microsoftgraph · yshah26 · Apr 11, 2023 · Apr 17, 2023 · Apr 18, 2023 · Apr 21, 2023
diff --git a/ARMTemplates/MGDC Extraction Pre Reqs/azuredeploy.json b/ARMTemplates/MGDC Extraction Pre Reqs/azuredeploy.json
@@ -3,30 +3,22 @@
     "contentVersion": "1.0.0.0",
     "parameters": {
         "AppId": {
-            "type": "string",
+            "type": "String",
             "metadata": {
                 "description": "The id of the Azure AD Application that has access to the destination Azure Storage Account."
             }
         },
         "AppSecret": {
-            "type": "securestring",
+            "type": "SecureString",
             "metadata": {
                 "description": "The secret for the Azure AD Application that has access to the destination Azure Storage Account."
             }
-        },
-        "SQLAdminPassword": {
-            "type": "securestring",
-            "metadata": {
-                "description": "The password used for the azureuser SQL Server admin."
-            }
         }
     },
     "variables": {
-        "destinationAdlsAccountName": "[concat('astore', uniqueString(resourceGroup().id))]",
+        "destinationAdlsAccountName": "[concat('onastore', uniqueString(resourceGroup().id))]",
         "synapseStorageExternalId": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/',resourceGroup().name,'/providers/Microsoft.Storage/storageAccounts/')]",
-        "storageAccountName": "[concat('mgdcsynapse', uniqueString(resourceGroup().id))]",
-        "WorkspaceName": "[concat('mgdcwsp', uniqueString(resourceGroup().id))]",
-        "sqlServer_name": "[concat('mysqlserver', uniqueString(resourceGroup().id))]"
+        "WorkspaceName": "[concat('onasynapse', uniqueString(resourceGroup().id))]"
     },
     "resources": [
         {
@@ -39,12 +31,12 @@
                 "forceUpdateTag": "1",
                 "azPowerShellVersion": "3.0",
                 "environmentVariables": [
-                {
-                    "name":"AppSecret",
-                    "secureValue": "[parameters('AppSecret')]"
-                }
+                    {
+                        "name": "AppSecret",
+                        "secureValue": "[parameters('AppSecret')]"
+                    }
                 ],
-                "arguments": "[format(' -AppID {0} -TenantId {1} -AppToGet {2}', parameters('AppId'), subscription().tenantId, parameters('AppId'))]",
+                "arguments": "[format(' -AppID {0} -TenantId {1} -AppToGet {2} -ServicePrincipalName {3}', parameters('AppId'), subscription().tenantId, parameters('AppId'), variables('WorkspaceName'))]",
                 "primaryScriptUri": "https://raw.githubusercontent.com/microsoftgraph/dataconnect-solutions/main/ARMTemplates/SupportScripts/GetServicePricipalId.ps1",
                 "timeout": "PT30M",
                 "cleanupPreference": "OnSuccess",
@@ -113,7 +105,21 @@
         {
             "type": "Microsoft.Storage/storageAccounts/blobServices/containers",
             "apiVersion": "2021-01-01",
-            "name": "[concat(variables('destinationAdlsAccountName'), '/default/datasets')]",
+            "name": "[concat(variables('destinationAdlsAccountName'), '/default/mgdc')]",
+            "dependsOn": [
+                "[resourceId('Microsoft.Storage/storageAccounts/blobServices', variables('destinationAdlsAccountName'), 'default')]",
+                "[resourceId('Microsoft.Storage/storageAccounts', variables('destinationAdlsAccountName'))]"
+            ],
+            "properties": {
+                "defaultEncryptionScope": "$account-encryption-key",
+                "denyEncryptionScopeOverride": false,
+                "publicAccess": "Container"
+            }
+        },
+        {
+            "type": "Microsoft.Storage/storageAccounts/blobServices/containers",
+            "apiVersion": "2021-01-01",
+            "name": "[concat(variables('destinationAdlsAccountName'), '/default/output')]",
             "dependsOn": [
                 "[resourceId('Microsoft.Storage/storageAccounts/blobServices', variables('destinationAdlsAccountName'), 'default')]",
                 "[resourceId('Microsoft.Storage/storageAccounts', variables('destinationAdlsAccountName'))]"
@@ -127,11 +133,12 @@
         {
             "type": "Microsoft.Storage/storageAccounts/providers/roleAssignments",
             "apiVersion": "2018-07-01",
+            "name": "[concat(variables('destinationAdlsAccountName'),'/Microsoft.Authorization/',guid(subscription().id, deployment().name))]",
             "dependsOn": [
-                "[resourceId('Microsoft.Storage/storageAccounts/blobServices/containers', variables('destinationAdlsAccountName'), 'default', 'datasets')]",
