In Windows Virtual Desktop (ARM version), applications are part of application groups, which in turn get nested under Workspaces.
In an ‘Infra As Code’ world these should be deployed through ARM templates (or Az Cli/Ps scripts). I had a long wrestle with ARM today getting applications assigned to workspaces ONLY if they weren’t already assigned.
Azure throws a friendly 400 error if you try to add an app that already exists, and interestingly, the ARM ‘contains’ function fails to properly evaluate WVD Workspace members when in a nested template.
So, I had to resort to some trickery by converting it to a string. For anyone else wanting to incrementally attach application groups to workspaces, feel free to copy/clone my template 🙂
For an Azure Managed Application Marketplace scenario, I needed to get information about the user logon domains and the company name of any tenants that purchased our Managed Application through the Azure Marketplace.
Azure Marketplace only has a CRM and a CRUD connection, these don’t send more than some basic name/email/company name and subscription ID’s, and thus the CRM and CRUD operations are hard to match up against one another and to really know who you’re dealing with.
With the following PS snippets, you can get all information from all tenants that have a link with you through Azure Lighthouse / Azure Marketplace:
The ‘tenantCategory’ property will have a value of Home if you have an active account in that tenant (as a guest user for example). If lighthouse / CSP is the only authorization, it will say “ProjectedBy”. Both is also possible (tenantCategory is not a json array though, it is ‘seperated’ by a comma).
For a customer use case in an Azure Marketplace Managed Application scenario, I needed the ability to translate the (customers’) Azure Subscription ID (which is known to the publishing tenant) to a tenant ID. Using Get-AzSubscription, Lighthouse subscriptions don’t show the true tenant ID of the other tenant, but only show your own tenant ID.
The following PS function can retrieve the tenant ID for you (without authentication):
When deploying a Static Website to Azure storage with CDN, the CDN endpoint requires the static website hostname. MS docs don’t show how to retrieve this data (other than clicking in the portal). Playing around with Fiddler, I noticed a call to management.azure.com when enabling a static site manually and tried to reproduce this with the Reference function in ARM, which returned the full static website endpoint url including the zone identifier:
Sadly, ‘Reference’ is not available for use in other functions, such as Concat, so you’ll have to pass this as output from the storage template to your CDN template instead of combining both into a single template.
This brings us one step closer to a full ARM deployment of a static website, only actually enabling the static website feature on the storage account still requires using PS or Az Cli. But we’re in luck, running PowerShell in DevOps is easy 🙂
Here’s two ARM templates to showcase the Storage Account + CDN:
Since I had to spend a few hours figuring this out, and all examples/docs are wrong, here’s an example of how to use Python in an Azure Function to connect to an Azure PaaS database without credentials by utilizing the managed identity of the azure function app.