In May, AIS held an internal hackathon for Microsoft Power Platform to expose our team to the platform, concepts, approaches through hands-on experience and to demonstrate the role Power Platform plays in modernizing legacy applications in the cloud.

The integration team focused on leveraging existing Power Platform connectors to add new functionality to the system. For example, the system sends the order confirmation email to the user using the Office Outlook connector in the Power Automate Flow. Similarly, it sends text messages to users through the Twilio Connector. The team also leveraged SQL Server Connector for data sync so that the legacy reporting systems remained unaffected.

The model-driven app and Power Apps portal needed to communicate with external systems to achieve the complete end-to-end solution for the E-shop web application. This includes an Outlook Exchange server to send emails, a third-party SMS provider for sending SMS messages, and a custom Web API to communicate with a legacy SQL database.

Introduction

Power Platform connectors leverage a pre-built set of actions and triggers to integrate model-driven apps or the Power Apps portal and external systems. Connectors are used with Microsoft Power Automate, Power Apps, and Azure Logic Apps. With these pre-built connectors, we can achieve complex integrations without building a Web API or setting up an SMTP server. As it is named ‘Work Less, Do More’, it replaces the work which might take many days or months to few hours.

Architecture and Flowchart Design

PowerApps Flowchart

Technical Approach

Several pre-built connectors are identified and used for the use case scenarios listed below.

  1. On order confirmation, send an email to the user.
    Approach: Utilize the out-of-the-box Office 365 Outlook connector in Power Automate to connect to Microsoft Exchange for authentication with the provided user connection and send email to the registered user on the customer portal.
  2. On order confirmation, send an SMS message to the user.
    Approach: Register a new Twilio account to initialize the Twilio connector in Power Automate and send the SMS message to the user mobile number captured in the Microsoft Dataverse database.
  3. On update of order, update the legacy SQL database.
    Approach: Create a new Power Automate flow with the SQL Server connector to communicate with the target SQL Server and make updates as required.

Lessons Learned and Next Steps

  1. We can quickly build secure apps within a few minutes to a few hours using connectors.
  2. Innovate and Improve Business, as these connectors are easily customizable, and end-users can easily change or create the content for Email or SMS templates.
  3. Implemented an actual ‘No Code or Low Code’ application.

Thank you to the Integration Team for sharing their experience

  • Kranthi Kiran (team lead)
  • Varalika Bishnoi
  • Sravan Kumar
  • Pavan Bandi

Recommended Content

In May, AIS held an internal hackathon for Microsoft Power Platform to expose our team to the platform, concepts, approaches through hands-on experience and to demonstrate the role Power Platform plays in modernizing legacy applications in the cloud.

The DevOps team automated the portal deployment process using Power DevOps Tools and deployed the solution across three environments (dev, test, prod). Since Microsoft Power Platform does not support source control and versioning, the team used Azure DevOps as the solution repository and version control.

Introduction

When building apps on Microsoft Power Platform, use Microsoft Power Platform Build Tools to automate common build and deployment tasks. These tasks include:

  • Synchronization of solution metadata (also known as solutions) that contains the various platform components like model-driven apps, connectors, and virtual agents.
  • Generating build artifacts
  • Deploying to downstream environments
  • Provisioning or de-provisioning environments
  • Checking solutions to identify problematic patterns

Our Purpose

We can easily create compelling apps, and automation flows using Microsoft Power Platform. But, regardless of platform technology – how do you package and deploy the solution between various environments? Usually, at least three are for development, one for testing, and one for production. Power Platform is no exception: you should have separate development (dev), test, and production (prod) environments for your solution. So, let’s look at how to automate the deployment of Power Platform solutions from one environment to another.

Architecture Flowchart Diagram

DevOps Architecture Flowchart

Technical Approach

Problem:

The following picture shows the manual and repetitive steps required to deploy the Power Platform solution from one environment to another. Manual tasks are prone to errors, and actions are missed or incorrectly executed. This can lead to defects and inconsistency across environments.

Power Platform Technical Approach

Approach

Azure DevOps and Power Platform Build Tools help automate manual tasks and minimize issues to make the team more efficient. Once there is automation, releases become more consistent and predictable, and requirements move more quickly between environments. This gives the team more confidence plus the ability to release more frequently.

Automate Build and Deploy Solutions
Microsoft Power Platform Build Tools tasks are used along with any other available Azure DevOps tasks to compose, build and release pipelines. Pipelines that teams commonly put in place include Initiate, Export from Dev, Build, and Release.

  • In our application, we used three environments (dev, test, prod). We exported the solution from dev and source controlled to git.
  • Packed the solution from source control and deployed it to test.
  • Exported the managed solution from test and imported it into prod.

Automate Portal Deployment
Portal development involves several configurations and customizations to achieve the desired experience for portal end-users. After the development and configuration of a portal instance are complete, it is deployed in other environments like test and prod. Creating a manual backup of your portal configuration and importing it to different environments is a very time-consuming process. The portal deployment process can be easily automated by installing Power DevOps Tools, an additional toolset available in the Azure Marketplace.

Lessons Learned & Next Steps

  • With the help of Power Platform build tools, we can easily deploy the solution into various environments.
  • We can source control the Power Platform environment.
  • Increase the release frequency.

Thank you to the DevOps team for sharing their experience

  • Vikram Reddy (team lead)

Recommended Content

In May, AIS held an internal hackathon for Microsoft Power Platform to expose our team to the platform, concepts, approaches through hands-on experience and to demonstrate the role Power Platform plays in modernizing legacy applications in the cloud.

The front-end team focused on building the Power Apps Portal for the end-users and a model-driven app for the administrators. The Portal allowed the users to browse through the product catalog, add an item to the cart, place an order, view their past orders, and manage their profile. The model-driven app allowed administrators to manage the product catalog just like the legacy application. The team used Portals Web API to fetch data from Dataverse and used Liquid templates for web pages.

The Front End team had a goal of migrating the legacy E-Shop web application to the Microsoft Power Platform to provide a website for customers to browse through products and place orders. We also require an application to manage backend data. The Power Platform provides app-building solutions with Power Apps. We developed two applications for our app modernization effort – a Power Apps portal and a model-driven app. Read more to learn how we did it.

Our Approach

We used a Power Apps portal to build an external-facing, responsive website for customers. This portal replaces the front-end of our legacy application. The selling point of the Power Apps portal is the capability to securely target an authenticated user and the flexibility of catering to anonymous users, all in the same product. In addition, the portal app integrates with Microsoft Dataverse, a feature-rich data storage solution.

For data management, we developed a model-driven application. A model-driven app follows a data-first approach and provides a customizable interface, including views, forms, charts, and dashboards, to manage data present in Microsoft Dataverse. This application is only shared with internal users, i.e., users who exist in our Azure Active Directory. The app allows the internal user to create, update, or delete products from the catalog; these catalogs and products are shown on the Power Apps portal.

Technical Approach

Power Apps Portal

The Power Apps portal allows users to browse through the product catalog, add an item to the cart, place an order, view past orders, and manage their user profile. A default domain is provided for the Power Apps portal but can also be set to a custom domain.

The authentication method used is Azure B2C, which is Microsoft’s preferred method of authentication. An extension of the Azure Active Directory model enables external customers to sign in with either local credentials or through a choice of several common social identity providers. Each authenticated portal user associates to a record in the Contact table in Dataverse.

A key concept of the Power Apps portal is building reusable web templates. They come in handy when multiple web pages need a standard template. For this portal application, we created two templates – header and footer are used by all web pages. We used HTML and Liquid programming language for design. Power Apps portals can be further customized with CSS and JavaScript where needed.

The portal app consists of multiple web pages to provide different abilities to users, and each page’s relationships to other web pages form the website’s hierarchy. Permission can also be set up for which pages each web role has access to. The web pages created for this portal app:

  1. Home: Displays the product catalog, which allows users to filter products by brand or type and add a product of their choosing to the cart. This page is accessible to all users who visit the portal.
  2. My Cart: Displays the product(s) added to the cart, accessible only to authenticated users.
  3. My Orders: An authenticated user can see previous orders and further drill down to get the order details.
  4. Profile: Authenticated users can edit their profile information if needed.

When a user checks out and places an order, each product is associated with an order ID for tracking. Since all the data is stored in Dataverse, the portal’s web API interacts with this data. The portal Web API can be used to perform CRUD operations across all Microsoft Dataverse tables from portal pages.​

NAMED 2021 PARTNER OF THE YEAR AWARD FINALIST
AIS was recognized as a Finalist for the Microsoft 2021 Power Apps and Power Automate Partner of the Year Award!

For security, table permissions and web roles are implemented to ensure the privacy of the data from unauthorized users. Users are assigned web roles to determine their level of access. There are three out-of-the-box web roles available- Administrators, Authenticated Users, Anonymous User (Unauthenticated User). Users are automatically assigned the Authenticated user web role once registered with the portal making user roles easy to maintain.

Table permissions are enabled, which allows showing records based on user context. For example, users can only see their order(s) if they are authenticated and no other user’s order information is available. Table permissions are also used to show products within the order, based on the product’s parent/child relationship to the order.

Model-Driven App

The model-driven app is used for catalog management and serves as the back end for our application. It contains a custom form where users can add, delete, or view details of products and catalogs. Active (referring to status) products and catalogs are displayed on the portal app. When a product is no longer available, it can be deactivated, which refers to soft deletion. I.e., the product is no longer be visible on the portal website but is still part of Dataverse.

The model-driven app also allows users to view relationships between data and tables, add personal views of data, and make additional customizations to the app based on the permissions of the user’s assigned security role.

Lessons Learned

We can use a Power Apps portal as a modern low code alternative to create websites and interact with data in Dataverse.
Model-driven apps provide a rich no-code design environment and can also be distributed as a solution.

Thank you to the Front End team for sharing their experience
Ritika Agarwal (team lead)
Devyanshi Tiwari
Pooranendu Patel

Next steps

PowerApps Portal supports many languages, so in the future, we can make this website available in multiple languages.

We will be diving deeper into each team, so stay tuned for more blog posts around our AIS Internal Hackathon!

JOIN OUR GROWING TEAM
AIS provides employees with opportunities to learn and grow in their careers. Won't you join us?

Recommended Content

https://docs.microsoft.com/en-us/powerapps/maker/model-driven-apps/
https://docs.microsoft.com/en-us/powerapps/maker/portals/

Microsoft Azure Government DC is a group created for anyone in the IT world modernizing Government to bring real-world lessons to innovators in Government. AIS has supported and presented during these events since there were just five members. Now, the group is nearing 4,000. The July meetup focused on getting your agency to next-level cloud adoption with Microsoft Azure. Check out the recording and overview below.

Here’s What You Missed

Cloud Adoption has come a long way over the years. We have gone from a basic “lift and shift” model to migrating priority workloads to the cloud and optimizing for both high-security workloads and to tap into cloud-native services. If one thing is clear, hybrid capabilities are critical. It is important that we start thinking about the challenges as we start to move legacy IT infrastructure to the cloud. Two Microsoft Federal CTO’s, Susie Adams (Sales) and Kent Cunningham (Civilian), talk about changes Microsoft has been creating to simplify the migration processes. AIS Chief Technology Officer (CTO), Vishwas Lele, moderated a panel discussion with our customer, Richard Inzunza from Immigration and Customs Enforcement (ICE), who provided excellent insights around cloud adoption and his experience. The panel also included Jorge Gallardo, Program Manager from Peraton, who discusses his experience in regulated environments in the cloud.

Watch the Full Session:

Session Recap

Challenges when Migrating Workloads

Organizations can take their cloud adoption to the next level with Microsoft Azure when moving priority workloads in the cloud.
Microsoft breaks out the following based on maturity:

  • Identity and Security
  • DevOps and DevSecOps
  • Data
  • Cloud-Native
  • The Edge

When organizations migrate their workloads to the cloud but have a diverse IT estate, it poses challenges to manage security, access to their data, and understanding where that data lives. As a result, Microsoft has brought tools and resources that customers need to easily manage their workloads and simplify the migration process in a multi-cloud world.

Many customers come with questions on how to implement and manage Infrastructure as a Service (IaaS) while meeting regulatory requirements like FedRAMP and HIPAA. Microsoft has a portal full of Azure Blueprints that allow organizations to select and deploy the chosen environment inside of their subscription. The goal? To simplify the deployment of these methods with peace of mind that they align with regulatory and compliance standards.

What Tools Can We Use to Simplify

Mission Landing Zones are highly opinionated templates that IT oversight organizations can configure or customize to quickly create a cloud management system. These are then deployed on Azure environments for their teams. Based on the Terraform platform, this will provide a secure, scalable landing zone for customer workloads. Mission Landing Zones enable expedited Cloud Adoption across Commercial, IL4, IL5, & IL6.

Customer’s environments are becoming increasingly complex, and Azure is helping organizations securely and efficiently move to the cloud by creating a single management experience for your entire environment. We recognize that companies are struggling with multiple different environments, and we are focusing on providing companies with granular access.

Azure Hybrid is a cost savings benefit that lets you bring your existing on-premises Windows Server and SQL Server licenses with active Software Assurance or subscriptions to Azure.

Azure Hybrid consists of the following:

  • Azure Stack: A portfolio of products that extend Azure services and capabilities to your environment of choice – from datacenter to edge locations and remote offices.
  • Azure Arc: Enables you to manage your entire environment, with a single pane of glass, by projecting your existing non-Azure, on-premises, or other cloud resources into Azure Resource Manager.
  • Azure Internet of Things (IoT): A collection of Microsoft-managed cloud services that connect, monitor, and control billions of IoT assets hosted in the cloud.
  • Azure Lighthouse: Facilitates a secure relationship between companies and their managed service providers while providing on-demand transparency into vendor access and actions.

Implementing Capabilities

With the release of the Cybersecurity Executive Order in May 2021, Microsoft is developing new ways to support and deploy these capabilities while meeting security and compliance standards.

  • Enable security modernization: Help empower security teams to combat the increase in sophisticated attacks.
  • Increase collaboration: Improve information sharing and security practices across public and private sector organizations.
  • Deliver trusted and secure services: Build trust in government by securing information, improving software supply chain, and facilitating compliance.

Zero Trust architecture is based on the principle: never trust, always verify. This security approach protects customers by managing and granting access based on the continual verification of identities, devices, and services. Zero Trust architecture addresses challenges modern enterprises face. Microsoft Threat Protection powered by Azure is a comprehensive and seamless integration solution that provides end-to-end security for your organization using tools like Azure Sentinel and M365 functionalities. Learn more at https://aka.ms/cybereo.

Panel Discussion

A panel discussion was led by AIS CTO, Vishwas Lele. We were honored to have an AIS customer, Richard Inzunza, IT Specialist from the Department of Homeland Security speak on the panel. He was joined by Jorge Gallardo, Program Manager from Peraton.

Richard has been with the Federal Government for 36 years and with ICE since its inception in 2003. He has been a key player in the implementation of their hybrid cloud environment. ICE is in the process of building, extending, and expanding their ability to use cloud services from more than one service provider. AWS (Amazon Web Services) and Microsoft Azure are their biggest providers today, but their focus is to be able to take any valuable cloud service and integrate it into the ICE cloud to pass these capabilities onto their users and employees.

Common Challenges

There are several challenges Richard and ICE face in their line of work. Physical servers are no longer the main source for storing data, and helping customers understand the virtual aspect and how data is managed has been a challenge. Getting development teams and ITPMS, and other support teams to understand how to apply concepts of virtualization is extremely important for future development.

Many developers want to provision a capability without a true understanding of how this can open ICE to vulnerabilities. To address this ongoing challenge, they are helping their teams understand the responsibility level around cost and actions taken when provisioning new capabilities. Creating a vehicle that is compliant and future-proof is imperative for federal organizations to adapt and free time up for other key focuses. ICE’s goal is to get their teams to automate the delivery of their releases for their custom and third-party applications using pipelines.

Adjusting to a new virtual culture and applying security to a specific type of environment is a challenge that the assurance side of government IT is facing. ICE partnered with Peraton early on to align the implementation phase to begin their journey to the cloud. With this joint effort, three years later, ICE security teams are becoming more familiar with virtual environments at the beginning phase.

Ensuring Compliance

Policy Compliance & Security Compliance are a few types that ICE operates within. With their Policy, tagging is a method that ICE uses along with serverless LAMDA scripts to enforce compliance. They also have databases that store the tag values for valid metadata that correlates with an infrastructure or application. Ensuring that type of policy compliance helps at the management and administration level to understand the information they pull is accurate and helpful in many ways.

Security Compliance is now managed with advanced scanning tools and different checks to ensure when a policy has been adjusted. With accurate scanning, Richard is notified when policies have been adjusted and can reach out to the appropriate network to validate.

AIS: Your Trusted Azure Partner

We help government organizations create cohesive multi-cloud strategies, bringing the expertise you require for successful cloud adoption, modernization, data intelligence, and beyond. At AIS, we help you take a step back and look at the requirements needed and what services can be used with Azure or other tools to meet needs, offering templates and support for documentation. Our scalable cloud solutions address our clients’ most complex concerns, with deep experience across national security and military operations, as well as Federal, State, and Local Governments and their supporting agencies. We have been working with Azure for 12+ years and will have you well on your way to realizing the best that the cloud can offer.

Join us for future virtual meetings at the Microsoft Azure Government User Community: https://www.meetup.com/dcazuregov/.

The data team of the internal AIS Microsoft Power Platform Hackathon used 3 different data movement techniques to solve the hackathon use case: Dataflows, Power Query, and Power Automate. Read on to learn how we did it. There are several ways to import and export data through Microsoft Dataverse, the data backbone of Microsoft Power Platform.

What is Dataverse?

Dataverse is designed to work with any data and incorporates all the significant data technologies that any organization needs – relational, non-relational, file, image, search, and data lake. Dataverse helps to store and manage data securely. Dataverse includes a set of visual designers to create, edit, and interact with data. In Dataverse, tables are used to model and manage business data. To increase productivity, Dataverse includes a set of tables known as standard tables.

We used Dataverse as a place to store all our data related to catalogs and imported and exported data as per the scenarios.

Our Approach

Our hackathon team was tasked with migrating the data of a legacy application into Dataverse. The legacy application data was created from the eShopOnWeb project and was hosted in Azure SQL. Our approach was to break this use case down into two problems:

  1. Migrate the tables (schema)
  2. Migrate the data

The Power BI Model View of our data structure in the screenshot below shows the entities and their relationships we needed to migrate. The schema did not need to change during the migration, representing both the source and destination data model.

Power BI Model View

LEGACY DATA CONVERSION
Accelerate your data migration project with our free white paper download.

Migrate the Tables

We evaluated 3 techniques for migrating the tables into Dataverse. 

  1. Create the tables automatically during the data migration when using Dataflows 
  2. Write an application that creates the columns through the Dataverse Web API 
  3. Manually create them in the portal 

Option 1: Dataflows
Tables can be created in the process of moving data into Dataverse using Dataflows. This is only an option if you do not need to modify the schema and migrate the data.

Option 2: Dataverse Web API
The Dataverse web API provides a RESTful web service to interact with data in Microsoft Dataverse using a wide variety of platforms & programming languages, such as C#. This is an excellent option to consider if you’d like to programmatically migrate the schema but need to change the data model in the process.

Option 3: Manual
Manually creating tables in the portal is the simplest of the three options but could be time-consuming and error-prone if you make many tables or migrate the same schema into multiple environments. However, given the time constraint of our hackathon and the simple use case, we chose to use this option.

Migrate the Data

Once the tables are in place, Dataverse is ready to receive data from the source system. We evaluated four options to migrate data from the legacy application to Dataverse.

  1. Import from a CSV file
  2. Use Power Query
  3. Use Dataflows

Option 1: Import from CSV
You can load data in Dataverse by importing data from different files like Excel or CSV. This is an excellent option if you need to do a 1-time import of data that does not need to be transformed and does not include any unsupported data types, such as timezones, images, or multi-select choices. We connected to the legacy SQL database using SQL Server Management Studio and exported the data to a CSV during the hackathon. We then completed the import process using the portal to upload the CSV and map the source and destination columns.

Map source to destination columns

Option 2: Power Query
Users can filter, transform, and combine data before loading it into a new or existing Dataverse table. The target data source can be online and on-premises sources, including SQL Server, Salesforce, IBM DB2Access, Excel, or a Web API. Use this option if you are moving a large volume of data or if the data being moved needs to be reshaped during the migration.

Option 3: Dataflows
Dataflows are built upon Power Query, so they have all the same benefits but bring the added advantage of letting users trigger the migration on-demand or automatically on a schedule.

We will be diving deeper into each team, so stay tuned for more blog posts around our AIS Internal Hackathon!

