通过

Additional Bicep quickstarts on GitHub

  • 项目

The following quickstarts on GitHub demonstrate different scenarios for deploying various Microsoft Graph Bicep types and configurations. You can also contribute to this collection of quickstarts. For more information, see Contributing to the Microsoft Graph Bicep Extension.

Sample Sample summary
Create client and resource apps
  • Create a client app registration with an optional X509 certificate
  • Create a resource app registration
  • Create service principals for both apps
    		•
    Create a client app with an X509 certificate from Key Vault
  • Create a client app registration
  • Add an X509 certificate from Key Vault using a deployment script
  • Create a service principal for the app
    		•
    Configure GitHub Actions to access Azure resources, using zero secrets Enable a GitHub Action to log into Microsoft Entra, build and deploy a web app into an Azure App Service, without using any secrets.
  • Create a secret-less app configured with a federated identity credential for GitHub
  • Create a service principal and assign it a resource group scoped Azure Contributor role
    		•
    Configure an app with a user-assigned managed identity as a credential Enable an app running in Azure to call Microsoft Graph API, without using any secrets
  • Create a secret-less client application, using a user-assigned managed identity as the credential
  • Create a service principal and assign it Microsoft Graph app roles
  • Assign the managed identity to an Azure Automation account, enabling the app to call Microsoft Graph
    		•
    Grant a client app access to a resource app Create an app role assignment for the client app to the resource app that were created in Create client and resource apps
    Enable a client service to read from Blob storage, using a security group Configure three user-assigned managed identities to read from a Blob Storage account via a security group:
  • Create 3 managed identities and add them as members of a security group
  • Assign an Azure Reader role to the Blob Storage account for the security group
    		•
    Create a group with members and owners
  • Create a security group and:
  • Add a resource service principal as owner
  • Add a managed identity as member
    		•