diff --git a/Samples/BetaSamples/LocalMediaSamples/PolicyRecordingBot/FirewallREADME.md b/Samples/BetaSamples/LocalMediaSamples/PolicyRecordingBot/FirewallREADME.md
index 4bf9a1311..cdc5aaa80 100644
--- a/Samples/BetaSamples/LocalMediaSamples/PolicyRecordingBot/FirewallREADME.md
+++ b/Samples/BetaSamples/LocalMediaSamples/PolicyRecordingBot/FirewallREADME.md
@@ -3,42 +3,175 @@
 
 ## Step 1: Create a Virtual Network and Subnet for Azure Firewall
 
-1. Go to Virtual Network or create a new one if it doesn't exist.
-2. Create a subnet for the firewall with the purpose set to "Azure Firewall". ![Create subnet](Images/CreateSubnet.png)
-3. Go to the firewall section and click on "Add firewall". ![Create firewall](Images/CreateFirewall.png)
+    1. Go to Virtual Network or create a new one if it doesn't exist.
+    2. Create a subnet for the firewall with the purpose set to "Azure Firewall". ![Create subnet](Images/CreateSubnet.png)
+    3. Go to the firewall section and click on "Add firewall". ![Create firewall](Images/CreateFirewall.png)
 
 ## Step 2: Configure Firewall Settings
 
-1. Choose a name for the firewall (e.g., "MyFirewall").
-2. Create a new firewall policy. ![Create policy](Images/CreatePolicy.png)
-3. Select the existing Virtual Network.
-4. Create a new public IP address (e.g., "MyFWPublicIP").
-5. Review and create the firewall.
+    1. Choose a name for the firewall (e.g., "MyFirewall").
+    2. Create a new firewall policy. ![Create policy](Images/CreatePolicy.png)
+    3. Select the existing Virtual Network.
+    4. Create a new public IP address (e.g., "MyFWPublicIP").
+    5. Review and create the firewall.
 
 ## Step 3: Configure Firewall Policy
 
-1. Open the firewall policy created in Step 2.
-2. Navigate to Settings.
-
-### Configure Application Rules (Ingress)
-
-1. Add an application rule:
-    * Give a descriptive name.
-    * Select "Application rule collection" as the rule type.
-    * Assign the lowest number as the priority.
-    * Specify a name for the rule.
-    * Define the source (e.g., your VM subnet) or use `*` to allow all IP addresses.
-    * Allow specific domains (e.g., `policyrecordingbot.eastus.cloudapp.azure.com`).
-    * Save the rule.
-
-### Configure Network Rules (Egress)
-
-1. Add a network rule:
-    * Give a descriptive name.
-    * Select "Network rule collection" as the rule type.
-    * Assign the lowest number as the priority.
-    * Specify a name for the rule.
-    * Define the source (e.g., your VM subnet) or use `*` to allow all IP addresses.
-    * Specify external IPs or ranges (e.g., `0.0.0.0/0` for all).
-    * Specify allowed protocols and ports.(TCP: 5060, 5061 ,UDP: 10000-20000)
-    * Save the rule.
\ No newline at end of file
+    1. Open the firewall policy created in Step 2.
+    2. Navigate to Settings.
+
+## Step 4: Configure Application Rules (Ingress)
+
+    Add an application rule:
+    a. Give a descriptive name.
+    b. Select "Application rule collection" as the rule type.
+    c. Assign the lowest number as the priority.
+    d. Specify a name for the rule.
+    e. Define the source (e.g., your VM subnet) or use `*` to allow all IP addresses.
+    f. Allow specific domains (e.g., `policyrecordingbot.eastus.cloudapp.azure.com`).
+    g. Save the rule.
+
+## Step 5: Configure Network Rules (Egress)
+
+    Add a network rule:
+    a. Give a descriptive name.
+    b. Select "Network rule collection" as the rule type.
+    c. Assign the lowest number as the priority.
+    d. Specify a name for the rule.
+    e. Define the source (e.g., your VM subnet) or use `*` to allow all IP addresses.
+    f. Specific external IPs or ranges (e.g., 192.168.1.0/24 for a subnet) instead of using 0.0.0.0/0 for all. This ensures that only trusted sources can access your service. If you want to allow access from all IPs, you can configure it as 0.0.0.0/0.
+    g. Specify only particular protocols and ports you want to allow. For example, you may configure TCP ports like 9444, 8445, 9442, 443, and port ranges like 10100-10199 and 20100-20199. If you want to restrict access to everything else, you should mention specific configurations like below:
+     Allowed TCP ports: 9444, 8445, 9442, 443, 9441, 10100-10199, 20100-20199.
+     All other ports and protocols will be restricted.
+    h. Save the rule.
+
+## Step 6: Firewall Configuration Summary
+
+    1. Specify External IPs or Ranges
+    Allow only specific external IPs or ranges (e.g., 192.168.1.0/24 for a subnet) instead of using 0.0.0.0/0 for all. This ensures that only trusted sources can access your service. If you want to allow access from all IPs, you can configure it as 0.0.0.0/0.
+
+    Example:
+    To allow access from a specific subnet:
+     Allow: 192.168.1.0/24
+
+    To allow access from all IPs:
+     Allow: 0.0.0.0/0
+
+    2. Specify Allowed Protocols and Ports
+    You can specify only particular protocols and ports you want to allow. For example, configure the following:
+      Allowed TCP Ports: 9444 (SignalingPort)
+      8445 (MediaPort)
+      9442 (TcpForwardingPort)
+      443 (DefaultEndpoint)
+      9441 (localPort)
+      10100-10199 (InstanceCallControlEndpoint)
+      20100-20199 (InstanceMediaControlEndpoint)
+
+     * All other ports and protocols will be restricted.
+
+     Example of Ingress Allow Rules:
+
+     a. Allow TCP Port 9444:
+      Rule Name: Allow SignalingPort
+      Action: Allow
+      Protocol: TCP
+      Port: 9444
+
+     b. Allow TCP Port 8445:
+      Rule Name: Allow MediaPort
+      Action: Allow
+      Protocol: TCP
+      Port: 8445
+
+     c. Allow TCP Port 9442:
+      Rule Name: Allow TcpForwardingPort
+      Action: Allow
+      Protocol: TCP
+      Port: 9442
+
+     d. Allow TCP Port 443:
+      Rule Name: Allow DefaultEndpoint
+      Action: Allow
+      Protocol: TCP
+      Port: 443
+
+     e. Allow TCP Port 9441:
+      Rule Name: Allow LocalPort
+      Action: Allow
+      Protocol: TCP
+      Port: 9441
+
+     f. Allow TCP Port Range 10100-10199:
+      Rule Name: Allow InstanceCallControlEndpoint
+      Action: Allow
+      Protocol: TCP
+      Port Range: 10100-10199
+
+     g. Allow TCP Port Range 20100-20199:
+      Rule Name: Allow InstanceMediaControlEndpoint
+      Action: Allow
+      Protocol: TCP
+      Port Range: 20100-20199
+
+    3. Restrict All Other Ingress Ports and Protocols:
+    After creating the allow rules, add a rule to deny all other traffic. This ensures that any port or protocol not explicitly allowed is blocked.
+
+    Example of Deny Rule:
+     Deny All Other Ingress Traffic:
+      Rule Name: Deny All Other Ingress Traffic
+      Action: Deny
+      Protocol: Any
+      Port: Any
+
+    Example of Egress Allow Rules
+     a. Allow TCP Port 9444:
+      Rule Name: Allow Egress SignalingPort
+      Action: Allow
+      Protocol: TCP
+      Port: 9444
+
+     b. Allow TCP Port 8445:
+      Rule Name: Allow Egress MediaPort
+      Action: Allow
+      Protocol: TCP
+      Port: 8445
+
+     c. Allow TCP Port 9442:
+      Rule Name: Allow Egress TcpForwardingPort
+      Action: Allow
+      Protocol: TCP
+      Port: 9442
+
+     d. Allow TCP Port 443:
+      Rule Name: Allow Egress DefaultEndpoint
+      Action: Allow
+      Protocol: TCP
+      Port: 443
+
+     e. Allow TCP Port 9441:
+      Rule Name: Allow Egress LocalPort
+      Action: Allow
+      Protocol: TCP
+      Port: 9441
+
+     f. Allow TCP Port Range 10100-10199:
+      Rule Name: Allow Egress InstanceCallControlEndpoint
+      Action: Allow
+      Protocol: TCP
+      Port Range: 10100-10199
+
+     g. Allow TCP Port Range 20100-20199:
+      Rule Name: Allow Egress InstanceMediaControlEndpoint
+      Action: Allow
+      Protocol: TCP
+      Port Range: 20100-20199
+
+    4. Restrict All Other Egress Ports and Protocols
+     * Similarly, add a rule to deny all other egress traffic.
+    
+    Example of Deny Rule: 
+     Deny All Other Egress Traffic:
+      Rule Name: Deny All Other Egress Traffic
+      Action: Deny
+      Protocol: Any
+      Port: Any
\ No newline at end of file
diff --git a/Samples/BetaSamples/LocalMediaSamples/PolicyRecordingBot/README.md b/Samples/BetaSamples/LocalMediaSamples/PolicyRecordingBot/README.md
index a9832ce8c..b3fcab0d6 100644
--- a/Samples/BetaSamples/LocalMediaSamples/PolicyRecordingBot/README.md
+++ b/Samples/BetaSamples/LocalMediaSamples/PolicyRecordingBot/README.md
@@ -1,3 +1,4 @@
+
 # Introduction
 
 ## Note
@@ -7,7 +8,7 @@ This sample is only designed for compliance recording scenario. Do not use it fo
 
 ## About
 
-The Policy Recording bot sample guides you through building, deploying and testing a bot. This sample demonstrates how a bot can receive media streams for recording. Please note that the sample does not actually record. This logic is left up to the developer.
+The Policy Recording bot sample guides you through building, deploying, and testing a bot. This sample demonstrates how a bot can receive media streams for recording. Please note that the sample does not actually record. This logic is left up to the developer.
 
 ## Getting Started
 
@@ -15,16 +16,15 @@ This section walks you through the process of deploying and testing the sample b
 
 ### Bot Registration
 
-1. Follow the steps in [Register Calling Bot](https://microsoftgraph.github.io/microsoft-graph-comms-samples/docs/articles/calls/register-calling-bot.html). Save the bot name, bot app id and bot secret for configuration.
-    * For the calling webhook, by default the notification will go to https://{your domain}/api/calling. This is configured with the `CallSignalingRoutePrefix` in [HttpRouteConstants.cs](FrontEnd/Http/Controllers/HttpRouteConstants.cs).
+1. Follow the steps in [Register Calling Bot](https://microsoftgraph.github.io/microsoft-graph-comms-samples/docs/articles/calls/register-calling-bot.html). Save the bot name, bot app id, and bot secret for configuration.
+    * For the calling webhook, by default the notification will go to `https://{your domain}/api/calling`. This is configured with the `CallSignalingRoutePrefix` in [HttpRouteConstants.cs](FrontEnd/Http/Controllers/HttpRouteConstants.cs).
     * Ignore the "Register bot in Microsoft Teams" section as the Policy Recording bot won't be called directly. These bots are related to the policies discussed below, and are "attached" to users, and will be automatically invited to the call.
 
-1. Add the following Application Permissions to the bot:
+2. Add the following Application Permissions to the bot:
+    * `Calls.AccessMedia.All`
+    * `Calls.JoinGroupCall.All`
 
-    * Calls.AccessMedia.All
-    * Calls.JoinGroupCall.All
-   
-1. The permission needs to be consented by tenant admin. Go to "https://login.microsoftonline.com/common/adminconsent?client_id=<app_id>&state=<any_number>&redirect_uri=<any_callback_url>" using tenant admin to sign-in, then consent for the whole tenant.
+3. The permission needs to be consented by the tenant admin. Go to "https://login.microsoftonline.com/common/adminconsent?client_id=<app_id>&state=<any_number>&redirect_uri=<any_callback_url>" using tenant admin to sign in, then consent for the whole tenant.
 
 ### Create an Application Instance
 
@@ -44,9 +44,11 @@ After 30-60 seconds, the policy should show up. To verify your policy was create
   * `Get-CsTeamsComplianceRecordingPolicy <policyIdentity>`
 
 ### Assign the Recording Policy
+
 Requries the policy identity created above. Contine your powershell session and run the following commands.
   * `Grant-CsTeamsComplianceRecordingPolicy -Identity <userUnderPolicy@contoso.com> -PolicyName <policyIdentity>`
 
+
 To verify your policy was assigned correctly:
   * `Get-CsOnlineUser <userUnderPolicy@contoso.com> | ft sipaddress, tenantid, TeamsComplianceRecordingPolicy`
 
@@ -58,132 +60,152 @@ To verify your policy was assigned correctly:
 
 ### Deploy
 
-* Prerequisites for deploying Azure Cloud Services (extended support)(https://learn.microsoft.com/en-us/azure/cloud-services-extended-support/deploy-prerequisite)
-
-Step 1: Securely Store Certificates with Azure Key Vault
-    * Certificates are crucial for securing communication between your services. Azure Key Vault is used to store and manage these certificates securely.
-
-   Create an Azure Key Vault:
-    * Follow these instructions to create your Azure Key Vault: https://learn.microsoft.com/en-us/azure/key-vault/general/quick-create-portal.
-
-Step 2: Obtain and Configure Your SSL Certificate
-    * To secure your service, you need a valid SSL certificate. Here’s how to obtain and configure it:
-
-   Get a Wildcard Certificate:
-     * Obtain a wildcard SSL certificate for your domain. For example, if your service is hosted at bot.contoso.com,get a certificate for *.contoso.com. 
-     * Ensure that the certificate is issued by a trusted Certificate Authority (CA) and not self-signed.
-
-   Upload to Azure Key Vault:
-     * Upload your SSL certificate to the Azure Key Vault. Follow these steps: https://learn.microsoft.com/en-us/azure/key-vault/certificates/tutorial-import-certificate?tabs=azure-portal.
-
-   Get the Thumbprint:
-     * Copy the certificate thumbprint from Azure Key Vault. You will need to add this thumbprint to your .cscfg (cloud service configuration) and .csdef (cloud service definition) files.
-      1. Update the Certificate section in your .cscfg file with the thumbprint.    
-         <Certificates>
-         <!-- Certificate Configuration:
-           This is where you specify the thumbprint for your SSL certificate.
-           Replace 'YOUR_THUMBPRINT' with the actual thumbprint of your certificate. -->
-         <Certificate name="MySSLCertificate" thumbprint="YOUR_THUMBPRINT" thumbprintAlgorithm="sha1" />
-         </Certificates>
-     2. Update the Certificate element in your .csdef file.
-         <Certificates>
-          <Certificate name="YourCertificateName" storeLocation="LocalMachine" storeName="My" />
-         </Certificates>
-       * Replace YourCertificateName with the actual name of your certificate as it appears in your Azure Key Vault or wherever it is stored. Here are the key attributes:
-         name: This should match the certificate's name as referenced in your Azure Key Vault or local certificate store.
-         storeLocation: Specifies where the certificate is stored. LocalMachine is a common location for certificates installed on the local machine.
-         storeName: Specifies the store name where the certificate is located. My is a common store name used for personal certificates.
-
-Step 3: Define Your Virtual Network
-     * For Azure Extended Services, you can define the virtual network and subnet configurations in your .cscfg file. Azure can create the virtual network during the service setup if it doesn't already exist.
-     * When deploying your cloud service (extended) in Azure, virtual network and subnet configurations are managed automatically based on your .cscfg file. Follow these guidelines to ensure proper configuration:
-
-#### Using Existing Virtual Network:
-
-   * If you have an existing Virtual Network (VNet) that you want to use:
-        <NetworkConfiguration>
-          <VirtualNetworkSite name="YourExistingVNetName" />
-          <AddressAssignments>
-            <InstanceAddress roleName="CRWorkerRole">
-              <Subnets>
-                <Subnet name="YourExistingSubnetName" />
-              </Subnets>
-            </InstanceAddress>
-          </AddressAssignments>
-        </NetworkConfiguration>
-
-  * Replace "YourExistingVNetName" with the name of your existing Virtual Network and "YourExistingSubnetName" with the name of your existing subnet within that Virtual Network.
-
-### Automatic Creation of Virtual Network:
-
-   * If the Virtual Network doesn't exist, Azure will create it based on the configuration provided:
-        <NetworkConfiguration>
-          <VirtualNetworkSite name="NewVNetName" />
-          <AddressAssignments>
-            <InstanceAddress roleName="CRWorkerRole">
-              <Subnets>
-                <Subnet name="NewSubnetName" />
-              </Subnets>
-            </InstanceAddress>
-          </AddressAssignments>
-        </NetworkConfiguration>
-   * Replace "NewVNetName" with the name of the Virtual Network you want Azure to create, and "NewSubnetName" with the name of the subnet within that Virtual Network.
-   
- ### Note on Domain Name and Public IP:
+* Prerequisites for deploying Azure Cloud Services (extended support) [here](https://learn.microsoft.com/en-us/azure/cloud-services-extended-support/deploy-prerequisite).
 
-    <PublicIPs>
-        <PublicIP name="MyPublicIP" domainNameLabel="myservice" />
-      </PublicIPs>
-   * PublicIP name: "MyPublicIP" – Provide a unique name for the public IP.
-   * domainNameLabel: "myservice" – Set this to your service's domain label.
-   
-   Azure Extended Services:
-   * Public IP: You must provide a Public IP name in your configuration when creating the service.
-   * Domain Name: The domain name (domainNameLabel) is optional during initial creation and can be specified or updated later.
+#### Step 1: Securely Store Certificates with Azure Key Vault
+
+Certificates are crucial for securing communication between your services. Azure Key Vault is used to store and manage these certificates securely.
+
+Create an Azure Key Vault:
+* Follow these instructions to create your Azure Key Vault: [Create Key Vault](https://learn.microsoft.com/en-us/azure/key-vault/general/quick-create-portal).
+
+#### Step 2: Obtain and Configure Your SSL Certificate
+
+To secure your service, you need a valid SSL certificate. Here’s how to obtain and configure it:
+
+1. **Get a Wildcard Certificate**: 
+   * Obtain a wildcard SSL certificate for your domain. For example, if your service is hosted at bot.contoso.com, get a certificate for \*.contoso.com. 
+   * Ensure that the certificate is issued by a trusted Certificate Authority (CA) and not self-signed.
+
+2. **Upload to Azure Key Vault**:
+   * Upload your SSL certificate to the Azure Key Vault. Follow these steps: [Import Certificate](https://learn.microsoft.com/en-us/azure/key-vault/certificates/tutorial-import-certificate?tabs=azure-portal).
+
+3. **Get the Thumbprint**:
+   * Copy the certificate thumbprint from Azure Key Vault. You will need to add this thumbprint to your `.cscfg` (cloud service configuration) and `.csdef` (cloud service definition) files.
+
+   1. Update the Certificate section in your `.cscfg` file with the thumbprint.
+   ```xml
+    <Certificates>
+      <!-- Certificate Configuration:
+      This is where you specify the thumbprint for your SSL certificate.
+      Replace 'YOUR_THUMBPRINT' with the actual thumbprint of your certificate. -->
+      <Certificate name="MySSLCertificate" thumbprint="YOUR_THUMBPRINT" thumbprintAlgorithm="sha1" />
+    </Certificates>
+   ```
+
+   2. Update the Certificate element in your `.csdef` file.
+   ```xml
+    <Certificates>
+     <Certificate name="YourCertificateName" storeLocation="LocalMachine" storeName="My" />
+    </Certificates>
+   ```
+   * Replace YourCertificateName with the actual name of your certificate as it appears in your Azure Key Vault or wherever it is stored. Here are the key attributes:
    
-   Match Public IP Name:
-   * Ensure that the name attribute under <PublicIP> (MyPublicIP in this example) matches the name used in your application code to fetch the public IP address dynamically.
-   * To ensure that the domainNameLabel matches between your configuration (.cscfg file) and the Azure portal settings.
+ **name**: This should match the certificate's name as referenced in your Azure Key Vault or local certificate store.
+
+ **storeLocation**: Specifies where the certificate is stored. LocalMachine is a common location for certificates installed on the local machine.
+
+ **storeName**: Specifies the store name where the certificate is located. My is a common store name used for personal certificates.
+
+
+#### Step 3: Define Your Virtual Network
+
+* For Azure Extended Services, you can define the virtual network and subnet configurations in your `.cscfg` file. Azure can create the virtual network during the service setup if it doesn't already exist.
+* When deploying your cloud service (extended) in Azure, virtual network and subnet configurations are managed automatically based on your .cscfg file. Follow these guidelines to ensure proper configuration.
+
+##### Using Existing Virtual Network:
+
+*  If you have an existing Virtual Network (VNet) that you want to use:
+
+```xml
+<NetworkConfiguration>
+  <VirtualNetworkSite name="YourExistingVNetName" />
+  <AddressAssignments>
+    <InstanceAddress roleName="CRWorkerRole">
+      <Subnets>
+        <Subnet name="YourExistingSubnetName" />
+      </Subnets>
+    </InstanceAddress>
+  </AddressAssignments>
+</NetworkConfiguration>
+```
+*  Replace "YourExistingVNetName" with the name of your existing Virtual Network and "YourExistingSubnetName" with the name of your existing subnet within that Virtual Network.
+
+##### Automatic Creation of Virtual Network:
+
+*  If the Virtual Network doesn't exist, Azure will create it based on the configuration provided:
+
+```xml
+<NetworkConfiguration>
+  <VirtualNetworkSite name="NewVNetName" />
+  <AddressAssignments>
+    <InstanceAddress roleName="CRWorkerRole">
+      <Subnets>
+        <Subnet name="NewSubnetName" />
+      </Subnets>
+    </InstanceAddress>
+  </AddressAssignments>
+</NetworkConfiguration>
+```
+* Replace "NewVNetName" with the name of the Virtual Network you want Azure to create, and "NewSubnetName" with the name of the subnet within that Virtual Network.
+
+### Note on Domain Name and Public IP
+
+```xml
+<PublicIPs>
+  <PublicIP name="MyPublicIP" domainNameLabel="myservice" />
+</PublicIPs>
+```
+* PublicIP name: "MyPublicIP" – Provide a unique name for the public IP.
+* domainNameLabel: "myservice" – Set this to your service's domain label.
+
+Azure Extended Services Configuration:
+* **Public IP**: You must provide a Public IP name in your configuration when creating the service.
+* **Domain Name**: The domain name (domainNameLabel) is optional during initial creation and can be specified or updated later.
+
+Match Public IP Name:
+* Ensure that the `name` attribute under `<PublicIP>` ("MyPublicIP" in this example) matches the name used in your application code to fetch the public IP address dynamically.
+* To ensure that the `domainNameLabel` matches between your configuration (.cscfg file) and the Azure portal settings.
    
- Step 4: Deploy
+#### Step 4: Deploy
 
-   1. Create Your Cloud Service (Extended Support)
-      1. Use the Azure portal to create a Cloud Service (Extended Support). 
-        Follow this guide: Create a Cloud Service (Extended Support).(https://learn.microsoft.com/en-us/azure/cloud-services-extended-support/deploy-portal)
-      2. Obtain Your Public IP DNS name:
+1. Create Your Cloud Service (Extended Support):
+   * Use the Azure portal to create a Cloud Service (Extended Support). Follow this guide: [Create Cloud Service](https://learn.microsoft.com/en-us/azure/cloud-services-extended-support/deploy-portal).
+   *  Obtain Your Public IP DNS name:
         After the service is created, obtain the "Public IP DNS name" from the Azure portal. This URL will serve as your DNS name and Common Name (CN) for further configurations (e.g. bot.contoso.com).
-        ![Public IP DNS name](Images/PublicIPDNSName.png).  
-
-   2. Update the app configs with values
-      1. Set up cloud service configuration
-        1. Open powershell, go to the folder that contains file `configure_cloud.ps1`. The file is in the `Samples` directory.
-        2. Run the powershell script with parameters:
-          ` .\configure_cloud.ps1 -p {path to project} -dns {your DNS name} -cn {your CN name, should be the same as your DNS name} -bid {your bot name} -aid {your bot app id} -as {your bot secret}`
-        
-         For example:
-        
-         `.\configure_cloud.ps1 -p .\V1.0Samples\LocalMediaSamples\PolicyRecordingBot\ -dns bot.contoso.com -cn bot.contoso.com -bid bot -aid 3853f935-2c6f-43d7-859d-6e8f83b519ae -as 123456!@#$%^`
-
-   3. Deploy to Cloud Service (Extended Support)
-     1. Configure Storage Account for Configuration Files.
-       * To store configuration files for your Azure extended service, you'll need to set up a storage account. Follow these steps to configure the storage account:(https://learn.microsoft.com/en-us/azure/storage/common/storage-account-create?tabs=azure-portal).
-     2. Package Your Cloud Service for Deployment
-       * Before you can create your Azure extended service, you need to package your cloud service application to include configuration files and dependencies.
-       * Right click PolicyRecordingBot, then click `Package...`.
-     
-   Option 1: Upload to Azure Storage Account:
-    * Upload your packaged application (cspkg file) along with the .cscfg and .csdef files to an Azure Storage Account container.
-    * This method allows you to deploy directly from the Azure Storage Account during service creation.
-
-   Option 2: Use Local Files:
-    * Deploy directly from local files during the service creation process.
-    * Ensure all required files, including .cscfg and .csdef, are accessible and correctly referenced during deployment.
+        ![Public IP DNS name](Images/PublicIPDNSName.png).
+
+2. Update the App Configurations:
+   * Set up cloud service configuration with PowerShell:
+     1. Open PowerShell, go to the folder that contains the file `configure_cloud.ps1`. The file is in the `Samples` directory.
+     2. Run the PowerShell script with parameters:
+       ```powershell
+       .\configure_cloud.ps1 -p {path to project} -dns {your DNS name} -cn {your CN name, should be the same as your DNS name} -bid {your bot name} -aid {your bot app id} -as {your bot secret}
+       ```
+     For example:
+     ```powershell
+     .\configure_cloud.ps1 -p .\V1.0Samples\LocalMediaSamples\PolicyRecordingBot\ -dns bot.contoso.com -cn bot.contoso.com -bid bot -aid 3853f935-2c6f-43d7-859d-6e8f83b519ae -as 123456!@#$%^
+     ```
+
+3. Deploy to Cloud Service (Extended Support):
+   1. Configure Storage Account for Configuration Files.
+   * To store configuration files for your Azure extended service, you'll need to set up a storage account. Follow these steps to configure the storage account:(https://learn.microsoft.com/en-us/azure/storage/common/storage-account-create?tabs=azure-portal).
+   2.  Package Your Cloud Service for Deployment
+   * Before you can create your Azure extended service, you need to package your cloud service application to include configuration files and dependencies.
+   * Right click PolicyRecordingBot, then click `Package...`.
+
+**Option 1**: Upload to Azure Storage Account:
+* Upload your packaged application (cspkg file) along with the .cscfg and .csdef files to an Azure Storage Account container.
+* This method allows you to deploy directly from the Azure Storage Account during service creation.
+
+**Option 2**: Use Local Files:
+* Deploy directly from local files during the service creation process.
+* Ensure all required files, including .cscfg and .csdef, are accessible and correctly referenced during deployment.
 
 ### Firewall setup
 
    * Please follow below steps to configure firewall.
      - [document](FirewallREADME.md)
-
 ### Test
 
 1. Set up the test meeting and test clients:
@@ -197,8 +219,8 @@ Step 3: Define Your Virtual Network
 
 3. Interact with your service, _adjusting the service URL appropriately_.
     1. Get diagnostics data from the bot. Open the url https://bot.contoso.com:10101/calls in a browser for auto-refresh. Search for the most recent CallId and replace with it in the below url.
-       * Active calls: https://bot.contoso.com:10101/calls/{CallId}
-       * Service logs: https://bot.contoso.com:10101/logs
+       *  Active calls: https://bot.contoso.com:10101/calls/{CallId}
+       *  Service logs: https://bot.contoso.com:10101/logs
 
     2. Terminating the call through `DELETE`, as needed for testing. Replace the {CallId} below with your call id from the first response.
 
diff --git a/Samples/Common/Sample.Common/Sample.Common.csproj b/Samples/Common/Sample.Common/Sample.Common.csproj
index 526a06438..fa43ef611 100644
--- a/Samples/Common/Sample.Common/Sample.Common.csproj
+++ b/Samples/Common/Sample.Common/Sample.Common.csproj
@@ -10,11 +10,10 @@
   <Import Project="$(MSBuildThisFileDirectory)..\..\Graph.props" />
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Graph.Core" Version="2.0.15" />
     <PackageReference Include="MSTest.TestFramework" Version="3.5.2" />
     <PackageReference Include="Microsoft.Graph.Communications.Calls" Version="1.2.0.3742" />
     <PackageReference Include="Microsoft.Graph.Communications.Client" Version="1.2.0.3742" />
-    <PackageReference Include="Microsoft.Graph.Communications.Common" Version="1.2.0.7270" />
+    <PackageReference Include="Microsoft.Graph.Communications.Common" Version="1.2.0.3742" />
     <PackageReference Include="Microsoft.Graph.Communications.Core" Version="1.2.0.3742" />
     <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="8.0.1" />
   </ItemGroup>
@@ -24,7 +23,7 @@
     <Reference Include="System.Data" />
     <Reference Include="System.Net.Http" />
   </ItemGroup>
-
+	
   <ItemGroup Condition=" '$(TargetFramework)' == 'netstandard2.0' ">
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
   </ItemGroup>
diff --git a/Samples/V1.0DeltaRosterSample/LocalMediaSamples/PolicyRecordingBot/FirewallREADME.md b/Samples/V1.0DeltaRosterSample/LocalMediaSamples/PolicyRecordingBot/FirewallREADME.md
index 4bf9a1311..a5e5ddd78 100644
--- a/Samples/V1.0DeltaRosterSample/LocalMediaSamples/PolicyRecordingBot/FirewallREADME.md
+++ b/Samples/V1.0DeltaRosterSample/LocalMediaSamples/PolicyRecordingBot/FirewallREADME.md
@@ -3,42 +3,174 @@
 
 ## Step 1: Create a Virtual Network and Subnet for Azure Firewall
 
-1. Go to Virtual Network or create a new one if it doesn't exist.
-2. Create a subnet for the firewall with the purpose set to "Azure Firewall". ![Create subnet](Images/CreateSubnet.png)
-3. Go to the firewall section and click on "Add firewall". ![Create firewall](Images/CreateFirewall.png)
+    1. Go to Virtual Network or create a new one if it doesn't exist.
+    2. Create a subnet for the firewall with the purpose set to "Azure Firewall". ![Create subnet](Images/CreateSubnet.png)
+    3. Go to the firewall section and click on "Add firewall". ![Create firewall](Images/CreateFirewall.png)
 
 ## Step 2: Configure Firewall Settings
 
-1. Choose a name for the firewall (e.g., "MyFirewall").
-2. Create a new firewall policy. ![Create policy](Images/CreatePolicy.png)
-3. Select the existing Virtual Network.
-4. Create a new public IP address (e.g., "MyFWPublicIP").
-5. Review and create the firewall.
+    1. Choose a name for the firewall (e.g., "MyFirewall").
+    2. Create a new firewall policy. ![Create policy](Images/CreatePolicy.png)
+    3. Select the existing Virtual Network.
+    4. Create a new public IP address (e.g., "MyFWPublicIP").
+    5. Review and create the firewall.
 
