Skip to content

Configure Azure2Git

Prerequisites

Needed access: Azure Application administrator and Contributor on the resource group where Azure2Git application is installed. Be a member of Project Collection administrators group in Azure DevOps.

Collect information for set up

You need to have Managed Identity name to add it to Azure DevOps and App service name to configure authentication and access the configuration web site.

  1. Go to postal.azure.com
  2. Type "Managed application" in the search bar. ManagedApp
  3. Find the managed app you have just installed and go to Parameters and Outputs. OutputSite
    Now you have app service name (1) you should configure, Managed Identity name (2) and URL (3)to the configuration website.

Configure the authentication to the Azure2Git configuration web site

  1. Go to the Web App (name of the web app has been found on the "Collect information for set up") and click on Authentication > Add Identity provider WebApp-Authentication
  2. Choose "Microsoft" as Identity provider and set Name property to "Azure2Git User login" (this is app registration name), the rest settings could be left default. WebApp-Authentication_IP
  3. Go to the next step and click Add.
    Now you have Restrict Access = Require authentication Require_Authentication It is done. Now you can go to the configuration website. Config_site

Configure Azure/Entra Id/Intune

The steps to configure Azure, Entra Id and Intune are the same, just different permissions needed to be granted to Microsoft.Graph. 1. for Azure configuration, grant access to the resource

  • Go to Management group or subscrition you want to have Azure2Git scanner to collect information from. Click on Access control > Add Role Assignment alt text
  • Select role Reader and click Next ReaderRole
  • Select member > type in Managed Application Managed Identity Name and click on Select > Next alt text

  • review and assign alt text

  • In Azure DevOps create a repository. For example "Azure2Git-Azure", "Azure2Git-EntraId", "Azure2Git-Intune". It is recommended to have a separate project for these repositories, to manage access to the repos, as they contain sensitive data.

    • Go to the project's Settings > Repositories and define the name. Repo-Create
    • Press Add

  • Configure Azure DevOps Managed Identity. Read the instructions DevOpsManageIdentity

  • Grand permissions to Managed Identity to access Microsoft graph API
  • Azure DevOps repo url
  • Go to your Configuration website. (You got URL in previous steps) And press on Configure
  • Configure Azure DevOps: it is the same steps for all three configurations:
  • Verify configuration VerifyAzureDevopsConfig here (1) is validated successfully and (2) is not validated. You should wait a bit after pressing on the validate button ValidationShow You have to validate both parts of configuration before you can save settings alt text

Now you can see on the front page that Azure is configured, two others are not AzureConfigured