+                "[resourceId('Microsoft.Storage/storageAccounts/blobServices/containers', variables('destinationAdlsAccountName'), 'default', 'mgdc')]",
+                "[resourceId('Microsoft.Storage/storageAccounts/blobServices/containers', variables('destinationAdlsAccountName'), 'default', 'output')]",
                 "[resourceId('Microsoft.Resources/deploymentScripts','ApplicationScript')]"
             ],
-            "name": "[concat(variables('destinationAdlsAccountName'),'/Microsoft.Authorization/',guid(subscription().id, deployment().name))]",
             "properties": {
                 "roleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
                 "principalId": "[reference('ApplicationScript').outputs.PrincipalId]"
@@ -140,101 +147,41 @@
         {
             "type": "Microsoft.Storage/storageAccounts/blobServices/containers/providers/roleAssignments",
             "apiVersion": "2018-07-01",
+            "name": "[concat(variables('destinationAdlsAccountName'), '/default/mgdc/Microsoft.Authorization/', guid(subscription().id, resourceGroup().id))]",
             "dependsOn": [
-                "[resourceId('Microsoft.Storage/storageAccounts/blobServices/containers', variables('destinationAdlsAccountName'), 'default', 'datasets')]"
+                "[resourceId('Microsoft.Storage/storageAccounts/blobServices/containers', variables('destinationAdlsAccountName'), 'default', 'mgdc')]",
+                "[resourceId('Microsoft.Storage/storageAccounts/blobServices/containers', variables('destinationAdlsAccountName'), 'default', 'output')]"
             ],
-            "name": "[concat(variables('destinationAdlsAccountName'), '/default/datasets/Microsoft.Authorization/', guid(subscription().id, resourceGroup().id))]",
             "properties": {
                 "roleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')]",
                 "principalId": "[reference('ApplicationScript').outputs.PrincipalId]"
             }
         },
-        {
-            "type": "Microsoft.Storage/storageAccounts",
-            "apiVersion": "2021-06-01",
-            "name": "[variables('storageAccountName')]",
-            "location": "[resourceGroup().location]",
-            "sku": {
-                "name": "Standard_RAGRS",
-                "tier": "Standard"
-            },
-            "kind": "StorageV2",
-            "properties": {
-                "minimumTlsVersion": "TLS1_2",
-                "allowBlobPublicAccess": true,
-                "isHnsEnabled": true,
-                "networkAcls": {
-                    "bypass": "AzureServices",
-                    "virtualNetworkRules": [],
-                    "ipRules": [],
-                    "defaultAction": "Allow"
-                },
-                "supportsHttpsTrafficOnly": true,
-                "encryption": {
-                    "services": {
-                        "file": {
-                            "keyType": "Account",
-                            "enabled": true
-                        },
-                        "blob": {
-                            "keyType": "Account",
-                            "enabled": true
-                        }
-                    },
-                    "keySource": "Microsoft.Storage"
-                },
-                "accessTier": "Hot"
-            }
-        },
-        {
-            "type": "Microsoft.Storage/storageAccounts/blobServices",
-            "apiVersion": "2021-06-01",
-            "name": "[concat(variables('storageAccountName'), '/default')]",
-            "dependsOn": [
-                "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
-            ],
-            "sku": {
-                "name": "Standard_RAGRS",
-                "tier": "Standard"
-            },
-            "properties": {
-                "cors": {
-                    "corsRules": []
-                },
-                "deleteRetentionPolicy": {
-                    "enabled": false
-                }
-            }
-        },
         {
             "type": "Microsoft.Synapse/workspaces",
             "apiVersion": "2021-06-01",
             "name": "[variables('WorkspaceName')]",
             "location": "[resourceGroup().location]",
+            "dependsOn": [
+                "[resourceId('Microsoft.Storage/storageAccounts/blobServices', variables('destinationAdlsAccountName'), 'default')]"
+            ],
             "identity": {
                 "type": "SystemAssigned"
             },
             "properties": {
                 "defaultDataLakeStorage": {