 ## Step 3: Configure Firewall Policy
 
-1. Open the firewall policy created in Step 2.
-2. Navigate to Settings.
-
-### Configure Application Rules (Ingress)
-
-1. Add an application rule:
-    * Give a descriptive name.
-    * Select "Application rule collection" as the rule type.
-    * Assign the lowest number as the priority.
-    * Specify a name for the rule.
-    * Define the source (e.g., your VM subnet) or use `*` to allow all IP addresses.
-    * Allow specific domains (e.g., `policyrecordingbot.eastus.cloudapp.azure.com`).
-    * Save the rule.
-
-### Configure Network Rules (Egress)
-
-1. Add a network rule:
-    * Give a descriptive name.
-    * Select "Network rule collection" as the rule type.
-    * Assign the lowest number as the priority.
-    * Specify a name for the rule.
-    * Define the source (e.g., your VM subnet) or use `*` to allow all IP addresses.
-    * Specify external IPs or ranges (e.g., `0.0.0.0/0` for all).
-    * Specify allowed protocols and ports.(TCP: 5060, 5061 ,UDP: 10000-20000)
-    * Save the rule.
\ No newline at end of file
+    1. Open the firewall policy created in Step 2.
+    2. Navigate to Settings.
+
+## Step 4: Configure Application Rules (Ingress)
+
+    Add an application rule:
+    a. Give a descriptive name.
+    b. Select "Application rule collection" as the rule type.
+    c. Assign the lowest number as the priority.
+    d. Specify a name for the rule.
+    e. Define the source (e.g., your VM subnet) or use `*` to allow all IP addresses.
+    f. Allow specific domains (e.g., `policyrecordingbot.eastus.cloudapp.azure.com`).
+    g. Save the rule.
+
+## Step 5: Configure Network Rules (Egress)
+
+    Add a network rule:
+    a. Give a descriptive name.
+    b. Select "Network rule collection" as the rule type.
+    c. Assign the lowest number as the priority.
+    d. Specify a name for the rule.
+    e. Define the source (e.g., your VM subnet) or use `*` to allow all IP addresses.
+    f. Specific external IPs or ranges (e.g., 192.168.1.0/24 for a subnet) instead of using 0.0.0.0/0 for all. This ensures that only trusted sources can access your service. If you want to allow access from all IPs, you can configure it as 0.0.0.0/0.
+    g. Specify only particular protocols and ports you want to allow. For example, you may configure TCP ports like 9444, 8445, 9442, 443, and port ranges like 10100-10199 and 20100-20199. If you want to restrict access to everything else, you should mention specific configurations like below:
+     Allowed TCP ports: 9444, 8445, 9442, 443, 9441, 10100-10199, 20100-20199.
+     All other ports and protocols will be restricted.
+    h. Save the rule.
+
+## Step 6: Firewall Configuration Summary
+
+    1. Specify External IPs or Ranges
+    Allow only specific external IPs or ranges (e.g., 192.168.1.0/24 for a subnet) instead of using 0.0.0.0/0 for all. This ensures that only trusted sources can access your service. If you want to allow access from all IPs, you can configure it as 0.0.0.0/0.
+
+    Example:
+    To allow access from a specific subnet:
+     Allow: 192.168.1.0/24
+
+    To allow access from all IPs:
+     Allow: 0.0.0.0/0
+
+    2. Specify Allowed Protocols and Ports
+    You can specify only particular protocols and ports you want to allow. For example, configure the following:
+      Allowed TCP Ports: 9444 (SignalingPort)
+      8445 (MediaPort)
+      9442 (TcpForwardingPort)
+      443 (DefaultEndpoint)
+      9441 (localPort)
+      10100-10199 (InstanceCallControlEndpoint)
+      20100-20199 (InstanceMediaControlEndpoint)
+
+     * All other ports and protocols will be restricted.
+
+     Example of Ingress Allow Rules:
+     a. Allow TCP Port 9444:
+      Rule Name: Allow SignalingPort
+      Action: Allow
+      Protocol: TCP
+      Port: 9444
+
+     b. Allow TCP Port 8445:
+      Rule Name: Allow MediaPort
+      Action: Allow
+      Protocol: TCP
+      Port: 8445
+
+     c. Allow TCP Port 9442:
+      Rule Name: Allow TcpForwardingPort
+      Action: Allow
+      Protocol: TCP
+      Port: 9442
+
+     d. Allow TCP Port 443:
+      Rule Name: Allow DefaultEndpoint
+      Action: Allow
+      Protocol: TCP
+      Port: 443
+
+     e. Allow TCP Port 9441:
+      Rule Name: Allow LocalPort
+      Action: Allow
+      Protocol: TCP
+      Port: 9441
+
+     f. Allow TCP Port Range 10100-10199:
+      Rule Name: Allow InstanceCallControlEndpoint
+      Action: Allow
+      Protocol: TCP
+      Port Range: 10100-10199
+
+     g. Allow TCP Port Range 20100-20199:
+      Rule Name: Allow InstanceMediaControlEndpoint
+      Action: Allow
+      Protocol: TCP
+      Port Range: 20100-20199
+
+    3. Restrict All Other Ingress Ports and Protocols:
+    After creating the allow rules, add a rule to deny all other traffic. This ensures that any port or protocol not explicitly allowed is blocked.
+
+    Example of Deny Rule:
+     Deny All Other Ingress Traffic:
+      Rule Name: Deny All Other Ingress Traffic
+      Action: Deny
+      Protocol: Any
+      Port: Any
+
+    Example of Egress Allow Rules
+     a. Allow TCP Port 9444:
+      Rule Name: Allow Egress SignalingPort
+      Action: Allow
+      Protocol: TCP
+      Port: 9444
+
+     b. Allow TCP Port 8445:
+      Rule Name: Allow Egress MediaPort
+      Action: Allow
+      Protocol: TCP
+      Port: 8445
+
+     c. Allow TCP Port 9442:
+      Rule Name: Allow Egress TcpForwardingPort
+      Action: Allow
+      Protocol: TCP
+      Port: 9442
+
+     d. Allow TCP Port 443:
+      Rule Name: Allow Egress DefaultEndpoint
+      Action: Allow
+      Protocol: TCP
+      Port: 443
+
+     e. Allow TCP Port 9441:
+      Rule Name: Allow Egress LocalPort
+      Action: Allow
+      Protocol: TCP
+      Port: 9441
+
+     f. Allow TCP Port Range 10100-10199:
+      Rule Name: Allow Egress InstanceCallControlEndpoint
+      Action: Allow
+      Protocol: TCP
+      Port Range: 10100-10199
+
+     g. Allow TCP Port Range 20100-20199:
+      Rule Name: Allow Egress InstanceMediaControlEndpoint
+      Action: Allow
+      Protocol: TCP
+      Port Range: 20100-20199
+
+    4. Restrict All Other Egress Ports and Protocols
+     * Similarly, add a rule to deny all other egress traffic.
+    
+    Example of Deny Rule: 
+     Deny All Other Egress Traffic:
+      Rule Name: Deny All Other Egress Traffic
+      Action: Deny
+      Protocol: Any
+      Port: Any
\ No newline at end of file
diff --git a/Samples/V1.0DeltaRosterSample/LocalMediaSamples/PolicyRecordingBot/README.md b/Samples/V1.0DeltaRosterSample/LocalMediaSamples/PolicyRecordingBot/README.md
index a9832ce8c..b29dae529 100644
--- a/Samples/V1.0DeltaRosterSample/LocalMediaSamples/PolicyRecordingBot/README.md
+++ b/Samples/V1.0DeltaRosterSample/LocalMediaSamples/PolicyRecordingBot/README.md
@@ -1,3 +1,4 @@
+
 # Introduction
 
 ## Note
@@ -7,7 +8,7 @@ This sample is only designed for compliance recording scenario. Do not use it fo
 
 ## About
 
-The Policy Recording bot sample guides you through building, deploying and testing a bot. This sample demonstrates how a bot can receive media streams for recording. Please note that the sample does not actually record. This logic is left up to the developer.
+The Policy Recording bot sample guides you through building, deploying, and testing a bot. This sample demonstrates how a bot can receive media streams for recording. Please note that the sample does not actually record. This logic is left up to the developer.
 
 ## Getting Started
 
@@ -15,16 +16,15 @@ This section walks you through the process of deploying and testing the sample b
 
 ### Bot Registration
 
-1. Follow the steps in [Register Calling Bot](https://microsoftgraph.github.io/microsoft-graph-comms-samples/docs/articles/calls/register-calling-bot.html). Save the bot name, bot app id and bot secret for configuration.
-    * For the calling webhook, by default the notification will go to https://{your domain}/api/calling. This is configured with the `CallSignalingRoutePrefix` in [HttpRouteConstants.cs](FrontEnd/Http/Controllers/HttpRouteConstants.cs).
+1. Follow the steps in [Register Calling Bot](https://microsoftgraph.github.io/microsoft-graph-comms-samples/docs/articles/calls/register-calling-bot.html). Save the bot name, bot app id, and bot secret for configuration.
+    * For the calling webhook, by default the notification will go to `https://{your domain}/api/calling`. This is configured with the `CallSignalingRoutePrefix` in [HttpRouteConstants.cs](FrontEnd/Http/Controllers/HttpRouteConstants.cs).
     * Ignore the "Register bot in Microsoft Teams" section as the Policy Recording bot won't be called directly. These bots are related to the policies discussed below, and are "attached" to users, and will be automatically invited to the call.
 
-1. Add the following Application Permissions to the bot:
+2. Add the following Application Permissions to the bot:
+    * `Calls.AccessMedia.All`
+    * `Calls.JoinGroupCall.All`
 
-    * Calls.AccessMedia.All
-    * Calls.JoinGroupCall.All
-   
-1. The permission needs to be consented by tenant admin. Go to "https://login.microsoftonline.com/common/adminconsent?client_id=<app_id>&state=<any_number>&redirect_uri=<any_callback_url>" using tenant admin to sign-in, then consent for the whole tenant.
+3. The permission needs to be consented by the tenant admin. Go to "https://login.microsoftonline.com/common/adminconsent?client_id=<app_id>&state=<any_number>&redirect_uri=<any_callback_url>" using tenant admin to sign in, then consent for the whole tenant.
 
 ### Create an Application Instance
 
@@ -44,9 +44,11 @@ After 30-60 seconds, the policy should show up. To verify your policy was create
   * `Get-CsTeamsComplianceRecordingPolicy <policyIdentity>`
 
 ### Assign the Recording Policy
+
 Requries the policy identity created above. Contine your powershell session and run the following commands.
   * `Grant-CsTeamsComplianceRecordingPolicy -Identity <userUnderPolicy@contoso.com> -PolicyName <policyIdentity>`
 
+
 To verify your policy was assigned correctly:
   * `Get-CsOnlineUser <userUnderPolicy@contoso.com> | ft sipaddress, tenantid, TeamsComplianceRecordingPolicy`
 
@@ -58,126 +60,147 @@ To verify your policy was assigned correctly:
 
 ### Deploy
 
-* Prerequisites for deploying Azure Cloud Services (extended support)(https://learn.microsoft.com/en-us/azure/cloud-services-extended-support/deploy-prerequisite)
-
-Step 1: Securely Store Certificates with Azure Key Vault
-    * Certificates are crucial for securing communication between your services. Azure Key Vault is used to store and manage these certificates securely.
-
-   Create an Azure Key Vault:
-    * Follow these instructions to create your Azure Key Vault: https://learn.microsoft.com/en-us/azure/key-vault/general/quick-create-portal.
-
-Step 2: Obtain and Configure Your SSL Certificate
-    * To secure your service, you need a valid SSL certificate. Here’s how to obtain and configure it:
-
-   Get a Wildcard Certificate:
-     * Obtain a wildcard SSL certificate for your domain. For example, if your service is hosted at bot.contoso.com,get a certificate for *.contoso.com. 
-     * Ensure that the certificate is issued by a trusted Certificate Authority (CA) and not self-signed.
-
-   Upload to Azure Key Vault:
-     * Upload your SSL certificate to the Azure Key Vault. Follow these steps: https://learn.microsoft.com/en-us/azure/key-vault/certificates/tutorial-import-certificate?tabs=azure-portal.
-
-   Get the Thumbprint:
-     * Copy the certificate thumbprint from Azure Key Vault. You will need to add this thumbprint to your .cscfg (cloud service configuration) and .csdef (cloud service definition) files.
-      1. Update the Certificate section in your .cscfg file with the thumbprint.    
-         <Certificates>
-         <!-- Certificate Configuration:
-           This is where you specify the thumbprint for your SSL certificate.
-           Replace 'YOUR_THUMBPRINT' with the actual thumbprint of your certificate. -->
-         <Certificate name="MySSLCertificate" thumbprint="YOUR_THUMBPRINT" thumbprintAlgorithm="sha1" />
-         </Certificates>
-     2. Update the Certificate element in your .csdef file.
-         <Certificates>
-          <Certificate name="YourCertificateName" storeLocation="LocalMachine" storeName="My" />
-         </Certificates>
-       * Replace YourCertificateName with the actual name of your certificate as it appears in your Azure Key Vault or wherever it is stored. Here are the key attributes:
-         name: This should match the certificate's name as referenced in your Azure Key Vault or local certificate store.
-         storeLocation: Specifies where the certificate is stored. LocalMachine is a common location for certificates installed on the local machine.
-         storeName: Specifies the store name where the certificate is located. My is a common store name used for personal certificates.
-
-Step 3: Define Your Virtual Network
-     * For Azure Extended Services, you can define the virtual network and subnet configurations in your .cscfg file. Azure can create the virtual network during the service setup if it doesn't already exist.
-     * When deploying your cloud service (extended) in Azure, virtual network and subnet configurations are managed automatically based on your .cscfg file. Follow these guidelines to ensure proper configuration:
-
-#### Using Existing Virtual Network:
-
-   * If you have an existing Virtual Network (VNet) that you want to use:
-        <NetworkConfiguration>
-          <VirtualNetworkSite name="YourExistingVNetName" />
-          <AddressAssignments>
-            <InstanceAddress roleName="CRWorkerRole">
-              <Subnets>
-                <Subnet name="YourExistingSubnetName" />
-              </Subnets>
-            </InstanceAddress>
-          </AddressAssignments>
-        </NetworkConfiguration>
-
-  * Replace "YourExistingVNetName" with the name of your existing Virtual Network and "YourExistingSubnetName" with the name of your existing subnet within that Virtual Network.
-
-### Automatic Creation of Virtual Network:
-
-   * If the Virtual Network doesn't exist, Azure will create it based on the configuration provided:
-        <NetworkConfiguration>
-          <VirtualNetworkSite name="NewVNetName" />
-          <AddressAssignments>
-            <InstanceAddress roleName="CRWorkerRole">
-              <Subnets>
-                <Subnet name="NewSubnetName" />
-              </Subnets>
-            </InstanceAddress>
-          </AddressAssignments>
-        </NetworkConfiguration>
-   * Replace "NewVNetName" with the name of the Virtual Network you want Azure to create, and "NewSubnetName" with the name of the subnet within that Virtual Network.
-   
- ### Note on Domain Name and Public IP:
+* Prerequisites for deploying Azure Cloud Services (extended support) [here](https://learn.microsoft.com/en-us/azure/cloud-services-extended-support/deploy-prerequisite).
+
+#### Step 1: Securely Store Certificates with Azure Key Vault
+
+Certificates are crucial for securing communication between your services. Azure Key Vault is used to store and manage these certificates securely.
+
+Create an Azure Key Vault:
+* Follow these instructions to create your Azure Key Vault: [Create Key Vault](https://learn.microsoft.com/en-us/azure/key-vault/general/quick-create-portal).
 
-    <PublicIPs>
-        <PublicIP name="MyPublicIP" domainNameLabel="myservice" />
-      </PublicIPs>
-   * PublicIP name: "MyPublicIP" – Provide a unique name for the public IP.
-   * domainNameLabel: "myservice" – Set this to your service's domain label.
+#### Step 2: Obtain and Configure Your SSL Certificate
+
+To secure your service, you need a valid SSL certificate. Here’s how to obtain and configure it:
+
+1. **Get a Wildcard Certificate**: 
+   * Obtain a wildcard SSL certificate for your domain. For example, if your service is hosted at bot.contoso.com, get a certificate for \*.contoso.com. 
+   * Ensure that the certificate is issued by a trusted Certificate Authority (CA) and not self-signed.
+
+2. **Upload to Azure Key Vault**:
+   * Upload your SSL certificate to the Azure Key Vault. Follow these steps: [Import Certificate](https://learn.microsoft.com/en-us/azure/key-vault/certificates/tutorial-import-certificate?tabs=azure-portal).
+
+3. **Get the Thumbprint**:
+   * Copy the certificate thumbprint from Azure Key Vault. You will need to add this thumbprint to your `.cscfg` (cloud service configuration) and `.csdef` (cloud service definition) files.
    
-   Azure Extended Services:
-   * Public IP: You must provide a Public IP name in your configuration when creating the service.
-   * Domain Name: The domain name (domainNameLabel) is optional during initial creation and can be specified or updated later.
+   1. Update the Certificate section in your `.cscfg` file with the thumbprint.
+   ```xml
+      <Certificates>
+        <!-- Certificate Configuration:
+        This is where you specify the thumbprint for your SSL certificate.
+        Replace 'YOUR_THUMBPRINT' with the actual thumbprint of your certificate. -->
+        <Certificate name="MySSLCertificate" thumbprint="YOUR_THUMBPRINT" thumbprintAlgorithm="sha1" />
+      </Certificates>
+   ```
+
+   2. Update the Certificate element in your `.csdef` file.
+   ```xml
+    <Certificates>
+     <Certificate name="YourCertificateName" storeLocation="LocalMachine" storeName="My" />
+    </Certificates>
+   ```
+   * Replace YourCertificateName with the actual name of your certificate as it appears in your Azure Key Vault or wherever it is stored. Here are the key attributes:
    
-   Match Public IP Name:
-   * Ensure that the name attribute under <PublicIP> (MyPublicIP in this example) matches the name used in your application code to fetch the public IP address dynamically.
-   * To ensure that the domainNameLabel matches between your configuration (.cscfg file) and the Azure portal settings.
+ **name**: This should match the certificate's name as referenced in your Azure Key Vault or local certificate store.
+
+ **storeLocation**: Specifies where the certificate is stored. LocalMachine is a common location for certificates installed on the local machine.
+
+ **storeName**: Specifies the store name where the certificate is located. My is a common store name used for personal certificates.
+
+
+#### Step 3: Define Your Virtual Network
+
+* For Azure Extended Services, you can define the virtual network and subnet configurations in your `.cscfg` file. Azure can create the virtual network during the service setup if it doesn't already exist.
+* When deploying your cloud service (extended) in Azure, virtual network and subnet configurations are managed automatically based on your .cscfg file. Follow these guidelines to ensure proper configuration.
+
+##### Using Existing Virtual Network:
+
+*  If you have an existing Virtual Network (VNet) that you want to use:
+
+```xml
+<NetworkConfiguration>
+  <VirtualNetworkSite name="YourExistingVNetName" />
+  <AddressAssignments>
+    <InstanceAddress roleName="CRWorkerRole">
+      <Subnets>
+        <Subnet name="YourExistingSubnetName" />
+      </Subnets>
+    </InstanceAddress>
+  </AddressAssignments>
+</NetworkConfiguration>
+```
+*  Replace "YourExistingVNetName" with the name of your existing Virtual Network and "YourExistingSubnetName" with the name of your existing subnet within that Virtual Network.
+
+##### Automatic Creation of Virtual Network:
+
+*  If the Virtual Network doesn't exist, Azure will create it based on the configuration provided:
+
+```xml
+<NetworkConfiguration>
+  <VirtualNetworkSite name="NewVNetName" />
+  <AddressAssignments>
+    <InstanceAddress roleName="CRWorkerRole">
+      <Subnets>
+        <Subnet name="NewSubnetName" />
+      </Subnets>
+    </InstanceAddress>
+  </AddressAssignments>
+</NetworkConfiguration>
+```
+* Replace "NewVNetName" with the name of the Virtual Network you want Azure to create, and "NewSubnetName" with the name of the subnet within that Virtual Network.
+
+### Note on Domain Name and Public IP
+
+```xml
+<PublicIPs>
+  <PublicIP name="MyPublicIP" domainNameLabel="myservice" />
+</PublicIPs>
+```
+* PublicIP name: "MyPublicIP" – Provide a unique name for the public IP.
+* domainNameLabel: "myservice" – Set this to your service's domain label.
+
+Azure Extended Services Configuration:
+* **Public IP**: You must provide a Public IP name in your configuration when creating the service.
+* **Domain Name**: The domain name (domainNameLabel) is optional during initial creation and can be specified or updated later.
+
+Match Public IP Name:
+* Ensure that the `name` attribute under `<PublicIP>` ("MyPublicIP" in this example) matches the name used in your application code to fetch the public IP address dynamically.
+* To ensure that the `domainNameLabel` matches between your configuration (.cscfg file) and the Azure portal settings.
    
- Step 4: Deploy
+#### Step 4: Deploy
 
-   1. Create Your Cloud Service (Extended Support)
-      1. Use the Azure portal to create a Cloud Service (Extended Support). 
-        Follow this guide: Create a Cloud Service (Extended Support).(https://learn.microsoft.com/en-us/azure/cloud-services-extended-support/deploy-portal)
-      2. Obtain Your Public IP DNS name:
+1. Create Your Cloud Service (Extended Support):
+   * Use the Azure portal to create a Cloud Service (Extended Support). Follow this guide: [Create Cloud Service](https://learn.microsoft.com/en-us/azure/cloud-services-extended-support/deploy-portal).
+   *  Obtain Your Public IP DNS name:
         After the service is created, obtain the "Public IP DNS name" from the Azure portal. This URL will serve as your DNS name and Common Name (CN) for further configurations (e.g. bot.contoso.com).
-        ![Public IP DNS name](Images/PublicIPDNSName.png).  
-
-   2. Update the app configs with values
-      1. Set up cloud service configuration
-        1. Open powershell, go to the folder that contains file `configure_cloud.ps1`. The file is in the `Samples` directory.
-        2. Run the powershell script with parameters:
-          ` .\configure_cloud.ps1 -p {path to project} -dns {your DNS name} -cn {your CN name, should be the same as your DNS name} -bid {your bot name} -aid {your bot app id} -as {your bot secret}`
-        
-         For example:
-        
-         `.\configure_cloud.ps1 -p .\V1.0Samples\LocalMediaSamples\PolicyRecordingBot\ -dns bot.contoso.com -cn bot.contoso.com -bid bot -aid 3853f935-2c6f-43d7-859d-6e8f83b519ae -as 123456!@#$%^`
-
-   3. Deploy to Cloud Service (Extended Support)
-     1. Configure Storage Account for Configuration Files.
-       * To store configuration files for your Azure extended service, you'll need to set up a storage account. Follow these steps to configure the storage account:(https://learn.microsoft.com/en-us/azure/storage/common/storage-account-create?tabs=azure-portal).
-     2. Package Your Cloud Service for Deployment
-       * Before you can create your Azure extended service, you need to package your cloud service application to include configuration files and dependencies.
-       * Right click PolicyRecordingBot, then click `Package...`.
-     
-   Option 1: Upload to Azure Storage Account:
-    * Upload your packaged application (cspkg file) along with the .cscfg and .csdef files to an Azure Storage Account container.
-    * This method allows you to deploy directly from the Azure Storage Account during service creation.
-
-   Option 2: Use Local Files:
-    * Deploy directly from local files during the service creation process.
-    * Ensure all required files, including .cscfg and .csdef, are accessible and correctly referenced during deployment.
+        ![Public IP DNS name](Images/PublicIPDNSName.png).
+
+2. Update the App Configurations:
+   * Set up cloud service configuration with PowerShell:
+     1. Open PowerShell, go to the folder that contains the file `configure_cloud.ps1`. The file is in the `Samples` directory.
+     2. Run the PowerShell script with parameters:
+       ```powershell
+       .\configure_cloud.ps1 -p {path to project} -dns {your DNS name} -cn {your CN name, should be the same as your DNS name} -bid {your bot name} -aid {your bot app id} -as {your bot secret}
+       ```
+     For example:
+     ```powershell
+     .\configure_cloud.ps1 -p .\V1.0Samples\LocalMediaSamples\PolicyRecordingBot\ -dns bot.contoso.com -cn bot.contoso.com -bid bot -aid 3853f935-2c6f-43d7-859d-6e8f83b519ae -as 123456!@#$%^
+     ```
+
+3. Deploy to Cloud Service (Extended Support):
+   1. Configure Storage Account for Configuration Files.
+   * To store configuration files for your Azure extended service, you'll need to set up a storage account. Follow these steps to configure the storage account:(https://learn.microsoft.com/en-us/azure/storage/common/storage-account-create?tabs=azure-portal).
+   2.  Package Your Cloud Service for Deployment
+   * Before you can create your Azure extended service, you need to package your cloud service application to include configuration files and dependencies.
+   * Right click PolicyRecordingBot, then click `Package...`.
+
+**Option 1**: Upload to Azure Storage Account:
+* Upload your packaged application (cspkg file) along with the .cscfg and .csdef files to an Azure Storage Account container.
+* This method allows you to deploy directly from the Azure Storage Account during service creation.
+
+**Option 2**: Use Local Files:
+* Deploy directly from local files during the service creation process.
+* Ensure all required files, including .cscfg and .csdef, are accessible and correctly referenced during deployment.
 
 ### Firewall setup
 
@@ -197,8 +220,8 @@ Step 3: Define Your Virtual Network
 
 3. Interact with your service, _adjusting the service URL appropriately_.
     1. Get diagnostics data from the bot. Open the url https://bot.contoso.com:10101/calls in a browser for auto-refresh. Search for the most recent CallId and replace with it in the below url.
-       * Active calls: https://bot.contoso.com:10101/calls/{CallId}
-       * Service logs: https://bot.contoso.com:10101/logs
+       *  Active calls: https://bot.contoso.com:10101/calls/{CallId}
+       *  Service logs: https://bot.contoso.com:10101/logs
 
     2. Terminating the call through `DELETE`, as needed for testing. Replace the {CallId} below with your call id from the first response.
 
diff --git a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/AVPWindowsService/AVPWindowsService.csproj b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/AVPWindowsService/AVPWindowsService.csproj
index f4b78e0ef..73163df9e 100644
--- a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/AVPWindowsService/AVPWindowsService.csproj
+++ b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/AVPWindowsService/AVPWindowsService.csproj
@@ -76,8 +76,8 @@
     <Reference Include="Azure.Core, Version=1.21.0.0, Culture=neutral, PublicKeyToken=92742159e12e44c8, processorArchitecture=MSIL">
       <HintPath>..\..\..\..\packages\Azure.Core.1.21.0\lib\net461\Azure.Core.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.Bcl.AsyncInterfaces, Version=6.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
-      <HintPath>..\..\..\..\packages\Microsoft.Bcl.AsyncInterfaces.6.0.0\lib\net461\Microsoft.Bcl.AsyncInterfaces.dll</HintPath>
+    <Reference Include="Microsoft.Bcl.AsyncInterfaces, Version=8.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\..\..\..\packages\Microsoft.Bcl.AsyncInterfaces.8.0.0\lib\net462\Microsoft.Bcl.AsyncInterfaces.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Extensions.Configuration, Version=6.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
       <HintPath>..\..\..\..\packages\Microsoft.Extensions.Configuration.6.0.0\lib\net461\Microsoft.Extensions.Configuration.dll</HintPath>
@@ -124,11 +124,14 @@
     <Reference Include="Microsoft.Identity.Client, Version=4.39.0.0, Culture=neutral, PublicKeyToken=0a613f4dd989e8ae, processorArchitecture=MSIL">
       <HintPath>..\..\..\..\packages\Microsoft.Identity.Client.4.39.0\lib\net461\Microsoft.Identity.Client.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.IdentityModel.JsonWebTokens, Version=6.15.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\..\..\packages\Microsoft.IdentityModel.JsonWebTokens.6.15.0\lib\net472\Microsoft.IdentityModel.JsonWebTokens.dll</HintPath>
+    <Reference Include="Microsoft.IdentityModel.Abstractions, Version=8.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\..\..\packages\Microsoft.IdentityModel.Abstractions.8.0.1\lib\net472\Microsoft.IdentityModel.Abstractions.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.IdentityModel.Logging, Version=6.15.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\..\..\packages\Microsoft.IdentityModel.Logging.6.15.0\lib\net472\Microsoft.IdentityModel.Logging.dll</HintPath>
+    <Reference Include="Microsoft.IdentityModel.JsonWebTokens, Version=8.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\..\..\packages\Microsoft.IdentityModel.JsonWebTokens.8.0.1\lib\net472\Microsoft.IdentityModel.JsonWebTokens.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Logging, Version=8.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\..\..\packages\Microsoft.IdentityModel.Logging.8.0.1\lib\net472\Microsoft.IdentityModel.Logging.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.IdentityModel.Protocols, Version=6.15.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\..\..\..\packages\Microsoft.IdentityModel.Protocols.6.15.0\lib\net472\Microsoft.IdentityModel.Protocols.dll</HintPath>
@@ -136,8 +139,8 @@
     <Reference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect, Version=6.15.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\..\..\..\packages\Microsoft.IdentityModel.Protocols.OpenIdConnect.6.15.0\lib\net472\Microsoft.IdentityModel.Protocols.OpenIdConnect.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.IdentityModel.Tokens, Version=6.15.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\..\..\packages\Microsoft.IdentityModel.Tokens.6.15.0\lib\net472\Microsoft.IdentityModel.Tokens.dll</HintPath>
+    <Reference Include="Microsoft.IdentityModel.Tokens, Version=8.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\..\..\packages\Microsoft.IdentityModel.Tokens.8.0.1\lib\net472\Microsoft.IdentityModel.Tokens.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Owin.Host.HttpListener, Version=4.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\..\..\..\packages\Microsoft.Owin.Host.HttpListener.4.0.1\lib\net45\Microsoft.Owin.Host.HttpListener.dll</HintPath>
@@ -145,8 +148,8 @@
     <Reference Include="Microsoft.Skype.Bots.Media, Version=1.20.0.348, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=AMD64">
       <HintPath>..\..\..\..\packages\Microsoft.Skype.Bots.Media.1.20.0.348-alpha\lib\net472\Microsoft.Skype.Bots.Media.dll</HintPath>
     </Reference>
-    <Reference Include="Newtonsoft.Json, Version=12.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
-      <HintPath>..\..\..\..\packages\Newtonsoft.Json.12.0.2\lib\net45\Newtonsoft.Json.dll</HintPath>
+    <Reference Include="Newtonsoft.Json, Version=13.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
+      <HintPath>..\..\..\..\packages\Newtonsoft.Json.13.0.3\lib\net45\Newtonsoft.Json.dll</HintPath>
     </Reference>
     <Reference Include="System" />
     <Reference Include="System.Buffers, Version=4.0.3.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
@@ -160,13 +163,13 @@
     </Reference>
     <Reference Include="System.Drawing" />
     <Reference Include="System.IdentityModel" />
-    <Reference Include="System.IdentityModel.Tokens.Jwt, Version=6.15.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\..\..\packages\System.IdentityModel.Tokens.Jwt.6.15.0\lib\net472\System.IdentityModel.Tokens.Jwt.dll</HintPath>
+    <Reference Include="System.IdentityModel.Tokens.Jwt, Version=8.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\..\..\packages\System.IdentityModel.Tokens.Jwt.8.0.1\lib\net472\System.IdentityModel.Tokens.Jwt.dll</HintPath>
     </Reference>
     <Reference Include="System.IO.Compression" />
     <Reference Include="System.Management" />
-    <Reference Include="System.Memory, Version=4.0.1.1, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
-      <HintPath>..\..\..\..\packages\System.Memory.4.5.4\lib\net461\System.Memory.dll</HintPath>
+    <Reference Include="System.Memory, Version=4.0.1.2, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\..\..\..\packages\System.Memory.4.5.5\lib\net461\System.Memory.dll</HintPath>
     </Reference>
     <Reference Include="System.Memory.Data, Version=1.0.2.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
       <HintPath>..\..\..\..\packages\System.Memory.Data.1.0.2\lib\net461\System.Memory.Data.dll</HintPath>
@@ -180,11 +183,11 @@
     </Reference>
     <Reference Include="System.Runtime.Serialization" />
     <Reference Include="System.ServiceModel" />
-    <Reference Include="System.Text.Encodings.Web, Version=6.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
-      <HintPath>..\..\..\..\packages\System.Text.Encodings.Web.6.0.0\lib\net461\System.Text.Encodings.Web.dll</HintPath>
+    <Reference Include="System.Text.Encodings.Web, Version=8.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\..\..\..\packages\System.Text.Encodings.Web.8.0.0\lib\net462\System.Text.Encodings.Web.dll</HintPath>
     </Reference>
-    <Reference Include="System.Text.Json, Version=6.0.0.1, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
-      <HintPath>..\..\..\..\packages\System.Text.Json.6.0.1\lib\net461\System.Text.Json.dll</HintPath>
+    <Reference Include="System.Text.Json, Version=8.0.0.4, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\..\..\..\packages\System.Text.Json.8.0.4\lib\net462\System.Text.Json.dll</HintPath>
     </Reference>
     <Reference Include="System.Threading.Tasks.Dataflow, Version=4.6.3.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
       <HintPath>..\..\..\..\packages\System.Threading.Tasks.Dataflow.4.9.0\lib\netstandard2.0\System.Threading.Tasks.Dataflow.dll</HintPath>
@@ -404,7 +407,5 @@
       <ErrorText>This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them.  For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
     </PropertyGroup>
     <Error Condition="!Exists('..\..\..\..\packages\Microsoft.Skype.Bots.Media.1.20.0.348-alpha\build\Microsoft.Skype.Bots.Media.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\..\packages\Microsoft.Skype.Bots.Media.1.20.0.348-alpha\build\Microsoft.Skype.Bots.Media.targets'))" />
-    <Error Condition="!Exists('..\..\..\..\packages\System.Text.Json.6.0.1\build\System.Text.Json.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\..\packages\System.Text.Json.6.0.1\build\System.Text.Json.targets'))" />
   </Target>
-  <Import Project="..\..\..\..\packages\System.Text.Json.6.0.1\build\System.Text.Json.targets" Condition="Exists('..\..\..\..\packages\System.Text.Json.6.0.1\build\System.Text.Json.targets')" />
 </Project>
\ No newline at end of file
diff --git a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/AVPWindowsService/App.config b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/AVPWindowsService/App.config
index 6a674899a..92f98dc3e 100644
--- a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/AVPWindowsService/App.config
+++ b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/AVPWindowsService/App.config
@@ -11,15 +11,15 @@
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="System.Memory" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-4.0.1.1" newVersion="4.0.1.1" />
+        <bindingRedirect oldVersion="0.0.0.0-4.0.1.2" newVersion="4.0.1.2" />
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="System.Text.Json" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-6.0.0.1" newVersion="6.0.0.1" />
+        <bindingRedirect oldVersion="0.0.0.0-8.0.0.4" newVersion="8.0.0.4" />
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.Bcl.AsyncInterfaces" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
+        <bindingRedirect oldVersion="0.0.0.0-8.0.0.0" newVersion="8.0.0.0" />
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="System.Threading.Tasks.Extensions" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
@@ -31,7 +31,7 @@
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-12.0.0.0" newVersion="12.0.0.0" />
+        <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.Extensions.Primitives" publicKeyToken="adb9793829ddae60" culture="neutral" />
@@ -49,13 +49,33 @@
         <assemblyIdentity name="System.Threading.Tasks.Dataflow" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
         <bindingRedirect oldVersion="0.0.0.0-4.6.3.0" newVersion="4.6.3.0" />
       </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="System.Text.Encodings.Web" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-8.0.0.0" newVersion="8.0.0.0" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="Microsoft.IdentityModel.Tokens" publicKeyToken="31bf3856ad364e35" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-8.0.1.0" newVersion="8.0.1.0" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="Microsoft.IdentityModel.Logging" publicKeyToken="31bf3856ad364e35" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-8.0.1.0" newVersion="8.0.1.0" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="Microsoft.IdentityModel.JsonWebTokens" publicKeyToken="31bf3856ad364e35" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-8.0.1.0" newVersion="8.0.1.0" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-8.0.1.0" newVersion="8.0.1.0" />
+      </dependentAssembly>
     </assemblyBinding>
   </runtime>
   <appSettings>
     <!-- update these with your Bot Id, AAD application id and your AAD application secret from your bot registration portal. -->
     <add key="BotName" value="%BotName%" />
     <add key="AadAppId" value="%AppId%" />
-    <add key="AadAppSecret" value="%AppSecret%"/>
+    <add key="AadAppSecret" value="%AppSecret%" />
     <add key="H264_1280x720_30Fps" value="output720p.264" />
     <add key="H264_640x360_30Fps" value="output360p.264" />
     <add key="H264_320x180_15Fps" value="output180p.264" />
diff --git a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/AVPWindowsService/WindowsServiceConfiguration.cs b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/AVPWindowsService/WindowsServiceConfiguration.cs
index 87d5412c8..63dabdff8 100644
--- a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/AVPWindowsService/WindowsServiceConfiguration.cs
+++ b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/AVPWindowsService/WindowsServiceConfiguration.cs
@@ -99,6 +99,15 @@ public class WindowsServiceConfiguration : IConfiguration
         /// <inheritdoc/>
         public int AudioVideoFileLengthInSec { get; private set; }
 
+        /// <inheritdoc/>
+        public int SignalingPort { get; private set; }
+
+        /// <inheritdoc/>
+        public int MediaPort { get; private set; }
+
+        /// <inheritdoc/>
+        public int TcpForwardingPort { get; private set; }
+
         /// <summary>
         /// Gets the h264 1920 x 1080 vbss file location.
         /// </summary>
diff --git a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/AVPWindowsService/packages.config b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/AVPWindowsService/packages.config
index 42d54e306..d07f6fa7a 100644
--- a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/AVPWindowsService/packages.config
+++ b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/AVPWindowsService/packages.config
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
   <package id="Azure.Core" version="1.21.0" targetFramework="net472" />
-  <package id="Microsoft.Bcl.AsyncInterfaces" version="6.0.0" targetFramework="net472" />
+  <package id="Microsoft.Bcl.AsyncInterfaces" version="8.0.0" targetFramework="net472" />
   <package id="Microsoft.Extensions.Configuration" version="6.0.0" targetFramework="net472" />
   <package id="Microsoft.Extensions.Configuration.Abstractions" version="6.0.0" targetFramework="net472" />
   <package id="Microsoft.Extensions.Configuration.Binder" version="6.0.0" targetFramework="net472" />
@@ -17,14 +17,15 @@
   <package id="Microsoft.Graph.Communications.Core" version="1.2.0.4161" targetFramework="net472" />
   <package id="Microsoft.Graph.Core" version="2.0.7" targetFramework="net472" />
   <package id="Microsoft.Identity.Client" version="4.39.0" targetFramework="net472" />
-  <package id="Microsoft.IdentityModel.JsonWebTokens" version="6.15.0" targetFramework="net472" />
-  <package id="Microsoft.IdentityModel.Logging" version="6.15.0" targetFramework="net472" />
+  <package id="Microsoft.IdentityModel.Abstractions" version="8.0.1" targetFramework="net472" />
+  <package id="Microsoft.IdentityModel.JsonWebTokens" version="8.0.1" targetFramework="net472" />
+  <package id="Microsoft.IdentityModel.Logging" version="8.0.1" targetFramework="net472" />
   <package id="Microsoft.IdentityModel.Protocols" version="6.15.0" targetFramework="net472" />
   <package id="Microsoft.IdentityModel.Protocols.OpenIdConnect" version="6.15.0" targetFramework="net472" />
-  <package id="Microsoft.IdentityModel.Tokens" version="6.15.0" targetFramework="net472" />
+  <package id="Microsoft.IdentityModel.Tokens" version="8.0.1" targetFramework="net472" />
   <package id="Microsoft.Owin.Host.HttpListener" version="4.0.1" targetFramework="net472" />
   <package id="Microsoft.Skype.Bots.Media" version="1.20.0.348-alpha" targetFramework="net472" />
-  <package id="Newtonsoft.Json" version="12.0.2" targetFramework="net472" />
+  <package id="Newtonsoft.Json" version="13.0.3" targetFramework="net472" />
   <package id="System.Buffers" version="4.5.1" targetFramework="net472" />
   <package id="System.Collections" version="4.0.0" targetFramework="net472" />
   <package id="System.Collections.Concurrent" version="4.0.0" targetFramework="net472" />
@@ -32,17 +33,17 @@
   <package id="System.Diagnostics.DiagnosticSource" version="4.7.1" targetFramework="net472" />
   <package id="System.Diagnostics.Tracing" version="4.0.0" targetFramework="net472" />
   <package id="System.Dynamic.Runtime" version="4.0.0" targetFramework="net472" />
-  <package id="System.IdentityModel.Tokens.Jwt" version="6.15.0" targetFramework="net472" />
+  <package id="System.IdentityModel.Tokens.Jwt" version="8.0.1" targetFramework="net472" />
   <package id="System.Linq" version="4.0.0" targetFramework="net472" />
-  <package id="System.Memory" version="4.5.4" targetFramework="net472" />
+  <package id="System.Memory" version="4.5.5" targetFramework="net472" />
   <package id="System.Memory.Data" version="1.0.2" targetFramework="net472" />
   <package id="System.Numerics.Vectors" version="4.5.0" targetFramework="net472" />
   <package id="System.Resources.ResourceManager" version="4.0.0" targetFramework="net472" />
   <package id="System.Runtime" version="4.0.0" targetFramework="net472" />
   <package id="System.Runtime.CompilerServices.Unsafe" version="6.0.0" targetFramework="net472" />
   <package id="System.Runtime.Extensions" version="4.0.0" targetFramework="net472" />
-  <package id="System.Text.Encodings.Web" version="6.0.0" targetFramework="net472" />
-  <package id="System.Text.Json" version="6.0.1" targetFramework="net472" />
+  <package id="System.Text.Encodings.Web" version="8.0.0" targetFramework="net472" />
+  <package id="System.Text.Json" version="8.0.4" targetFramework="net472" />
   <package id="System.Threading" version="4.0.0" targetFramework="net472" />
   <package id="System.Threading.Tasks" version="4.0.0" targetFramework="net472" />
   <package id="System.Threading.Tasks.Dataflow" version="4.9.0" targetFramework="net472" />
diff --git a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/FirewallREADME.md b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/FirewallREADME.md
new file mode 100644
index 000000000..313c874bf
--- /dev/null
+++ b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/FirewallREADME.md
@@ -0,0 +1,176 @@
+# Steps to Configure Azure Firewall
+=====================================
+
+## Step 1: Create a Virtual Network and Subnet for Azure Firewall
+
+    1.  Go to Virtual Network or create a new one if it doesn't exist.
+    2. Create a subnet for the firewall with the purpose set to "Azure Firewall". ![Create subnet](Images/CreateSubnet.png)
+    3. Go to the firewall section and click on "Add firewall". ![Create firewall](Images/CreateFirewall.png)
+
+## Step 2: Configure Firewall Settings
+
+    1. Choose a name for the firewall (e.g., "MyFirewall").
+    2. Create a new firewall policy. ![Create policy](Images/CreatePolicy.png)
+    3. Select the existing Virtual Network.
+    4. Create a new public IP address (e.g., "MyFWPublicIP").
+    5. Review and create the firewall.
+
+## Step 3: Configure Firewall Policy
+
+    1. Open the firewall policy created in Step 2.  
+    2. Navigate to Settings.
+
+## Step 4: Configure Application Rules (Ingress)
+
+    Add an application rule:
+    a. Give a descriptive name.
+    b. Select "Application rule collection" as the rule type.
+    c. Assign the lowest number as the priority.
+    d. Specify a name for the rule.
+    e. Define the source (e.g., your VM subnet) or use `*` to allow all IP addresses.
+    f. Allow specific domains (e.g., `audiovideoplaybackbot.eastus.cloudapp.azure.com`).
+    g. Save the rule.
+
+## Step 5: Configure Network Rules (Egress)
+
+    Add a network rule:
+    a. Give a descriptive name.
+    b. Select "Network rule collection" as the rule type.
+    c. Assign the lowest number as the priority.
+    d. Specify a name for the rule.
+    e. Define the source (e.g., your VM subnet) or use `*` to allow all IP addresses.
+    f. Specific external IPs or ranges (e.g., 192.168.1.0/24 for a subnet) instead of using 0.0.0.0/0 for all. This ensures that only trusted sources can access your service. If you want to allow access from all IPs, you can configure it as 0.0.0.0/0.
+    g. Specify only particular protocols and ports you want to allow. For example, you may configure TCP ports like 9444, 8445, 9442, 443, and port ranges like 10100-10199 and 20100-20199. If you want to restrict access to everything else, you should mention specific configurations like below:
+     Allowed TCP ports: 9444, 8445, 9442, 443, 9441, 10100-10199, 20100-20199.
+     All other ports and protocols will be restricted.
+    h. Save the rule.
+
+## Step 6: Firewall Configuration Summary
+
+    1. Specify External IPs or Ranges
+    Allow only specific external IPs or ranges (e.g., 192.168.1.0/24 for a subnet) instead of using 0.0.0.0/0 for all. This ensures that only trusted sources can access your service. If you want to allow access from all IPs, you can configure it as 0.0.0.0/0.
+
+    Example:
+    To allow access from a specific subnet:
+     Allow: 192.168.1.0/24
+
+    To allow access from all IPs:
+     Allow: 0.0.0.0/0
+
+    2. Specify Allowed Protocols and Ports
+    You can specify only particular protocols and ports you want to allow. For example, configure the following:
+      Allowed TCP Ports: 9444 (SignalingPort)
+      8445 (MediaPort)
+      9442 (TcpForwardingPort)
+      443 (DefaultEndpoint)
+      9441 (localPort)
+      10100-10199 (InstanceCallControlEndpoint)
+      20100-20199 (InstanceMediaControlEndpoint)
+
+     * All other ports and protocols will be restricted.
+
+     Example of Ingress Allow Rules:
+     a. Allow TCP Port 9444:
+      Rule Name: Allow SignalingPort
+      Action: Allow
+      Protocol: TCP
+      Port: 9444
+
+     b. Allow TCP Port 8445:
+      Rule Name: Allow MediaPort
+      Action: Allow
+      Protocol: TCP
+      Port: 8445
+
+     c. Allow TCP Port 9442:
+      Rule Name: Allow TcpForwardingPort
+      Action: Allow
+      Protocol: TCP
+      Port: 9442
+
+     d. Allow TCP Port 443:
+      Rule Name: Allow DefaultEndpoint
+      Action: Allow
+      Protocol: TCP
+      Port: 443
+
+     e. Allow TCP Port 9441:
+      Rule Name: Allow LocalPort
+      Action: Allow
+      Protocol: TCP
+      Port: 9441
+
+     f. Allow TCP Port Range 10100-10199:
+      Rule Name: Allow InstanceCallControlEndpoint
+      Action: Allow
+      Protocol: TCP
+      Port Range: 10100-10199
+
+     g. Allow TCP Port Range 20100-20199:
+      Rule Name: Allow InstanceMediaControlEndpoint
+      Action: Allow
+      Protocol: TCP
+      Port Range: 20100-20199
+
+    3. Restrict All Other Ingress Ports and Protocols:
+    After creating the allow rules, add a rule to deny all other traffic. This ensures that any port or protocol not explicitly allowed is blocked.
+
+    Example of Deny Rule:
+     Deny All Other Ingress Traffic:
+      Rule Name: Deny All Other Ingress Traffic
+      Action: Deny
+      Protocol: Any
+      Port: Any
+
+    Example of Egress Allow Rules
+     a. Allow TCP Port 9444:
+      Rule Name: Allow Egress SignalingPort
+      Action: Allow
+      Protocol: TCP
+      Port: 9444
+
+     b. Allow TCP Port 8445:
+      Rule Name: Allow Egress MediaPort
+      Action: Allow
+      Protocol: TCP
+      Port: 8445
+
+     c. Allow TCP Port 9442:
+      Rule Name: Allow Egress TcpForwardingPort
+      Action: Allow
+      Protocol: TCP
+      Port: 9442
+
+     d. Allow TCP Port 443:
+      Rule Name: Allow Egress DefaultEndpoint
+      Action: Allow
+      Protocol: TCP
+      Port: 443
+
+     e. Allow TCP Port 9441:
+      Rule Name: Allow Egress LocalPort
+      Action: Allow
+      Protocol: TCP
+      Port: 9441
+
+     f. Allow TCP Port Range 10100-10199:
+      Rule Name: Allow Egress InstanceCallControlEndpoint
+      Action: Allow
+      Protocol: TCP
+      Port Range: 10100-10199
+
+     g. Allow TCP Port Range 20100-20199:
+      Rule Name: Allow Egress InstanceMediaControlEndpoint
+      Action: Allow
+      Protocol: TCP
+      Port Range: 20100-20199
+
+    4. Restrict All Other Egress Ports and Protocols
+     * Similarly, add a rule to deny all other egress traffic.
+    
+    Example of Deny Rule: 
+     Deny All Other Egress Traffic:
+      Rule Name: Deny All Other Egress Traffic
+      Action: Deny
+      Protocol: Any
+      Port: Any
\ No newline at end of file
diff --git a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/FrontEnd/AVPFrontEnd.csproj b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/FrontEnd/AVPFrontEnd.csproj
index eb0f46404..33e4d3dfb 100644
--- a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/FrontEnd/AVPFrontEnd.csproj
+++ b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/FrontEnd/AVPFrontEnd.csproj
@@ -59,7 +59,7 @@
   <ItemGroup>
     <Reference Include="Microsoft.Skype.Internal.Media.H264, Version=0.0.0.0, Culture=neutral, processorArchitecture=AMD64">
       <SpecificVersion>False</SpecificVersion>
-      <HintPath>..\..\..\..\packages\Microsoft.Skype.Bots.Media\1.19.0.25-alpha\src\skype_media_lib\Microsoft.Skype.Internal.Media.H264.dll</HintPath>
+      <HintPath>..\..\..\..\packages\Microsoft.Skype.Bots.Media\1.20.0.348-alpha\src\skype_media_lib\Microsoft.Skype.Internal.Media.H264.dll</HintPath>
     </Reference>
   </ItemGroup>
   <ItemGroup>
diff --git a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/FrontEnd/IConfiguration.cs b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/FrontEnd/IConfiguration.cs
index 6ccf5df87..c1e22a7e7 100644
--- a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/FrontEnd/IConfiguration.cs
+++ b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/FrontEnd/IConfiguration.cs
@@ -40,7 +40,7 @@ public interface IConfiguration : IDisposable
         /// Gets the List of HTTP URLs the app should listen on for incoming call
         /// signaling requests from Skype Platform.
         /// </summary>
-        IEnumerable<string> CallControlListeningUrls { get; }
+        IEnumerable<Uri> CallControlListeningUrls { get; }
 
         /// <summary>
         /// Gets the base callback URL for this instance.  To ensure that all requests
diff --git a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/Images/CreateFirewall.png b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/Images/CreateFirewall.png
new file mode 100644
index 000000000..b59c26234
Binary files /dev/null and b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/Images/CreateFirewall.png differ
diff --git a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/Images/CreatePolicy.png b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/Images/CreatePolicy.png
new file mode 100644
index 000000000..7c5e5e787
Binary files /dev/null and b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/Images/CreatePolicy.png differ
diff --git a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/Images/CreateSubnet.png b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/Images/CreateSubnet.png
new file mode 100644
index 000000000..0c13d277e
Binary files /dev/null and b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/Images/CreateSubnet.png differ
diff --git a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/Images/PublicIPDNSName.png b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/Images/PublicIPDNSName.png
new file mode 100644
index 000000000..4aa454c31
Binary files /dev/null and b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/Images/PublicIPDNSName.png differ
diff --git a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/README.md b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/README.md
index 82eefff44..16164c11c 100644
--- a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/README.md
+++ b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/README.md
@@ -11,49 +11,171 @@ This section walks you through the process of deploying and testing the sample b
 ### Bot Registration
 
 1. Follow the steps in [Register Calling Bot](https://microsoftgraph.github.io/microsoft-graph-comms-samples/docs/articles/calls/register-calling-bot.html). Save the bot name, bot app id and bot secret for configuration.
-
+    
 2. Add the following Application Permissions to the bot:
+    * `Calls.AccessMedia.All`
+    * `Calls.Initiate.All`
+    * `Calls.JoinGroupCall.All`
+    * `Calls.JoinGroupCallAsGuest.All`
 
-    * Calls.AccessMedia.All
-    * Calls.Initiate.All
-    * Calls.JoinGroupCall.All
-    * Calls.JoinGroupCallAsGuest.All
-
-3. The permission needs to be consented by tenant admin. Go to `https://login.microsoftonline.com/common/adminconsent?client_id=<app_id>&state=<any_number>&redirect_uri=<any_callback_url>` using tenant admin to sign-in, then consent for the whole tenant.
+3. The permission needs to be consented by tenant admin. Go to https://login.microsoftonline.com/common/adminconsent?client_id=<app_id>&state=<any_number>&redirect_uri=<any_callback_url> using tenant admin to sign-in, then consent for the whole tenant..
 
 ### Prerequisites
 
 * Install the prerequisites:
-  * [Visual Studio 2017+](https://visualstudio.microsoft.com/downloads/)
-  * [PowerShell] 7.0+
-  * [Mirosoft Azure Subscription] (Can register for a <a href="https://azure.microsoft.com/en-us/free/" target="_blank">free account</a>)
-  * [PostMan](https://chrome.google.com/webstore/detail/postman/fhbjgbiflinjbdggehcddcbncdddomop)
+  *  [Visual Studio 2017+](https://visualstudio.microsoft.com/downloads/)
+  *  [PowerShell] 7.0+
+  *  [Mirosoft Azure Subscription] (Can register for a <a href="https://azure.microsoft.com/en-us/free/" target="_blank">free account</a>)
+  *  [PostMan](https://chrome.google.com/webstore/detail/postman/fhbjgbiflinjbdggehcddcbncdddomop)
 
-## Deploy
+### Deploy
 
-#### [Azure] deployment
+* Prerequisites for deploying Azure Cloud Services (extended support) [here](https://learn.microsoft.com/en-us/azure/cloud-services-extended-support/deploy-prerequisite).
 
-##### Cloud Service (classic) [Planned Deprecation]
+#### Step 1: Securely Store Certificates with Azure Key Vault
 
-1. Create a cloud service (classic) in Azure. Get your "Site URL" from Azure portal, this will be your DNS name and CN name for later configuration, for example: `bot.contoso.com`.
+Certificates are crucial for securing communication between your services. Azure Key Vault is used to store and manage these certificates securely.
 
-2. Set up SSL certificate and upload to the cloud service
-    1. Create a wildcard certificate for your service. This certificate should not be a self-signed certificate. For instance, if your bot is hosted at `bot.contoso.com`, create the certificate for `*.contoso.com`.
-    2. Upload the certificate to the cloud service.
-    3. Copy the thumbprint for later.
+Create an Azure Key Vault:
+* Follow these instructions to create your Azure Key Vault: [Create Key Vault](https://learn.microsoft.com/en-us/azure/key-vault/general/quick-create-portal).
+
+#### Step 2: Obtain and Configure Your SSL Certificate
+
+To secure your service, you need a valid SSL certificate. Here’s how to obtain and configure it:
+
+1. **Get a Wildcard Certificate**: 
+   * Obtain a wildcard SSL certificate for your domain. For example, if your service is hosted at bot.contoso.com, get a certificate for \*.contoso.com. 
+   * Ensure that the certificate is issued by a trusted Certificate Authority (CA) and not self-signed.
+
+2. **Upload to Azure Key Vault**:
+   * Upload your SSL certificate to the Azure Key Vault. Follow these steps: [Import Certificate](https://learn.microsoft.com/en-us/azure/key-vault/certificates/tutorial-import-certificate?tabs=azure-portal).
+
+3. **Get the Thumbprint**:
+   * Copy the certificate thumbprint from Azure Key Vault. You will need to add this thumbprint to your `.cscfg` (cloud service configuration) and `.csdef` (cloud service definition) files.
+
+   1. Update the Certificate section in your `.cscfg` file with the thumbprint.
+   ```xml
+    <Certificates>
+     <!-- Certificate Configuration:
+     This is where you specify the thumbprint for your SSL certificate.
+     Replace 'YOUR_THUMBPRINT' with the actual thumbprint of your certificate. -->
+    <Certificate name="MySSLCertificate" thumbprint="YOUR_THUMBPRINT" thumbprintAlgorithm="sha1" />
+   </Certificates>
+   ```
 
-3. Set up cloud service configuration
-    1. Open powershell, go to the folder that contains file `configure_cloud.ps1`. The file is in the `Samples` directory.
-    2. Run the powershell script with parameters:
+   2. Update the Certificate element in your `.csdef` file.
+   ```xml
+    <Certificates>
+    <Certificate name="YourCertificateName" storeLocation="LocalMachine" storeName="My" />
+    </Certificates>
+   ```
+   * Replace YourCertificateName with the actual name of your certificate as it appears in your Azure Key Vault or wherever it is stored. Here are the key attributes:
+   
+ **name**: This should match the certificate's name as referenced in your Azure Key Vault or local certificate store.
 
-        `.\configure_cloud.ps1 -p {path to project} -dns {your DNS name} -cn {your CN name, should be the same as your DNS name} -thumb {your certificate thumbprint} -bid {your bot name} -aid {your bot app id} -as {your bot secret}`
+ **storeLocation**: Specifies where the certificate is stored. LocalMachine is a common location for certificates installed on the local machine.
 
-        For example:
+ **storeName**: Specifies the store name where the certificate is located. My is a common store name used for personal certificates.
 
-        `.\configure_cloud.ps1 -p .\V1.0Samples\LocalMediaSamples\AudioVideoPlaybackBot\ -dns bot.contoso.com -cn bot.contoso.com -thumb ABC0000000000000000000000000000000000CBA -bid bot -aid 3853f935-2c6f-43d7-859d-6e8f83b519ae -as 123456!@#$%^`
 
-4. Publish AudioVideoPlaybackBot from VS:
-    1. Right click AudioVideoPlaybackBot, then click Publish.... Publish it to the cloud service you created earlier.
+#### Step 3: Define Your Virtual Network
+
+* For Azure Extended Services, you can define the virtual network and subnet configurations in your `.cscfg` file. Azure can create the virtual network during the service setup if it doesn't already exist.
+* When deploying your cloud service (extended) in Azure, virtual network and subnet configurations are managed automatically based on your .cscfg file. Follow these guidelines to ensure proper configuration.
+
+##### Using Existing Virtual Network:
+
+*  If you have an existing Virtual Network (VNet) that you want to use:
+
+```xml
+<NetworkConfiguration>
+  <VirtualNetworkSite name="YourExistingVNetName" />
+  <AddressAssignments>
+    <InstanceAddress roleName="AVPWorkerRole">
+      <Subnets>
+        <Subnet name="YourExistingSubnetName" />
+      </Subnets>
+    </InstanceAddress>
+  </AddressAssignments>
+</NetworkConfiguration>
+```
+*  Replace "YourExistingVNetName" with the name of your existing Virtual Network and "YourExistingSubnetName" with the name of your existing subnet within that Virtual Network.
+
+##### Automatic Creation of Virtual Network:
+
+*  If the Virtual Network doesn't exist, Azure will create it based on the configuration provided:
+
+```xml
+<NetworkConfiguration>
+  <VirtualNetworkSite name="NewVNetName" />
+  <AddressAssignments>
+     <InstanceAddress roleName="AVPWorkerRole">
+      <Subnets>
+        <Subnet name="NewSubnetName" />
+      </Subnets>
+    </InstanceAddress>
+  </AddressAssignments>
+</NetworkConfiguration>
+```
+* Replace "NewVNetName" with the name of the Virtual Network you want Azure to create, and "NewSubnetName" with the name of the subnet within that Virtual Network.
+
+### Note on Domain Name and Public IP
+
+```xml
+<PublicIPs>
+      <PublicIP name="MyPublicIP" domainNameLabel="myservice" />
+</PublicIPs>
+```
+* PublicIP name: "MyPublicIP" – Provide a unique name for the public IP.
+* domainNameLabel: "myservice" – Set this to your service's domain label.
+
+Azure Extended Services Configuration:
+* **Public IP**: You must provide a Public IP name in your configuration when creating the service.
+* **Domain Name**: The domain name (domainNameLabel) is optional during initial creation and can be specified or updated later.
+
+Match Public IP Name:
+* Ensure that the `name` attribute under `<PublicIP>` ("MyPublicIP" in this example) matches the name used in your application code to fetch the public IP address dynamically.
+* To ensure that the `domainNameLabel` matches between your configuration (.cscfg file) and the Azure portal settings.
+   
+#### Step 4: Deploy
+
+1. Create Your Cloud Service (Extended Support):
+   * Use the Azure portal to create a Cloud Service (Extended Support). Follow this guide: [Create Cloud Service](https://learn.microsoft.com/en-us/azure/cloud-services-extended-support/deploy-portal).
+   *  Obtain Your Public IP DNS name:
+        After the service is created, obtain the "Public IP DNS name" from the Azure portal. This URL will serve as your DNS name and Common Name (CN) for further configurations (e.g. bot.contoso.com).
+        ![Public IP DNS name](Images/PublicIPDNSName.png).
+
+2. Update the App Configurations:
+   * Set up cloud service configuration with PowerShell:
+     1. Open PowerShell, go to the folder that contains the file `configure_cloud.ps1`. The file is in the `Samples` directory.
+     2. Run the PowerShell script with parameters:
+       ```powershell
+        .\configure_cloud.ps1 -p {path to project} -dns {your DNS name} -cn {your CN name, should be the same as your DNS name} -bid {your bot name} -aid {your bot app id} -as {your bot secret}
+       ```
+     For example:
+     ```powershell
+     .\configure_cloud.ps1 -p .\V1.0Samples\LocalMediaSamples\AudioVideoPlaybackBot\ -dns bot.contoso.com -cn bot.contoso.com -bid bot -aid 3853f935-2c6f-43d7-859d-6e8f83b519ae -as 123456!@#$%^
+     ```
+
+3. Deploy to Cloud Service (Extended Support):
+   1. Configure Storage Account for Configuration Files.
+   * To store configuration files for your Azure extended service, you'll need to set up a storage account. Follow these steps to configure the storage account:(https://learn.microsoft.com/en-us/azure/storage/common/storage-account-create?tabs=azure-portal).
+   2.  Package Your Cloud Service for Deployment
+   * Before you can create your Azure extended service, you need to package your cloud service application to include configuration files and dependencies.
+   * Right click AudioVideoPlaybackBot, then click `Package...`.
+
+**Option 1**: Upload to Azure Storage Account:
+* Upload your packaged application (cspkg file) along with the .cscfg and .csdef files to an Azure Storage Account container.
+* This method allows you to deploy directly from the Azure Storage Account during service creation.
+
+**Option 2**: Use Local Files:
+* Deploy directly from local files during the service creation process.
+* Ensure all required files, including .cscfg and .csdef, are accessible and correctly referenced during deployment.
+
+### Firewall setup
+
+   * Please follow below steps to configure firewall.
+     - [document](FirewallREADME.md)
 
 ### Local Deployment
 
diff --git a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/ServiceConfiguration.Cloud.cscfg b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/ServiceConfiguration.Cloud.cscfg
index 71078ad34..cbffff66a 100644
--- a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/ServiceConfiguration.Cloud.cscfg
+++ b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/ServiceConfiguration.Cloud.cscfg
@@ -3,11 +3,18 @@
   <Role name="AVPWorkerRole">
     <Instances count="2" />
     <ConfigurationSettings>
-      <Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="DefaultEndpointsProtocol=https;AccountName=$storage$;AccountKey=$storageKey$" />
       <Setting name="ServiceDnsName" value="%ServiceDns%"/>
       <!-- xyz.cloudapp.net-->
+      <!-- Service DNS Name: 
+         This setting defines the DNS name for the service. 
+         It should be the fully qualified domain name (FQDN) used to access the service, like 'myservice.cloudapp.net'. 
+         Replace %ServiceDns% with your service's DNS name. -->
       <Setting name="ServiceCNAME" value="%CName%" />
       <!-- CNAME pointing to the .cloudapp.net if available.-->
+      <!-- Service CName: 
+         This setting is commonly used for creating a CNAME record that points to the service's DNS name.
+         It allows you to map a custom domain name to the service’s DNS name. 
+         Replace %ServiceCName% with the desired CNAME, such as 'custom.mydomain.com'. -->
       <Setting name="DefaultCertificate" value="ABC0000000000000000000000000000000000CBA" />
       <Setting name="APPINSIGHTS_INSTRUMENTATIONKEY" value="" />
     </ConfigurationSettings>
@@ -16,8 +23,12 @@
     </Certificates>
   </Role>
   <NetworkConfiguration>
+    <VirtualNetworkSite name="AudioVideoPlaybackBot" />
     <AddressAssignments>
       <InstanceAddress roleName="AVPWorkerRole">
+        <Subnets>
+          <Subnet name="default" />
+        </Subnets>
         <PublicIPs>
           <PublicIP name="instancePublicIP" domainNameLabel="pip" />
         </PublicIPs>
diff --git a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/ServiceConfiguration.Local.cscfg b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/ServiceConfiguration.Local.cscfg
index 518ce5af2..a283680ac 100644
--- a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/ServiceConfiguration.Local.cscfg
+++ b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/ServiceConfiguration.Local.cscfg
@@ -3,11 +3,18 @@
   <Role name="AVPWorkerRole">
     <Instances count="1" />
     <ConfigurationSettings>
-      <Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="DefaultEndpointsProtocol=https;AccountName=$storage$;AccountKey=$storageKey$" />
       <Setting name="ServiceDnsName" value="%ServiceDns%" />
       <!-- xyz.cloudapp.net-->
+      <!-- Service DNS Name: 
+         This setting defines the DNS name for the service. 
+         It should be the fully qualified domain name (FQDN) used to access the service, like 'myservice.cloudapp.net'. 
+         Replace %ServiceDns% with your service's DNS name. -->
       <Setting name="ServiceCNAME" value="%CName%" />
       <!-- CNAME pointing to the .cloudapp.net if available.-->
+      <!-- Service CName: 
+         This setting is commonly used for creating a CNAME record that points to the service's DNS name.
+         It allows you to map a custom domain name to the service’s DNS name. 
+         Replace %ServiceCName% with the desired CNAME, such as 'custom.mydomain.com'. -->
       <Setting name="DefaultCertificate" value="ABC0000000000000000000000000000000000CBA" />
       <Setting name="APPINSIGHTS_INSTRUMENTATIONKEY" value="" />
     </ConfigurationSettings>
@@ -16,8 +23,12 @@
     </Certificates>
   </Role>
   <NetworkConfiguration>
+    <VirtualNetworkSite name="AudioVideoPlaybackBot" />
     <AddressAssignments>
       <InstanceAddress roleName="AVPWorkerRole">
+        <Subnets>
+          <Subnet name="default" />
+        </Subnets>
         <PublicIPs>
           <PublicIP name="instancePublicIP" domainNameLabel="pip" />
         </PublicIPs>
diff --git a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/ServiceDefinition.csdef b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/ServiceDefinition.csdef
index 77c00c6bc..631a34d51 100644
--- a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/ServiceDefinition.csdef
+++ b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/ServiceDefinition.csdef
@@ -21,7 +21,6 @@
       </Task>
     </Startup>
     <ConfigurationSettings>
-      <Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" />
       <Setting name="ServiceDnsName" />
       <Setting name="ServiceCNAME" />
       <!-- CNAME pointing to the .cloudapp.net if available-->
diff --git a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/WorkerRole/AVPWorkerRole.csproj b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/WorkerRole/AVPWorkerRole.csproj
index 4ef6b6901..5a057e023 100644
--- a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/WorkerRole/AVPWorkerRole.csproj
+++ b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/WorkerRole/AVPWorkerRole.csproj
@@ -37,18 +37,15 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.Data.Services.Client" Version="5.8.4" />
     <PackageReference Include="Microsoft.Owin">
-      <Version>4.1.0</Version>
+      <Version>4.2.2.0</Version>
     </PackageReference>
     <PackageReference Include="Microsoft.Owin.Host.HttpListener" Version="4.1.0" />
     <PackageReference Include="Microsoft.Skype.Bots.Media">
-      <Version>1.19.0.25-alpha</Version>
+      <Version>1.20.0.348-alpha</Version>
     </PackageReference>
     <PackageReference Include="Microsoft.WindowsAzure.ConfigurationManager" Version="3.2.3" />
     <PackageReference Include="Microsoft.WindowsAzure.SDK" Version="2.9.0" />
-    <PackageReference Include="Newtonsoft.Json" Version="12.0.3" />
-    <PackageReference Include="System.Net.Http">
-      <Version>4.3.4</Version>
-    </PackageReference>
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <Reference Include="MonAgentListener, Version=33.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL" />
     <Reference Include="System.Configuration" />
   </ItemGroup>
diff --git a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/WorkerRole/AzureConfiguration.cs b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/WorkerRole/AzureConfiguration.cs
index b2a5694b5..3794b51ab 100644
--- a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/WorkerRole/AzureConfiguration.cs
+++ b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/WorkerRole/AzureConfiguration.cs
@@ -100,6 +100,13 @@ public class AzureConfiguration : IConfiguration
         /// </summary>
         private const string H264640X36030FpsKey = "H264_640x360_30Fps";
 
+        /// <summary>
+        /// localPort specified in <InputEndpoint name="DefaultCallControlEndpoint" protocol="tcp" port="443" localPort="9441" />
+        /// in .csdef. This is needed for running in emulator. Currently only messaging can be debugged in the emulator.
+        /// Media debugging in emulator will be supported in future releases.
+        /// </summary>
+        private const int DefaultPort = 9441;
+
         /// <summary>
         /// videoFile location for the specified resolution.
         /// </summary>
@@ -177,7 +184,7 @@ public AzureConfiguration(IGraphLogger logger, bool isWindowsService = false)
         public string ServiceCname { get; private set; }
 
         /// <inheritdoc/>
-        public IEnumerable<string> CallControlListeningUrls { get; private set; }
+        public IEnumerable<Uri> CallControlListeningUrls { get; private set; }
 
         /// <inheritdoc/>
         public Uri CallControlBaseUrl { get; private set; }
@@ -400,14 +407,14 @@ public void Initialize()
 
             this.AudioVideoFileLengthInSec = avFileLengthInSec;
 
-            var controlListenUris = new List<string>();
+            var controlListenUris = new List<Uri>();
             if (RoleEnvironment.IsEmulated)
             {
                 // Create structured config objects for service.
                 this.CallControlBaseUrl = new Uri($"https://{this.ServiceCname}/{HttpRouteConstants.CallSignalingRoutePrefix}");
 
-                controlListenUris.Add("https://+:" + this.SignalingPort + "/");
-                controlListenUris.Add("http://+:" + (this.SignalingPort + 1) + "/");
+                controlListenUris.Add(new Uri("https://+:" + this.SignalingPort + "/"));
+                controlListenUris.Add(new Uri("http://+:" + (this.SignalingPort + 1) + "/"));
             }
             else
             {
@@ -418,8 +425,8 @@ public void Initialize()
                     instanceCallControlPublicPort,
                     HttpRouteConstants.CallSignalingRoutePrefix));
 
-                controlListenUris.Add("https://" + instanceCallControlIpEndpoint + "/");
-                controlListenUris.Add("https://" + defaultEndpoint.IPEndpoint + "/");
+                controlListenUris.Add(new Uri("https://" + instanceCallControlIpEndpoint + "/"));
+                controlListenUris.Add(new Uri("https://" + defaultEndpoint.IPEndpoint + "/"));
             }
 
             this.TraceConfigValue("CallControlCallbackUri", this.CallControlBaseUrl);
diff --git a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/WorkerRole/app.config b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/WorkerRole/app.config
index c10ad6734..ed4f02192 100644
--- a/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/WorkerRole/app.config
+++ b/Samples/V1.0Samples/LocalMediaSamples/AudioVideoPlaybackBot/WorkerRole/app.config
@@ -46,10 +46,6 @@
         <assemblyIdentity name="System.Diagnostics.Tracing" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
         <bindingRedirect oldVersion="0.0.0.0-4.2.0.0" newVersion="4.2.0.0" />
       </dependentAssembly>
-      <dependentAssembly>
-        <assemblyIdentity name="System.Net.Http" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-4.2.0.0" newVersion="4.2.0.0" />
-      </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="System.Threading.Tasks.Dataflow" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
         <bindingRedirect oldVersion="0.0.0.0-4.6.3.0" newVersion="4.6.3.0" />
@@ -60,16 +56,28 @@
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0" />
+        <bindingRedirect oldVersion="0.0.0.0-4.2.2.0" newVersion="4.2.2.0" />
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.Skype.Bots.Media" publicKeyToken="31bf3856ad364e35" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-1.19.0.25" newVersion="1.19.0.25" />
+        <bindingRedirect oldVersion="0.0.0.0-1.20.0.348" newVersion="1.20.0.348" />
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-12.0.0.0" newVersion="12.0.0.0" />
+        <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />
+      </dependentAssembly>
+      <dependentAssembly>
+       <assemblyIdentity name="System.Text.Json" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
+       <bindingRedirect oldVersion="0.0.0.0-8.0.0.4" newVersion="8.0.0.4" />
+      </dependentAssembly>
+      <dependentAssembly>
+       <assemblyIdentity name="System.Text.Encodings.Web" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
+       <bindingRedirect oldVersion="0.0.0.0-8.0.0.0" newVersion="8.0.0.0" />
       </dependentAssembly>
+      <dependentAssembly>
+       <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
+       <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
+      </dependentAssembly> 
     </assemblyBinding>
   </runtime>
 
diff --git a/Samples/V1.0Samples/LocalMediaSamples/PolicyRecordingBot/FirewallREADME.md b/Samples/V1.0Samples/LocalMediaSamples/PolicyRecordingBot/FirewallREADME.md
index 4bf9a1311..a5e5ddd78 100644
--- a/Samples/V1.0Samples/LocalMediaSamples/PolicyRecordingBot/FirewallREADME.md
+++ b/Samples/V1.0Samples/LocalMediaSamples/PolicyRecordingBot/FirewallREADME.md
@@ -3,42 +3,174 @@
 
 ## Step 1: Create a Virtual Network and Subnet for Azure Firewall
 
-1. Go to Virtual Network or create a new one if it doesn't exist.
-2. Create a subnet for the firewall with the purpose set to "Azure Firewall". ![Create subnet](Images/CreateSubnet.png)
-3. Go to the firewall section and click on "Add firewall". ![Create firewall](Images/CreateFirewall.png)
+    1. Go to Virtual Network or create a new one if it doesn't exist.
+    2. Create a subnet for the firewall with the purpose set to "Azure Firewall". ![Create subnet](Images/CreateSubnet.png)
+    3. Go to the firewall section and click on "Add firewall". ![Create firewall](Images/CreateFirewall.png)
 
 ## Step 2: Configure Firewall Settings
 
-1. Choose a name for the firewall (e.g., "MyFirewall").
-2. Create a new firewall policy. ![Create policy](Images/CreatePolicy.png)
-3. Select the existing Virtual Network.
-4. Create a new public IP address (e.g., "MyFWPublicIP").
-5. Review and create the firewall.
+    1. Choose a name for the firewall (e.g., "MyFirewall").
+    2. Create a new firewall policy. ![Create policy](Images/CreatePolicy.png)
+    3. Select the existing Virtual Network.
+    4. Create a new public IP address (e.g., "MyFWPublicIP").
+    5. Review and create the firewall.
 
 ## Step 3: Configure Firewall Policy
 
-1. Open the firewall policy created in Step 2.
-2. Navigate to Settings.
-
-### Configure Application Rules (Ingress)
-
-1. Add an application rule:
-    * Give a descriptive name.
-    * Select "Application rule collection" as the rule type.
-    * Assign the lowest number as the priority.
-    * Specify a name for the rule.
-    * Define the source (e.g., your VM subnet) or use `*` to allow all IP addresses.
-    * Allow specific domains (e.g., `policyrecordingbot.eastus.cloudapp.azure.com`).
-    * Save the rule.
-
-### Configure Network Rules (Egress)
-
-1. Add a network rule:
-    * Give a descriptive name.
-    * Select "Network rule collection" as the rule type.
-    * Assign the lowest number as the priority.
-    * Specify a name for the rule.
-    * Define the source (e.g., your VM subnet) or use `*` to allow all IP addresses.
-    * Specify external IPs or ranges (e.g., `0.0.0.0/0` for all).
-    * Specify allowed protocols and ports.(TCP: 5060, 5061 ,UDP: 10000-20000)
-    * Save the rule.
\ No newline at end of file
+    1. Open the firewall policy created in Step 2.
+    2. Navigate to Settings.
+
+## Step 4: Configure Application Rules (Ingress)
+
+    Add an application rule:
+    a. Give a descriptive name.
+    b. Select "Application rule collection" as the rule type.
+    c. Assign the lowest number as the priority.
+    d. Specify a name for the rule.
+    e. Define the source (e.g., your VM subnet) or use `*` to allow all IP addresses.
+    f. Allow specific domains (e.g., `policyrecordingbot.eastus.cloudapp.azure.com`).
+    g. Save the rule.
+
+## Step 5: Configure Network Rules (Egress)
+
+    Add a network rule:
+    a. Give a descriptive name.
+    b. Select "Network rule collection" as the rule type.
+    c. Assign the lowest number as the priority.
+    d. Specify a name for the rule.
+    e. Define the source (e.g., your VM subnet) or use `*` to allow all IP addresses.
+    f. Specific external IPs or ranges (e.g., 192.168.1.0/24 for a subnet) instead of using 0.0.0.0/0 for all. This ensures that only trusted sources can access your service. If you want to allow access from all IPs, you can configure it as 0.0.0.0/0.
+    g. Specify only particular protocols and ports you want to allow. For example, you may configure TCP ports like 9444, 8445, 9442, 443, and port ranges like 10100-10199 and 20100-20199. If you want to restrict access to everything else, you should mention specific configurations like below:
+     Allowed TCP ports: 9444, 8445, 9442, 443, 9441, 10100-10199, 20100-20199.
+     All other ports and protocols will be restricted.
+    h. Save the rule.
+
+## Step 6: Firewall Configuration Summary
+
+    1. Specify External IPs or Ranges
+    Allow only specific external IPs or ranges (e.g., 192.168.1.0/24 for a subnet) instead of using 0.0.0.0/0 for all. This ensures that only trusted sources can access your service. If you want to allow access from all IPs, you can configure it as 0.0.0.0/0.
+
+    Example:
+    To allow access from a specific subnet:
+     Allow: 192.168.1.0/24
+
+    To allow access from all IPs:
+     Allow: 0.0.0.0/0
+
+    2. Specify Allowed Protocols and Ports
+    You can specify only particular protocols and ports you want to allow. For example, configure the following:
+      Allowed TCP Ports: 9444 (SignalingPort)
+      8445 (MediaPort)
+      9442 (TcpForwardingPort)
+      443 (DefaultEndpoint)
+      9441 (localPort)
+      10100-10199 (InstanceCallControlEndpoint)
+      20100-20199 (InstanceMediaControlEndpoint)
+
+     * All other ports and protocols will be restricted.
+
+     Example of Ingress Allow Rules:
+     a. Allow TCP Port 9444:
+      Rule Name: Allow SignalingPort
+      Action: Allow
+      Protocol: TCP
+      Port: 9444
+
+     b. Allow TCP Port 8445:
+      Rule Name: Allow MediaPort
+      Action: Allow
+      Protocol: TCP
+      Port: 8445
+
+     c. Allow TCP Port 9442:
+      Rule Name: Allow TcpForwardingPort
+      Action: Allow
+      Protocol: TCP
+      Port: 9442
+
+     d. Allow TCP Port 443:
+      Rule Name: Allow DefaultEndpoint
+      Action: Allow
+      Protocol: TCP
+      Port: 443
+
+     e. Allow TCP Port 9441:
+      Rule Name: Allow LocalPort
+      Action: Allow
+      Protocol: TCP
+      Port: 9441
+
+     f. Allow TCP Port Range 10100-10199:
+      Rule Name: Allow InstanceCallControlEndpoint
+      Action: Allow
+      Protocol: TCP
+      Port Range: 10100-10199
+
+     g. Allow TCP Port Range 20100-20199:
+      Rule Name: Allow InstanceMediaControlEndpoint
+      Action: Allow
+      Protocol: TCP
+      Port Range: 20100-20199
+
+    3. Restrict All Other Ingress Ports and Protocols:
+    After creating the allow rules, add a rule to deny all other traffic. This ensures that any port or protocol not explicitly allowed is blocked.
+
+    Example of Deny Rule:
+     Deny All Other Ingress Traffic:
+      Rule Name: Deny All Other Ingress Traffic
+      Action: Deny
+      Protocol: Any
+      Port: Any
+
+    Example of Egress Allow Rules
+     a. Allow TCP Port 9444:
+      Rule Name: Allow Egress SignalingPort
+      Action: Allow
+      Protocol: TCP
+      Port: 9444
+
+     b. Allow TCP Port 8445:
+      Rule Name: Allow Egress MediaPort
+      Action: Allow
+      Protocol: TCP
+      Port: 8445
+
+     c. Allow TCP Port 9442:
+      Rule Name: Allow Egress TcpForwardingPort
+      Action: Allow
+      Protocol: TCP
+      Port: 9442
+
+     d. Allow TCP Port 443:
+      Rule Name: Allow Egress DefaultEndpoint
+      Action: Allow
+      Protocol: TCP
+      Port: 443
+
+     e. Allow TCP Port 9441:
+      Rule Name: Allow Egress LocalPort
+      Action: Allow
+      Protocol: TCP
+      Port: 9441
+
+     f. Allow TCP Port Range 10100-10199:
+      Rule Name: Allow Egress InstanceCallControlEndpoint
+      Action: Allow
+      Protocol: TCP
+      Port Range: 10100-10199
+
+     g. Allow TCP Port Range 20100-20199:
+      Rule Name: Allow Egress InstanceMediaControlEndpoint
+      Action: Allow
+      Protocol: TCP
+      Port Range: 20100-20199
+
+    4. Restrict All Other Egress Ports and Protocols
+     * Similarly, add a rule to deny all other egress traffic.
+    
+    Example of Deny Rule: 
+     Deny All Other Egress Traffic:
+      Rule Name: Deny All Other Egress Traffic
+      Action: Deny
+      Protocol: Any
+      Port: Any
\ No newline at end of file
diff --git a/Samples/V1.0Samples/LocalMediaSamples/PolicyRecordingBot/README.md b/Samples/V1.0Samples/LocalMediaSamples/PolicyRecordingBot/README.md
index 3a72413f1..0afe9dcbe 100644
--- a/Samples/V1.0Samples/LocalMediaSamples/PolicyRecordingBot/README.md
+++ b/Samples/V1.0Samples/LocalMediaSamples/PolicyRecordingBot/README.md
@@ -1,16 +1,15 @@
 
-
 # Introduction
 
 ## Note
 
 The system will load the bot and join it to appropriate calls and meetings in order for the bot to enforce compliance with the administrative set policy.
 This sample is only designed for compliance recording scenario. Do not use it for any other scenarios.
-This sample should be used only for Org Regulated recording instead of other recording purpose. Otherwise it might block the user calling experience. (https://learn.microsoft.com/en-us/MicrosoftTeams/teams-recording-policy)
+This sample should be used only for Org Regulated recording instead of other recording purpose. Otherwise, it might block the user calling experience. [Learn more](https://learn.microsoft.com/en-us/MicrosoftTeams/teams-recording-policy).
 
 ## About
 
-The Policy Recording bot sample guides you through building, deploying and testing a bot. This sample demonstrates how a bot can receive media streams for recording. Please note that the sample does not actually record. This logic is left up to the developer.
+The Policy Recording bot sample guides you through building, deploying, and testing a bot. This sample demonstrates how a bot can receive media streams for recording. Please note that the sample does not actually record. This logic is left up to the developer.
 
 ## Getting Started
 
@@ -18,16 +17,15 @@ This section walks you through the process of deploying and testing the sample b
 
 ### Bot Registration
 
-1. Follow the steps in [Register Calling Bot](https://microsoftgraph.github.io/microsoft-graph-comms-samples/docs/articles/calls/register-calling-bot.html). Save the bot name, bot app id and bot secret for configuration.
-    * For the calling webhook, by default the notification will go to https://{your domain}/api/calling. This is configured with the `CallSignalingRoutePrefix` in [HttpRouteConstants.cs](FrontEnd/Http/Controllers/HttpRouteConstants.cs).
+1. Follow the steps in [Register Calling Bot](https://microsoftgraph.github.io/microsoft-graph-comms-samples/docs/articles/calls/register-calling-bot.html). Save the bot name, bot app id, and bot secret for configuration.
+    * For the calling webhook, by default the notification will go to `https://{your domain}/api/calling`. This is configured with the `CallSignalingRoutePrefix` in [HttpRouteConstants.cs](FrontEnd/Http/Controllers/HttpRouteConstants.cs).
     * Ignore the "Register bot in Microsoft Teams" section as the Policy Recording bot won't be called directly. These bots are related to the policies discussed below, and are "attached" to users, and will be automatically invited to the call.
 
