUILD_DURING_DEPLOYMENT",
              "value": "true"
            },
+            {
+              "name": "MicrosoftAppType",
+              "value": "[parameters('appType')]"
+            },
            {
              "name": "MicrosoftAppId",
              "value": "[parameters('appId')]"
@ -132,6 +170,10 @@
            {
              "name": "MicrosoftAppPassword",
              "value": "[parameters('appSecret')]"
+            },
+            {
+              "name": "MicrosoftAppTenantId",
+              "value": "[variables('appType').tenantId]"
            }
          ],
          "cors": {
@ -168,7 +210,7 @@
        "phpVersion": "",
        "pythonVersion": "",
        "nodeVersion": "",
-        "linuxFxVersion": "PYTHON|3.7",
+        "linuxFxVersion": "PYTHON|3.9",
        "requestTracingEnabled": false,
        "remoteDebuggingEnabled": false,
        "remoteDebuggingVersion": "VS2017",
--- a/samples/python/13.core-bot/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-AzureBot-new-rg.json
+++ b/samples/python/13.core-bot/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-AzureBot-new-rg.json
@ -20,8 +20,14 @@
        "botEndpoint": {
            "value": ""
        },
-        "appId": {
+        "appType": {
+            "value": "MultiTenant"
+          },
+          "appId": {
+              "value": ""
+          },
+          "tenantId": {
            "value": ""
-        }
-    }
+          }
+      }
 }
--- a/samples/python/13.core-bot/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-BotApp-new-rg.json
+++ b/samples/python/13.core-bot/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-BotApp-new-rg.json
@ -26,11 +26,17 @@
                "capacity": 1
            }
        },
+        "appType": {
+            "value": "MultiTenant"
+        },
        "appId": {
            "value": ""
        },
        "appSecret": {
            "value": ""
+        },
+        "tenantId": {
+            "value": ""
        }
    }
 }
--- a/samples/python/13.core-bot/deploymentTemplates/deployWithNewResourceGroup/readme.md
+++ b/samples/python/13.core-bot/deploymentTemplates/deployWithNewResourceGroup/readme.md
@ -9,19 +9,33 @@ BotApp must be deployed prior to AzureBot.

 - **groupName**: (required)           The name of the new Resource Group.
 - **groupLocation**: (required)       The location of the new Resource Group.
- **appServiceName**: (required)      The location of the App Service Plan.
- **appServicePlanName**: (required)  The name of the App Service Plan.
- **appServicePlanLocation**:         The location of the App Service Plan. Defaults to use groupLocation.
- **appServicePlanSku**:              The SKU of the App Service Plan. Defaults to Standard values.
- **appId**: (required)               Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+
+- **appServiceName**: (required)          The location of the App Service Plan.
+- **appServicePlanName**: (required)      The name of the App Service Plan.
+- **appServicePlanLocation**:             The location of the App Service Plan. Defaults to use groupLocation.
+- **appServicePlanSku**:                  The SKU of the App Service Plan. Defaults to Standard values.
+
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
 - **appSecret**: (required for MultiTenant and SingleTenant)  Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to <Subscription Tenant ID>.
+
+More info: https://docs.microsoft.com/en-us/azure/bot-service/tutorial-provision-a-bot?view=azure-bot-service-4.0&tabs=userassigned%2Cnewgroup#create-an-identity-resource
+
+

 ## Parameters for template-AzureBot-new-rg.json:

 - **groupName**: (required)           The name of the new Resource Group.
 - **groupLocation**: (required)       The location of the new Resource Group.
+
 - **azureBotId**: (required)          The globally unique and immutable bot ID. Also used to configure the displayName of the bot, which is mutable.
 - **azureBotSku**:                    The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
 - **azureBotRegion**:                 Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
 - **botEndpoint**:                    Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
- **appId**: (required)               Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.
+
+More info: https://docs.microsoft.com/en-us/azure/bot-service/tutorial-provision-a-bot?view=azure-bot-service-4.0&tabs=userassigned%2Cnewgroup#create-an-identity-resource
--- a/samples/python/13.core-bot/deploymentTemplates/deployWithNewResourceGroup/template-AzureBot-new-rg.json
+++ b/samples/python/13.core-bot/deploymentTemplates/deployWithNewResourceGroup/template-AzureBot-new-rg.json
@ -41,15 +41,48 @@
        "description": "Use to handle client messages, Such as https://<botappServiceName>.azurewebsites.net/api/messages."
      }
    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
        "description": "Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings."
