Welcome to another Azure Content Spotlight! These articles are used to highlight items in Azure that could be more visible to the Azure community.
This weeks content spotlight is all for developers that want to get started with developing AI applications or more experienced AI developers that want expand their knowledge.
AI is a set of technologies that enable computers to assist and solve problems in a way that are similar to humans by perceiving, learning, and reasoning. Using the cloud and the Microsoft AI platform you can now infuse your applications with these intelligent capabilities. Microsoft offers an extensive set of services to build intelligent applications, like Azure Cognitive Services, Bot Framework and Azure Machine Learning. You can use different tooling, even open source technologies such as TensorFlow, PyTorch, or Jupyter and leverage the infrastructure capabilities that are part of Microsoft AI platform as well.
To get started or expand your knowledge, you can refer to the following resources:
Welcome to another Azure Content Spotlight! These articles are used to highlight items in Azure that could be more visible to the Azure community.
This weeks content spotlight is about App migration to Azure. The Cloud is changing the way applications are architected. Instead of monoliths, applications are decomposed into smaller services. These services communicate with each other through APIs or using asynchronous messaging. They can scale horizontally, so new instances can be added and removed easily. Deployments must be automated and monitoring is critical for gaining insights into the applications. And this all can be realized without the need to bother about the underlying infrastructure.
This changing way of designing and architecting applications, introduces new architectural patterns and best practices for building apps on the Azure cloud platform. Below is a set of resources which can help software architects and developers gaining insights about the different services and resources Azure has to offer to compose your applications. It also provides different patterns and best practices on how to design your applications.
Azure B2B is the external sharing feature of Azure and of Office 365. In most Office 365 products Azure B2B is the standard, but SharePoint online and OneDrive use a different sharing mechanism by default. However, you can turn on external sharing using B2B in the admin center.
By turning on external sharing using Azure B2B, SharePoint Online users cannot add external users so easily as when the default sharing mechanism is used. On the other side, external sharing using Azure B2B offers a lot more capabilities that are aimed at enterprises, like for instance, managing external users from the Azure Portal, Conditional Access policies (MFA for instance and more), the ability to let an admin of a partner organization manage the external accounts using a Self-Service Portal and more auditing and reporting capabilities.
So, in my opinion, turning on Azure B2B in larger organizations should be a best practice. But, offering a solution to let your SharePoint Online and OneDrive users, add users from SharePoint Online, and don’t have to leave this environment is key for making it simple and make it a success inside your organization.
This post offers a solution which can be used for adding guest users in a controlled matter from inside a SharePoint Online site, using the following components in the below flow:
PowerApp: The fill-in form is created using a PowerApp. It calls the Flow after filling in all the necessary fields.
Flow: The flow will call the Graph API through an Azure AD App.
Azure AD App: The Azure AD App will be configured with the application permissions which are needed to call the Graph API and call the methods that are needed to add a user to Azure B2B.
Graph API: The Graph API is used to add the guest user to Azure AD B2B and to send out the invitation to the user.
To create the solution using the above components, the components should be created in a slightly different order. The first step is to get the Azure AD App into place, so it can be called from the flow later in the process.
Azure AD App
Because we need administrator permissions to create a guest user in Azure AD B2B and don’t want to use the user permissions or consent from the user who is filling out the PowerApp form, an Azure AD App needs to be created with all the necessary permissions for calling the Graph API.
Go to https://portal.azure.com and log in with your Azure credentials. Go the Azure Active Directory, click App Registrations in the left menu and click New Application Registration.
Select Application you’re developing and add the following settings:
Once the app is created, click Settings in the top menu of the next blade.
Click Required Permissions and in the next blade click Add.
Click Select an API and next Microsoft Graph and Select.
Click Select Permissions and add on the Enable Access blade that appears and enable the following permissions
Application Permissions:
Read and write directory data
Invite guest users to the organization
Read and write directory data
After enabling the required permissions, click Grant permissions in the top menu and grant the permissions.
Back on the Settings blade, click Keys and add a new key. Give it a description and select the expiring duration (1 or 2 years or never expires). Click the Save button to generate the secret.
Copy the secret to Notepad, we need this later inside Flow to call the Graph.
Go back to the App Settings blade and copy the Application ID to Notepad as well.
