Using Azure Active Directory in Microsoft Azure Germany for Microsoft Azure Stack

When you want to use the Azure Active Directory in the national cloud or sovereign cloud Microsoft Azure Germany you have to adjust two files in the Azure Stack TP2 bits.

-> https://azure.microsoft.com/en-us/overview/clouds/germany/

The two files are:

-> X:\CloudDeployment\Configuration\InstallAzureStackPOC.ps1
->X:\CloudDeployment\Common\AzureADConfiguration.psm1

Let us start to adjust the InstallAzureStackPOC.ps1. Jump to line 64 and add in the ValidateSet ‘Azure Germany’.

[Parameter(Mandatory=$false)]
[ValidateSet('Public Azure','Azure - China', 'Azure - US Government', 'Azure Germany')]
[String]
$AzureEnvironment = 'Public Azure',

image

For the adjustments in the AzureADConfiguration.psm1, we have to call Get-AzureRmEnvironment –Name AzureGermanCloud first.

AzureStack_MCD04

As you can see we need the yellow marked outputs. In the AzureADConfiugration.psm1 file we have to add at several lines new code. First at line 18 “Azure Germany” = “AzureGermanCloud”.

@{
"Public Azure" = "AzureCloud"
"Azure - China" = "AzureChinaCloud"
"Azure - US Government" = "AzureUSGovernment"
"Azure Germany" = "AzureGermanCloud"
}

image

Next stop line 26 to extend the ValidateSet again.

param (
[Parameter(Mandatory=$true)]
[ValidateSet("Public Azure", "Azure - China", "Azure - US Government", "Azure Germany")]
[string] $AzureEnvironment
)

image

Last but not least we add an elseif statement at line 39 for Azure Germany and here we need the yellow marked URIs.

elseif ($AzureEnvironment -eq "Azure Germany")
{
return @{
GraphUri = "https://graph.cloudapi.de/"
LoginUri = "https://login.microsoftonline.de/"
ManagementServiceUri = "https://management.core.cloudapi.de/"
ARMUri = "https://management.microsoftazure.de/"
}
}

image

Now we can kickoff the Azure Stack deployment.

.\InstallAzureStackPOC.ps1 –AzureEnvironment 'Azure Germany'

When we are prompted to enter the AAD credentials, it is important to have an AAD tenant in Microsoft Azure Germany.

AzureStack_MCD02

During the deployment we will see that the AAD applications are showing up in the AAD tenant.

AzureStack_MCD03

When the deployment is completed, we sign in to the MAS-Con01 to access the Azure Stack portal. Have a look at the address bar, when we sign in the Azure Stack portal.

AzureStack_MCD05

It is https://login.microsoftonline.de the Active Directory Authority URI for Microsoft Azure Germany.

AzureStack_MCD06

Enjoy the Azure Stack installation linked to the AAD running in Microsoft Azure Germany.

Facebooktwittergoogle_pluslinkedinmail

Leave a Reply