An open source toolkit empowering partners understand their customer’s security posture.
As of this release, we are introducing a code freeze. This means no new configurations or features will be added until after version 1.0 has been released. This code freeze will allow us to focus on addressing issues and simplifying the deployment. If there is a new feature you would like to see added please log a request using the issue tracker, and we will prioritize it accordingly for a future release.
The following enhancements were made with this release
The following issues were addressed with this release
This update will require an Azure AD application role be defined and assigned to users that will be managing environments using the portal. Users who are not assigned to this role will receive an access denied error when attempting to access the portal. If you have an existing Azure AD application that you would like to use for the portal then it is recommended that you run the following PowerShell script to create the application role
Connect-AzureAD
$adminAppRole = [Microsoft.Open.AzureAD.Model.AppRole]@{
AllowedMemberTypes = @("User");
Description = "Administrative users the have the ability to perform all Smart Office operations.";
DisplayName = "Smart Office Admins";
IsEnabled = $true;
Id = New-Guid;
Value = "SmartOfficeAdmins";
}
# Note the following value can be found in the Azure management portal. Also, it should be a GUID with no trailing spaces.
$appId = Read-Host -Prompt "What is the application identifier for the application you would like to configure?"
$app = Get-AzureADApplication -Filter "AppId eq '$($appId)'"
Set-AzureADApplication -ObjectId $app.ObjectId -AppRoles @($appRoles)
If you need information on how to assign users to Azure AD application roles please refer to How to assign users and groups to an application. Please see the wiki for more information on to deploy this solution and create new environments using the portal.
The following breaking changes were made with this release.
With this release environments need to be defined in a collection named Environments. This collection can contain the configuration information for CSP and EA environments. The following is an example of what the configuration should look like for a CSP environment.
{
"AppEndpoint": {
"ApplicationId": "INSERT-ID-FOR-THE-AZURE-AD-APP",
"ApplicationSecretId": "NAME-OF-SECRET-FOR-THE-APP-IN-KEYVAULT",
"ServiceAddress": "https://graph.microsoft.com",
"TenantId": "INSERT-THE-TENANT-ID-HERE"
},
"EnvironmentType": "CSP",
"FriendlyName": "INSERT FRIENDLY NAME HERE",
"id": "INSERT-THE-TENANT-ID-HERE",
"PartnerCenterEndpoint": {
"ApplicationId": "INSERT-THE-PC-APP-ID-HERE",
"ApplicationSecretId": "NAME-OF-SECRET-FOR-THE-APP-IN-KEYVAULT",
"ServiceAddress": "https://api.partnercenter.microsoft.com",
"TenantId": "INSERT-THE-TENANT-ID-HERE"
}
}
The following is an example of what the configuration should look like for an EA environment.
{
"AppEndpoint": {
"ApplicationId": "INSERT-ID-FOR-THE-AZURE-AD-APP",
"ApplicationSecretId": "NAME-OF-SECRET-FOR-THE-APP-IN-KEYVAULT",
"ServiceAddress": "https://graph.microsoft.com",
"TenantId": "INSERT-THE-TENANT-ID-HERE"
},
"EnvironmentType": "EA",
"FriendlyName": "INSERT FRIENDLY NAME HERE",
"id": "INSERT-THE-TENANT-ID-HERE"
}
In a future release there will be a portal to manage environments and review exceptions.