      }
+    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
    }
  },
  "variables": {
-    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]"
+    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]",
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
+    "msiResourceId": "[if(empty(parameters('UMSIName')), '', concat(subscription().id, '/resourceGroups/', parameters('UMSIResourceGroupName'), '/providers/', 'Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('UMSIName')))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "msiResourceId": ""
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "msiResourceId": ""
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]"
+    }
  },
  "resources": [
    {
@ -90,6 +123,8 @@
                "iconUrl": "https://docs.botframework.com/static/devportal/client/images/bot-framework-default.png",
                "endpoint": "[variables('botEndpoint')]",
                "msaAppId": "[parameters('appId')]",
+                "msaAppTenantId": "[variables('appType').tenantId]",
+                "msaAppType": "[parameters('appType')]",
                "luisAppIds": [],
                "schemaTransformationVersion": "1.3",
                "isCmekEnabled": false,
--- a/samples/python/13.core-bot/deploymentTemplates/deployWithNewResourceGroup/template-BotApp-new-rg.json
+++ b/samples/python/13.core-bot/deploymentTemplates/deployWithNewResourceGroup/template-BotApp-new-rg.json
@ -46,6 +46,24 @@
        "description": "The SKU of the App Service Plan. Defaults to Standard values."
      }
    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
+    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
@ -60,10 +78,26 @@
    }
  },
  "variables": {
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
    "appServicePlanName": "[parameters('appServicePlanName')]",
    "resourcesLocation": "[if(empty(parameters('appServicePlanLocation')), parameters('groupLocation'), parameters('appServicePlanLocation'))]",
    "appServiceName": "[parameters('appServiceName')]",
-    "resourceGroupId": "[concat(subscription().id, '/resourceGroups/', parameters('groupName'))]"
+    "resourceGroupId": "[concat(subscription().id, '/resourceGroups/', parameters('groupName'))]",
+    "msiResourceId": "[if(empty(parameters('UMSIName')), '', concat(subscription().id, '/resourceGroups/', parameters('UMSIResourceGroupName'), '/providers/', 'Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('UMSIName')))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "identity": { "type": "None" }
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "identity": { "type": "None" }
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]",
+      "identity": "[variables('appTypeDef')[parameters('appType')].identity]"
+    }
  },
  "resources": [
    {
@ -115,6 +149,7 @@
                "[concat(variables('resourceGroupId'), '/providers/Microsoft.Web/serverfarms/', variables('appServicePlanName'))]"
              ],
              "name": "[variables('appServiceName')]",
+              "identity": "[variables('appType').identity]",
              "properties": {
                "name": "[variables('appServiceName')]",
                "hostNameSslStates": [
@ -137,12 +172,19 @@
                      "value": "true"
                    },
                    {
+                      "name": "MicrosoftAppType",
+                      "value": "[parameters('appType')]"
+                    },                    {
                      "name": "MicrosoftAppId",
                      "value": "[parameters('appId')]"
                    },
                    {
                      "name": "MicrosoftAppPassword",
                      "value": "[parameters('appSecret')]"
+                    },
+                    {
+                      "name": "MicrosoftAppTenantId",
+                      "value": "[variables('appType').tenantId]"
                    }
                  ],
                  "cors": {
@ -180,7 +222,7 @@
                "phpVersion": "",
                "pythonVersion": "",
                "nodeVersion": "",
-                "linuxFxVersion": "PYTHON|3.7",
+                "linuxFxVersion": "PYTHON|3.9",
                "requestTracingEnabled": false,
                "remoteDebuggingEnabled": false,
                "remoteDebuggingVersion": "VS2017",
--- a/samples/python/15.handling-attachments/config.py
+++ b/samples/python/15.handling-attachments/config.py
@ -13,3 +13,5 @@ class DefaultConfig:
    PORT = 3978
    APP_ID = os.environ.get("MicrosoftAppId", "")
    APP_PASSWORD = os.environ.get("MicrosoftAppPassword", "")
+    APP_TYPE = os.environ.get("MicrosoftAppType", "MultiTenant")
+    APP_TENANTID = os.environ.get("MicrosoftAppTenantId", "")
--- a/samples/python/15.handling-attachments/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-AzureBot-with-rg.json
+++ b/samples/python/15.handling-attachments/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-AzureBot-with-rg.json
@ -14,8 +14,14 @@
        "botEndpoint": {
            "value": ""
        },
+        "appType": {
+          "value": "MultiTenant"
+        },
        "appId": {
            "value": ""
+        },
+        "tenantId": {
+          "value": ""
        }
    }
 }
--- a/samples/python/15.handling-attachments/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-BotApp-with-rg.json
+++ b/samples/python/15.handling-attachments/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-BotApp-with-rg.json
@ -26,11 +26,17 @@
                "capacity": 1
            }
        },
+        "appType": {
+            "value": "MultiTenant"
+        },
        "appId": {
            "value": ""
        },
        "appSecret": {
            "value": ""
+        },
+        "tenantId": {
+            "value": ""
+          }
        }
-    }
 }
--- a/samples/python/15.handling-attachments/deploymentTemplates/deployUseExistResourceGroup/readme.md
+++ b/samples/python/15.handling-attachments/deploymentTemplates/deployUseExistResourceGroup/readme.md
@ -14,13 +14,17 @@ BotApp must be deployed prior to AzureBot.
  - **newAppServicePlanName**:          The name of the App Service Plan.
  - **newAppServicePlanLocation**:      The location of the App Service Plan.
  - **newAppServicePlanSku**:           The SKU of the App Service Plan. Defaults to Standard values.
- **appId**: (required)                 Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
- **appSecret**: (required)             Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. **Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.**
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **appSecret**: (required for MultiTenant and SingleTenant)  Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.

 ## Parameters for template-AzureBot-with-rg.json:

- **azureBotId**: (required)            The globally unique and immutable bot ID.
- **azureBotSku**:                      The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
- **azureBotRegion**:                   Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
- **botEndpoint**:                      Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
- **appId**: (required)                 Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **azureBotId**: (required)          The globally unique and immutable bot ID.
+- **azureBotSku**:                    The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
+- **azureBotRegion**:                 Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
+- **botEndpoint**:                    Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
+- **appType**:   Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **tenantId**:  The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.
--- a/samples/python/15.handling-attachments/deploymentTemplates/deployUseExistResourceGroup/template-AzureBot-with-rg.json
+++ b/samples/python/15.handling-attachments/deploymentTemplates/deployUseExistResourceGroup/template-AzureBot-with-rg.json
@ -29,15 +29,47 @@
        "description": "Use to handle client messages, Such as https://<botappServiceName>.azurewebsites.net/api/messages."
      }
    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
        "description": "Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings."
      }
+    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
    }
  },
  "variables": {
-    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]"
+    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]",
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "msiResourceId": ""
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "msiResourceId": ""
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]"
+    }
  },
  "resources": [
    {
@ -55,6 +87,8 @@
        "iconUrl": "https://docs.botframework.com/static/devportal/client/images/bot-framework-default.png",
        "endpoint": "[variables('botEndpoint')]",
        "msaAppId": "[parameters('appId')]",
+        "msaAppTenantId": "[variables('appType').tenantId]",
+        "msaAppType": "[parameters('appType')]",
        "luisAppIds": [],
        "schemaTransformationVersion": "1.3",
        "isCmekEnabled": false,
--- a/samples/python/15.handling-attachments/deploymentTemplates/deployUseExistResourceGroup/template-BotApp-with-rg.json
+++ b/samples/python/15.handling-attachments/deploymentTemplates/deployUseExistResourceGroup/template-BotApp-with-rg.json
@ -49,6 +49,17 @@
        "description": "The SKU of the App Service Plan. Defaults to Standard values."
      }
    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
@ -61,12 +72,34 @@
      "metadata": {
        "description": "Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings. Required for MultiTenant and SingleTenant app types. Defaults to \"\"."
      }
+    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
    }
  },
  "variables": {
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
    "useExistingServicePlan": "[not(empty(parameters('existingAppServicePlanName')))]",
    "servicePlanName": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanName'), parameters('newAppServicePlanName'))]",
-    "servicePlanLocation": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanLocation'), parameters('newAppServicePlanLocation'))]"
+    "servicePlanLocation": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanLocation'), parameters('newAppServicePlanLocation'))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "identity": { "type": "None" }
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "identity": { "type": "None" }
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]",
+      "identity": "[variables('appTypeDef')[parameters('appType')].identity]"
+    }
  },
  "resources": [
    {
@ -90,12 +123,13 @@
      "comments": "Create a Web App using an App Service Plan",
      "type": "Microsoft.Web/sites",
      "apiVersion": "2015-08-01",
-      "name": "[parameters('appServiceName')]",
      "location": "[variables('servicePlanLocation')]",
      "kind": "app,linux",
      "dependsOn": [
        "[resourceId('Microsoft.Web/serverfarms', variables('servicePlanName'))]"
      ],
+      "name": "[parameters('appServiceName')]",
+      "identity": "[variables('appType').identity]",
      "properties": {
        "enabled": true,
        "hostNameSslStates": [
@ -125,6 +159,10 @@
              "name": "SCM_DO_BUILD_DURING_DEPLOYMENT",
              "value": "true"
            },
+            {
+              "name": "MicrosoftAppType",
+              "value": "[parameters('appType')]"
+            },
            {
              "name": "MicrosoftAppId",
              "value": "[parameters('appId')]"
@ -132,6 +170,10 @@
            {
              "name": "MicrosoftAppPassword",
              "value": "[parameters('appSecret')]"
+            },
+            {
+              "name": "MicrosoftAppTenantId",
+              "value": "[variables('appType').tenantId]"
            }
          ],
          "cors": {
@ -168,7 +210,7 @@
        "phpVersion": "",
        "pythonVersion": "",
