MS-600 Scenario1 Overview ADatum Corporation develops a software as a service (SaaS) application named E-invoicing.

Overview

• ADatum Corporation develops a software as a service (SaaS) application named E-invoicing.

Existing Environment -

Application Architecture -

• E-invoicing consists of a single-page application (SPA) and a backend web service that provides invoice management and processing functionality.
• E-invoicing stores all the details of each invoicing operation in a backend cloud database. E-invoicing generates invoices in PDF format and provides users with the ability to download the PDF after it is generated. Each invoice has a unique identifier named invoiceid.
• The users have a common workflow where they sign in to E-invoicing, and then open E-invoicing in multiple tabs of a web browser so they can use different parts of the application simultaneously.

Security Architecture -

• ADatum uses the principle of least privilege whenever possible. ADatum always uses the latest libraries and integration endpoints.

Requirements -

Business Goals -

ADatum wants to integrate E-invoicing, Azure Active Directory (Azure AD), and Microsoft Graph so that their customers can leverage Microsoft Office 365 services directly from within E-invoicing.

Planned Changes -

ADatum plans to add the following capabilities to E-invoicing:

• Email the generated invoices to customers on behalf of the current signed-in user. Any emails generated by the system will contain the invoiced.
• Perform as many operations as possible in the browser without having to leave the E-invoicing application.
• Use Azure AD to manage identities, authentication, and authorization.
• Display all emails that contain a specific invoiceid.

Technical Requirements -

ADatum identifies the following technical requirements for the planned E-invoicing capabilities:

• Ensure that all operations performed by E-invoicing against Office 365 are initiated by a user. Require that the user authorize E-invoicing to access the Office 365 data the first time the application attempts to access Office 365 data on the user's behalf.
• Send scheduled reminders to customers before a payment due date. Create an administration user interface to enable the scheduled reminders.
• Implement Microsoft Graph change notifications to detect emails from vendors that arrive in a designated mailbox.
• Implement single sign-on (SSO) and minimize login prompts across browser tabs.
• Secure access to the backend web service by using Azure AD.
• Ensure that all solutions use secure coding practices.
• Backend Security Planned Changes ADatum wants to use custom application roles to map user functionality to permissions granted to users.
• E-invoicing will have internal logic that will dynamically identify whether the user should be allowed to call the backend API.

SSO JavaScript Script -

You plan to implement SSO with Microsoft Authentication Library (MSAL) by using the following code: