Does anyone know how I go about setting the Direct Reports of a Windows Azure Active Directory ( WAAD ) from the Azure Management Console.
I can create the accounts easily enough but there doesn't appear to be any tools to set anything other than very basic details.
Ideally I'd like to set the direct reports and manager, office and other details.
There isn't a quick tool available to do this. However, if you don't mind writing some code, you could spin up a comsole app that updates these properties using the Azure AD Graph API.
Update user's properties: http://msdn.microsoft.com/en-us/library/azure/dn151671.aspx
Update user's manager: http://msdn.microsoft.com/en-us/library/azure/dn151673.aspx
A sample .Net console app using Azure AD Graph API is here: https://github.com/AzureADSamples/ConsoleApp-GraphAPI-DotNet
Hope this helps.
Related
My Requirement is
Capture the user information e.g. name, id, email id, etc. which currently Im capturing through the excel sheet by sending the sheet to everyone. I want to automate this in Azure by creating a simple web application.
Store the information in a DB or storage.
Create Graphs and dashboards. Update the dashboards automatically as and when the informrtaion gets added/updated.
Provide users access to the Web application(Front-end) forms only.
Allow users to update the information they provided as and when needed.
Allow application access using Azure AD
What are the possible simple solutions available in Azure with minimal cost.
Thanks,
Yogesh
Have a look at https://learn.microsoft.com/en-us/azure/app-service/tutorial-dotnetcore-sqldb-app?pivots=platform-windows which is a quick start tutorial that uses https://github.com/azure-samples/dotnetcore-sqldb-tutorial. It outlines creating an application and storing in an Azure SQL DB. By using .NET Core, you can leverage either Windows or Linux app service plan which opens your options as far as pricing goes. In the repo, you can modify Todo.cs to match your user information requirements.
For allowing application access using Azure AD, have a look at https://learn.microsoft.com/en-us/azure/app-service/tutorial-auth-aad?pivots=platform-windows.
You can get started easily by using a Free tier app service plan and either basic or general DTU or v-Core Azure SQL Database pricing.
I have built a web application that uses Microsoft Graph to connect to OneDrive to upload files to a user's drive.
The web application is registered in Azure under the App Registrations and is also in the Enterprise Applications, having been granted permissions by an administrator to access OneDrive.
There is a section in the Office365 Admin Console to run searches and raise email alerts, however, the user that appears to be performing the action just comes through as 'app#sharepoint', so we cannot monitor what the actual web application is doing because this is too general.
The question I have is, is there any way to specifically monitor what this app is doing, in terms of uploading files or reading files? I don't know if there is any way set the user that the Enterprise App runs under, or if there is anything that the application can pass to identify itself?
To view a report on user specific activity details on OneDrive connected to via Graph to an app registered on Azure, use GET /reports/getOneDriveActivityUserDetail(period='{period_value}') or GET /reports/getOneDriveActivityUserDetail(date={date_value}).
You will however need Reports.Read.All application permission.
Please see the following documentation for a better understanding of the usage of this query: https://learn.microsoft.com/en-us/graph/api/reportroot-getonedriveactivityuserdetail?view=graph-rest-1.0#code-try-1
Scenario:
One team had built one application, and application is running on azure.
maintenance is taken care by same team, we don't want to give full access of production instance to developer team, but want to give read permission, like - monitoring of logs, cpu usages etc.
Solution according to me is build an application which will get dashboard data and log data from azure via api and that data will be displayed to development team.
I am referring these 2 links
https://msdn.microsoft.com/en-us/library/azure/dn722415.aspx
https://azure.microsoft.com/en-in/documentation/articles/api-management-get-started/
Question:
Still I am not able to find api which will give the dashboard data. if anyone know api for the same, please help.
Is there any alternative solution for this scenario.
If you deploy your app using the new Azure Resource Manager mode, it provides a Role Based Access Control to your resources. You can deploy your app inside a Resource Group and provide read access to your developers. They will be able to view the information about the services that your app are made of but without the option to change anything.
This session from Build 2015 can help you to understand what ARM is and what you can do with it: https://channel9.msdn.com/Events/Build/2015/2-659
Even though I've added apps from gallery to Azure AD, I cannot see when I try to pull the data. But I can see the custom apps added. Like if I've added 7 apps; 2 from gallery(Google Docs, One drive) & 5 custom(native/web apps); I am able to see only 5 apps! Am I going wrong any where?
The Graph API that am using is:
https://graph.windows.net/mycustomad.onmicrosoft.com/applications?api-version=beta
I tried with different api versions but no luck.
Can someone suggest me on this?
In graph API, "applications" represent application configuration that developers register in their tenant. Gallery apps are no different (and happen to be registered in a special tenant). When you acquire an application (like a gallery app, or consent to a custom application someone else has developed), an application instance gets created in your tenant so that we can attach policy and permissions to it. This application instance is called a "service principal".
You can query for this using:
https://graph.windows.net/mycustomad.onmicrosoft.com/servicePrincipals?api-version=1.5
This will return ALL acquired apps, and some default Microsoft apps.
Hope this explains why your query of the application entity shows only the custom apps you've registered in your tenant.
Hope this helps
I work for a network management company and I want to write a .Net application (MVC 4) that will allow us to service Active Directory users from a cloud-based application.
As I have never written a cloud-based app, I don't know if I'm using that term correctly or not. I am in the requirements gathering stage. Basically, I'd like to provide our customers with the ability, for example, to change their own password using our cloud-based application.
is this an application that should be written specifically using Azure? If not, what tools and platform(s) should I take into consideration?
What tutorials or other resources are available ?
Actually, I don't even know enough about Active Directory and Cloud computing to ask the right questions. But, I hope someone will point me in the right direction
Read How to Authenticate Web Users with Windows Azure Active Directory Access Control. There are great walk-throughs there. There is more reading and code samples here - Access Control Service 2.0.
That's using ACS.
You could go direct to Azure Active Directory if you wished?
Refer: Adding Sign-On to Your Web Application Using Windows Azure AD.
If you use Office 365, you already have an AAD tenant.