Partner Smart Office Versions Save

An open source toolkit empowering partners understand their customer’s security posture.

0.6.0

5 years ago

As of this release, we are introducing a code freeze. This means no new configurations or features will be added until after version 1.0 has been released. This code freeze will allow us to focus on addressing issues and simplifying the deployment. If there is a new feature you would like to see added please log a request using the issue tracker, and we will prioritize it accordingly for a future release.

The following enhancements were made with this release

  • Added logic to the ProcessEnvironments function to write a warning to the console if no environments have been created.
  • Modified the authentication configuration for the portal to utilize Azure AD app roles over Azure AD directory roles. This change will make it easier for organizations that are using separate Azure AD tenants for authentication to deploy the solution.

The following issues were addressed with this release

  • Deployment may fail with error an stating the key vault name is invalid. Pull request #24 introduced the solution for this issue.

This update will require an Azure AD application role be defined and assigned to users that will be managing environments using the portal. Users who are not assigned to this role will receive an access denied error when attempting to access the portal. If you have an existing Azure AD application that you would like to use for the portal then it is recommended that you run the following PowerShell script to create the application role

Connect-AzureAD

$adminAppRole = [Microsoft.Open.AzureAD.Model.AppRole]@{
    AllowedMemberTypes = @("User");
    Description = "Administrative users the have the ability to perform all Smart Office operations.";
    DisplayName = "Smart Office Admins";
    IsEnabled = $true;
    Id = New-Guid;
    Value = "SmartOfficeAdmins";
}

# Note the following value can be found in the Azure management portal. Also, it should be a GUID with no trailing spaces.
$appId = Read-Host -Prompt "What is the application identifier for the application you would like to configure?"
$app = Get-AzureADApplication -Filter "AppId eq '$($appId)'"

Set-AzureADApplication -ObjectId $app.ObjectId -AppRoles @($appRoles)

If you need information on how to assign users to Azure AD application roles please refer to How to assign users and groups to an application. Please see the wiki for more information on to deploy this solution and create new environments using the portal.

0.0.3

6 years ago
  • Added the ability to seed audit logs for CSP environments that are new to this platform.
  • Added the ability to seed Secure Score information from the past 30 days for customers that are new to this platform.
  • Added the ability to track exceptions when processing a customer. If an exception is encountered when processing a customer the entire exception will be written to the ProcessException property of the customer details object.
  • Added the environment identifier to the customer details. If you existing customer details without this property, you will need to delete the LastProcessed property from the environment collection to get the property added to the existing records.
  • Each request to the Partner Center API now includes the MS-CorrelationId, MS-PartnerCenter-ApplicationName, and MS-RequestId header
  • Fixed issue #11
  • Fixed issue #12
  • Fixed issue #13

0.0.2

6 years ago
  • Added the ability to synchronize data from multiple environments. This change makes it possible for partners with more than one Cloud Solution Provider reseller tenant to aggregate data for all customers.
  • Added the ability to synchronize more than 500 resources using the Partner Center API.
  • Added the ability to synchronize CSP subscriptions.
  • Defined processing restrictions
    • Maximum dequeue count is now configured to 3
    • Maximum number of records dequeued is now configured to 10
    • Threshold for the number of messages fetched is now configured to 5

The following breaking changes were made with this release.

With this release environments need to be defined in a collection named Environments. This collection can contain the configuration information for CSP and EA environments. The following is an example of what the configuration should look like for a CSP environment.

{
    "AppEndpoint": {
        "ApplicationId": "INSERT-ID-FOR-THE-AZURE-AD-APP",
        "ApplicationSecretId": "NAME-OF-SECRET-FOR-THE-APP-IN-KEYVAULT",
        "ServiceAddress": "https://graph.microsoft.com",
        "TenantId": "INSERT-THE-TENANT-ID-HERE"
    },
    "EnvironmentType": "CSP",
    "FriendlyName": "INSERT FRIENDLY NAME HERE",
    "id": "INSERT-THE-TENANT-ID-HERE",
    "PartnerCenterEndpoint": {
        "ApplicationId": "INSERT-THE-PC-APP-ID-HERE",
        "ApplicationSecretId": "NAME-OF-SECRET-FOR-THE-APP-IN-KEYVAULT",
        "ServiceAddress": "https://api.partnercenter.microsoft.com",
        "TenantId": "INSERT-THE-TENANT-ID-HERE"
    }
}

The following is an example of what the configuration should look like for an EA environment.

{
    "AppEndpoint": {
        "ApplicationId": "INSERT-ID-FOR-THE-AZURE-AD-APP",
        "ApplicationSecretId": "NAME-OF-SECRET-FOR-THE-APP-IN-KEYVAULT",
        "ServiceAddress": "https://graph.microsoft.com",
        "TenantId": "INSERT-THE-TENANT-ID-HERE"
    },
    "EnvironmentType": "EA",
    "FriendlyName": "INSERT FRIENDLY NAME HERE",
    "id": "INSERT-THE-TENANT-ID-HERE"
}

In a future release there will be a portal to manage environments and review exceptions.