Set up Accounts and secure passwords to run automation workloads in Azure Functions

5th of October, 2018 / / No Comments

In some of my previous blogs here, we have seen how we could use Azure Functions to to automate processes and SharePoint workloads.

Most of these jobs run using elevated or stored privileged accounts as the Azure Function is in a different context than the user context. There are various ways we could setup these accounts. Some of these approaches are below:

  1. Azure AD Service Accounts
    • Suitable for all operations
    • Need access to resource
    • Reusable across multiple workloads
  2. Azure AD Apps
    • Suitable for Graph Access
    • Need exact permissions set up
    • Might need Tenant Admin authentication
  3. SharePoint App Accounts
    • Suitable for SharePoint workloads.
[Keep reading] “Set up Accounts and secure passwords to run automation workloads in Azure Functions”

Key Vault Secrets and ARM Templates

15th of May, 2018 / / No Comments

What is Azure Key Vault

Azure Key Vault helps safeguard cryptographic keys and secrets used by cloud applications and services. By using Key Vault, you can encrypt keys and secrets (such as authentication keys, storage account keys, data encryption keys, .PFX files, and passwords) using keys protected by hardware security modules (HSMs).
Key Vault streamlines the key management process and enables you to maintain control of keys that access and encrypt your data. Developers can create keys for development and testing in minutes, and then seamlessly migrate them to production keys.… [Keep reading] “Key Vault Secrets and ARM Templates”

Protecting Application Credentials when implementing Modular Azure Functions with Microsoft Flow

23rd of April, 2018 / / 1 Comment

This weekend I was attempting to rework some older Azure Automation tasks I wrote some time ago that were a combination of PowerShell scripts and Azure (PowerShell Functions). I was looking to leverage Microsoft Flow so that I could have them handy as ‘Buttons’ in the Microsoft Flow mobile app.
Quite quickly I realized that Microsoft Flow didn’t have the capability to perform some of the automation I required, so I handed that off to an Azure Function.… [Keep reading] “Protecting Application Credentials when implementing Modular Azure Functions with Microsoft Flow”

Enabling and using Managed Service Identity to access an Azure Key Vault with Azure PowerShell Functions

19th of September, 2017 / / 4 Comments

Introduction

At the end of last week (14 Sept 2017) Microsoft announced a new Azure Active Directory feature – Managed Service Identity. Managed Service Identity helps solve the chicken and egg bootstrap problem of needing credentials to connect to the Azure Key Vault to retrieve credentials. When used in conjunction with Virtual Machines, Web Apps and Azure Functions that meant having to implement methods to obfuscate credentials that were stored within them. I touched on one method that I’ve used a lot in this post here whereby I encrypt the credential and store it in the Application Settings, but it still required a keyfile to allow reversing of the encryption as part of the automation process.… [Keep reading] “Enabling and using Managed Service Identity to access an Azure Key Vault with Azure PowerShell Functions”

Quickly creating and using an Azure Key Vault with PowerShell

14th of September, 2017 / / No Comments

Introduction

A couple of weeks back I was messing around with the Azure Key Vault looking to centralise a bunch of credentials for my ever-growing list of Azure Functions that are automating numerous tasks. What I found was getting an Azure Key Vault setup and getting credentials in and out was a little more cumbersome than what I thought it should be. At that same point via Twitter this tweet appeared in my timeline from a retweet.… [Keep reading] “Quickly creating and using an Azure Key Vault with PowerShell”