        "nodeVersion": "",
-        "linuxFxVersion": "PYTHON|3.7",
+        "linuxFxVersion": "PYTHON|3.9",
        "requestTracingEnabled": false,
        "remoteDebuggingEnabled": false,
        "remoteDebuggingVersion": "VS2017",
--- a/samples/python/15.handling-attachments/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-AzureBot-new-rg.json
+++ b/samples/python/15.handling-attachments/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-AzureBot-new-rg.json
@ -20,8 +20,14 @@
        "botEndpoint": {
            "value": ""
        },
-        "appId": {
+        "appType": {
+            "value": "MultiTenant"
+          },
+          "appId": {
+              "value": ""
+          },
+          "tenantId": {
            "value": ""
-        }
-    }
+          }
+      }
 }
--- a/samples/python/15.handling-attachments/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-BotApp-new-rg.json
+++ b/samples/python/15.handling-attachments/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-BotApp-new-rg.json
@ -26,11 +26,17 @@
                "capacity": 1
            }
        },
+        "appType": {
+            "value": "MultiTenant"
+        },
        "appId": {
            "value": ""
        },
        "appSecret": {
            "value": ""
+        },
+        "tenantId": {
+            "value": ""
        }
    }
 }
--- a/samples/python/15.handling-attachments/deploymentTemplates/deployWithNewResourceGroup/readme.md
+++ b/samples/python/15.handling-attachments/deploymentTemplates/deployWithNewResourceGroup/readme.md
@ -9,19 +9,33 @@ BotApp must be deployed prior to AzureBot.

 - **groupName**: (required)           The name of the new Resource Group.
 - **groupLocation**: (required)       The location of the new Resource Group.
- **appServiceName**: (required)      The location of the App Service Plan.
- **appServicePlanName**: (required)  The name of the App Service Plan.
- **appServicePlanLocation**:         The location of the App Service Plan. Defaults to use groupLocation.
- **appServicePlanSku**:              The SKU of the App Service Plan. Defaults to Standard values.
- **appId**: (required)               Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+
+- **appServiceName**: (required)          The location of the App Service Plan.
+- **appServicePlanName**: (required)      The name of the App Service Plan.
+- **appServicePlanLocation**:             The location of the App Service Plan. Defaults to use groupLocation.
+- **appServicePlanSku**:                  The SKU of the App Service Plan. Defaults to Standard values.
+
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
 - **appSecret**: (required for MultiTenant and SingleTenant)  Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to <Subscription Tenant ID>.
+
+More info: https://docs.microsoft.com/en-us/azure/bot-service/tutorial-provision-a-bot?view=azure-bot-service-4.0&tabs=userassigned%2Cnewgroup#create-an-identity-resource
+
+

 ## Parameters for template-AzureBot-new-rg.json:

 - **groupName**: (required)           The name of the new Resource Group.
 - **groupLocation**: (required)       The location of the new Resource Group.
+
 - **azureBotId**: (required)          The globally unique and immutable bot ID. Also used to configure the displayName of the bot, which is mutable.
 - **azureBotSku**:                    The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
 - **azureBotRegion**:                 Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
 - **botEndpoint**:                    Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
- **appId**: (required)               Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.
+
+More info: https://docs.microsoft.com/en-us/azure/bot-service/tutorial-provision-a-bot?view=azure-bot-service-4.0&tabs=userassigned%2Cnewgroup#create-an-identity-resource
--- a/samples/python/15.handling-attachments/deploymentTemplates/deployWithNewResourceGroup/template-AzureBot-new-rg.json
+++ b/samples/python/15.handling-attachments/deploymentTemplates/deployWithNewResourceGroup/template-AzureBot-new-rg.json
@ -41,15 +41,48 @@
        "description": "Use to handle client messages, Such as https://<botappServiceName>.azurewebsites.net/api/messages."
      }
    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
        "description": "Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings."
      }
+    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
    }
  },
  "variables": {
-    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]"
+    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]",
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
+    "msiResourceId": "[if(empty(parameters('UMSIName')), '', concat(subscription().id, '/resourceGroups/', parameters('UMSIResourceGroupName'), '/providers/', 'Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('UMSIName')))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "msiResourceId": ""
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "msiResourceId": ""
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]"
+    }
  },
  "resources": [
    {
@ -90,6 +123,8 @@
                "iconUrl": "https://docs.botframework.com/static/devportal/client/images/bot-framework-default.png",
                "endpoint": "[variables('botEndpoint')]",
                "msaAppId": "[parameters('appId')]",
+                "msaAppTenantId": "[variables('appType').tenantId]",
+                "msaAppType": "[parameters('appType')]",
                "luisAppIds": [],
                "schemaTransformationVersion": "1.3",
                "isCmekEnabled": false,
--- a/samples/python/15.handling-attachments/deploymentTemplates/deployWithNewResourceGroup/template-BotApp-new-rg.json
+++ b/samples/python/15.handling-attachments/deploymentTemplates/deployWithNewResourceGroup/template-BotApp-new-rg.json
@ -46,6 +46,24 @@
        "description": "The SKU of the App Service Plan. Defaults to Standard values."