-1. Add the following Application Permissions to the bot:
+2. Add the following Application Permissions to the bot:
+    * `Calls.AccessMedia.All`
+    * `Calls.JoinGroupCall.All`
 
-    * Calls.AccessMedia.All
-    * Calls.JoinGroupCall.All
-   
-1. The permission needs to be consented by tenant admin. Go to "https://login.microsoftonline.com/common/adminconsent?client_id=<app_id>&state=<any_number>&redirect_uri=<any_callback_url>" using tenant admin to sign-in, then consent for the whole tenant.
+3. The permission needs to be consented by the tenant admin. Go to "https://login.microsoftonline.com/common/adminconsent?client_id=<app_id>&state=<any_number>&redirect_uri=<any_callback_url>" using tenant admin to sign in, then consent for the whole tenant.
 
 ### Create an Application Instance
 
@@ -46,9 +44,11 @@ After 30-60 seconds, the policy should show up. To verify your policy was create
   * `Get-CsTeamsComplianceRecordingPolicy <policyIdentity>`
 
 ### Assign the Recording Policy
+
 Requries the policy identity created above. Contine your powershell session and run the following commands.
   * `Grant-CsTeamsComplianceRecordingPolicy -Identity <userUnderPolicy@contoso.com> -PolicyName <policyIdentity>`
 
+
 To verify your policy was assigned correctly:
   * `Get-CsOnlineUser <userUnderPolicy@contoso.com> | ft sipaddress, tenantid, TeamsComplianceRecordingPolicy`
 
@@ -60,126 +60,147 @@ To verify your policy was assigned correctly:
 
 ### Deploy
 
-* Prerequisites for deploying Azure Cloud Services (extended support)(https://learn.microsoft.com/en-us/azure/cloud-services-extended-support/deploy-prerequisite)
-
-Step 1: Securely Store Certificates with Azure Key Vault
-    * Certificates are crucial for securing communication between your services. Azure Key Vault is used to store and manage these certificates securely.
-
-   Create an Azure Key Vault:
-    * Follow these instructions to create your Azure Key Vault: https://learn.microsoft.com/en-us/azure/key-vault/general/quick-create-portal.
-
-Step 2: Obtain and Configure Your SSL Certificate
-    * To secure your service, you need a valid SSL certificate. Here’s how to obtain and configure it:
-
-   Get a Wildcard Certificate:
-     * Obtain a wildcard SSL certificate for your domain. For example, if your service is hosted at bot.contoso.com,get a certificate for *.contoso.com. 
-     * Ensure that the certificate is issued by a trusted Certificate Authority (CA) and not self-signed.
-
-   Upload to Azure Key Vault:
-     * Upload your SSL certificate to the Azure Key Vault. Follow these steps: https://learn.microsoft.com/en-us/azure/key-vault/certificates/tutorial-import-certificate?tabs=azure-portal.
-
-   Get the Thumbprint:
-     * Copy the certificate thumbprint from Azure Key Vault. You will need to add this thumbprint to your .cscfg (cloud service configuration) and .csdef (cloud service definition) files.
-      1. Update the Certificate section in your .cscfg file with the thumbprint.    
-         <Certificates>
-         <!-- Certificate Configuration:
-           This is where you specify the thumbprint for your SSL certificate.
-           Replace 'YOUR_THUMBPRINT' with the actual thumbprint of your certificate. -->
-         <Certificate name="MySSLCertificate" thumbprint="YOUR_THUMBPRINT" thumbprintAlgorithm="sha1" />
-         </Certificates>
-     2. Update the Certificate element in your .csdef file.
-         <Certificates>
-          <Certificate name="YourCertificateName" storeLocation="LocalMachine" storeName="My" />
-         </Certificates>
-       * Replace YourCertificateName with the actual name of your certificate as it appears in your Azure Key Vault or wherever it is stored. Here are the key attributes:
-         name: This should match the certificate's name as referenced in your Azure Key Vault or local certificate store.
-         storeLocation: Specifies where the certificate is stored. LocalMachine is a common location for certificates installed on the local machine.
-         storeName: Specifies the store name where the certificate is located. My is a common store name used for personal certificates.
-
-Step 3: Define Your Virtual Network
-     * For Azure Extended Services, you can define the virtual network and subnet configurations in your .cscfg file. Azure can create the virtual network during the service setup if it doesn't already exist.
-     * When deploying your cloud service (extended) in Azure, virtual network and subnet configurations are managed automatically based on your .cscfg file. Follow these guidelines to ensure proper configuration:
-
-#### Using Existing Virtual Network:
-
-   * If you have an existing Virtual Network (VNet) that you want to use:
-        <NetworkConfiguration>
-          <VirtualNetworkSite name="YourExistingVNetName" />
-          <AddressAssignments>
-            <InstanceAddress roleName="CRWorkerRole">
-              <Subnets>
-                <Subnet name="YourExistingSubnetName" />
-              </Subnets>
-            </InstanceAddress>
-          </AddressAssignments>
-        </NetworkConfiguration>
-
-  * Replace "YourExistingVNetName" with the name of your existing Virtual Network and "YourExistingSubnetName" with the name of your existing subnet within that Virtual Network.
-
-### Automatic Creation of Virtual Network:
-
-   * If the Virtual Network doesn't exist, Azure will create it based on the configuration provided:
-        <NetworkConfiguration>
-          <VirtualNetworkSite name="NewVNetName" />
-          <AddressAssignments>
-            <InstanceAddress roleName="CRWorkerRole">
-              <Subnets>
-                <Subnet name="NewSubnetName" />
-              </Subnets>
-            </InstanceAddress>
-          </AddressAssignments>
-        </NetworkConfiguration>
-   * Replace "NewVNetName" with the name of the Virtual Network you want Azure to create, and "NewSubnetName" with the name of the subnet within that Virtual Network.
-   
- ### Note on Domain Name and Public IP:
+* Prerequisites for deploying Azure Cloud Services (extended support) [here](https://learn.microsoft.com/en-us/azure/cloud-services-extended-support/deploy-prerequisite).
 
-    <PublicIPs>
-        <PublicIP name="MyPublicIP" domainNameLabel="myservice" />
-      </PublicIPs>
-   * PublicIP name: "MyPublicIP" – Provide a unique name for the public IP.
-   * domainNameLabel: "myservice" – Set this to your service's domain label.
-   
-   Azure Extended Services:
-   * Public IP: You must provide a Public IP name in your configuration when creating the service.
-   * Domain Name: The domain name (domainNameLabel) is optional during initial creation and can be specified or updated later.
+#### Step 1: Securely Store Certificates with Azure Key Vault
+
+Certificates are crucial for securing communication between your services. Azure Key Vault is used to store and manage these certificates securely.
+
+Create an Azure Key Vault:
+* Follow these instructions to create your Azure Key Vault: [Create Key Vault](https://learn.microsoft.com/en-us/azure/key-vault/general/quick-create-portal).
+
+#### Step 2: Obtain and Configure Your SSL Certificate
+
+To secure your service, you need a valid SSL certificate. Here’s how to obtain and configure it:
+
+1. **Get a Wildcard Certificate**: 
+   * Obtain a wildcard SSL certificate for your domain. For example, if your service is hosted at bot.contoso.com, get a certificate for \*.contoso.com. 
+   * Ensure that the certificate is issued by a trusted Certificate Authority (CA) and not self-signed.
+
+2. **Upload to Azure Key Vault**:
+   * Upload your SSL certificate to the Azure Key Vault. Follow these steps: [Import Certificate](https://learn.microsoft.com/en-us/azure/key-vault/certificates/tutorial-import-certificate?tabs=azure-portal).
+
+3. **Get the Thumbprint**:
+   * Copy the certificate thumbprint from Azure Key Vault. You will need to add this thumbprint to your `.cscfg` (cloud service configuration) and `.csdef` (cloud service definition) files.
+
+   1. Update the Certificate section in your `.cscfg` file with the thumbprint.
+   ```xml
+    <Certificates>
+     <!-- Certificate Configuration:
+     This is where you specify the thumbprint for your SSL certificate.
+     Replace 'YOUR_THUMBPRINT' with the actual thumbprint of your certificate. -->
+     <Certificate name="MySSLCertificate" thumbprint="YOUR_THUMBPRINT" thumbprintAlgorithm="sha1" />
+    </Certificates>
+   ```
+
+   2. Update the Certificate element in your `.csdef` file.
+   ```xml
+    <Certificates>
+     <Certificate name="YourCertificateName" storeLocation="LocalMachine" storeName="My" />
+    </Certificates>
+   ```
+   * Replace YourCertificateName with the actual name of your certificate as it appears in your Azure Key Vault or wherever it is stored. Here are the key attributes:
    
-   Match Public IP Name:
-   * Ensure that the name attribute under <PublicIP> (MyPublicIP in this example) matches the name used in your application code to fetch the public IP address dynamically.
-   * To ensure that the domainNameLabel matches between your configuration (.cscfg file) and the Azure portal settings.
+ **name**: This should match the certificate's name as referenced in your Azure Key Vault or local certificate store.
+
+ **storeLocation**: Specifies where the certificate is stored. LocalMachine is a common location for certificates installed on the local machine.
+
+ **storeName**: Specifies the store name where the certificate is located. My is a common store name used for personal certificates.
+
+
+#### Step 3: Define Your Virtual Network
+
+* For Azure Extended Services, you can define the virtual network and subnet configurations in your `.cscfg` file. Azure can create the virtual network during the service setup if it doesn't already exist.
+* When deploying your cloud service (extended) in Azure, virtual network and subnet configurations are managed automatically based on your .cscfg file. Follow these guidelines to ensure proper configuration.
+
+##### Using Existing Virtual Network:
+
+*  If you have an existing Virtual Network (VNet) that you want to use:
+
+```xml
+<NetworkConfiguration>
+  <VirtualNetworkSite name="YourExistingVNetName" />
+  <AddressAssignments>
+    <InstanceAddress roleName="CRWorkerRole">
+      <Subnets>
+        <Subnet name="YourExistingSubnetName" />
+      </Subnets>
+    </InstanceAddress>
+  </AddressAssignments>
+</NetworkConfiguration>
+```
+*  Replace "YourExistingVNetName" with the name of your existing Virtual Network and "YourExistingSubnetName" with the name of your existing subnet within that Virtual Network.
+
+##### Automatic Creation of Virtual Network:
+
+*  If the Virtual Network doesn't exist, Azure will create it based on the configuration provided:
+
+```xml
+<NetworkConfiguration>
+  <VirtualNetworkSite name="NewVNetName" />
+  <AddressAssignments>
+    <InstanceAddress roleName="CRWorkerRole">
+      <Subnets>
+        <Subnet name="NewSubnetName" />
+      </Subnets>
+    </InstanceAddress>
+  </AddressAssignments>
+</NetworkConfiguration>
+```
+* Replace "NewVNetName" with the name of the Virtual Network you want Azure to create, and "NewSubnetName" with the name of the subnet within that Virtual Network.
+
+### Note on Domain Name and Public IP
+
+```xml
+<PublicIPs>
+  <PublicIP name="MyPublicIP" domainNameLabel="myservice" />
+</PublicIPs>
+```
+* PublicIP name: "MyPublicIP" – Provide a unique name for the public IP.
+* domainNameLabel: "myservice" – Set this to your service's domain label.
+
+Azure Extended Services Configuration:
+* **Public IP**: You must provide a Public IP name in your configuration when creating the service.
+* **Domain Name**: The domain name (domainNameLabel) is optional during initial creation and can be specified or updated later.
+
+Match Public IP Name:
+* Ensure that the `name` attribute under `<PublicIP>` ("MyPublicIP" in this example) matches the name used in your application code to fetch the public IP address dynamically.
+* To ensure that the `domainNameLabel` matches between your configuration (.cscfg file) and the Azure portal settings.
    
- Step 4: Deploy
+#### Step 4: Deploy
 
-   1. Create Your Cloud Service (Extended Support)
-      1. Use the Azure portal to create a Cloud Service (Extended Support). 
-        Follow this guide: Create a Cloud Service (Extended Support).(https://learn.microsoft.com/en-us/azure/cloud-services-extended-support/deploy-portal)
-      2. Obtain Your Public IP DNS name:
+1. Create Your Cloud Service (Extended Support):
+   * Use the Azure portal to create a Cloud Service (Extended Support). Follow this guide: [Create Cloud Service](https://learn.microsoft.com/en-us/azure/cloud-services-extended-support/deploy-portal).
+   *  Obtain Your Public IP DNS name:
         After the service is created, obtain the "Public IP DNS name" from the Azure portal. This URL will serve as your DNS name and Common Name (CN) for further configurations (e.g. bot.contoso.com).
-        ![Public IP DNS name](Images/PublicIPDNSName.png).  
-
-   2. Update the app configs with values
-      1. Set up cloud service configuration
-        1. Open powershell, go to the folder that contains file `configure_cloud.ps1`. The file is in the `Samples` directory.
-        2. Run the powershell script with parameters:
-          ` .\configure_cloud.ps1 -p {path to project} -dns {your DNS name} -cn {your CN name, should be the same as your DNS name} -bid {your bot name} -aid {your bot app id} -as {your bot secret}`
-        
-         For example:
-        
-         `.\configure_cloud.ps1 -p .\V1.0Samples\LocalMediaSamples\PolicyRecordingBot\ -dns bot.contoso.com -cn bot.contoso.com -bid bot -aid 3853f935-2c6f-43d7-859d-6e8f83b519ae -as 123456!@#$%^`
-
-   3. Deploy to Cloud Service (Extended Support)
-     1. Configure Storage Account for Configuration Files.
-       * To store configuration files for your Azure extended service, you'll need to set up a storage account. Follow these steps to configure the storage account:(https://learn.microsoft.com/en-us/azure/storage/common/storage-account-create?tabs=azure-portal).
-     2. Package Your Cloud Service for Deployment
-       * Before you can create your Azure extended service, you need to package your cloud service application to include configuration files and dependencies.
-       * Right click PolicyRecordingBot, then click `Package...`.
-     
-   Option 1: Upload to Azure Storage Account:
-    * Upload your packaged application (cspkg file) along with the .cscfg and .csdef files to an Azure Storage Account container.
-    * This method allows you to deploy directly from the Azure Storage Account during service creation.
-
-   Option 2: Use Local Files:
-    * Deploy directly from local files during the service creation process.
-    * Ensure all required files, including .cscfg and .csdef, are accessible and correctly referenced during deployment.
+        ![Public IP DNS name](Images/PublicIPDNSName.png).
+
+2. Update the App Configurations:
+   * Set up cloud service configuration with PowerShell:
+     1. Open PowerShell, go to the folder that contains the file `configure_cloud.ps1`. The file is in the `Samples` directory.
+     2. Run the PowerShell script with parameters:
+       ```powershell
+       .\configure_cloud.ps1 -p {path to project} -dns {your DNS name} -cn {your CN name, should be the same as your DNS name} -bid {your bot name} -aid {your bot app id} -as {your bot secret}
+       ```
+     For example:
+     ```powershell
+     .\configure_cloud.ps1 -p .\V1.0Samples\LocalMediaSamples\PolicyRecordingBot\ -dns bot.contoso.com -cn bot.contoso.com -bid bot -aid 3853f935-2c6f-43d7-859d-6e8f83b519ae -as 123456!@#$%^
+     ```
+
+3. Deploy to Cloud Service (Extended Support):
+   1. Configure Storage Account for Configuration Files.
+   * To store configuration files for your Azure extended service, you'll need to set up a storage account. Follow these steps to configure the storage account:(https://learn.microsoft.com/en-us/azure/storage/common/storage-account-create?tabs=azure-portal).
+   2.  Package Your Cloud Service for Deployment
+   * Before you can create your Azure extended service, you need to package your cloud service application to include configuration files and dependencies.
+   * Right click PolicyRecordingBot, then click `Package...`.
+
+**Option 1**: Upload to Azure Storage Account:
+* Upload your packaged application (cspkg file) along with the .cscfg and .csdef files to an Azure Storage Account container.
+* This method allows you to deploy directly from the Azure Storage Account during service creation.
+
+**Option 2**: Use Local Files:
+* Deploy directly from local files during the service creation process.
+* Ensure all required files, including .cscfg and .csdef, are accessible and correctly referenced during deployment.
 
 ### Firewall setup
 
@@ -199,8 +220,8 @@ Step 3: Define Your Virtual Network
 
 3. Interact with your service, _adjusting the service URL appropriately_.
     1. Get diagnostics data from the bot. Open the url https://bot.contoso.com:10101/calls in a browser for auto-refresh. Search for the most recent CallId and replace with it in the below url.
-       * Active calls: https://bot.contoso.com:10101/calls/{CallId}
-       * Service logs: https://bot.contoso.com:10101/logs
+       *  Active calls: https://bot.contoso.com:10101/calls/{CallId}
+       *  Service logs: https://bot.contoso.com:10101/logs
 
     2. Terminating the call through `DELETE`, as needed for testing. Replace the {CallId} below with your call id from the first response.