Skip to main content

Azure Functions

This step is optional, but it is recommended.

The Azure Functions panel displays the list of all functions created within the PKWARE ecosystem. These functions can be used to execute policy against M365 repositories. The functions can also be created locally. Azure functions provide increased performance and better abilities to horizontally scale. Since sensitive data within the files are detected and protected in the cloud repositories directly.  To access Azure Function page, go to Clouds > Azure Function.

Azure functions are created within azure tenant and will have an associated cost to them.

To Delete or Edit the details of the azure functions, click Delete or Edit button respectively.

image-20240507-135932.png

Following is the description of the columns.

Column Heading

Description

Name

This field specifies name of the azure function. 

Updated At

This field displays the date/time when the azure function was last updated.

Creating an Azure Function

To create an azure function, follow the below steps: 

  1. Click the Add button in the Connectors screen.

  2. Under Select Your Azure App option, select the azure app registration that you have created using the Cloud > Azure tab. This will automatically fill in some values necessary for the azure function. If you select Enter Manually option then you need to fill in the required details otherwise on selecting the azure app, most of the details will be filled in automatically.

image-20240507-140056.png

Following is the description for each field:

Input

Description

Name

This input specifies the name of the azure function object in the PEM environment.

Comment

Specify additional information about the azure function and is optional.

Select Your Azure App

Select the azure app created in the Cloud > Azure tab in PEM Administrator. This will automatically populate Tenant Id, Client Id, Client Secret, PFX Blob, PFX Blob Password and Client Object Id.

If Enter Data Manually is selected, information about the azure app must be entered. It is recommended to create azure app through the PEM Administrator to ensure proper permissions are granted.

Tenant Id

This input specifies the azure Tenant Id where the azure functions should be created and is hidden when an azure app is selected under “Select Your Azure App”.

Client Id

This input specifies the azure app registration Application Id the azure functions should use to access M365 repositories and is hidden when an azure app is selected under “Select Your Azure App”.

Client Secret

This input specifies the azure app registration Client Secret for authentication and is hidden when an azure app is selected under “Select Your Azure App”.

Note: When Client Secret is used, PFX Blob and PFX Blob Password are not required.

PFX Blob

This input specifies the base64 representation of the certificate’s private key and is hidden when an azure app is selected under “Select Your Azure App”.

Note: When Client Secret is used, PFX Blob and PFX Blob Password are not required.

PFX Blob Password

This input specifies the azure app registration certificate’s password used for authentication and is hidden when an azure app is selected under “Select Your Azure App”.

Note: When Client Secret is used, PFX Blob and PFX Blob Password are not required.

Client Object Id

This input specifies the azure app registration Object Id which the azure functions should use to access M365 repositories and is hidden when an azure app is selected under “Select Your Azure App”.

Azure Subscription

This input specifies the active azure subscription to attach the azure function resources. Click Fetch Subscriptions to get a list of all your azure tenant subscriptions.

Region

Select the resource region in which the azure function will run.

Azure Environment

Select the azure environment in which the azure function will run.

Resource Group Name

This input specifies the azure resource group name. This will contain all the related resources generated for the azure function to run. By default, the value is set to pkwareresourcegroup.

Storage Account Name

This input specifies the azure storage account name. This will be used by the azure function to store temporary files during policy execution. By default, the value is set to pkwarestorageaccount.

Function App Name

This input specifies the azure function app name. By default, the value is set to pkwarefunctionapp.

Vault Name

This input specifies the azure key vault name. This is used to store keys used for secure communication between all resources used by the azure function. By default, the value is set to pkwarevault.

Azure Function Zip path

This input specifies the azure blob hosting the current version of PKWARE’s azure function app. This can be provided by PKWARE support.

Local Agent (optional but not recommended)

Another way is to run PK Protect for M365 locally instead of utilizing azure functions. This decision is decided at the policy setup in the PEM Administrator. When setup is done locally i.e., not using azure functions, files are downloaded to the system on which the agent is installed, and remediation action is applied. Post processing files are then re-uploaded on selected cloud repository.

However, if we use azure functions then files are directly detected and remediated in the cloud repositories. Through this process, increased performance and enhanced capacity can be achieved.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.