Create an App Service for the Exchange Online Microservice

Owned by
Phillip Hanegan
Feb 07, 2023
3 min read

As part of the deployment process for the Exchange Online microservice, an app service needs to be created to host the microservice and configured with a system-assigned managed identity. The Exchange Online V2 PowerShell Microservice uses a certificate to authenticate against Azure AD while requesting an access token to interact with Exchange Online. The managed identity for the app service hosting the microservice is the Azure principal that will be given permission to download and read the certificate.

Create the app service

  1. Log in to your Azure portal as a user with the necessary permissions to create an app service.

  2. In Azure, navigate to All Services > App Services and create an App Service.

  3. Under Project Details, select a Subscription and create a new Resource Group for the app service.

  4. Under Instance Details, do the following:

    • Name – Enter a name for the app service.

    • Publish – Select Code.

    • Runtime Stack – Select .NET Core 3.1 (LTS).

    • Operating System – Select Linux.

    • Region – Select the appropriate region.

  5. Click Review + Create.

  6. Click Create.

  7. After the deployment of the app service completes, click Go to resource.

  8. Change the platform for the app service to 64 Bit by doing the following:

    1. On the app service navbar, under Settings, click Configuration.

    2. On the Configuration blade, select the General settings tab.

    3. Under Platform settings, change the Platform to 64 Bit and click Save.

    4. Click Continue to confirm you want to save the changes.

  9. On the Overview page, copy and save the URL for the app service. You will need this later.


Configure authentication

  1. Navigate to the Authentication blade for the app service and click Add identity provider.

  2. Select Microsoft. 

  3. On the Add an identity provider page, do the following:

    1. App registration type – Select Pick an existing app registration in this directory.

    2. Name or app ID – Select the service principal you created to provide Azure AD authentication for the Exchange microservice.

    3. Issuer URL – Enter https://login.microsoftonline.com/<Your Tenant ID>

    4. Authentication – Select Require authentication.

    5. Unauthenticated requests – Select HTTP 401 Unauthorized: recommended for APIs.

    6. Token Store – Leave selected.

    7. Click Add.

       

  4. After adding the Identity provider, click the Edit link for it.

     

  5. Set the Issuer URL to https://login.microsoftonline.com/<Your Tenant ID>.

  6. Under Allowed token audiences enter the URL for the app service.

     

  7. Click Save.

Create a managed identity for the app service

  1. Navigate to the Identity blade for the app service.

  2. Turn on System assigned to create the managed identity.

  3. Click Save and then click Yes to confirm you want to enable system assigned managed identity.

     

Download the publish profile for the app service

  1. Navigate to the Overview page for the app service.

  2. Click Get publish profile and save the file to your machine. You use this file when publishing the Exchange Online microservice to Azure.

     

 

Next Steps

https://dotnetworkflow.jira.com/wiki/spaces/EIDADV23/pages/2984947904

IN THIS ARTICLE