...
If you are not using EmpowerID SaaS and want EmpowerID to manage one or more of your SharePoint tenants, you need to configure one of those tenants as described in this article for EmpowerID to inventory your SharePoint Online (SPO) data. Please note that you must also deploy the SharePoint online microservice in each of your SharePoint tenants as depicted in the Deploying the SharePoint Online microservice topics.
...
...
Table 1: SharePoint Online Azure Components needed when Self-hosting EmpowerID. The table does not include those used in the SharePoint Online tenant. An explanation of those is provided in Deploying the SharePoint Online Microservice.
SharePoint Online Azure Component | Purpose |
---|---|
Key Vault |
|
Cosmo DB |
|
Az General Service App Service with Managed Identity |
|
Storage Account |
|
Service Bus |
|
Web Jobs App Service with Managed Identity |
|
SPO Functions Function App with Managed Identity |
|
...
Create an Azure Key Vault for the Azure General app service with all the default setting.
Create an access policy for the key vault with the following settings:
Key permissions
Get
Decrypt
Unwrap
Verify
Secret permissions
Get
List
Set
Delete
Purge
Service principal – Azure General service app
Add the following config settings to the Az General AzGeneral service app service:
CosmosDbAuthKey – Primary key of the cosmos db account
CosmosDbContainerId – Container Id that was created in the above steps
CosmosDbEndpoint – URI of Cosmos db account
CosmosDbDatabaseId - Container Id that was created in the above steps
KeyVaultUrl – Vault Uri of the Key vault created in the above steps
Create config necessary for SPO Inventory using Azure General service.
Generate a unique GUID and keep it for reference. This Id is called config settings id.
Request URL of the Azure General service to call:
<Azure general service app service url>/app/config/GetById/<unique guid generated above>
Body of the request is shown below – Please change the details according to the comments.
Add a new item to the Cosmos DB
Currently, there is no UI for making this call in EmpowerID; therefore use a tool like Postman to make the call.Code Block { "Id":"", // unique guid which is same as the one in the request url "SpoStorageConnectionString":"", // storage account connection string "GetSiteCollectionStorageQueueName":"getsitecollectionqueue", // keep the name as it is "GetSiteTopologyStorageQueueName":"getsitetopologyqueue", // keep the name as it is "CosmosDbEndpointUri":"", // url of the cosmos db account "CosmosDbPrimaryKey":"", // primary key of cosmos db account "CosmosDbDatabaseId":"SPOTenantInventoryDetails", // keep the name as it is "CosmosDbSpoTenantDetailsContainerId":"SPOTenantInventoryDetails", // keep the name as it is "CosmosDbTenantSiteDetailsContainerId":"SPOTenantSiteDetails", // keep the name as it is "SpoServiceBusConnectionString":"", // connection string of the service bus we created "SpoServiceBusQueueName":"spoinventorydata", // // keep the name as it is "PushDataBatchSize":"600" // // keep the value as it is }
Example Request:Code Block { "Id":"5d7736a6-9631-43b9-8aa2-29532e871180", // unique guid which is same as the one in the request url "SpoStorageConnectionString":"DefaultEndpointsProtocol=https;AccountName=spoinventorystorage;AccountKey=LfnSj8q4h93re0mFusGnS2pu9bJHQRfCOyOng5jRbGRK9lH7CRsVCV6rnYiVwzEXSGHiwe9rmSw3gEI3WuTfyw==;EndpointSuffix=core.windows.net", // storage account connection string "GetSiteCollectionStorageQueueName":"getsitecollectionqueue", // keep the name as it is "GetSiteTopologyStorageQueueName":"getsitetopologyqueue", // keep the name as it is "CosmosDbEndpointUri":"https://spoinventoryaccount.documents.azure.com:443/", // url of the cosmos db account "CosmosDbPrimaryKey":"DXWh7C1vPWADrKCgkDNMksDvPFeXNOSG9AHYE6dZfMjxfLahRQr8wVrPVpnSUResPWAgspKMu7NsAuQajeQmRw==", // primary key of cosmos db account "CosmosDbDatabaseId":"SPOTenantInventoryDetails", // keep the name as it is "CosmosDbSpoTenantDetailsContainerId":"SPOTenantInventoryDetails", // keep the name as it is "CosmosDbTenantSiteDetailsContainerId":"SPOTenantSiteDetails", // keep the name as it is "SpoServiceBusConnectionString":"Endpoint=sb://spoinventoryservicebus.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=9yi9kM/Gbq7x9hm65UGhgmgGsn8+6hW8gcDv7wThgdM=", // connection string of the service bus we created "SpoServiceBusQueueName":"spoinventorydata", // // keep the name as it is "PushDataBatchSize":"600" // // keep the value as it is }
...