Build a trusted authentication service for Azure Communication Services using Azure Active Directory

by Contributed | Feb 22, 2022 | Technology

This article is contributed. See the original author and article here.

We’re releasing a new service sample to help you build secure voice, video, and chat applications. This sample provides you with an easy to deploy, trusted authentication service to generate Azure Communication Services identities and access tokens. It is available for both node.js and C#. 

Azure Communication Services is designed with a bring-your-own-identity (BYOI) architecture. Identity and sign-on experiences are core to your unique application. Apps like LinkedIn have their own end-user identity system, while healthcare apps may use identity providers as part of existing middleware, and other apps may use 3rd party providers such as Facebook. 

We’ve designed the ACS identity system to be simple and generic, so you have the flexibility to build whatever experience you want. 

This new sample uses Azure App Service to authenticate users with Azure Active Directory (AAD), maps those users to ACS identities using Graph as storage, and finally generates ACS tokens when needed. We chose AAD for this sample because it’s a popular access management back-end, recognized for its security and scalability. It also integrates with 3rd party identity providers and OpenID interfaces. But you can use this sample as a launching point for integrating whatever identity provider or external system you want. 

The sample provides developers a turn-key service which uses the Azure Communication Service Identity SDK to create and delete users, and generate, refresh, and revoke access tokens.  The data flows for this sample are diagrammed below, but there is a lot more detail in GitHub with both node.js and C# repositories.  An Azure Resource Manager (ARM) template is provided that generates the Azure subscription and automate deployment with a few clicks. 

This identity service is only one component of a calling or chat application. Samples and documentation for other components and the underlying APIs are below. 

Please hit us up in the comments or Microsoft Q&A if you have questions about building apps! 

Tutorial: Publish Azure Static Web Apps with Bitbucket

by Contributed | Feb 21, 2022 | Technology

This article is contributed. See the original author and article here.

In this tutorial, you learn to: 

• Set up an Azure Static Web Apps site for a Vanilla API sample app


• Create a Bitbucket Pipeline to build and publish a static web app 

Prerequisites 

• Active Azure account: If you don’t have one, you can create an account for free. 


• Bitbucket project: If you don’t have one, you can create a project for free. 
  
  
  
  • Bitbucket includes Pipelines. If you haven’t created a pipeline before, you first have to enable two-step verification for your Bitbucket account.
  
  
  • You can add SSH Keys using the steps here 
  
  
  
  

NOTE – The static web app Pipeline Task currently only works on Linux machines. When running the pipeline mentioned below, please ensure it is running on a Linux VM.

Create a static web app project in Bitbucket 

NOTE – If you have an existing app in your repository, you may skip to the next section.

• After creating a new project, select Create repository and then click on Import repository.

• Select Import repository to import the sample application. 

• In Old repository URL, enter https://github.com/staticwebdev/vanilla-api.git. 


• Choose your project and name your repository. 


• Select Import repository. 

Create a static web app 

• Navigate to the Azure portal. 


• Select Create a Resource. 


• Search for Static Web Apps. 


• Select Static Web Apps. 


• Select Create. 


• Create a new static web app with the following values. 

• Select Review + create 


• Select Create. 


• Once the deployment is successful, select Go to resource. 


• Select Manage deployment token. 


• Copy the deployment token and paste the deployment token value into a text editor for use in another screen. 

NOTE – This value is set aside for now because you’ll copy and paste more values in coming steps. 

Create the Pipeline in Bitbucket 

• Navigate to the repository in Bitbucket that was created earlier. 


• Select Pipelines on the left menu. 


• 
  

  Ensure that you have enabled two-step verification for your bitbucket account.

  
  


• Select Create your first pipeline. 

• In the Create your first pipeline screen, select Starter pipeline. 

• Copy the following YAML and replace the generated configuration in your pipeline with this code.

  pipelines:
    branches:
     main:
      - step: 
          name: Deploy to test
          deployment: test
          script:
            - pipe: microsoft/azure-static-web-apps-deploy:dev
              variables:
                  APP_LOCATION: '$BITBUCKET_CLONE_DIR/src'
                  API_LOCATION: '$BITBUCKET_CLONE_DIR/api'
                  OUTPUT_LOCATION: '$BITBUCKET_CLONE_DIR'
                  API_TOKEN: $deployment_token​

                                         
  
  

NOTE –  If you are not using the sample app, the values for  APP_LOCATION, API_LOCATION, and OUTPUT_LOCATION  need to change to match the values in your application. 
Note that you have to give the values for  APP_LOCATION, API_LOCATION, and OUTPUT_LOCATIONonly after  $BITBUCKET_CLONE_DIR  as shown above.  i.e. $BITBUCKET_CLONE_DIR/<APP_LOCATION>

The  API_TOKEN  value is self-managed and is manually configured. 

