Introduction
Last month I wrote this post that detailed using your voice to search/query Microsoft Identity Manager. That post demonstrated a working solution (GitHub repository coming next month) but was still incomplete if it was to be used in production within an Enterprise. I hinted then that there were additional enhancements I was looking to make. One is an Auditing/Reporting aspect and that is what I cover in this post.
Overview
The one element of the solution that has visibility of each search scenario is the IoT Device. As a potential future enhancement this could also be a Bot. For each request I wanted to log/audit;
- Device the query was initiated from (it is possible to have many IoT devices; physical or bot leveraging this function)
- The query
- The response
- Date and Time of the event
- User the query targeted
To achieve this my solution is to;
- On my IoT Device the query, target user and date/time is held during the query event
- At the completion of the query the response along with the earlier information is sent to the IoT Hub using the IoT Hub REST API
- The event is consumed from the IoT Hub by an Azure Event Hub
- The message containing the information is processed by Stream Analytics and put into Azure Table Storage and Power BI.
Azure Table Storage provides the logging/auditing trail of what requests have been made and the responses. Power BI provides the reporting aspect. These two services provide visibility into what requests have been made, against who, when etc. The graphic below shows this in the bottom portion of the image.
Sending IoT Device Events to IoT Hub
I covered this piece in a previous post here in PowerShell. I converted it from PowerShell to Python to run on my device. In PowerShell though for initial end-to-end testing when developing the solution the body of the message being sent and sending it looks like this;
[string]$datetime = get-date $datetime = $datetime.Replace("/","-") $body = @{ deviceId = $deviceID messageId = $datetime messageString = "$($deviceID)-to-Cloud-$($datetime)" MIMQuery = "Does the user Jerry Seinfeld have an Active Directory Account" MIMResponse = "Yes. Their LoginID is jerry.seinfeld" User = "Jerry Seinfeld" } $body = $body | ConvertTo-Json Invoke-RestMethod -Uri $iotHubRestURI -Headers $Headers -Method Post -Body $body
Event Hub and IoT Hub Configuration
First I created an Event Hub. Then on my IoT Hub I added an Event Subscription and pointed it to my Event Hub.
Streaming Analytics
I then created a Stream Analytics Job. I configured two Inputs. One each from my IoT Hub and from my Event Hub.
I then created two Outputs. One for Table Storage for which I used an existing Storage Group for my solution, and the other for Power BI using an existing Workspace but creating a new Dataset. For the Table storage I specified deviceId for Partition key and messageId for Row key.
Finally as I’m keeping all the data simple in what I’m sending, my query is basically copying from the Inputs to the Outputs. One is to get the events to Table Storage and the other to get it to Power BI. Therefore the query looks like this.
Events in Table Storage
After sending through some events I could see rows being added to Table Storage. When I added an additional column to the data the schema-less Table Storage obliged and dynamically added another column to the table.
A full record looks like this.
Events in Power BI
Just like in Table Storage, in Power BI I could see the dataset and the table with the event data. I could create a report with some nice visuals just as you would with any other dataset. When I added an additional field to the event being sent from the IoT Device it magically showed up in the Power BI Dataset Table.
Summary
Using the Azure IoT Hub REST API I can easily send information from my IoT Device and then have it processed through Stream Analytics into Table Storage and Power BI. Instant auditing and reporting functionality.
Let me know what you think on twitter @darrenjrobinson