Versions Compared

Old Version 5

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version 6

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Create an Azure Key Vault for the Azure General app service with all the default setting.

  2. Create an access policy for the key vault with the following settings:

    • Key permissions

      • Get

      • Decrypt

      • Unwrap

      • Verify

    • Secret permissions

      • Get

      • List

      • Set

      • Delete

      • Purge

    • Service principal – Azure General service app

  3. Add the following config settings to the Az General service app service:

    • CosmosDbAuthKey – Primary key of the cosmos db account

    • CosmosDbContainerId – Container Id that was created in the above steps

    • CosmosDbEndpoint – URI of Cosmos db account

    • CosmosDbDatabaseId - Container Id that was created in the above steps

    • KeyVaultUrl – Vault Uri of the Key vault created in the above steps

  4. Create config necessary for SPO Inventory using Azure General service (contact EmpowerID developer for this). Once this is created, copy the config settings ID for reference..

    • Generate a unique GUID and keep it for reference. This Id is called config settings id.

    • Request URL of the Azure General service to call: <Azure general service app service url>/app/config/GetById/<unique guid generated above>

    • Body of the request is shown below – Please change the details according to the comments:

      Code Block
      {
  "Id":"", //  unique guid which is same as the one in the request url
  "SpoStorageConnectionString":"", // storage account connection string
  "GetSiteCollectionStorageQueueName":"getsitecollectionqueue", // keep the name as it is
  "GetSiteTopologyStorageQueueName":"getsitetopologyqueue", // keep the name as it is
  "CosmosDbEndpointUri":"", // url of the cosmos db account
  "CosmosDbPrimaryKey":"", // primary key of cosmos db account
  "CosmosDbDatabaseId":"SPOTenantInventoryDetails", // keep the name as it is
  "CosmosDbSpoTenantDetailsContainerId":"SPOTenantInventoryDetails", // keep the name as it is
  "CosmosDbTenantSiteDetailsContainerId":"SPOTenantSiteDetails", // keep the name as it is
  "SpoServiceBusConnectionString":"", // connection string of the service bus we created
  "SpoServiceBusQueueName":"spoinventorydata", // // keep the name as it is 
  "PushDataBatchSize":"600" // // keep the value as it is
}


      Example Request:

      Code Block
      {
  "Id":"5d7736a6-9631-43b9-8aa2-29532e871180", //  unique guid which is same as the one in the request url
  "SpoStorageConnectionString":"DefaultEndpointsProtocol=https;AccountName=spoinventorystorage;AccountKey=LfnSj8q4h93re0mFusGnS2pu9bJHQRfCOyOng5jRbGRK9lH7CRsVCV6rnYiVwzEXSGHiwe9rmSw3gEI3WuTfyw==;EndpointSuffix=core.windows.net", // storage account connection string
  "GetSiteCollectionStorageQueueName":"getsitecollectionqueue", // keep the name as it is
  "GetSiteTopologyStorageQueueName":"getsitetopologyqueue", // keep the name as it is
  "CosmosDbEndpointUri":"https://spoinventoryaccount.documents.azure.com:443/", // url of the cosmos db account
  "CosmosDbPrimaryKey":"DXWh7C1vPWADrKCgkDNMksDvPFeXNOSG9AHYE6dZfMjxfLahRQr8wVrPVpnSUResPWAgspKMu7NsAuQajeQmRw==", // primary key of cosmos db account
  "CosmosDbDatabaseId":"SPOTenantInventoryDetails", // keep the name as it is
  "CosmosDbSpoTenantDetailsContainerId":"SPOTenantInventoryDetails", // keep the name as it is
  "CosmosDbTenantSiteDetailsContainerId":"SPOTenantSiteDetails", // keep the name as it is
  "SpoServiceBusConnectionString":"Endpoint=sb://spoinventoryservicebus.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=9yi9kM/Gbq7x9hm65UGhgmgGsn8+6hW8gcDv7wThgdM=", // connection string of the service bus we created
  "SpoServiceBusQueueName":"spoinventorydata", // // keep the name as it is 
  "PushDataBatchSize":"600" // // keep the value as it is
}

Azure Function app

  1. Create an Azure Function app with the following general configuration settings: Select .NET Core 3.1 as the runtime stack

    • Platform – 32 bit

    • Managed pipeline version – Integrated

    • FTP state – All allowed

    • HTTP version – 1.1

    • Web sockets – Off

    • Remote Debugging – Off

    • Client certificate mode – Ignore

    • Runtime version – 3

  2. Turn on system managed identity for the app service and download the publish profile from the overview blade.

  3. Open Workflow Studio and from Cloud Explorer, deploy the SharePoint Online Inventory function.

  4. In Azure, create an Azure Key Vault for SPO inventory and store the secret created for the service principal configured earlier. Name the secret AzGeneralServiceAuthSecret.

  5. Create an access policy for the key vault with the following settings:

    • Key permissions

      • Get

      • Decrypt

      • Unwrap

      • Verify

    • Secret permissions

      • Get

      • List

      • Set

      • Delete

      • Purge

    • Service principal – Azure Function app

  6. Add the following config settings to the Azure Function app service:

    • AzureWebJobsDashboard – Connection string of any storage account in that tenant

    • AzureWebJobsStorage – Connection string of any storage account in that tenant

    • AzureGeneralServiceConfigGetByIDUrl – <Azure general service app service Url>/app/config/GetById/>

    • AzureGeneralServiceAuthVaultUrl – Vault URL of the key vault created in the above step.

    • AzureGeneralServiceAuthKeyvaultSecretName – The name of the secret that was created in the above step.

    • AzureGeneralServiceAuthClientID – Client ID of the service principal which is configured for authorization of Azure general app service.

    • ConfigSettingsID – Config settings ID created earler.

    • AzureGeneralServiceAuthTenantID – Tenant ID of this tenant

    • AzureGeneralServiceMultitenantValidateSKeyUrl – <Azure general service app service Url>/app/multitenant/IsSubscriptionValid/

...