      }
    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
+    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
@ -60,10 +78,26 @@
    }
  },
  "variables": {
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
    "appServicePlanName": "[parameters('appServicePlanName')]",
    "resourcesLocation": "[if(empty(parameters('appServicePlanLocation')), parameters('groupLocation'), parameters('appServicePlanLocation'))]",
    "appServiceName": "[parameters('appServiceName')]",
-    "resourceGroupId": "[concat(subscription().id, '/resourceGroups/', parameters('groupName'))]"
+    "resourceGroupId": "[concat(subscription().id, '/resourceGroups/', parameters('groupName'))]",
+    "msiResourceId": "[if(empty(parameters('UMSIName')), '', concat(subscription().id, '/resourceGroups/', parameters('UMSIResourceGroupName'), '/providers/', 'Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('UMSIName')))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "identity": { "type": "None" }
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "identity": { "type": "None" }
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]",
+      "identity": "[variables('appTypeDef')[parameters('appType')].identity]"
+    }
  },
  "resources": [
    {
@ -115,6 +149,7 @@
                "[concat(variables('resourceGroupId'), '/providers/Microsoft.Web/serverfarms/', variables('appServicePlanName'))]"
              ],
              "name": "[variables('appServiceName')]",
+              "identity": "[variables('appType').identity]",
              "properties": {
                "name": "[variables('appServiceName')]",
                "hostNameSslStates": [
@ -137,12 +172,19 @@
                      "value": "true"
                    },
                    {
+                      "name": "MicrosoftAppType",
+                      "value": "[parameters('appType')]"
+                    },                    {
                      "name": "MicrosoftAppId",
                      "value": "[parameters('appId')]"
                    },
                    {
                      "name": "MicrosoftAppPassword",
                      "value": "[parameters('appSecret')]"
+                    },
+                    {
+                      "name": "MicrosoftAppTenantId",
+                      "value": "[variables('appType').tenantId]"
                    }
                  ],
                  "cors": {
@ -180,7 +222,7 @@
                "phpVersion": "",
                "pythonVersion": "",
                "nodeVersion": "",
-                "linuxFxVersion": "PYTHON|3.7",
+                "linuxFxVersion": "PYTHON|3.9",
                "requestTracingEnabled": false,
                "remoteDebuggingEnabled": false,
                "remoteDebuggingVersion": "VS2017",
--- a/samples/python/16.proactive-messages/config.py
+++ b/samples/python/16.proactive-messages/config.py
@ -13,3 +13,5 @@ class DefaultConfig:
    PORT = 3978
    APP_ID = os.environ.get("MicrosoftAppId", "")
    APP_PASSWORD = os.environ.get("MicrosoftAppPassword", "")
+    APP_TYPE = os.environ.get("MicrosoftAppType", "MultiTenant")
+    APP_TENANTID = os.environ.get("MicrosoftAppTenantId", "")
--- a/samples/python/16.proactive-messages/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-AzureBot-with-rg.json
+++ b/samples/python/16.proactive-messages/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-AzureBot-with-rg.json
@ -14,8 +14,14 @@
        "botEndpoint": {
            "value": ""
        },
+        "appType": {
+          "value": "MultiTenant"
+        },
        "appId": {
            "value": ""
+        },
+        "tenantId": {
+          "value": ""
        }
    }
 }
--- a/samples/python/16.proactive-messages/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-BotApp-with-rg.json
+++ b/samples/python/16.proactive-messages/deploymentTemplates/deployUseExistResourceGroup/parameters-for-template-BotApp-with-rg.json
@ -26,11 +26,17 @@
                "capacity": 1
            }
        },
+        "appType": {
+            "value": "MultiTenant"
+        },
        "appId": {
            "value": ""
        },
        "appSecret": {
            "value": ""
+        },
+        "tenantId": {
+            "value": ""
+          }
        }
-    }
 }
--- a/samples/python/16.proactive-messages/deploymentTemplates/deployUseExistResourceGroup/readme.md
+++ b/samples/python/16.proactive-messages/deploymentTemplates/deployUseExistResourceGroup/readme.md
@ -14,13 +14,17 @@ BotApp must be deployed prior to AzureBot.
  - **newAppServicePlanName**:          The name of the App Service Plan.
