Login
      Contents x
      Configure Microsoft Azure to Support Lasernet Access to Azure Storage Through App-Registration-Based Authentication
      • 14 Jan 2025
      • 2 Minutes to read
      • Contributors
      • Print
      • PDF
      Contents

      Configure Microsoft Azure to Support Lasernet Access to Azure Storage Through App-Registration-Based Authentication

      • Updated on 14 Jan 2025
      • 2 Minutes to read
      • Contributors
      • Print
      • PDF
      Article summary

      Lasernet 10.10 and later support access to Azure Storage through app-registration-based authentication. In these Lasernet versions, Lasernet Cloud printing configuration and Lasernet modules for Azure Storage input and output provide an Application Registration authentication option. This option is configured with Client ID and Client Secret to enable Lasernet to authenticate with Microsoft Entra ID as an application and access Azure Storage.

      The implementation of this access consists of three elements which must each be appropriately configured:

      • Microsoft Entra ID: An app registration that represents Lasernet must be granted appropriate API permissions.

      • Azure Storage container: The enterprise app (corresponding to that app registration) must be assigned appropriate app roles on the Azure Storage container that you want Lasernet to connect to.

      • Lasernet: The Azure Storage modules in a Lasernet configuration, or the configuration of Lasernet Cloud printing, or both, use a client ID and client secret to authenticate with Microsoft Entra ID.

      The information below describes the configuration process.

      Important

      This authentication method is not applicable to Azure Storage containers that are managed by Microsoft Dynamics 365 Finance and Operations.

      Intended Audience

      This information is intended for experienced Microsoft Azure administrators, who will understand how to complete tasks such as configuring role assignments on a storage container.  So, this article contains only the supporting information that an administrator needs, such as which roles to assign.

      The final stage of the process is to configure Lasernet. This task is completed by a Lasernet administrator and is described in the Lasernet Azure Guide and Lasernet Printer Service Guide. Consequently, this page describes only the information that the Microsoft Azure administrator must pass to the Lasernet administrator to enable them to complete the Lasernet configuration stage.

      Configuration Process

      To appropriately configure Microsoft Azure, follow this process.

      1. Create an app registration to represent Lasernet.

      2. Grant the app registration an appropriate set of API permissions.

      3. Generate a client secret for the app registration.

      4. Assign the enterprise application (that corresponds to the app registration) a set of appropriate roles on the storage account.

      5. Supply the necessary information to the Lasernet administrator so that they can configure Lasernet.

      Each task in this process is described in more detail below.

      Create an App Registration

      In Microsoft Entra ID, create an app registration to represent Lasernet.

      Note

      Microsoft Entra ID might already contain app registrations for Lasernet that serve other purposes. Consider whether to create a new additional app registration or modify an existing one.

      This article assumes that you created a new app registration for Lasernet, for the purpose of enabling it to access Azure Storage.

      Grant the App Registration Appropriate API Permissions

      On the app registration’s API permissions page, grant it the following permissions:

      • Azure Storage

        • user_impersonation

      • Microsoft Graph

        • FileStorageContainer.Selected

        • User.Read

      Generate a Client Secret for the App Registration

      1. On the Certificates and secrets page, generate a client secret for the app.

      2. Note the new client secret (before the Azure Portal obscures it).

      Assign the Lasernet Enterprise Application the Necessary Roles on the Storage Account

      1. In the Azure Portal, navigate to the storage account that Lasernet will connect to.

      2. On the Access Control (IAM) page, use the Role assignments tab to grant the enterprise app (that corresponds to the new app registration) the necessary roles on the storage account. Grant the enterprise app the following roles:

        • Storage Blob Data Contributor

        • Storage Blob Data Reader

        • Storage Queue Data Contributor

        • Storage Queue Data Reader

      Supply Configuration Information to the Lasernet Administrator

      After you have completed this process, supply information from the following Microsoft Azure areas to the Lasernet administrator so that they can configure Lasernet:

      • App registration

        • Application (client) ID

        • Client secret Value

      • Tenant

        • Tenant domain

      • Storage account

        • Storage account Name

        • Container Name

      To use this information to configure Lasernet, the Lasernet administrator can follow the instructions provided in the following guides:

      What's Next
      Change password!
      Changing your password will log you out immediately. Use the new password to log back in.
      Change profile
      Success!
      First name must have atleast 2 characters. Numbers and special characters are not allowed.
      Last name must have atleast 1 characters. Numbers and special characters are not allowed.
      Enter a valid email
      Enter a valid password
      Your profile has been successfully updated.
      Logout