• Select Add variables. 


• Add a new variable in Deployments section. 


• Name the variable deployment_token (matching the name in the workflow). 


• Copy the deployment token that you previously pasted into a text editor. 


• Paste in the deployment token in the Value box. 

• Make sure the Secured checkbox is selected. 


• Select Add. 


• Select Commit file and return to your pipelines tab. 


• You can see that the pipeline run is in progress with name Initial Bitbucket Pipelines configuration. 


• Once the deployment is successful, navigate to the Azure Static Web Apps Overview which includes links to the deployment configuration. Note how the Source link now points to the branch and location of the Bitbucket repository. 


• Select the URL to see your newly deployed website.

Clean up resources 

Clean up the resources you deployed by deleting the resource group. 

• From the Azure portal, select Resource group from the left menu. 


• Enter the resource group name in the Filter by name field. 


• Select the resource group name you used in this tutorial. 


• Select Delete resource group from the top menu. 

Additional resources

• If you need help getting started with Pipelines, see Create your first pipeline.

Microsoft Compliance Manager (MSCM) Ninja Training: Q1 2022

by Contributed | Feb 18, 2022 | Technology

This article is contributed. See the original author and article here.

Does achieving your organization’s regulatory and compliance requirements keep you up at night?  Do you wonder how you will ever be able to adhere to all the controls and ensure your companies compliance with required regulations?  Do you want to ensure that you are on top of your compliance game and that the appropriate policies and guidance are followed and enforced?  Look no further, Microsoft Compliance Manager (MSCM) is the tool to help you achieve these goals and more.  This training is designed to help guide you from fundamental concepts on your MSCM journey to Advanced concepts.  Once completed you will have a firm understanding of the tool, its capabilities, and use.

Microsoft Compliance Manager has a ton of data, tutorials, videos etc. that can sometimes be overwhelming.  Leaving you asking questions such as “where do I start”, “how do I achieve compliance”, “how do I recognize when my organization falls out of compliance”.  We’ve sifted through the vast resources Microsoft has to offer for MSCM and developed this training to guide you – all in one location, in a simple easy to follow format!  If there is anything we can do to improve this training, please do not hesitate to leave a comment below and we will be sure to review it.

The overall structure of this training is split into 3 main knowledge levels.  They are:

After each level, we will offer you a knowledge check based on the training material you have just finished! Since there’s a lot of content, the goal of the knowledge checks is to help ensure understanding of the key concepts that were covered. Lastly, there’ll be a fun certificate issued at the end of the training! Disclaimer: This is not an official Microsoft certification and only acts as a way of recognizing your participation in this training content.

We plan to update this training on a quarterly basis to ensure that you all have the latest and the greatest training materials.  Please do check back often for new training content.  The newly added training content will be tagged with “[New!]” at the end of the training title.  For those of you who have already gone through the training before, you can view those [New!] training contents directly. 

Docs on Microsoft	Blogs on Microsoft
Product videos	Webcast recordings
Tech Community	Interactive guides
⤴ External Sites	GitHub

Module 1. MSCM – Fundamentals [Beginner Level]

