Versions Compared

Old Version 10

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version 11

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Tip

This article only applies if you are not using EmpowerID SaaS.

If you are self-hosting not using EmpowerID SaaS and want EmpowerID to manage one or more of your SharePoint tenants, in addition to deploying the SharePoint Online microservice in each SharePoint tenant, you need to follow the process outlined configure one of those tenants as described in this article and configure an Azure tenant with the below components for EmpowerID to inventory your SharePoint Online (SPO) data.

...

SharePoint Online Azure Component

Purpose

Key Vault

  • Stores secrets and certificate for the Azure functions and web jobs to access

Cosmo DB

  • Stores SPO and the SPO site collection information

  • Tracks inventory objects per schedule

  • Stores configuration needed by the SPO app service

  • Used by the AzGeneralService app service to persist data each time a call is made to the service

Az General Service App Service with Managed Identity

  • Stores and retrieves configuration settings needed by SPO functions and web jobs

Storage Account

  • Used to store SharePoint site collection and topology information for each site collection in blobs

  • Used to store the data necessary in the queues to trigger the web jobs

Service Bus

  • Queue stores differential data to be pushed to EmpowerID

Web Jobs App Service with Managed Identity

  • Call the SPO microservice to retrieve site collections and topology for each site collection and stores them in the blob

SPO Functions Function App with Managed Identity

  • Function to register SharePoint tenants in Cosmos DB

  • Function to update SharePoint tenants in Cosmos DB

  • Function to delete SharePoint tenants in Cosmos DB

  • Function to claim inventory for SharePoint tenants in Cosmos DB

  • Function to process data in the service bus queue and pushes it to EmpowerID

  • All functions retrieve the configuration data from AzGeneralService App Service

...

  1. Create a Linux app service plan.

  2. Add an app service for the Az General Services AzGeneralServices microservice to the Linux app service plan with the following general settings:

    • Stack – .NET

    • Major version – .NET Core 3

    • FTP state – All allowed

    • HTTP version – 1.1

    • Web sockets – Off

    • Always on – Off

    • ARR affinity – Off

    • Debugging – Off

    • Client certificate mode – Ignore

  3. Turn on system managed identity for the app service and download the publish profile from the overview blade.

  4. In EmpowerID, publish the Az General Services AzGeneralServices microservice to Azure.

  5. Create a service principal in Azure active directory with the following settings:

    • Secret – Create a secret for the service principal and copy the value for later use.

    • Configure the service principal for Azure AD authentication.

  6. Return to the Cosmos DB account created earlier and create a new container and DB for the AZ General Services microservice with the below settings. The DB will be used by the service to persist data whenever EmpowerID makes a call to the service.

    • Database Id – AzureGeneralService

    • Container Id – AzureGeneralService

    • Partition key – id

...