-                    "resourceId": "[concat(variables('synapseStorageExternalId'), variables('storageAccountName'))]",
-                    "accountUrl": "[concat('https://', variables('storageAccountName'), '.dfs.core.windows.net')]",
+                    "resourceId": "[concat(variables('synapseStorageExternalId'), variables('destinationAdlsAccountName'))]",
+                    "accountUrl": "[concat('https://', variables('destinationAdlsAccountName'), '.dfs.core.windows.net')]",
                     "filesystem": "[concat(variables('WorkspaceName'), 'fs')]"
                 },
                 "encryption": {},
                 "connectivityEndpoints": {
                     "web": "[concat('https://web.azuresynapse.net?workspace=%2fsubscriptions%2f', subscription().subscriptionId,'%2fresourceGroups%2f',resourceGroup().id,'%2fproviders%2fMicrosoft.Synapse%2fworkspaces%2f', variables('WorkspaceName'))]",
-                    "dev": "[concat('https://', variables('WorkspaceName'), '.dev.azuresynapse.net')]",
-                    "sqlOnDemand": "[concat(variables('WorkspaceName'), '-ondemand.sql.azuresynapse.net')]",
-                    "sql": "[concat(variables('WorkspaceName'), '.sql.azuresynapse.net')]"
+                    "dev": "[concat('https://', variables('WorkspaceName'), '.dev.azuresynapse.net')]"
                 },
                 "managedResourceGroupName": "[concat('synapseworkspace-managedrg-', uniqueString(resourceGroup().id))]",
-                "sqlAdministratorLogin": "sqladminuser",
-                "privateEndpointConnections": [],
-                "publicNetworkAccess": "Enabled"
-            },
-            "dependsOn": [
-                "[resourceId('Microsoft.Storage/storageAccounts/blobServices', variables('storageAccountName'), 'default')]"
-            ]
+                "privateEndpointConnections": []
+            }
         },
         {
             "type": "Microsoft.Resources/deploymentScripts",
@@ -246,12 +193,12 @@
                 "forceUpdateTag": "1",
                 "azPowerShellVersion": "3.0",
                 "environmentVariables": [
-                {
-                    "name":"AppSecret",
-                    "secureValue": "[parameters('AppSecret')]"
-                }
+                    {
+                        "name": "AppSecret",
+                        "secureValue": "[parameters('AppSecret')]"
+                    }
                 ],
-                "arguments": "[format(' -AppID {0} -TenantId {1} -ServicePrincipalName {2}', parameters('AppId'), subscription().tenantId, variables('WorkspaceName'))]",
+                "arguments": "[format(' -AppID {0} -TenantId {1} -AppToGet {2} -ServicePrincipalName {3}', parameters('AppId'), subscription().tenantId, parameters('AppId'), variables('WorkspaceName'))]",
                 "primaryScriptUri": "https://raw.githubusercontent.com/microsoftgraph/dataconnect-solutions/main/ARMTemplates/SupportScripts/GetServicePricipalId.ps1",
                 "timeout": "PT30M",
                 "cleanupPreference": "OnSuccess",
@@ -262,12 +209,14 @@
             }
         },
         {
-            "type": "Microsoft.Storage/storageAccounts/blobServices/containers/providers/roleAssignments",
+            "type": "Microsoft.Storage/storageAccounts/providers/roleAssignments",
             "apiVersion": "2018-07-01",
+            "name": "[concat(variables('destinationAdlsAccountName'),'/Microsoft.Authorization/',guid(subscription().id, deployment().name, resourceGroup().id))]",
             "dependsOn": [
-                "[resourceId('Microsoft.Storage/storageAccounts/blobServices/containers', variables('destinationAdlsAccountName'), 'default', 'datasets')]"
+                "[resourceId('Microsoft.Storage/storageAccounts/blobServices/containers', variables('destinationAdlsAccountName'), 'default', 'mgdc')]",
+                "[resourceId('Microsoft.Storage/storageAccounts/blobServices/containers', variables('destinationAdlsAccountName'), 'default', 'output')]",
+                "[resourceId('Microsoft.Resources/deploymentScripts','GrantSynapseAccessToStorage')]"
             ],
-            "name": "[concat(variables('destinationAdlsAccountName'), '/default/datasets/Microsoft.Authorization/', guid(resourceGroup().id, deployment().name))]",
             "properties": {
                 "roleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')]",
                 "principalId": "[reference('GrantSynapseAccessToStorage').outputs.PrincipalId]"
@@ -292,7 +241,7 @@
         {
             "type": "Microsoft.Synapse/workspaces/bigDataPools",
             "apiVersion": "2021-06-01",
-            "name": "[concat(variables('WorkspaceName'), '/MGDCSParkPool')]",
