Microsoft Azure Blob Retention Policy

Overview

Azure Blob retention policy management using WebAPI needs the below details to successfully hit an API endpoint and complete and retention policy update/create.

1. Tenant ID

2. Client ID

3. Client secret

4. Access Token

What is Tenant and how to get a Tenant ID in Azure?

Tenant represents your organization and helps you to manage a specific instance of Microsoft cloud services for your internal and external users.

Log in to the Azure portal and navigate to Azure Active Directory and choose the properties on the left side pane. On the right side pane, you will get your account-related information along with a field named Directory ID. Under that field, you will have a text box with an alphanumeric value that can be copied from the text box. This is your Tenant ID. In this case, the Tenant ID is the Directory ID.

If you are doing a new setup and do not have any existing tenant, then follow the below steps to create a new tenant:

1. Login to Azure portal

2. Select Create a resource from the portal.

1. Search & choose Azure Active Directory.

1. Create a directory by providing a name.

1. A Tenant ID is automatically created.

What is client ID and how to create it?

Client ID is nothing but Application ID that uses to associate our application with Azure AD at runtime. To delegate Identity and Access Management functions to Azure AD, an application must be registered with an Azure AD tenant. When we register our application with Azure AD, we are creating an identity configuration for our application that allows it to integrate with Azure AD.

App Registration process

1. Go to your directory and choose App registrations on the left pane and select New registration in the right pane.

1. Register an application by choosing the single-tenant option.

1. Click Register.

2. Once the app is registered, choose Authentication on the left side pane and feed in-app type as a web app and configure the details in the right pane.

1. “MyTestAPP” Application ID from the Azure portal is successfully created.

Add a Client Secret

The client secret, known also as an application password, is a string value your app can use in place of a certificate to identify itself.

1. Select your application in App registrations in the Azure portal.

2. Select Certificates & secrets > New client secret.

1. Add a description for your client secret.

2. Select a duration.

3. Select Add.

4. Copy the Client Secret ID and Value- it's never displayed again after you leave this page. The Key-Value along with the Secret ID is required for sign-in the application.

1. Next, grant storage container access to the app. To do so, go to IAM and “Add role assignment” for the app.

Generate Access Token

To generate the access token, first, you need to get an authorization code. You need to provide all the above-acquired IDs and hit the API endpoint for generating the authorization code.

Example:

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?

client_id=6731de76-14a6-49ae-97bc-6eba6914391e

&response_type=code

&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F

&response_mode=query

&scope=openid%20offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fmail.read

&state=12345

&code_challenge=YTFjNjI1OWYzMzA3MTI4ZDY2Njg5M2RkNmVjNDE5YmEyZGRhOGYyM2IzNjdmZWFhMTQ1ODg3NDcxY2Nl

&code_challenge_method=S256

Request for Access Token

Once you acquired an authorization code and have been granted permission by the user, you can redeem the code for an access token to the desired resource. Do this by sending a POST request to the token endpoint.

For more information please visit the below link and go through the documentation provided by Microsoft. https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app