If you start using Azure Information Protection as an Cloud Service Provider (CSP), you will find yourself in the situation where you need to manage multiple tenants at the same time and do different or maybe the same task on a few of your managed tenants. Same scenario happens if your managing multiple tenants as a big enterprise. One of my big pain point was the unability to use Azure Information Protection Client Powershell Module for multiple tenants because it's bound to the machine instead of a user or ps-session. This means you need to run a VM just to be able to classify data. For a migration project between tenants it was dull using so much resources for such a slim executed command. So I dig deeper and build my first docker image with a set of tools needed for this migration. Big benefit it could run with only 1 GB of memory instead of having a fully loaded virtual machine for this task.
Still not everything is working as expected since some tools will receive a refresh starting January 2021 and I'm new to docker there are still some hickups but the progress is worth blogging about.
Instructions
Install docker There are many ways to achieve it. Checkout out chocolatey.org or install it by yourself. To use docker you need windows 10 pro or a windows server version with hyper-v.
Create directory structure and provide all resources mentioned at the bottom where you like to build your image.
Run build command docker build -t aipimage .\{location of your custom dockerimage}
As soon as I get more experience with Autobuild the Dockerfile will be added to my docker hub.
Directory structure and sources:
aipclient28850\AzInfoProtection_UL.exe {download:https://www.microsoft.com/en-us/download/details.aspx?id=53018}
PEPMigrationAIPLabeledDocuments\{clone:https://github.com/pheeling/SharepointAIPULClassification.git}
<Dockerfile> {clone:https://github.com/pheeling/dockerAIPImage.git}References:
Shortcut to Dockerfile:
# Specifies that the latest microsoft will be used as the base image
FROM mcr.microsoft.com/windows:1909
#FROM mcr.microsoft.com/powershell:lts-nanoserver-1909
# Copies contents of the AIPClient folder to the c:/Source
# folder in the new container image
ENV target="C:/source/"
RUN mkdir ${target}
COPY aipclient28850 ${target}
ENV git="C:/git/PEPMigrationAIPLabeledDocuments/"
RUN mkdir ${git}
COPY PEPMigrationAIPLabeledDocuments ${git}
# Set default repository
RUN powershell Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
RUN powershell Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted
# Install AIPModule
RUN "C:/source/vcredist_x64_ee916012783024dac67fc606457377932c826f05.exe /Q"
RUN "C:/source/AzInfoProtection_UL.exe PowerShellOnly=true /quiet /log C:/source/install.log"
RUN powershell Install-Module AIPService
RUN powershell Set-ExecutionPolicy Unrestricted
RUN powershell Import-Module AIPService
RUN powershell Install-Module ExchangeOnlineManagement
RUN powershell Install-Module SharePointPnPPowerShellOnline
RUN powershell Add-content C:\Windows\System32\drivers\etc\hosts '"127.0.0.1 msoid.onmicrosoft.com"'
RUN powershell Add-content C:\Windows\System32\drivers\etc\hosts '"127.0.0.1 msoid.autorenplattform.ch"'
RUN powershell Add-content C:\Windows\System32\drivers\etc\hosts '"127.0.0.1 msoid.autorenplattform.onmicrosoft.com`n"'
RUN powershell Add-content C:\Windows\System32\drivers\etc\hosts '"127.0.0.1 msoid.*.onmicrosoft.com"'
#Create Service User for AIP Authentication
RUN NET USER svcuser /ADD
RUN NET LOCALGROUP "Administrators" "svcuser" /ADD
#Start each container as Service User
USER svcuser
Comentarios