+            "name": "[concat(variables('WorkspaceName'), '/onasynapsepool')]",
             "location": "[resourceGroup().location]",
             "dependsOn": [
                 "[resourceId('Microsoft.Synapse/workspaces', variables('WorkspaceName'))]"
@@ -348,92 +297,6 @@
                 "startIpAddress": "0.0.0.0",
                 "endIpAddress": "255.255.255.255"
             }
-        },
-        {
-            "type": "Microsoft.Sql/servers",
-            "apiVersion": "2021-11-01-preview",
-            "name": "[variables('sqlServer_name')]",
-            "location": "[resourceGroup().location]",
-            "kind": "v12.0",
-            "properties": {
-                "administratorLogin": "azureuser",
-                "administratorLoginPassword": "[parameters('SQLAdminPassword')]",
-                "version": "12.0",
-                "minimalTlsVersion": "1.2",
-                "publicNetworkAccess": "Enabled",
-                "restrictOutboundNetworkAccess": "Disabled"
-            },
-            "resources": [     
-                {
-                    "name": "AllowAllWindowsAzureIps",
-                    "type": "firewallrules",
-                    "location": "[resourceGroup().location]",
-                    "apiVersion": "2020-11-01-preview",
-                    "dependsOn": [
-                      "[resourceId('Microsoft.Sql/servers', variables('sqlServer_name'))]"
-                    ],
-                    "properties": {
-                      "startIpAddress": "0.0.0.0",
-                      "endIpAddress": "0.0.0.0"
-                    }
-                },           
-                {
-                    "type": "administrators",
-                    "apiVersion": "2022-02-01-preview",
-                    "location": "[resourceGroup().location]",
-                    "dependsOn": [
-                        "[resourceId('Microsoft.Sql/servers/', variables('sqlServer_name'))]"
-                    ],
-                    "name": "ActiveDirectory",
-                    "properties": {
-                        "administratorType": "ActiveDirectory",
-                        "login": "[reference('ApplicationScript').outputs.PrincipalId]",
-                        "sid": "[reference('ApplicationScript').outputs.PrincipalId]",
-                        "tenantId": "[subscription().tenantId]"
-                    }
-                }
-            ]
-        },
-        {
-            "type": "Microsoft.Sql/servers/connectionPolicies",
-            "apiVersion": "2021-11-01-preview",
-            "name": "[concat(variables('sqlServer_name'), '/default')]",
-            "location": "[resourceGroup().location]",
-            "dependsOn": [
-                "[resourceId('Microsoft.Sql/servers', variables('sqlServer_name'))]"
-            ],
-            "properties": {
-                "connectionType": "Default"
-            }
-        },
-        {
-            "type": "Microsoft.Sql/servers/databases",
-            "apiVersion": "2021-11-01-preview",
-            "name": "[concat(variables('sqlServer_name'), '/mySampleDatabase')]",
-            "location": "[resourceGroup().location]",
-            "dependsOn": [
-                "[resourceId('Microsoft.Sql/servers', variables('sqlServer_name'))]"
-            ],
-            "sku": {
-                "name": "GP_S_Gen5",
-                "tier": "GeneralPurpose",
-                "family": "Gen5",
-                "capacity": 1
-            },
-            "kind": "v12.0,user,vcore,serverless",
-            "properties": {
-                "collation": "SQL_Latin1_General_CP1_CI_AS",
-                "maxSizeBytes": 34359738368,
-                "catalogCollation": "SQL_Latin1_General_CP1_CI_AS",
-                "zoneRedundant": false,
-                "readScale": "Disabled",
-                "autoPauseDelay": 60,
-                "requestedBackupStorageRedundancy": "Geo",
-                "minCapacity": 0.5,
-                "maintenanceConfigurationId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Maintenance/publicMaintenanceConfigurations/SQL_Default')]",
-                "isLedgerOn": false,
-                "sampleName": "AdventureWorksLT"
-            }
         }
     ]
-}
+}
diff --git a/ARMTemplates/SupportScripts/GetServicePricipalId.ps1 b/ARMTemplates/SupportScripts/GetServicePricipalId.ps1
@@ -32,4 +32,4 @@ elseif (-not [String]::IsNullOrEmpty($ServicePrincipalName))
 {
     $application = Get-MgServicePrincipal -All:$true -Filter "DisplayName eq '$ServicePrincipalName'"
 }
-$DeploymentScriptOutputs['PrincipalId'] = $application.Id
+$DeploymentScriptOutputs['PrincipalId'] = $application.Id