  - **newAppServicePlanLocation**:      The location of the App Service Plan.
  - **newAppServicePlanSku**:           The SKU of the App Service Plan. Defaults to Standard values.
- **appId**: (required)                 Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
- **appSecret**: (required)             Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. **Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.**
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **appSecret**: (required for MultiTenant and SingleTenant)  Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.

 ## Parameters for template-AzureBot-with-rg.json:

- **azureBotId**: (required)            The globally unique and immutable bot ID.
- **azureBotSku**:                      The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
- **azureBotRegion**:                   Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
- **botEndpoint**:                      Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
- **appId**: (required)                 Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **azureBotId**: (required)          The globally unique and immutable bot ID.
+- **azureBotSku**:                    The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
+- **azureBotRegion**:                 Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
+- **botEndpoint**:                    Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
+- **appType**:   Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **tenantId**:  The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.
--- a/samples/python/16.proactive-messages/deploymentTemplates/deployUseExistResourceGroup/template-AzureBot-with-rg.json
+++ b/samples/python/16.proactive-messages/deploymentTemplates/deployUseExistResourceGroup/template-AzureBot-with-rg.json
@ -29,15 +29,47 @@
        "description": "Use to handle client messages, Such as https://<botappServiceName>.azurewebsites.net/api/messages."
      }
    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
        "description": "Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings."
      }
+    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
    }
  },
  "variables": {
-    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]"
+    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]",
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "msiResourceId": ""
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "msiResourceId": ""
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]"
+    }
  },
  "resources": [
    {
@ -55,6 +87,8 @@
        "iconUrl": "https://docs.botframework.com/static/devportal/client/images/bot-framework-default.png",
        "endpoint": "[variables('botEndpoint')]",
        "msaAppId": "[parameters('appId')]",
+        "msaAppTenantId": "[variables('appType').tenantId]",
+        "msaAppType": "[parameters('appType')]",
        "luisAppIds": [],
        "schemaTransformationVersion": "1.3",
        "isCmekEnabled": false,
--- a/samples/python/16.proactive-messages/deploymentTemplates/deployUseExistResourceGroup/template-BotApp-with-rg.json
+++ b/samples/python/16.proactive-messages/deploymentTemplates/deployUseExistResourceGroup/template-BotApp-with-rg.json
@ -49,6 +49,17 @@
        "description": "The SKU of the App Service Plan. Defaults to Standard values."
      }
    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
@ -61,12 +72,34 @@
      "metadata": {
        "description": "Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings. Required for MultiTenant and SingleTenant app types. Defaults to \"\"."
      }
+    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
    }
  },
  "variables": {
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
    "useExistingServicePlan": "[not(empty(parameters('existingAppServicePlanName')))]",
    "servicePlanName": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanName'), parameters('newAppServicePlanName'))]",
-    "servicePlanLocation": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanLocation'), parameters('newAppServicePlanLocation'))]"
+    "servicePlanLocation": "[if(variables('useExistingServicePlan'), parameters('existingAppServicePlanLocation'), parameters('newAppServicePlanLocation'))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "identity": { "type": "None" }
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "identity": { "type": "None" }
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]",
+      "identity": "[variables('appTypeDef')[parameters('appType')].identity]"
+    }
  },
  "resources": [
    {
@ -90,12 +123,13 @@
      "comments": "Create a Web App using an App Service Plan",
      "type": "Microsoft.Web/sites",
      "apiVersion": "2015-08-01",
-      "name": "[parameters('appServiceName')]",
      "location": "[variables('servicePlanLocation')]",
      "kind": "app,linux",
      "dependsOn": [
        "[resourceId('Microsoft.Web/serverfarms', variables('servicePlanName'))]"
      ],
+      "name": "[parameters('appServiceName')]",
+      "identity": "[variables('appType').identity]",
      "properties": {
        "enabled": true,
        "hostNameSslStates": [
@ -125,6 +159,10 @@
              "name": "SCM_DO_BUILD_DURING_DEPLOYMENT",
              "value": "true"
            },
+            {
+              "name": "MicrosoftAppType",
+              "value": "[parameters('appType')]"
+            },
            {