Authored by Jagrati Modi (team lead)
Thank you to the Data team for sharing their experience:

  • Jagrati Modi (team lead)
  • Souradeep Banerjee
  • Nikhil Grover
The identity team of the internal AIS Microsoft Power Platform Hackathon delivered a flexible solution that could handle any of these use cases. Read on to learn how we did it.

Power Apps Portals are external-facing web applications that allow external users to interact with Microsoft Dataverse. It often serves more than one set of users, such as customers, employees, and partners. Therefore, it is critical to have a good authentication scheme and identity management for the Power Apps Portal applications.

Options Considered

We explored two authentication options to solve our app modernization challenge.

  1. Power Apps Portals authentication features
  2. Azure Active Directory B2C

Power Apps Portals provide a simplified experience to create and manage authentication settings and identity provider configuration. Besides providing access to internal users through Azure Active Directory, it supports various third-party identity providers such as Microsoft, Google, Twitter, Facebook, LinkedIn through authentication protocols like OpenID Connect and OAuth.

It also allows other authentication mechanisms such as SAML 2.0 and WS-Federation. All in all, it covers many use-cases of user access control to the portal application.

Azure Active Directory B2C
is an Identity and Access Management (IAM) service that provides business-to-customer identity as a service. It enables customers and partners to use their preferred social, enterprise, or local account identities to get single sign-on access to business applications.

Azure Active Directory
Figure 1: Microsoft Azure Active Directory B2C Architecture

Rather than using Power Apps Portals authentication and managing a different set of user identities in the application, we chose to delegate this responsibility to AAD B2C. We made this decision because AAD B2C:

  1. Provides centralized change management
  2. Decouples identity from the application
  3. Has support for advanced security use cases

Centralized Change Management

If every portal application configures authentication providers separately, it duplicates their effort, and managing different providers multiple times can be cumbersome. Instead, we can centrally configure the identity providers using AAD B2C. In addition, AAD B2C gives us the flexibility to make all changes concerning identity, security, and access control in one place.

If the security need of these applications differs, we can define them in custom policies. Applications with the same security need can reuse the same custom policies. This flexibility enables us to define and modify identity experiences with minimal to no changes to the applications.

Application Identity
Figure 2: Application Identity configuration Vs. Centralized Identity Management using AAD B2C

Decouple Identity from Applications

Using AAD B2C removed the responsibility of user administration from the portal application. Decoupling IAM capabilities from applications mean the developers can focus on delivering business value. However, this does not mean the developers can ignore the security aspect of the application. Instead, it means IAM is a pre-condition to access the application, and it is being handled separately by the IAM provider.

As a single responsibility principle, developers should focus on applications, and security experts should focus on IAM. Power Apps Portal integrated with AAD B2C does just that.

JOIN OUR GROWING TEAM
Experience hackathons, boot camps, lunch and learns, and more at AIS.

Advanced Security Features

AAD B2C provides state-of-the-art identity and access management capabilities. Using Azure AD B2C as the authentication provider, we can leverage some of the advanced security features mentioned below.

Custom Policies

Custom policies are configurations that define the behavior of the AAD B2C tenant. We can use these policies to a custom trust framework for our organization. These policies can help to customize various aspects of our AAD B2C identity platform, including:

  • A tailored experience for sign-ups, sign-on, profile & password management process
  • Interact with each step in the login process.
  • Set custom claim
  • Custom validation of Technical profile.
  • Integrate with external systems using REST API

It can improve organizational security by requiring end users to go through a workflow to use an additional authentication method. These policies also allow organizations to address security concerns on an application-by-application basis.

Conditional Access

This feature allows applications to fine-tune user access based on contextual factors such as user type, device, location, and session and then decide whether to allow, deny, or restrict user access. In addition, the conditional access feature provides high security to the applications that demand it. These policies give greater control over how and when our users access corporate resources.

For example, we can enforce a conditional access policy where users can access an application within a geographic region, but they need to provide multi-factor authentication (MFA) otherwise.

Identity Protection

AAD B2C also protects against risks by automatically detecting threats based on the always-on monitoring access behavior. The security teams will receive notifications whenever there are any suspicious activities. They can use automation and custom policies to block or restrict the access of such users. Applications protected with this feature will be more secure.

B2B Collaboration

Through AAD B2C identity providers, we can onboard multiple partners or vendors for business-to-business collaboration. We can securely share the enterprise applications with guest users from any other organization while maintaining control over their access. It works safely and securely with external partners, even if they do not use Azure AD. Whereas managing multiple B2B settings in the Portals app will be cumbersome, if not impossible.

Configuring Azure AD B2C Authentication

We used the techniques described below to configure AAD B2C authentication when modernizing our legacy application to MPP. At a high level, it requires two steps:

  1. Register an application in Azure AD B2C
  2. Use the registered application in the Portal app.

Registering an App in Azure AD B2C

First, we should create a new app registration in the Azure AD B2C tenant. We can use an existing app registration as well. Refer to this link for detailed instructions.

The app registration should be of a Web Type, and we should set its Redirect URI as the portal URL. We should then create a User flow for Sign-up and Sign-in. Optionally, we can create a password reset user flow as well.

Redirect URIs Web

After setting up these configurations on the Azure AD B2C tenant, we should have the following things handy.

  • Authority: The issuer URL defined in the metadata of the sign-in and sign-up policy flow
  • Client Id: The unique Id associated with the application created in the Azure AD B2C tenant.
  • Redirect URL: The URL where the Azure AD B2C will send the authentication response.
  • Policy Id: The Id associated with the default sign-up and sign-in User flow.

Using the App Registration in the Portal App

After creating the application registration in AAD B2C, the next step is configuring our PowerApps Portal to interact with Azure AD B2C. We can select the portal application and navigate to the authentication settings and select AAD B2C as the provider.

Identity Providers
Figure 3: Identity providers supported in a Power Apps Portal Application

Save the authentication settings after setting the values collected from the previous steps (as shown in Figure 4). At this point, the portal application is configured to use AAD B2C for authentication. Refer to Microsoft documentation for more detailed instructions.

Azure AD B2C configuration settings window

Conclusion

There are definite benefits of using Azure AD B2C as the authentication provider for portal applications. It provides seamless and centralized user access management with additional security features. At the same time, it decouples the business applications and their developers from the hassle of user access management.

Thank you to the Identity team for sharing their experience:

  • Lav Kumar (team lead)
  • Davood Khan

Recommended Reads

How We Modernized a Legacy App using Power Platform

In May, AIS held an internal hackathon for Microsoft Power Platform to expose our team to the platform, concepts, approaches through hands-on experience and to demonstrate the role Power Platform plays in modernizing legacy applications in the cloud.

The Microsoft Power Platform Hackathon was an opportunity for our enthusiastic team to modernize a legacy e-commerce (E-shop) application using Microsoft Power Platform. The legacy application, the deployment of eShopOnWeb, helped users find a product of interest by browsing and filtering. Users could also add products to their cart and checkout. The app also provided an interface for administrators to add, update, or delete products from the catalog. The idea behind this hackathon was that we could build this application on top of the Microsoft Power Platform or Low Code application platform instead of using classic ASP, ASP.NET, and GSP. We wanted to write the application using Power Portal to drag and drop to use existing components. 

A new system was developed to replace the legacy e-commerce application with the complete feature parity. The solution included a Power Apps Portal with the same “look and feel” functionality. We used Dataverse as the persistent layer instead of SQL server and integrated it with new communication methods such as sending emails and text messages to users. Additionally, we used a Web API to communicate with Legacy Reporting Systems using Power Platform Connectors, providing secure access to the new system using Azure Active Directory B2C.

In addition, the team explored ways to backup and source control the solution and automate the deployment from one environment to another. The diagram below represents the architecture of our final solution.

Final Power Platform Blog

It is named ‘Work Less, Do More,’ Power Platform replaces the work that might take many days or months to a few hours. So let’s dive in and learn how we arranged all these pieces and modernized the legacy application using Microsoft Power Platform.

JOIN OUR GROWING TEAM
AIS provides employees with opportunities to learn and grow in their careers. Won't you join us?

Technical Approach

Our main motivation was to identify the appropriate approach to bring applications to scale. Our innovative approaches and technical depth have earned us the privilege of experience in designing, implementing, and modernizing some of the most complex cloud solutions. The application was divided into different components, which were developed by individual teams.  All the components were then pulled together to provide the complete Power app solution.

When dealing with legacy applications, we looked at past examples of our approaches from experience and have outlined them below: 

  • Rehost: A direct cloud lift and shift. This is a faster, less resource-intensive migration that moves your apps to the cloud without any code modification. The rehosting approach to app modernization is capturing the on-prem environment that runs an application (the servers) and directly moving that to the cloud as virtual servers. In this approach, the environment hosting the application is modernized, but the core application itself is not significantly offered.
  • Refactor: This approach is about modernizing legacy applications by rearchitecting to target cloud-native “serverless” technologies where possible. Refactoring typically requires more significant recoding of the existing application, however, this method takes advantage of the best of what the public cloud has to offer – managed offerings for all application components. In this approach, we re-architect existing applications and deploy them as Platform as a Service (PaaS).
  • Replatform: Essentially, this approach is somewhere in between Rehost and Refactor, because the entire VM is not moving to the cloud. This application will be containerized and run on top of Kubernetes.
  • Reimagine: This is typically thought of as a Greenfield cloud-native rewrite, which is why code changes are high, even though you will eventually end up with a low operating cost.

The idea of Power Platform and low code applications is that you can get to the Reimagine approach without having to spend a lot of effort in building a cloud-native application.

In this section, we are going to highlight these components and how they were implemented in our solution:

The front-end team focused on building the Power Apps Portal for the end-users and a model-driven app for the administrators. The Portal allowed the users to browse through the product catalog, add an item to the cart, place an order, view their past orders, and manage their profile. The model-driven app allowed administrators to manage the product catalog just like the legacy application. The team used Portals Web API to fetch data from Dataverse and used Liquid templates for web pages.

The data team focused mainly on using Microsoft Power Platform Dataverse as the persistent layer for both the Portal and the admin app. They also migrated schema and data from legacy datastore to Dataverse by exploring various techniques, including Dataflows, CSV imports, and custom code.

The integration team focussed on leveraging existing Power Platform connectors to add new functionality to the system. For example, the system sends the order confirmation email to the user using the Office Outlook connector in the Power Automate Flow. Similarly, it sends text messages to users through the Twilio Connector. The team also leveraged SQL Server Connector for data sync so that the legacy reporting systems remained unaffected.

The DevOps team automated the portal deployment process using Power DevOps Tools and deployed the solution across three environments (dev, test, prod). Since Microsoft Power Platform does not support source control and versioning, the team used Azure DevOps as the solution repository and version control.

The identity team focused on providing secure access to the Portal to a different set of users. The team used Azure AD B2C to decouple identity and access management from the Portal application.

Stay tuned! We will be publishing a blog for each team for a deeper dive into their individual focuses for this hackathon.

Lessons Learned

Ultimately this hackathon proved that Power Platform is a great app modernization solution for the following reasons.

  • We can use Portal as a modern low code alternative to create websites and interact with data in Dataverse.
  • Model-driven apps provide a rich no-code design environment to create applications and share quickly.
  • We can quickly build secure apps using connectors.
  • Innovate and improve business, as these connectors are easily customizable, and end-users can easily change or create the content for Email or SMS Templates.
  • With the help of Power Platform build tools, we can quickly deploy the solution into various environments. Increase the release frequency.

MEETING NEEDS QUICKLY WITH POWER PLATFORM
AIS architected, developed, and deployed a secure global health solutions management application and digital marketplace built on Power Platform.

Thank you to the Internal Power Platform Hackathon Technical Deep Dive team
Authored by Lav

Covers experience from all teams:

Front end
Ritika Agarwal (team lead)
Devyanshi Tiwari
Pooranendu Patel

Data
Jagrati Modi (team lead)
Souradeep Banerjee
Nikhil Grover

Integration
Kranthi Kiran (team lead)
Varalika Bishnoi
Sravan Kumar
Pavan Bandi

DevOps
Vikram Reddy (team lead)

Identity
Lav Kumar (team lead)
Davood Khan

Recommended Reads

AIS recently held an internal hackathon for Microsoft Power Platform to expose our team to the platform, concepts, approaches through hands-on experience and to demonstrate the role Power Platform plays in modernizing legacy applications in the cloud.

As a premier Microsoft partner, Power Platform has quickly become a core part of our holistic enterprise cloud transformation strategy. Our teams have helped enterprises across Financial Services, Insurance, Health and Life Sciences, and the Government leverage Power Platform for enterprise-grade application modernization in the last three years.

We’re integrating Power Platform with Azure and Microsoft 365 for powerful legacy modernization capabilities, and throughout the project, we uncovered new lessons learned to share across project teams.

The Power Platform Market

There’s been a surge in demand for Low Code Modernization solutions in the last few years. Many organizations are looking to enable Line of Business (LOB) owners and teams to build productivity and collaboration solutions, offsetting the continued strain on IT teams.

Microsoft answered the call with Power Platform. Since its release, we’ve been working with product teams and industry leaders to develop adoption frameworks, accelerators, and solutions to help organizations get the most out of their Power Platform investments. The demand has grown such that we’re continuing to introduce new ways to build our Power Platform skills. Enter Our hackathon team.

“Power platform is really a ‘work less do more,’ as it would even get the integrations done with legacy systems without writing a single line of code. This I have never experienced in my 13 years of experience, just amazing. The perspective of low-code-no-code is completely changed with this experience, it is an enterprise development tool that can connect your teams’ apps to outlook app to data verse to SQL. You name the technology; it has a connector to fit in.”
– Technology Lead at AIS, Kranthi Kiran Gullapalli

Meet the Hackathon Team

There was a lot of initial interest in learning the platform from our India-based team out of the AIS Hyderabad HQ. Over a dozen people committed weeks of their time inside and outside of regular working hours in the pursuit of the Power Platform experience.

Some of the participants included employees from our HUB team. The HUB is a group of employees fully dedicated to helping AIS project teams deliver successful cloud modernization projects.​ This team consolidates knowledge and experience to provide rapid research and guidance for cloud migration and modernization projects­­­. As app modernization using Power Platform work grows, we wanted to allow individuals to skill up on the platform.

But the HUB team members weren’t the only participants. These groups comprised learners and teachers across account teams. Teams were broken down into several pods with a leader to guide that team’s focus area for the project, including Dataverse data migration and integration, authentication, Power Apps Portals development, and more.

“MPP Hackathon” is where the idea of converting a monolithic application to a Power Apps Portal became a reality. Initially, some ideas flowed on reimagining a typical legacy app to Power Apps Portal, but the hackathon allowed us to experiment & try it. Hackathon helped me & my team to have hands-on exposure to the MPP environment. We worked with data modeling and got to know better on Dataverse (In-house storage in MPP). We took our first of many steps towards App Modernization with this hackathon as we are new to MPP. Microsoft Power Platform is a suite of business services that unifies our data. It provides a powerful way to analyze data, act on newly generated insights, deliver personalization, and automate business processes.”
– Jagrati Modi, Software Developer

A Mission to Innovate, Passion for Learning

AIS strives to provide ongoing learning opportunities for our employees. And we’re lucky to have a team that is so passionate about learning, innovation, and the continual pursuit of new skills.

We’ve developed programs like aisU to nurture a growing community of continued education, knowledge sharing, and technical excellence. We offer various opportunities to gain exposure to new technology and concepts, such as training boot camps, technology deep dives, and level-up sessions presented by consultants based on project experience.

Access to the methodologies, approaches, and lessons learned from these project teams helps employees gain the know-how and resources to consult on and deliver similar projects within their accounts successfully.

These opportunities aim to help AIS improve overall project delivery, presales support, and envisioning capabilities for better customer outcomes.

Up Next: Our Approach

Stay tuned for part two of this series as we dive deeper into the approach and execution of an end-to-end application modernization project leveraging Power Platform, API Integration, Dataverse, Azure DevOps, and more.

Until then, check out some of our open job opportunities. We’re always looking to add passionate technologists to our growing team. Introduce yourself and let’s talk about a future career at AIS.

Microsoft Azure Government DC is a group created for anyone in the IT world modernizing government with a goal of bringing real-world lessons to innovators in Government. AIS has supported and presented during these events when there were just 5 members. Now, the group in nearing 4,000 members. In March, we presented on Authority to Operate (ATO) and Compliance in Azure Gov. Check out the recording and overview below.

Here’s What You Missed

AIS Cloud Security and Compliance Solutions Architect, Bryan McGill presented at the latest AzureGov Meetup to demonstrate our repeatable ATO processes and secure and compliant cloud solutions in Azure and AzureGov for faster time to value.

Watch the Full Session:

ATO Session Recap

Bryan begins the session explaining ATO and the six steps of the Risk Management Framework (RMF) process:

  • Categorize Information System
  • Select Security Controls
  • Implement Security Solution
  • Assess Security Controls
  • Authorize System
  • Monitor Security Controls

Challenges when Adopting ATO

As the session continues, Bryan talks about the most significant advantages of a cloud solution: shared responsibility with Azure and Cloud Service Providers (CSP). The more you leverage Microsoft tooling and your Cloud Service Provider relationship, the more outcomes you can expect. This includes:

  • Microsoft Azure Inheritance (between 20% and 50% of all security controls could be inherited).
  • Documentation Templates to spend less time building required documentation, that are pre-mapped to control implementation statements.
  • Pre-crafted security control responses mapped to documentation.
  •  Azure Services like Sentinel, Security Center, Log Analytics, Monitoring, and Azure Active Directory.
  • Tools like Blueprints and Policies can be written, with Infrastructure as Code, before an environment is set up to ensure compliant, repeatable, and secure cloud solutions.

Our Approach

To round out the presentation, Bryan presents the AIS approach to ATOaaS. ATOaaS provides standardized ATO documentation and Blueprints to government customers. At AIS, we help you take a step back and look at the requirements needed and what services can be used with Azure or other tools to meet needs, offering templates and support for documentation.

Our ATO services deliver efficiency gains without sacrificing security and compliance, increasing your speed of deployment so you can start using cloud-native features and services. AIS can help you drive outcomes to include mission effectiveness, better security, agility and flexibility, operational efficiencies, and faster time to value.

Our ATOaaS Approach contains three engagements:

  • Kickstart Workshop – Targeted workshops focused on obtaining an audit compliance in Azure.
  •  Consulting Services – Azure Compliance Advisory, Security Gap Analysis, and recommendations for Audit Readiness.
  •  ATOaaS: Consult and Implement – Fully managed Control Implementation, Testing and Compliance Documentation.

Struggling with the ATO process? Reach out to AIS to figure out which Engagement Option is best for your team to get cloud accreditation and begin migrating your workloads to a secure, compliant cloud environment

AIS: Your ATO & Cloud Transformation

We help government organizations create cohesive multi-cloud strategies, bringing the expertise you require for successful cloud adoption, modernization, data intelligence, and beyond. As the first company to achieve Authority to Operate (ATO) in IL5 and IL6, as well as the first to establish cloud environments at Impact Level (IL) 5 and IL6, know you’re in good hands. We’ve been working with Azure for 12+ years and will have you well on your way to realizing the best that the cloud can offer.

Join us for future virtual meetings the Microsoft Azure Government User Community: https://www.meetup.com/dcazuregov/

Lee BakerFastTrack Solutions

Microsoft FastTrack is a service provided by Microsoft that helps customers onboard Cloud Solutions and drive user adoption. The Microsoft Power Platform product engineering team recognizes individuals for consistently producing high-quality solutions using their experience in architecture solutions during customer engagements. Lee Baker, a Solutions Architect for AIS, has been recognized for his hard work and impressive client management.

“Lee is one of the most extraordinarily knowledgeable Power Platform technical leaders on the planet, particularly in the realms of data and integration across the whole Microsoft cloud. He’s also a great colleague and friend. This award is beyond well deserved.”

– Andrew Welch, Microsoft MVP | Director, Cloud Applications at AIS

Lee began his career in technology nine years ago as a developer. Since then, Lee has developed skills across Microsoft Azure, Dynamics 365, and Power Platform and now serves as an architect and technical advisor to several senior business stakeholders in the enterprise. Lee focuses on leading the architecture at global financial services and non-governmental organizations. He meets high standards and expects quality in customer success.

“I’m proud of Lee and our entire Power Platform team for what they’ve accomplished for our clients in such a short time. Lee’s technical skills and passion for this platform make him an ideal FastTrack Solution Architect. I’m excited that the FastTrack program will benefit from Lee’s exceptional capabilities.

– Larry Katzman | President & CEO at AIS

Congratulations, Lee! Learn more about Microsoft FastTrack and Lee’s achievement here.