Isaiah Williams edited this page Jun 20, 2018 · 10 revisions

Partner Smart Office imports and aggregates information obtained using the Intelligent Security Graph and Office 366 Secure Score, enabling partners to take advantage of advanced analytics. These analytics can link threat intelligence and security data to provide insights that can strengthen a customer’s organization security. Partners can now also view security data across all customers at once.

Deploying

It is recommended that you leverage the deployment script to deploy this solution. This script will create and configure the required Azure AD application, and then it will deploy the solution using this ARM template. If you have an existing Azure AD application and you know the appropriate values for the template parameters, then you can deploy the ARM template directly by clicking the Deploy to Azure button found below

Deploy to Azure

Once this solution has been successfully deployed you will have a resource group that contains the following Azure resources

  • An instance of Application Insights that is used to capture exceptions and telemetry for the function and web applications.
  • An instance of Azure Functions used to pull and process information from the Microsoft Graph and Partner Center APIs.
  • An instance of Azure Cosmos DB used to store all information processed upon successful execution of the function application.
  • An instance of Key Vault used to store all sensitive information such as the application secrets.
  • A storage account used to enqueue object to trigger the execution of various operations within the Azure Function application.
  • A web application that is used to manage the creation and modification of environments

Getting Started

This solution will not have any environments configured after it is deployed. To create an environment you will need to browse to the web application that was created during the deployment. If you encounter an access denied error when attempting to access then review this question from the FAQ. Perform the following to create an environment

  1. Click the Add New Environment link

  2. Use the following tables as a guide to complete the form

    Field Name Description
    Friendly Name This is a name you can use to quickly identify the environment.
    Id The value for this field will depend on the type of environment being configured. If it is a CSP environment then it should the AccountId value for the reseller found in Partner Center. If it is an EA environment then it is should be the Azure AD tenant identifier associated with the EA.
    Environment Type This should be set to CSP or EA. No other value is permitted.

    Azure AD Application Configurations

    Field Name Description
    Application Identifier This is the Application ID value of the Azure AD application that you wish to use to access the required resources. Please note that this can be the same application used when deploying the solution.
    Application Secret This is the application secret associated with the application. Please note that this can be the same application secret you specified during deployment.
    Service Address This value should be configured to https://graph.microsoft.com
    Tenant Identifier This value should be configured to the Azure AD tenant identifier for the tenant where the application was created.

    Partner Center Configurations

    Field Name Description
    Application Identifier This should be the identifier of the application configured for Partner Center. You can obtain this information from the App Management section in Partner Center.
    Application Secret This should be a secret value associated with the Azure AD application. You can obtain this value from the App Management section in Partner Center.
    Service Address This value should be configured to https://api.partnercenter.microsoft.com unless the reseller you are connected is one of the sovereign clouds.
    Tenant Identifier This should be the Account ID value found in the App Management section of Partner Center.
  3. Click the Add button to save the new environment

Performance

If any environments configured for processing have a large number of customers or a large number of audit events, the ProcessPartner function can exceed the 5 to 10 minute execution limit for Azure Functions on the consumption-based billing plan see the functions scale documentation for more information. If you notice repeated attempts to process an environment with no successful finish or abnormal/early termination of the function execution, you may need to move the Azure Functions app to a new App Service Plan. Moving an App Service from a consumption plan to a regular App Service plan is currently not supported in the Azure portal, however, you can accomplish the move via PowerShell.

Steps to move to a new App Service Plan

  • Create a new App Service Plan in the Azure portal with the necessary scale to handle processing the environments.
  • Open PowerShell on your local machine or in the Azure Cloud Shell and login to your Azure tenant.
  • Select the appropriate subscription
    • Select-AzureRmSubscription [SUBSCRIPTION_ID]
  • Update the App Service Plan for the Functions app:
    • Set-AzureRmWebApp -Name <FUNCTION_APP_NAME> -ResourceGroupName <RESOURCE_GROUP_NAME> -AppServicePlan <NEW_PLAN_NAME>
Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.