              "name": "MicrosoftAppId",
              "value": "[parameters('appId')]"
@ -132,6 +170,10 @@
            {
              "name": "MicrosoftAppPassword",
              "value": "[parameters('appSecret')]"
+            },
+            {
+              "name": "MicrosoftAppTenantId",
+              "value": "[variables('appType').tenantId]"
            }
          ],
          "cors": {
@ -168,7 +210,7 @@
        "phpVersion": "",
        "pythonVersion": "",
        "nodeVersion": "",
-        "linuxFxVersion": "PYTHON|3.7",
+        "linuxFxVersion": "PYTHON|3.9",
        "requestTracingEnabled": false,
        "remoteDebuggingEnabled": false,
        "remoteDebuggingVersion": "VS2017",
--- a/samples/python/16.proactive-messages/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-AzureBot-new-rg.json
+++ b/samples/python/16.proactive-messages/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-AzureBot-new-rg.json
@ -20,8 +20,14 @@
        "botEndpoint": {
            "value": ""
        },
-        "appId": {
+        "appType": {
+            "value": "MultiTenant"
+          },
+          "appId": {
+              "value": ""
+          },
+          "tenantId": {
            "value": ""
-        }
-    }
+          }
+      }
 }
--- a/samples/python/16.proactive-messages/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-BotApp-new-rg.json
+++ b/samples/python/16.proactive-messages/deploymentTemplates/deployWithNewResourceGroup/parameters-for-template-BotApp-new-rg.json
@ -26,11 +26,17 @@
                "capacity": 1
            }
        },
+        "appType": {
+            "value": "MultiTenant"
+        },
        "appId": {
            "value": ""
        },
        "appSecret": {
            "value": ""
+        },
+        "tenantId": {
+            "value": ""
        }
    }
 }
--- a/samples/python/16.proactive-messages/deploymentTemplates/deployWithNewResourceGroup/readme.md
+++ b/samples/python/16.proactive-messages/deploymentTemplates/deployWithNewResourceGroup/readme.md
@ -9,19 +9,33 @@ BotApp must be deployed prior to AzureBot.

 - **groupName**: (required)           The name of the new Resource Group.
 - **groupLocation**: (required)       The location of the new Resource Group.
- **appServiceName**: (required)      The location of the App Service Plan.
- **appServicePlanName**: (required)  The name of the App Service Plan.
- **appServicePlanLocation**:         The location of the App Service Plan. Defaults to use groupLocation.
- **appServicePlanSku**:              The SKU of the App Service Plan. Defaults to Standard values.
- **appId**: (required)               Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+
+- **appServiceName**: (required)          The location of the App Service Plan.
+- **appServicePlanName**: (required)      The name of the App Service Plan.
+- **appServicePlanLocation**:             The location of the App Service Plan. Defaults to use groupLocation.
+- **appServicePlanSku**:                  The SKU of the App Service Plan. Defaults to Standard values.
+
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
 - **appSecret**: (required for MultiTenant and SingleTenant)  Active Directory App Password, set as MicrosoftAppPassword in the Web App's Application Settings.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to <Subscription Tenant ID>.
+
+More info: https://docs.microsoft.com/en-us/azure/bot-service/tutorial-provision-a-bot?view=azure-bot-service-4.0&tabs=userassigned%2Cnewgroup#create-an-identity-resource
+
+

 ## Parameters for template-AzureBot-new-rg.json:

 - **groupName**: (required)           The name of the new Resource Group.
 - **groupLocation**: (required)       The location of the new Resource Group.
+
 - **azureBotId**: (required)          The globally unique and immutable bot ID. Also used to configure the displayName of the bot, which is mutable.
 - **azureBotSku**:                    The pricing tier of the Bot Service Registration. Allowed values are: F0, S1(default).
 - **azureBotRegion**:                 Specifies the location of the new AzureBot. Allowed values are: global(default), westeurope.
 - **botEndpoint**:                    Use to handle client messages, Such as `https://<botappServiceName>.azurewebsites.net/api/messages`.
- **appId**: (required)               Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+
+- **appType**:    Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI.
+- **appId**: (required)                                       Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings.
+- **tenantId**:   The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to Subscription Tenant ID.
+
+More info: https://docs.microsoft.com/en-us/azure/bot-service/tutorial-provision-a-bot?view=azure-bot-service-4.0&tabs=userassigned%2Cnewgroup#create-an-identity-resource
--- a/samples/python/16.proactive-messages/deploymentTemplates/deployWithNewResourceGroup/template-AzureBot-new-rg.json
+++ b/samples/python/16.proactive-messages/deploymentTemplates/deployWithNewResourceGroup/template-AzureBot-new-rg.json
@ -41,15 +41,48 @@
        "description": "Use to handle client messages, Such as https://<botappServiceName>.azurewebsites.net/api/messages."
      }
    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
        "description": "Active Directory App ID or User-Assigned Managed Identity Client ID, set as MicrosoftAppId in the Web App's Application Settings."
