MS-600 Scenario1 Overview ADatum Corporation develops a software as a service (SaaS) application named E-invoicing.

Overview

  • ADatum Corporation develops a software as a service (SaaS) application named E-invoicing.

Existing Environment -

Application Architecture -

  • E-invoicing consists of a single-page application (SPA) and a backend web service that provides invoice management and processing functionality.
  • E-invoicing stores all the details of each invoicing operation in a backend cloud database. E-invoicing generates invoices in PDF format and provides users with the ability to download the PDF after it is generated. Each invoice has a unique identifier named invoiceid.
  • The users have a common workflow where they sign in to E-invoicing, and then open E-invoicing in multiple tabs of a web browser so they can use different parts of the application simultaneously.

Security Architecture -

  • ADatum uses the principle of least privilege whenever possible. ADatum always uses the latest libraries and integration endpoints.

Requirements -

Business Goals -

ADatum wants to integrate E-invoicing, Azure Active Directory (Azure AD), and Microsoft Graph so that their customers can leverage Microsoft Office 365 services directly from within E-invoicing.

Planned Changes -

ADatum plans to add the following capabilities to E-invoicing:

  • Email the generated invoices to customers on behalf of the current signed-in user. Any emails generated by the system will contain the invoiced.
  • Perform as many operations as possible in the browser without having to leave the E-invoicing application.
  • Use Azure AD to manage identities, authentication, and authorization.
  • Display all emails that contain a specific invoiceid.

Technical Requirements -

ADatum identifies the following technical requirements for the planned E-invoicing capabilities:

  • Ensure that all operations performed by E-invoicing against Office 365 are initiated by a user. Require that the user authorize E-invoicing to access the Office 365 data the first time the application attempts to access Office 365 data on the user's behalf.
  • Send scheduled reminders to customers before a payment due date. Create an administration user interface to enable the scheduled reminders.
  • Implement Microsoft Graph change notifications to detect emails from vendors that arrive in a designated mailbox.
  • Implement single sign-on (SSO) and minimize login prompts across browser tabs.
  • Secure access to the backend web service by using Azure AD.
  • Ensure that all solutions use secure coding practices.
  • Backend Security Planned Changes ADatum wants to use custom application roles to map user functionality to permissions granted to users.
  • E-invoicing will have internal logic that will dynamically identify whether the user should be allowed to call the backend API.

SSO JavaScript Script -

You plan to implement SSO with Microsoft Authentication Library (MSAL) by using the following code:

Access Token JavaScript Script -

You have the following JavaScript code to obtain an access token.

Change Notification JSON -

You have the following JSON message that will be sent by the Microsoft Graph service to detect the vendor emails.