setting up Azure active directory found in a different office 365 tenant account and azure storage

0
votes

I am trying to setup PnP Partner pack on azure following this youtube video. As my trial azure storage subscription has expired, I am trying to use Azure storage of my company, but their Azure account is not connected to an office 365 tenant. So, I created a trial office 365 account and now I am trying to connect office 365 to Azure storage.

These are not under the same account. Can someone help me set this up?

Edit 1 suppose you have Azure Tenant called [email protected]. This account is not coupled to an office 365 tenant. It, however, has a valid storage subscription.

So, I deploy my app in the app service in my Azure tenant. This app has to communicate with SharePoint online. But as this azure tenant does not have an office 365 tenant coupled to it, I thought of creating a trial office 365 tenant, for example: [email protected]. Now, the question is, how can I configure Azure tenant (storage) to communicate with office 365, that is another tenant account?

Edit 2

OK, I have deployed PnP Partner Pack to my company's azure storage account. How does it work. The application is an MVC application. Before I deploy it I have to do the following:

  1. Create a storage account
  2. Create a web app in this storage account
  3. Register the web app in AAD
  4. Assign the following permissions to the web app: SharePOint, Graph
  5. Insert the application ID and secret key in the web config of the solution
  6. Assign URL that needs to access the sharepoint Site collection online inside web.config
  7. Deploy the solution to Azure Web Application

Once it is deployed then I can open the web application which now has access to SharePoint online.

The problem? As long as the Office 365 and Azure Tenant account are the same there is no problem. But now that I don't have anymore the same account for Azure Tenant and office 365, I cannot access sharepoint from my Azure web application. I don't know how to set up the application registration in Azure AD so that it can access sharepoint in another office 365 tenant.

Eg.: Azure Tenant name "[email protected]" needs to access SharePoint, Graph and AAD in office 365 which has the following tenant account "[email protected]".

How can I set it up so from my web application in Azure Web application "[email protected]") I can access the following SharePoint, Graph and AAD in another office 365 tenant account ("[email protected]")?

Edit 3

Web app that lives in Azure "[email protected]" account needs to access users (AAD), SharePoint and Graph of the other office 365 account, i.e: "[email protected]".

Hope it is clear.

2
azureoffice365azure-active-directoryazure-storage
You could refer this article. And this video.Janley Zhang
thanks Janley! I am going through the article and I will try the setup immediately.Burre Ifort
I'm not very clear about your question. Each Azure Account is a AAD account which also associated to Office365 account. It means that you can login Office 365 with that AAD account. If you want to use your company's subscription, you need to be assigned a access role you by RBAC.Wayne Yang
Do you mean that there is no subscription in your company AAD tenant ? or Your account is not in the your company AAD tenant ?Wayne Yang
Ok, I will try to explain it better. I want to deploy my app on azure storage. The account that I am using for Azure tenant belongs to my company, but this account does not have an office 365 tenant associated to it. So, I thought to create a trial office 365 tenant and then I can associate that with the Azure tenant. I need office 365 as I am using SharePoint in my app. Perhaps there is a better way, but at this moment I am following the example that Janley posted.Burre Ifort

2 Answers

0
votes

but this account does not have an office 365 tenant associated to it.

You could refer this article.

But what if my subscription has already been created with a Microsoft account not associated with new Office 365 directory, or has an organizational account associated with another Office 365 directory that I want to associate with this Office 365 directory?

In this walkthrough, we will:

And you know the trial version has time and function limits. For further development, I suggest you could buy an office 365 account to test more features.

-1
votes

Updated answer:

Well, You finally make clear about your scenario.

First, if your subscription trail is expired, you shouldn't use it to run anything in that subscription any more. You'd better contact Azure support to move resources to another new subscription or backup your data to your local machine.

Second, About how to access APIs in other AAD tenant:

If your subscription is not expired, you can achieve that. Actually,there's noting about where your MVC application is. It can be in any tenant, but not with a expired subscription. The only difference is AAD tenant is changed.

It should use client credentials flow. And what you need to change is :

  1. Register AAD application in your company AD tenant
  2. change the AAD endpoint in your web.config to https://login.microsoftonline.com/somecompany.onmicrosoft.com/oauth2/v2.0/token

Then you can use the token and access to the resources. Completing these configuration may need Global admin permissions to do admin consent, so you'd better be the admin of your company tenant.

I'm not 100% sure this whether can be configured in your web.config file. There is a document may be helpful to you to understand this authentication flow.

Hope this helps!