      }
+    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
    }
  },
  "variables": {
-    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]"
+    "botEndpoint": "[if(empty(parameters('botEndpoint')), concat('https://', parameters('azureBotId'), '.azurewebsites.net/api/messages'), parameters('botEndpoint'))]",
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
+    "msiResourceId": "[if(empty(parameters('UMSIName')), '', concat(subscription().id, '/resourceGroups/', parameters('UMSIResourceGroupName'), '/providers/', 'Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('UMSIName')))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "msiResourceId": ""
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "msiResourceId": ""
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]"
+    }
  },
  "resources": [
    {
@ -90,6 +123,8 @@
                "iconUrl": "https://docs.botframework.com/static/devportal/client/images/bot-framework-default.png",
                "endpoint": "[variables('botEndpoint')]",
                "msaAppId": "[parameters('appId')]",
+                "msaAppTenantId": "[variables('appType').tenantId]",
+                "msaAppType": "[parameters('appType')]",
                "luisAppIds": [],
                "schemaTransformationVersion": "1.3",
                "isCmekEnabled": false,
--- a/samples/python/16.proactive-messages/deploymentTemplates/deployWithNewResourceGroup/template-BotApp-new-rg.json
+++ b/samples/python/16.proactive-messages/deploymentTemplates/deployWithNewResourceGroup/template-BotApp-new-rg.json
@ -46,6 +46,24 @@
        "description": "The SKU of the App Service Plan. Defaults to Standard values."
      }
    },
+    "tenantId": {
+      "type": "string",
+      "defaultValue": "[subscription().tenantId]",
+      "metadata": {
+        "description": "The Azure AD Tenant ID to use as part of the Bot's Authentication. Only used for SingleTenant and UserAssignedMSI app types. Defaults to \"Subscription Tenant ID\"."
+      }
+    },
+    "appType": {
+      "type": "string",
+      "defaultValue": "MultiTenant",
+      "allowedValues": [
+        "MultiTenant",
+        "SingleTenant"
+      ],
+      "metadata": {
+        "description": "Type of Bot Authentication. set as MicrosoftAppType in the Web App's Application Settings. Allowed values are: MultiTenant, SingleTenant, UserAssignedMSI. Defaults to \"MultiTenant\"."
+      }
+    },
    "appId": {
      "type": "string",
      "metadata": {
@ -60,10 +78,26 @@
    }
  },
  "variables": {
+    "tenantId": "[if(empty(parameters('tenantId')), subscription().tenantId, parameters('tenantId'))]",
    "appServicePlanName": "[parameters('appServicePlanName')]",
    "resourcesLocation": "[if(empty(parameters('appServicePlanLocation')), parameters('groupLocation'), parameters('appServicePlanLocation'))]",
    "appServiceName": "[parameters('appServiceName')]",
-    "resourceGroupId": "[concat(subscription().id, '/resourceGroups/', parameters('groupName'))]"
+    "resourceGroupId": "[concat(subscription().id, '/resourceGroups/', parameters('groupName'))]",
+    "msiResourceId": "[if(empty(parameters('UMSIName')), '', concat(subscription().id, '/resourceGroups/', parameters('UMSIResourceGroupName'), '/providers/', 'Microsoft.ManagedIdentity/userAssignedIdentities/', parameters('UMSIName')))]",
+    "appTypeDef": {
+      "MultiTenant": {
+        "tenantId": "",
+        "identity": { "type": "None" }
+      },
+      "SingleTenant": {
+        "tenantId": "[variables('tenantId')]",
+        "identity": { "type": "None" }
+      }
+    },
+    "appType": {
+      "tenantId": "[variables('appTypeDef')[parameters('appType')].tenantId]",
+      "identity": "[variables('appTypeDef')[parameters('appType')].identity]"
+    }
  },
  "resources": [
    {
@ -115,6 +149,7 @@
                "[concat(variables('resourceGroupId'), '/providers/Microsoft.Web/serverfarms/', variables('appServicePlanName'))]"
              ],
              "name": "[variables('appServiceName')]",
+              "identity": "[variables('appType').identity]",
              "properties": {
                "name": "[variables('appServiceName')]",
                "hostNameSslStates": [
@ -137,12 +172,19 @@
                      "value": "true"
                    },
                    {
+                      "name": "MicrosoftAppType",
+                      "value": "[parameters('appType')]"
+                    },                    {
                      "name": "MicrosoftAppId",
                      "value": "[parameters('appId')]"
                    },
                    {
                      "name": "MicrosoftAppPassword",
                      "value": "[parameters('appSecret')]"
+                    },
+                    {
+                      "name": "MicrosoftAppTenantId",
+                      "value": "[variables('appType').tenantId]"
                    }
                  ],
                  "cors": {
@ -180,7 +222,7 @@
                "phpVersion": "",
                "pythonVersion": "",
                "nodeVersion": "",
-                "linuxFxVersion": "PYTHON|3.7",
+                "linuxFxVersion": "PYTHON|3.9",
                "requestTracingEnabled": false,
                "remoteDebuggingEnabled": false,
                "remoteDebuggingVersion": "VS2017",
--- a/Показать больше
+++ b/Показать больше