Training Title	Description	Resources
MSCM Overview:  Introduction to Microsoft Compliance Manager	In this track we will show where MSCM fits in the overall M365 ecosystems and discuss its high-level components.	MSCM Introduction Video   MSCM
Getting started with MSCM	In this track we will go over best practices and pre-deployment planning considerations to include key MSCM service features and capabilities.	Introduction to MSCM   Compliance Manager Quick Start   Deployment Acceleration Guide
Assessment Types and working with assessments (workflow and tracking)	In this track we will discuss the different assessment types in MSCM, how you can use them to help your organization succeed and use MSCM for continuous monitoring / assessment.	Build and Manage Assessments in MSCM
Automated Compliance Scoring	In this track we will discuss your overall scope, setup / run automated testing, evaluate your automated score (understanding it), and gain a firm understanding of improvement actions, user history and automated testing.	Compliance Score Calculation
Assigning Improvement Actions  & action types (RBAC)	In this track we will discuss how you assign remediation and score improvement tasks to different personnel within your organization.	Assign and complete improvement actions in MSCM  MSCM Interactive guide, review from 2 minutes 12 seconds to 38 seconds
MSCM Recommendation Wizard	In this track we will give you a good starting place to understand your organization’s regulatory and compliance requirements.  By asking a few brief questions we can show you the templates that may apply to your organization!	MSCM Recommendation Wizard Tutorial
Automation with MSCM	In this track we will explore how you can automate your MSCM capability and ensure you have up to date knowledge of your current regulatory compliance status.	Material for this track is currently in development – stay tuned!

Knowledge Check – Microsoft Compliance Manager Fundamentals

Module 2. MSCM – Intermediate [Associate Level]

Training Title	Description	Resources
Introduction to Templates:  Template library, premium templates, and universal templates	In this track we will show you the various types of assessment templates are available to you whether included in your licensing or requiring an additional purchase including templates that can cover non-Microsoft services giving your broader tracking capabilities in your compliance journey.	Learn about assessment templates in Compliance Manager     Simply Compliance and reduce risk with our 150+ assessment templates or bring your own assessment   MSCM Interactive Guide, review from 16 minutes 58 seconds
Creating an Assessment from a template	In this track we will upon the knowledge gained in the previous track to show you how to create an assessment for both Microsoft and non-Microsoft products.	Create an assessment template in Microsoft Compliance Manager     MSCM Interactive Guide, review from 15 minutes 40 seconds to 5 minutes 42 seconds  Creating an Assessment in MSCM
Importing Templates	Don’t see a regulation assessment you need to help your organization? Create your own assessment template that can be used over and over again based on your needs.	Create an assessment template in Microsoft Compliance Manager   MSCM Interactive guide, review from 10 minutes 10 second to 3 minutes 58 seconds
Regulatory and Compliance updates	With MSCM we are constantly monitoring and evaluating regulatory and compliance requirements.  When updates occur, we update our assessment templates to account for such changes, and put you in control of when to update your in progress assessment to match.	MSCM Updates to templates tutorial
Improving Compliance Score	In this track we will look at improving your compliance score by looking at your current configurations in your tenant and validating them against Microsoft 365 best practices.	MS Compliance Configuration Analyzer for MSCM   MSCM Interactive Guide go to 19 minutes, 37 seconds

Knowledge Check – Microsoft Compliance Manager Intermediate

Module 3.  Microsoft Compliance Manager – Advanced [Expert Level]

Training Title	Description	Resources
Extending Templates	In this track we will take the knowledge on templates previously covered and expand.  We will show you how you can take templates and expand them to meet your regulatory and compliance needs.	Extend assessment templates in Microsoft Compliance Manager   Extend Templates in MSCM  MSCM Interactive Guide review from 3 minutes 58 seconds to 2 minutes 55 seconds
Integration of Excel into MSCM and how to use it to modify templates	In this track we will discuss how you can use MS Excel to update and modify your templates.	Format assessment template data in Excel for Microsoft Compliance Manager   Using MS Excel to Manipulate and or Create templates in MSCM
MSCM Scenario	In this track we will create a brief scenario to show how to meet a specific regulatory compliance requirement.	⤴ MSCM Scenario
Microsoft Compliance Manager Considerations & Wrap Up	In this final track we will cover common questions asked, provide some useful tips and wrap up this training!	Material for this track is currently in development – stay tuned!

Knowledge Check – Microsoft Compliance Manager Advanced

Once you’ve finished the training and the knowledge checks, please go to our attestation portal to generate your certificate –  you’ll see it in your inbox within 3 to 5 business days.  Attestation Portal Link

We have a great lineup of updates for the next rendition (next quarter).  If you’d like anything covered, please comment below.  In addition, please reach out to us if you have any content that you would like to include as well. 

We hope you all enjoy this training! 

Feedback

Let us know if you have any feedback or relevant use cases/requirements for this portion of Microsoft Defender for Cloud Apps by emailing mipcompcxe@microsoft.com  and mention the core area of concern.

Learn More

For further information on how your organization can benefit from Microsoft Compliance Manager: