The Exchange Online (EXO) connector contains multiple Azure services, including microservices, web jobs, and Azure functions used for inventorying and managing Exchange Online in EmpowerID. This information can be managed in EmpowerID as well as synchronized with data in any connected back-end user directories.
...
Key to the Exchange Online connector is the Exchange Online (EXO) microservice, which communicates with EmpowerID and your Exchange tenant to allow you to collect and manage your Exchange data in EmpowerID. To do so, the microservice needs to be deployed to each Exchange tenant, and each of those tenants needs to be configured with additional Azure components. The number of components needed differs depending on whether you are self-hosting or using EmpowerID SaaS.
...
If you are not using EmpowerID SaaS and want EmpowerID to manage one or more of your Exchange tenants, you need to configure one of those tenants with all of the components shown on the “EmpowerID side” (left) of Figure 1. These components are necessary to inventory Exchange. In addition to these, you also need to configure each Exchange tenant to be managed by EmpowerID with all of the components shown on the “Self-hosted” side of Figure 1. The only exception is to this is the Azure AD SCIM app service. This service only needs to be set up once within Azure.
Easy html macro |
---|
theme | {"label":"solarized_dark","value":"solarized_dark"} |
---|
contentByMode | {"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <p class = \"bd-callout bd-callout-success\">All of the components shown on the EmpowerID \r\n side of the image are required whether you are self-hosting EmpowerID or using EmpowerID \r\n SaaS. The only difference is when using EmpowerID SaaS, you do not need to set up these \r\n components. EmpowerID takes care of that for you.</p>","javascript":"","css":""} |
---|
|
|
...
Azure Component | Purpose |
---|
Key Vault | |
Cosmo DB | Stores EXO information Tracks inventory objects per schedule Stores configuration needed by the EXO app service Used by the AzGeneralService app service to persist data each time a call is made to the service
|
Az General Service App Service with Managed Identity | |
Storage Account | |
Service Bus | |
Web Jobs App Service with Managed Identity | |
SPO Functions Function App with Managed Identity | Function to register SharePoint tenants in Cosmos DB Function to update SharePoint tenants in Cosmos DB Function to delete SharePoint tenants in Cosmos DB Function to claim inventory for SharePoint tenants in Cosmos DB Function to process data in the service bus queue and pushes it to EmpowerID All functions retrieve the configuration data from AzGeneralService App Service
|
Azure Components Required for each SharePoint Exchange Online Tenant |
Azure Component | Purpose |
Service Principal application 1 | |
Service Principal application 2 | |
App Service | |
Key Vault | Stores certificate for certificate-based authentication between the microservice and the service principal registered in Azure for it Stores an access policy that grants key, secret and certificate permissions to the Exchange Online app service hosting the microservice
|
Cosmo DB | |
Azure AD SCIM Microservice | Easy html macro |
---|
theme | {"label":"solarized_dark","value":"solarized_dark"} |
---|
contentByMode | {"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <p class = \"bd-callout bd-callout-info\">This microservice must be deployed to Azure before setting up the EXO microservice. \r\n For details, see Connecting to SharePoint Online. </p>","javascript":"","css":""} |
---|
| |
|
...
If you are taking advantage of EmpowerID SaaS, the components you need to configure in Azure are minimal as EmpowerID configures everything needed to inventory Exchange (represented by the grayed-out components on the left side of Figure 2 below). As a SaaS customer, you only need to configure the components shown on the right side of the figure. If you are using EmpowerID to manage more than one Exchange tenant, you need to configure these components for each of those tenants.
...
Azure Component | Purpose |
---|
Service Principal application 1 | |
Service Principal application 2 | |
App Service | |
Key Vault | Stores certificate for certificate-based authentication between the microservice and the service principal registered in Azure for it Stores an access policy that grants key, secret and certificate permissions to the Exchange Online app service hosting the microservice
|
Cosmo DB | |
Function App | |
Azure AD SCIM Microservice | |
EmpowerID Items to Deploy
...
EmpowerID Component | File |
---|
AzGeneralService Microservice | AzGeneralServices_MicroserviceV3.zip |
Service Principal application 2 | |
App Service | |
Key Vault | Stores certificate for certificate-based authentication between the microservice and the service principal registered in Azure for it Stores an access policy that grants key, secret and certificate permissions to the Exchange Online app service hosting the microservice
|
Cosmo DB | |
Function App | |
Azure AD SCIM Microservice | |
Insert excerpt |
---|
| IL:External Stylesheet |
---|
| IL:External Stylesheet |
---|
nopanel | true |
---|
|
...
Insert excerpt |
---|
| IL:External Stylesheet |
---|
| IL:External Stylesheet |
---|
nopanel | true |
---|
|