Modern solutions are based on complex architectures, which are made of multiple layers and services. Often, to run your solutions, you need to host services on Azure, configure services in Office 365, and provision content in SharePoint Online. Deploying manually such kind of solutions in target environments can be really challenging, time consuming, and error-prone. In this session, you will learn how to automate the provisioning of such kind of solutions using the Microsoft Graph, the Azure Management API, and the REST API more in general. During the session you will see a real case study, based on the open source PnP Partner Pack Setup Wizard.
4. About me
• Project Manager, Consultant, Trainer
• About 50 Microsoft certification exams passed
• MCSM – Charter SharePoint
• MVP Office Servers and Services
• SharePoint PnP Core Team Member
• Focused on SharePoint and Office 365 since
the beginning
• Author of many books about XML, SOAP,
.NET, LINQ, SharePoint, and Office 365
• Speaker at main IT conferences
5. Agenda
• Set the context of automated deployment
• Authentication and Authorization
• Microsoft Graph
• Microsoft Azure Management API
• SharePoint PnP Provisioning
6. DEMO
Let’s set the context: PnP Partner Pack Setup Wizard
https://youtu.be/D98jqzPkfj0
7. Goals of the sample project
• Create SPO Site Collections
• Generate on the fly an X.509 certificate
• Configure Azure AD Application
• Configure X.509 certificate for App-Only with SPO
• Configure custom settings for the Application
• Configure custom permissions to consume Microsoft Graph and SPO
• Create an Azure Resource Group
• Create an Azure Blob Storage account
• Create an Azure App Service
• Configure custom settings for the App Service
• Build, package, and publish an ASP.NET Web Application
• Build, package, and publish a bunch of Web Jobs
9. Requirements
• Demo application requires to be executed as local admin
• To create the X.509 certificate
• You need Tenant Global Admin account for the Office 365
• Valid Azure Subscription backing the Office 365 tenant
• You need Admin account for target Azure Subscription
10. AuthN & AuthZ
• Two applications registered in the target tenant
• One Azure AD multi-tenant native application
• The main application, which manages the Azure AD resources
• One Office 365 application
• The one that corresponds to the PnP Partner Pack in our scenario
• ADAL 3.x for AuthN & AuthZ logic
13. Site Collection creation
• We use PnP Core Library and Tenant class
• From Microsoft.Online.SharePoint.TenantAdministration
• Based on PnP extension methods
• SiteExists
• DeleteSiteCollectionFromRecycleBin
• CreateSiteCollection
• We use PnP Provisioning Engine to provision artifacts
14. PnP Provisioning Engine
• One of the most useful capabilities provided by PnP
• Available in different flavors
• .NET with PnP Core Library
• PowerShell with PnP cmdlets
• Typical use cases
• PowerShell automation
• Azure Web Jobs
• Azure Functions
• Back-end services
• Etc.
15. PnP Provisioning Engine: main capabilities
• XML or Open XML (.PNP) based storage
• Can eventually be used “just in memory”
• You can extract a template from a live (model) site
• You can apply a template to multiple sites
• Delta handling of templates
• We add or update, we do not delete/remove
• Supports both SPO and SP2013/2016
16. Main Features
• SP2013, SP2016 and SPO
• Delta templates
• XML, JSON formatter
• Site Columns
• Content Types
• Lists/Libraries Instances
• Features (Site or Web)
• Custom Actions (Site or Web)
• Files/Pages (Wiki, WebPart)
• Taxonomies
• Composed Look
• Site Policies
• Web Settings
• Regional Settings
• UI Languages
• Resource Files
• Audit Settings
• Workflows (SPD only)
• Search Settings
• Publishing (including Page Layouts)
• Navigation Settings
• Modern Pages
• Client-side Web Parts
• Client-side Extensions
19. Azure AD Application Registration
• We register the application with a custom manifest file
• Including custom permissions for other APIs
• We create on the fly the shared secret
• We configure all the URLs
• POST against Graph beta endpoint
• https://graph.microsoft.com/beta/applications
• Response will be the just created application
22. Azure Management API
• Allows managing resources on Azure
• REST based API
• https://management.azure.com/
• Using Azure AD and OAuth 2.0 for authorization
• There are endpoints for almost everything …
• You need a target subscription
• And you can browse for them through API
• You need to register to manage specific resources
• Can be done still using the API …
• There are different versions, depending on the target endpoint
23. Creating a Resource Group
• Make a PUT request against
• subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}
• ?api-version=2016-09-01
• You’ll get back a JSON object
• Describes the Resource Group
• You need a service plan, too
• Make a PUT request against
• subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/provi
ders/Microsoft.Web/serverfarms/{servicePlanName}
• ?api-version=2015-08-01
24. Creating a Blob Storage Account
• Make a PUT request against
• subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/provi
ders/Microsoft.Storage/storageAccounts/{storageAccountName.ToLower()}
• ?api-version=2016-12-01
• When you create a Storage Account
• Wait for the account to be ready
• Make GET request and wait for «Succeded» status
• Once it’s ready, get the storage keys
• Make a POST request for
• subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Micros
oft.Storage/storageAccounts/{storageAccountName.ToLower()}/listKeys
• As usual, you’ll get back the keys in a JSON object
26. Creating an Azure App Service (1/2)
• Make a PUT request against
• subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/provi
ders/Microsoft.Web/sites/{appServiceName}
• ?api-version=2016-08-01
• Application Settings are an untyped array of JSON objects
• { “Name”: “SettingName”, “Value”: “Value” }
• To upload X.509 certificate, make a PUT request against
• subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/provi
ders/Microsoft.Web/certificates/{appServiceName}-pfx
• ?api-version=2016-03-01
• Provide certificate PFX blob + password
27. Creating an Azure App Service (2/2)
• Get a Publishing Profile settings file
• subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/provi
ders/Microsoft.Web/sites/{appServiceName}/publishxml
• ?api-version=2016-08-01
• You’ll get back the XML publishing settings file
• You can parse it for settings
29. Build, Package, and Deploy Web Site
• We used PowerShell from .NET + MSBuild
• Hidden background running console
• The Visual Studio version makes the difference
• Because MSBuild path changes
• Then we run MSBUILD
/p:Configuration=Release
/p:OutputPath="$tempPath"
/p:VisualStudioVersion="$vsVersion"
/p:PublishSettingsFile="$PublishingSettingsPath"
/p:DeployOnBuild=true
30. Build, Package, and Deploy Web Jobs
• We used PowerShell from .NET + MSBuild
• Hidden background running console
• The Visual Studio version makes the difference (as like as before)
• Because MSBuild path changes
• Then we create a ZIP file with the build output
• And we upload the ZIP toward SCM of the App Service
• https://{appServiceName}.scm.azurewebsites.net/api/zip/site/wwwroot/App
_Data/jobs/{jobType.ToString().ToLower()}/{jobName}/
• Basic Authentication with publishing profile settings credentials