The board wants to enable secure and easy access to applications and services. These applications are available to internal staff and doctors from various countries/regions. Your team manager believes that Microsoft Entra ID can address these needs. Your manager wants you to find out what Microsoft Entra ID is, how it works, and what it does.
Here, you get an overview of Microsoft Entra ID and see why you would use it. You learn about the differences between Microsoft Entra ID and the traditional on-premises Active Directory.
What is Microsoft Entra ID?
Microsoft Entra ID is a cloud-based identity-management solution. It helps your company’s internal users to:
Access external resources like Azure services, Microsoft 365, and third-party SaaS applications.
Access internal resources such as applications on the corporate network and cloud-based applications that your company builds.
Fusion Development Teams create better software faster by empowering Citizen Developers—business professionals—to build applications that solve unique problems, with support from their Professional Developer peers.
The Field Inventory Management System problem involves individuals from field technician, inventory management, and software development roles.
The way Caleb, Maria, and Kiana organize themselves illustrates how many Fusion Development Teams operate effectively.
Development process
“Here’s the interesting thing about Power Apps,” Maria began, “you don’t need a background in software development to create an app that solves a specific business problem.”
She continued, “The trickiest part is knowing when and how to ask for help: recognizing when Power Apps doesn’t offer the functionality you need and involving the software development team.”
Kiana agreed. “Even though Citizen Developers build Power Apps, they still need help from us Professional Developers.”
“Exactly,” Maria said. “Professional Developers often create Power Apps too, especially to replace legacy systems quickly.”
Maria added, “Citizen Developers might use existing web APIs to get data or work with Professional Developers to create new ones. Even better, if Power Apps doesn’t offer a UI control, a Professional Developer can build one.”
“So it sounds like Professional Developers are essential to building Power Apps and supporting Fusion Development Teams,” Kiana concluded.
One way to increase tech intensity at VanArsdel Heating and Air Conditioning is to enable cross-department collaboration in building software solutions. These apps are created by business professionals—also known as Citizen Developers—tailored to their specific needs and supported by data and functionality provided by Professional Developers. Together, Citizen Developers and Professional Developers form a Fusion Development Team.
The VanArsdel Fusion Development Team is focused on solving a business challenge they call the “Field Inventory Management System.”
As the newest employee at VanArsdel, you’re assigned to take notes while Caleb, the lead field technician, describes an inefficient workflow that costs him and his team many hours each day.
The field inventory management system
A flowchart of the current inventory management workflow shows the multiple steps and roles involved:
While performing a repair in the field, Caleb may discover he needs a part that isn’t on his truck.
He might call a nearby technician to see if they have the part available.
If not, he travels back to the central warehouse to pick it up, completing a paper form to log the inventory removal.
If the part is not in stock, he fills out a different form to request the part be ordered.
Caleb notes that if they didn’t spend time retrieving parts, the team could serve more customers each day.
Malik, the office manager, adds that field technicians often call him to check inventory availability, which interrupts his own work and responsibilities.
Maria, who leads supply chain management, shares how this manual process affects her team:
Technicians sometimes forget to record when they remove parts, leading to inaccurate inventory counts.
Her team must frequently conduct manual inventory audits to maintain accuracy.
She reviews paper part request forms multiple times a day to ensure inventory is restocked as needed.
Maria uses a legacy web application, built by Kiana, to track inventory and order parts from vendors.
Kiana notes that IT has prioritized other initiatives, which has delayed modernization of the inventory application.
Malik explains that tech intensity at a company consists of three dimensions:
Adoption of technology
Individual capability to use technology
Organizational trust in deploying technology
Each dimension of tech intensity builds upon the others.
Malik draws two diagrams on the whiteboard. The first is a Venn diagram showing that tech intensity lies at the intersection of company-wide technology adoption, individual capability to use technology, and organizational trust in deploying it. The greater the overlap, the higher the company’s tech intensity.
The second diagram presents a 3D view that illustrates how increasing tech intensity depends on cross-functional communication across departments.
“Looking at it another way,” Malik explains, “tech intensity is about breaking down silos and enabling cross-team productivity.”
Caleb raises his hand: “But here’s what I don’t get. My field technicians can work with Maria’s inventory team to improve warehouse inventory. But where does technology come in if we don’t involve Kiana’s development team?”
Maria nods: “I’ve been studying Power Apps in my spare time. It helps business professionals build apps that are easy to create and deploy.”
Kiana responds: “Those users are Citizen Developers—business professionals who use their domain knowledge and existing data to create applications with Power Apps.”
She continues: “And when Citizen Developers build apps tailored to their needs, my team can focus on reusable components and advanced logic. That eases our backlog and supports them with the right data and capabilities.”
Preeti smiles: “And Power Apps runs from our Microsoft 365 tenant, so it’s fully managed by IT from the start.”
Certificates can be used to provide Transport Layer Security (TLS) mutual authentication between the client and the API gateway. You can configure the API Management gateway to allow only requests with certificates containing a specific thumbprint. The authorization at the gateway level is handled through inbound policies.
When you publish APIs through API Management, it’s easy and common to secure access to those APIs by using subscription keys. Developers who need to consume the published APIs must include a valid subscription key in HTTP requests when they make calls to those APIs. The API Management gateway rejects calls without a subscription key and the calls aren’t forwarded to the back-end services.
To get a subscription key for accessing APIs, a subscription is required. A subscription is essentially a named container for a pair of subscription keys. Developers who need to consume the published APIs can get subscriptions.
The forward-request policy forwards the incoming request to the backend service specified in the request context. The backend service URL is specified in the API settings and can be changed using the set backend service policy.
Removing this policy results in the request not being forwarded to the backend service. The policies in the outbound section are evaluated immediately upon the successful completion of the policies in the inbound section.
XMLCopy
<forward-request timeout="time in seconds" follow-redirects="true | false"/>
Limit concurrency
The limit-concurrency policy prevents enclosed policies from executing by more than the specified number of requests at any time. When requests exceed that number, new requests fail immediately with a 429 Too Many Requests status code.
The log-to-eventhub policy sends messages in the specified format to an event hub defined by a Logger entity. As its name implies, the policy is used for saving selected request or response context information for online or offline analysis.
XMLCopy
<log-to-eventhub logger-id="id of the logger entity" partition-id="index of the partition where messages are sent" partition-key="value used for partition assignment">
Expression returning a string to be logged
</log-to-eventhub>
Mock response
The mock-response, as the name implies, is used to mock APIs and operations. It aborts normal pipeline execution and returns a mocked response to the caller. The policy always tries to return responses of highest fidelity. It prefers response content examples, whenever available. It generates sample responses from schemas, when schemas are provided and examples aren’t. If examples or schemas aren’t found, responses with no content are returned.
The retry policy executes its child policies once and then retries their execution until the retry condition becomes false or retry count is exhausted.
XMLCopy
<retry
condition="boolean expression or literal"
count="number of retry attempts"
interval="retry interval in seconds"
max-interval="maximum retry interval in seconds"
delta="retry interval delta in seconds"
first-fast-retry="boolean expression or literal">
<!-- One or more child policies. No restrictions -->
</retry>
This unit provides a reference for the following API Management policies:
Control flow – Conditionally applies policy statements based on the results of the evaluation of Boolean expressions.
Forward request – Forwards the request to the backend service.
Limit concurrency – Prevents enclosed policies from executing by more than the specified number of requests at a time.
Log to Event Hubs – Sends messages in the specified format to an event hub defined by a Logger entity.
Mock response – Aborts pipeline execution and returns a mocked response directly to the caller.
Retry – Retries execution of the enclosed policy statements, if and until the condition is met. Execution repeats at the specified time intervals and up to the specified retry count.
Control flow
The choose policy applies enclosed policy statements based on the outcome of evaluation of boolean expressions, similar to an if-then-else or a switch construct in a programming language.
XMLCopy
<choose>
<when condition="Boolean expression | Boolean constant">
<!— one or more policy statements to be applied if the above condition is true -->
</when>
<when condition="Boolean expression | Boolean constant">
<!— one or more policy statements to be applied if the above condition is true -->
</when>
<otherwise>
<!— one or more policy statements to be applied if none of the above conditions are true -->
</otherwise>
</choose>
The control flow policy must contain at least one <when/> element. The <otherwise/> element is optional. Conditions in <when/> elements are evaluated in order of their appearance within the policy. Policy statements enclosed within the first <when/> element are applied when the condition attribute is true. Policies enclosed within the <otherwise/> element, if present, are applied if all of the <when/> element condition attributes are false.
API Management provides the core functionality to ensure a successful API program through developer engagement, business insights, analytics, security, and protection. Each API consists of one or more operations, and each API can be added to one or more products. To use an API, developers subscribe to a product that contains that API, and then they can call the API’s operation, subject to any usage policies.
the policy is configured to emit token metrics to the AzureOpenAI namespace with dimensions for User ID, Client IP, and API ID.
The value of the Client IP dimension is set to the IP address of the client making the request.
Imagine now that you can show these metrics in a dashboard and you can monitor the usage of your API in real time. For example, you can see how many tokens are being used by a specific user or how many tokens are being used by a specific API. This powerful feature that can help you optimize your resources and make informed decisions about scaling and resource management.
