Site icon Daniel's Tech Blog

Using Azure Active Directory in Microsoft Azure Germany for Microsoft Azure Stack

danielstechblog

When you want to use the Azure Active Directory in the national cloud or sovereign cloud Microsoft Azure Germany you have to adjust two files in the Azure Stack TP2 bits.

-> https://azure.microsoft.com/en-us/overview/clouds/germany/

The two files are:

-> X:\CloudDeployment\Configuration\InstallAzureStackPOC.ps1
->X:\CloudDeployment\Common\AzureADConfiguration.psm1

Let us start to adjust the InstallAzureStackPOC.ps1. Jump to line 64 and add in the ValidateSet ‘Azure Germany’.

[Parameter(Mandatory=$false)]
[ValidateSet('Public Azure','Azure - China', 'Azure - US Government', 'Azure Germany')]
[String]
$AzureEnvironment = 'Public Azure',

For the adjustments in the AzureADConfiguration.psm1, we have to call Get-AzureRmEnvironment –Name AzureGermanCloud first.

As you can see we need the yellow marked outputs. In the AzureADConfiugration.psm1 file we have to add at several lines new code. First at line 18 “Azure Germany” = “AzureGermanCloud”.

@{
    "Public Azure"          = "AzureCloud"
    "Azure - China"         = "AzureChinaCloud"
    "Azure - US Government" = "AzureUSGovernment"
    "Azure Germany"         = "AzureGermanCloud"
}

Next stop line 26 to extend the ValidateSet again.

param (
    [Parameter(Mandatory = $true)]
    [ValidateSet("Public Azure", "Azure - China", "Azure - US Government", "Azure Germany")]
    [string] $AzureEnvironment
)

Last but not least we add an elseif statement at line 39 for Azure Germany and here we need the yellow marked URIs.

elseif ($AzureEnvironment -eq "Azure Germany")
{
    return @{
        GraphUri             = "https://graph.cloudapi.de/"
        LoginUri             = "https://login.microsoftonline.de/"
        ManagementServiceUri = "https://management.core.cloudapi.de/"
        ARMUri               = "https://management.microsoftazure.de/"
    }
}

Now we can kickoff the Azure Stack deployment.

.\InstallAzureStackPOC.ps1 –AzureEnvironment 'Azure Germany'

When we are prompted to enter the AAD credentials, it is important to have an AAD tenant in Microsoft Azure Germany.

During the deployment we will see that the AAD applications are showing up in the AAD tenant.

When the deployment is completed, we sign in to the MAS-Con01 to access the Azure Stack portal. Have a look at the address bar, when we sign in the Azure Stack portal.

It is https://login.microsoftonline.de the Active Directory Authority URI for Microsoft Azure Germany.

Enjoy the Azure Stack installation linked to the AAD running in Microsoft Azure Germany.

Exit mobile version