Page Comparison

...

If you are not using EmpowerID SaaS and want EmpowerID to manage one or more of your SharePoint tenants, you need to configure one of those tenants as described in this article for EmpowerID to inventory your SharePoint Online (SPO) data. Please note that you must also deploy the SharePoint online microservice in each of your SharePoint tenants as depicted in the Deploying the SharePoint Online microservice topics.

...

Table 1: SharePoint Online Azure Components needed when Self-hosting EmpowerID. The table does not include those used in the SharePoint Online tenant. An explanation of those is provided in Deploying the SharePoint Online Microservice.

SharePoint Online Azure Component	Purpose
Key Vault	Stores secrets and certificate for the Azure functions and web jobs to access
Cosmo DB	Stores SPO and the SPO site collection information Tracks inventory objects per schedule Stores configuration needed by the SPO app service Used by the AzGeneralService app service to persist data each time a call is made to the service
Az General Service App Service with Managed Identity	Stores and retrieves configuration settings needed by SPO functions and web jobs
Storage Account	Used to store SharePoint site collection and topology information for each site collection in blobs Used to store the data necessary in the queues to trigger the web jobs
Service Bus	Queue stores differential data to be pushed to EmpowerID
Web Jobs App Service with Managed Identity	Call the SPO microservice to retrieve site collections and topology for each site collection and stores them in the blob
SPO Functions Function App with Managed Identity	Function to register SharePoint tenants in Cosmos DB Function to update SharePoint tenants in Cosmos DB Function to delete SharePoint tenants in Cosmos DB Function to claim inventory for SharePoint tenants in Cosmos DB Function to process data in the service bus queue and pushes it to EmpowerID All functions retrieve the configuration data from AzGeneralService App Service

...

Create an Azure Key Vault for the Azure General app service with all the default setting.
Create an access policy for the key vault with the following settings:
- Key permissions
  - Get
  - Decrypt
  - Unwrap
  - Verify
- Secret permissions
  - Get
  - List
  - Set
  - Delete
  - Purge
- Service principal – Azure General service app
Add the following config settings to the Az General AzGeneral service app service:
- CosmosDbAuthKey – Primary key of the cosmos db account
- CosmosDbContainerId – Container Id that was created in the above steps
- CosmosDbEndpoint – URI of Cosmos db account
- CosmosDbDatabaseId - Container Id that was created in the above steps
- KeyVaultUrl – Vault Uri of the Key vault created in the above steps

Create config necessary for SPO Inventory using Azure General service.

Generate a unique GUID and keep it for reference. This Id is called config settings id.
Request URL of the Azure General service to call: <Azure general service app service url>/app/config/GetById/<unique guid generated above>
Body of the request is shown below – Please change the details according to the comments.

Add a new item to the Cosmos DB

Currently, there is no UI for making this call in EmpowerID; therefore use a tool like Postman to make the call.

Code Block

{
  "Id":"", //  unique guid which is same as the one in the request url
  "SpoStorageConnectionString":"", // storage account connection string
  "GetSiteCollectionStorageQueueName":"getsitecollectionqueue", // keep the name as it is
  "GetSiteTopologyStorageQueueName":"getsitetopologyqueue", // keep the name as it is
  "CosmosDbEndpointUri":"", // url of the cosmos db account
  "CosmosDbPrimaryKey":"", // primary key of cosmos db account
  "CosmosDbDatabaseId":"SPOTenantInventoryDetails", // keep the name as it is
  "CosmosDbSpoTenantDetailsContainerId":"SPOTenantInventoryDetails", // keep the name as it is
  "CosmosDbTenantSiteDetailsContainerId":"SPOTenantSiteDetails", // keep the name as it is
  "SpoServiceBusConnectionString":"", // connection string of the service bus we created
  "SpoServiceBusQueueName":"spoinventorydata", // // keep the name as it is 
  "PushDataBatchSize":"600" // // keep the value as it is
}

Example Request:

Code Block

{
  "Id":"5d7736a6-9631-43b9-8aa2-29532e871180", //  unique guid which is same as the one in the request url
  "SpoStorageConnectionString":"DefaultEndpointsProtocol=https;AccountName=spoinventorystorage;AccountKey=LfnSj8q4h93re0mFusGnS2pu9bJHQRfCOyOng5jRbGRK9lH7CRsVCV6rnYiVwzEXSGHiwe9rmSw3gEI3WuTfyw==;EndpointSuffix=core.windows.net", // storage account connection string
  "GetSiteCollectionStorageQueueName":"getsitecollectionqueue", // keep the name as it is
  "GetSiteTopologyStorageQueueName":"getsitetopologyqueue", // keep the name as it is
  "CosmosDbEndpointUri":"https://spoinventoryaccount.documents.azure.com:443/", // url of the cosmos db account
  "CosmosDbPrimaryKey":"DXWh7C1vPWADrKCgkDNMksDvPFeXNOSG9AHYE6dZfMjxfLahRQr8wVrPVpnSUResPWAgspKMu7NsAuQajeQmRw==", // primary key of cosmos db account
  "CosmosDbDatabaseId":"SPOTenantInventoryDetails", // keep the name as it is
  "CosmosDbSpoTenantDetailsContainerId":"SPOTenantInventoryDetails", // keep the name as it is
  "CosmosDbTenantSiteDetailsContainerId":"SPOTenantSiteDetails", // keep the name as it is
  "SpoServiceBusConnectionString":"Endpoint=sb://spoinventoryservicebus.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=9yi9kM/Gbq7x9hm65UGhgmgGsn8+6hW8gcDv7wThgdM=", // connection string of the service bus we created
  "SpoServiceBusQueueName":"spoinventorydata", // // keep the name as it is 
  "PushDataBatchSize":"600" // // keep the value as it is
}

...

Versions Compared

Old Version 15

New Version 16

Key