You are on page 1of 12

“Our mission is to empower every person

and every organization on the planet to


achieve more.”

B2C + 1 Refresher
Features

POD Azure Developer Scenarios

© 2018 Microsoft Corporation. All rights reserved. Last modified: April 27, 2018

Microsoft Proprietary and Confidential Information

This training package content is proprietary and confidential, and is intended only for users described in the training materials. Some elements of this document are subject to
change. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

This content and information is provided to you under a Non-Disclosure Agreement and cannot be distributed. Copying or disclosing all or any portion of the content and/or
information included in this package is strictly prohibited. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under
copyright, no part of this document may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly
provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other
intellectual property.

The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any
real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Microsoft and the Microsoft products and services listed are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
B2C + 1 Refresher Features

Table of contents
Usage Reporting APIs ....................................................................................................................................................................... 1
Skip Email Verification ...................................................................................................................................................................... 3
Scenario 1 ....................................................................................................................................................................................... 3
Scenario 2 ....................................................................................................................................................................................... 7
Resources............................................................................................................................................................................................ 10

Microsoft Proprietary and Confidential Information


B2C + 1 Refresher Features

Usage Reporting APIs


Note: No POD Azure Developer Scenarios here

The PowerShell script is based on the Reporting API which itself is based on Azure AD graph. Today it uses
the https://graph.windows.net endpoint.

This endpoint is in public preview and may not get GA.

The direction is to move towards Microsoft Graph from the current Azure AD Graph. So, this feature might
undergo a corresponding change.

Who will support it


In Preview this will be supported by “DS Azure ADSI” team. There are engineers who are supporting Azure
AD Graph and will be supporting this feature in Public Preview.

POD Azure Developer Training


POD Azure Dev engineers need to isolate that it’s a Graph call. To do so they need to look at the request
header. Which could be found in following two ways:

1. Look at the actual code, look for the actual request being formed and look at the Header parameter
being passed. Example below:

Invoke-WebRequest -Headers $headerParams -Uri

https://graph.windows.net/$tenantdomain/reports/tenantUserCount?api-version=beta

2. If the application source code is not available, then look at HTTP trace taken from a browser or fiddler.

Microsoft Proprietary and Confidential Information 1


B2C + 1 Refresher Features

GET
https://graph.windows.net/contosob2c.onmicrosoft.com/reports/tenantUserCount?api-
version=beta

Note: Subsequently, the POD Azure Developer engineer moves the case to the “DS Azure
ADSI” team.

Microsoft Proprietary and Confidential Information 2


B2C + 1 Refresher Features

Skip Email Verification


Note: No developer troubleshooting scenarios. This is a change to the Policies on the Azure
AD B2C. So, if it fails or doesn’t work, Azure Identity team will need to troubleshoot.

POD Azure Developer Training


Scenario 1
Customer reports she doesn’t see her application asking for email verification code anymore in the Sign-
up or combined Sign-up/Sign-In experience.

a. First thing Dev engineer needs to do is find the tenant being used either by asking the customer
or looking at the below configuration file of the actual application. The B2C tenant will have a
name like “xyz.onmicrosoft.com” in the web.config of the application code. Also, make a note of
the “SignUpPolicyId” value.
Image 1

b. Request customer to log-in to Azure Ibiza portal http://portal.azure.com , ask him to change the
scope to that Azure AD Tenant.

Microsoft Proprietary and Confidential Information 3


B2C + 1 Refresher Features

Image 2

c. Once the context of the portal is switched to the concerned Tenant, navigate to the actual Azure
AD B2C tenant. On the left-hand pane select “More Services” > Search for “Azure AD B2C”.

Microsoft Proprietary and Confidential Information 4


B2C + 1 Refresher Features

Image 3

d. Check the “Sign-up policies” & “Sign-up or sign-in policies”


Image 4

Microsoft Proprietary and Confidential Information 5


B2C + 1 Refresher Features

Below are the steps to traverse the “Sign-up policies” but the steps remain the same for “Sign-up or sign-
in policies”. Select the policy name that we had seen in the web.config file (refer Image-1) for the
application and follow the order of clicks as shown.
Image 5

Image 6

e. Clicking the “Local account sign-up page”, opens the below customization page.

Microsoft Proprietary and Confidential Information 6


B2C + 1 Refresher Features

So, the “Require verification” is set to NO, that’s the reason the application doesn’t require email
verification.

If they want to get verification code they would have to flip it back to Yes.

Scenario 2
Customer reports that he enabled “Skip Email Verification” for one application but it seems other
applications got affected as well OR If I change the “SiUp” policy of one application it is changing the
“SiUp” policy of other applications in the same tenant.

a. Change the “SiUp” policy for application “My AAD B2C”

Microsoft Proprietary and Confidential Information 7


B2C + 1 Refresher Features

b. The Policy updates successfully. Ibiza give a success notification.

c. Check the policy setting for application “b2ctestapp”, which I didn’t change. But this also will get
changed.

Microsoft Proprietary and Confidential Information 8


B2C + 1 Refresher Features

Note:
The reason is that a single Policy can be shared by multiple applications.
While the UI on the Portal might seeming suggest the Policies and Applications are linked, the
Policies are global for the Tenant. The above behavior is intended as per design.
Customer will need to create a separate “Sign Up” policy and use that in the applications they
want a different behavior.
We allow customers who might want an email verification for application 1 but not for
application 2, both applications residing in the same tenant.

Microsoft Proprietary and Confidential Information 9


B2C + 1 Refresher Features

Resources
Resource Lookup Note:
 Usage reporting API: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-
directory-b2c-reference-usage-reporting-api
 Skip email verification: https://docs.microsoft.com/en-us/azure/active-directory-
b2c/active-directory-b2c-reference-disable-ev

Microsoft Proprietary and Confidential Information 10