Category: Azure

Use Azure AD Conditional Access to block access by country (Dynamics 365)

In the previous post, we covered conditional access based on the device platform, here we’d look into how we can use the network location to block the access.

We can either use IP ranges or Countries / Regions for defining the location.

Login into the Azure Portal

https://portal.azure.com/

Navigate to Azure Active Directory – Security – Named locations to define the location.


Here we are adding a new countries location record.


For the new location, we have selected India and UAE.


Next click on Conditional Access to define a new policy.


For Users and groups, we have selected a user named testuser1.


For Cloud Apps or actions, we have selected Common Data Service.


For Conditions, we have specified Locations condition with the Restricted Locations record that we had created earlier.


For Access Controls, we have selected Block access.


Enable and create the policy.


Before the policy was enabled, test user1 was able to access Dynamics 365.


After enabling the policy if we try accessing Dynamics 365 from either UAE or India location, we’d get the below message.


Same for the Dynamics 365 for Phones app.


Test user 3 to which policy doesn’t apply can still access Dynamics 365.


Hope it helps..

Using Azure Bot Service to create Bot

Using Microsoft Bot Framework

Azure Bot Service is an integrated environment that allow us to easily register, build, deploy our bots. It provides the required components and hosting environment for creating bots through Bot Builder SDK using either C# or JavaScript and connector service to connect to various channels.

Login to Azure Portal.

https://portal.azure.com

Search for Web App Bot

We have selected Basic Bot template.

After the Bot Web App is created, we have the option to either Download Bot Source Code to keep developing using Visual Studio or we can open it in online code editor.

Online Code Editor allows to update the source code within the App Service Editor

As the basic bot app template uses the Language Understanding Intelligent Services, we can log on to the Luis

https://www.luis.ai/welcome

There we can see the app.

With all the corresponding Intents, Entities and Utterances.

To test the bot either we can either download the emulator for testing locally or can test online using Web Chat.

Select Test in Web Chat

After we have tested it, next we add channel to our Bot, here we will add Skype.

Below are some of the configuration that can be applied for Skype.

Messaging gives the option of enabling the messaging, Calling let us to enable calling, groups allows us to add the bot to groups and Publish option allows to publish the bot and also submit it for review if it to be used by more than 100 contacts as shown below.

Clicking on Save publishes the bot and we can see the Skype added as one of the channels.

Click on Skype icon to add it to skype.

Add to contacts will add it to Skype and can start our conversation.

Hope it helps..

Changing the target runtime version of Azure Functions

Azure Functions 2.x runtime is based on .NET Core 2 from .NET Framework 4.7 in 1.x. So, any application migrating from 1.x to 2.x needs to make sure that they are using and referring the compatible code and libraries.

We can also update our Azure Functions to target the appropriate runtime using the below steps à

Inside Azure Portal, select the Function App, click on Application Settings within Platform Features tab.

We can specify the version number for the APP SETTING NAME – FUNCTIONS_EXTENSION_VERSION

~ tilde à indicates that the latest version of that major version.

Get all the details here

https://docs.microsoft.com/en-us/azure/azure-functions/functions-versions

Hope it helps..

Publish as Azure Web Job Option missing in Visual Studio 2017

While trying to publish one of our console application to Azure as Web Job we couldn’t find the “Publish as Azure WebJob..” option

It was because Azure development tools were recently uninstalled from the system.

To install it, go to Windows à Program and Features à Select Visual Studio 2017 and click on Modify.

And select Azure Development for installation

Select Azure Cloud Services tool.

After installation it will ask for restart.

After restart we’d see the option added in our Visual Studio.

Hope it helps.

You are not authorized or do not have any subscriptions associated error while trying to access Kudo Sites in Azure

Today for one of our Azure WebJobs when we tried checking its log, we got the below error à

Seemed strange as being the Contributer of that Resource Group, I had access to all other functionality within that resource group.

After much struggle, in one of threads there was a suggestion to try in a different browser or in private browsing mode. And luckily that worked.

Out of all responses, this one makes the most sense for this issue

https://github.com/Azure/azure-functions-ux/issues/2244

Hope it helps..

Stop an Azure Web Job using WEBJOBS_STOPPED and WEBJOBS_DISABLE_SCHEDULE configuration settings

We had one triggered web job running every 5 minutes that would pull the data from SQL On Prem DB and create lead records in CRM.

During testing we wanted to stop the running web job.

To do go to Application Settings for the App Service. Add WEBJOB_STOPPED and WEBJOBS_DISABLE_SCHEDULE setting with value 1.


We’d see our web job stop running.



Another option is to kill the process itself

Open à

https://[appname].scm.azurewebsites.net/ProcessExplorer


Get all the details here


https://github.com/projectkudu/kudu/wiki/WebJobs

Hope it helps..


Update Schedule of existing Azure WebJobs (triggered)

Suppose we have following WebJob deployed in Azure of type Triggered.

And now we want to update its schedule.

To do so,

Open the App Service Editor

Update the CRON expression in settings.job (in case of scheduled web job), if the file is not there we can create and add it.

This makes the Webjob to run every 1 minute.

Back in our Webjob we can see the schedule updated.

Inside the logs à

More details –

https://github.com/projectkudu/kudu/wiki/WebJobs#scheduling-a-triggered-webjob

Hope it helps..

.

Using log4net with Azure WebJobs

To get started, let us create a C# Console Application and add the NuGet Package for log4net.

Update the App.Config with log4net configuration.

The most important part here is value of file.

The D:\Home\LogFiles is the path where our WebJob can write to.

https://docs.microsoft.com/en-us/azure/app-service/web-sites-enable-diagnostic-log#download

Inside our program.cs initialize the log4net.


Publish the WebJob to Azure.

Open the Kudo, we can see the Folder created

And our log file

Get all the details here

https://blogs.msdn.microsoft.com/benjaminperkins/2017/09/27/how-to-configure-log4net-on-azure-app-service/

Hope it helps..

Using Azure Hybrid Connections to connect to SQL On-Prem Database from Azure WebJob.

Updated = 23rd September 2018.

  • Hybrid Connections allows Azure Web Sites and Services to securely connect to the on-premises resources hosted within the corporate network, without requiring any change to firewall or network.

Hybrid

Prerequisites: –

  • Azure Subscription
  • TCP/IP protocol needs to be enabled.
  • SQL Authentication (1433 Default Port for Default Instance)
  • Windows Server 2008 or later and outbound internet connection and can talk with LOB application – SQL Database.

 

  • Multiple Hybrid Connection Manager can be installed in separate server that can do the load balancing.
  • Hybrid connection implements Transport Layer Security between the cloud and the on-premise endpoint for data encryption.
  • Hybrid Connection Uses Shared Access Signature for securing the End Points.

 

Here we’d take a simple example of creating an Azure WebJob that will connect to the SQL On-Prem Database.

To start with, create a console application that connects to SQL On-Prem Database and pulls information from a table inside it.

Publish it as Azure WebJob.

Click on Publish to publish the WebJob.

Back in Azure Portal, we’d see our WebJob. Click on Run to start the WebJob. And click on Logs.

As expected we’d get the SQL Exception as Web Job will not be able to connect to the On-Prem Database.

Now let us configure Hybrid Connection to get the WebJob up and running properly. Inside the App Service select Networking and click on Configure your hybrid connection endpoints.

Click on Add hybrid Connection.

Here Endpoint Host will be the name of our OnPrem Machine\Server, Endpoint Port will be the Port for the SQL Server (1433 for the default instance).

Next step is to install and configure Hybrid Connection Manager.

Once installed, open the Hybrid connection manager and click on Add a new Hybrid Connection

Log in with the Azure Subscription Credentials and select the Hybrid Connection created there.

If everything is correct, it should show the status as connected.

*I had to restart the Azure Hybrid Connection Manager Service after adding the connection for the Azure status to show as connected

Now back in our WebJob, let us click on Run.

In logs,

we’d see the data successful fetched from our SQL On-Prem DB.

In case of named instance of SQL, we need to create a new hybrid connection with the specific TCP Port used by that named instance.

To find the port used by the named instance, open SQL Server Configuration Manager, select the named instance of SQL and copy the value of TCP Dynamic Ports.

This is how our Hybrid Connection string will look like

The other important point to remember is that the connection string used should also specify the port.

Hope it helps..

Using Azure SQL Data Sync to Sync On-Premise and SQL Azure Database

Suppose we have an Azure SQL DB named MyDB which we would like to sync with an On-Prem DB.

Here we’d be using Azure SQL Data Sync. The sync can be bi-directional, one way from Azure to On-Prem and On-Prem to Azure or Azure to Azure DB(s) as well.

In Azure Portal, select the Azure SQL DB and select Sync to other databases and click on Click on New Sync Group.

Specify values for the Data Sync Group.

We have selected existing database MyDB, selected Automatic Sync – On. The Sync frequency can be defined in seconds, minutes, hours and days – It needs to be between 5 minutes to 30 days.

Conflict Resolution can be Member Win or Hub Win. Hub here specifies the Azure SQL DB that we have selected here.

Next click on Add On-Premise database to specify the database to which we want to sync.

Here we need to specify the Data Client Sync Agent, which requires downloading and configuring the Sync Agent first.

Before installing the Data Sync Agent we need to install the following prerequisites

Make sure to download the X86 one.

Run the Data Sync Agent installer, specify the Account that can connect to the On Prem DB and finish the installation.

Back in Azure inside Sync group, click on Create and generate a key and copy the key.

Run the Data Sync Agent and click on Submit Agent Key and specify Agent key along with the credentials to access the Azure SQL DB.

Next click on Register button to register the On-Prem DB as shown below.

Once registered we can select the On-Prem SQL DB registered along with the Sync Directions.

As the last step, select Configure Sync Group and select the Hub Database and the table and column that we want to sync along any of the table of On-Prem DB.

The corresponding tables will be created in the database. For e.g. if we have selected Person table in our Hub Azure SQL Database, it will be created in the our On-Premise Database.

This completes the configuration.

We’d see the Sync running every 5 minutes as we had configured. Update\Insert any data on Azure SQL DB or On-Prem SQL DB, we’d see the same reflecting back in other DB in case of Bi-Directional Sync.

Summary:-

More details here

https://www.youtube.com/watch?v=Kw94bP2WKWY&t=612s

Hope it helps..