At last, we need the Active Directory tenant ID to call the App from Flow, you can find it under the Active Directory Blade in the Azure portal. Under Manage, click Properties. The tenant ID is shown in the Directory ID box.
Now the Application is registered, and the permissions are set, we can go to Flow to create the flow for creating the guest users.
Flow
Open flow from Office 365 and select the PowerApp template.
Click + New step -> Add an action.
Add 3 variables to the canvas, select the Variables – Initialize variable Add the following variables:
Name: ClientID, Type: String, Value: add the Application ID in here.
Name: ClientSecret, Type: String, Value: add the Client Secret in here. One thing to note: The Client Secret will probably end with an “=”. This should be replaced with “%3D”. If you don’t replace this, the call for the authorization token will end with an unauthorized exception.
Name: TenantID, Type: String, Value: add the Azure AD tenant ID in here.
Add a new Action and select the HTTP Action. Rename the action to Generate Access Token. Add the following values:
Body: grant_type=client_credentials &client_id=<ClientID>&client_secret=<ClientSecret>&resource= https%3A%2F%2Fgraph.microsoft.com. Replace the values inside the brackets with the variables created earlier.
Run the workflow now, and you will see that the outcome of the HTTP Action will consist of the Access Token. This token can now be used to create the guest user in Azure AD using the Azure B2B Graph methods.
Copy the body text of the output to Notepad. We will use this in the next step for generating a schema for the JSON parser.
Next, add a Data Operations – Parse JSON Action to the canvas. For the Content, select the Body from the Generate Access Click use sample payload to generate schema and paste the body output into the text box.
Click Done and the schema is automatically generated.
To pass on the parameters from the PowerApp, add 3 Initialize Variables Actions below the PowerApps Action. Give them the following values:
Rename the action to FirstNameParameter, Name: FirstName, Type: String, Value: select Ask in PowerApps, then a new parameter is created.
Rename the action to LastNameParameter, Name: LastName, Type: String, Value: select Ask in PowerApps, then a new parameter is created.
Rename the action to EmailAddressParameter, Name: EmailAddress, Type: String, Value: select Ask in PowerApps, then a new parameter is created.
Add an HTTP Action to the canvas below the JSON Parser, rename the method to Create Guest User and add the following values:
Headers: Authorization, bearer <AccessToken> (make sure there is a whitespace between the bearer part and the access token).
Body:[code]
{
“invitedUserEmailAddress”: “<EmailAddress variable>”,
“inviteRedirectUrl”: “https://puttysoft.sharepoint.com/sites/AzureB2B”,
“invitedUserDisplayName” : concat(variables(‘FirstName’), ‘ ‘, variables(‘LastName’)),
“sendInvitationMessage” : true,
“invitedUserMessageInfo” : {
“customizedMessageBody”: “Hey there! Check this out. I created an invitation through the Graph API”
}
[/code]
Save the Flow.
PowerApps
Go to https://web.powerapps.com and log in with your Office 365 credentials. Select the “Start from blank” template and select “Phone from Factor” and click Make this App.
The Edit screen is opened, add the following labels, fields and a button to the canvas:
TextInput: Name: TextEmailAddress, clear Text Input
Button: Name: ButtonAdd, Text: Add Guest User
Rename Screen1 to AzureB2BFillInForm
Open te AzureB2BFillInForm, click the ButtonAdd, click Action and Select A data pane is openend, in there select the flow created in the previous step and associate it with the button.
In the formula bar add the below variables to the Run() method to pass the values to the Flow:PowerAppsbutton.Run(TextFirstName.Text, TextLastName.Text, TextEmailAddress.Text)
Save and Publish the PowerApp. Then click Share this app. Copy the Web link or App ID to Notepad.
Adding the PowerApp to a SharePoint Site
The last step is to add the PowerApp to a SharePoint so that your users can start using for inviting guest users.
Add a PowerApp web part to a SharePoint page. In the settings add the web link of App ID which you’ve copied to Notepad in the previous step. Publish the page.
You can now fill in the form and click the button. The user will receive an invite in his/ her mailbox.
Note: Before the user can access the SharePoint site in the redirect URL, it should be added to SharePoint manually. This sample only adds the guest user Azure AD.
Usefull links
The following articles are used to create this sample solution:
