WEBVTT 0:00:02.820000 --> 0:00:04.780000 All right, fair warning. 0:00:04.780000 --> 0:00:08.700000 This is one of the topics I think is the coolest in all of cloud. 0:00:08.700000 --> 0:00:11.600000 And so I tend to geek out a little bit, but I'll try and keep that under 0:00:11.600000 --> 0:00:17.780000 under control. In this video, I'm going to talk about something that I 0:00:17.780000 --> 0:00:19.660000 find, as I said, absolutely fascinating. 0:00:19.660000 --> 0:00:25.180000 And that is the way that you actually access the functionality and the 0:00:25.180000 --> 0:00:29.820000 way you can build your own custom functionality on top of and integrated 0:00:29.820000 --> 0:00:35.440000 with Azure. And so we're going to take a look at managing API access to 0:00:35.440000 --> 0:00:37.680000 Azure subscriptions and resources. 0:00:37.680000 --> 0:00:42.940000 And the topics that we're going to look at include, we're going to look 0:00:42.940000 --> 0:00:46.440000 at the Azure REST API, what that REST API is. 0:00:46.440000 --> 0:00:50.580000 We'll talk about Azure service principles and how critical they are. 0:00:50.580000 --> 0:00:55.300000 We'll look at the process of REST API authentication. 0:00:55.300000 --> 0:00:59.800000 And finally, I'm going to go through a brief demonstration. 0:00:59.800000 --> 0:01:06.440000 Now, when we talk about APIs in general and API authentication and control, 0:01:06.440000 --> 0:01:10.700000 understand that interacting with an API or application program in interface 0:01:10.700000 --> 0:01:16.520000 is by its nature an application programming activity, right? 0:01:16.520000 --> 0:01:18.000000 So this is for developers. 0:01:18.000000 --> 0:01:21.320000 However, even if you're not a developer, I think it is fundamental to 0:01:21.320000 --> 0:01:26.560000 understand the way that really everything interacts, all tools interact 0:01:26.560000 --> 0:01:31.760000 with not only Azure, but in reality, any cloud provider. 0:01:31.760000 --> 0:01:34.860000 Now, obviously, every cloud provider is going to have their own set of 0:01:34.860000 --> 0:01:38.460000 APIs or application programming interfaces, and we're going to cover the 0:01:38.460000 --> 0:01:42.820000 one for Azure. But as a non-developer, it is, like I said, I think it's 0:01:42.820000 --> 0:01:45.340000 good to understand, you know, how this works. 0:01:45.340000 --> 0:01:49.240000 And if you're a developer, you'll see how easy it actually is to integrate 0:01:49.240000 --> 0:01:53.900000 functionality from Azure into other programs into other systems using 0:01:53.900000 --> 0:02:00.100000 the REST API. So let's go ahead and let's get started talking about the 0:02:00.100000 --> 0:02:03.260000 REST API. So what is the Azure REST API? 0:02:03.260000 --> 0:02:06.900000 Well, if you think about Azure, you know, what do we have in Azure? 0:02:06.900000 --> 0:02:11.740000 Well, in Azure, we've got a whole bunch of resources, you know, and we 0:02:11.740000 --> 0:02:16.920000 can have things like infrastructure as a service resources, so virtual 0:02:16.920000 --> 0:02:19.540000 machines and virtual networks and gateways. 0:02:19.540000 --> 0:02:25.700000 We can have platform services like Cosmos DB, Azure SQL, Data Lake, and 0:02:25.700000 --> 0:02:28.920000 literally scores hundreds more. 0:02:28.920000 --> 0:02:31.480000 Okay, not scores of hundreds, scores of hundreds more. 0:02:31.480000 --> 0:02:35.780000 But we have all of these different resources, right? 0:02:35.780000 --> 0:02:37.200000 And how do we manage this? 0:02:37.200000 --> 0:02:41.900000 Well, we have something that we generally refer to as the management plane. 0:02:41.900000 --> 0:02:48.920000 And that's the way that we are going to interact with all of these resources 0:02:48.920000 --> 0:02:52.680000 and manage these resources and configure these resources and provision 0:02:52.680000 --> 0:02:54.180000 these resources. 0:02:54.180000 --> 0:02:58.600000 And you hopefully are pretty familiar with our management tools, right? 0:02:58.600000 --> 0:03:04.860000 So we've got, you know, our handy dandy Azure portal that I do a lot of 0:03:04.860000 --> 0:03:07.200000 demonstrations because it's nice and it's visual. 0:03:07.200000 --> 0:03:12.860000 We've got our command line tools, whether they are the Azure CLI or the 0:03:12.860000 --> 0:03:15.620000 Azure PowerShell commandlets, right? 0:03:15.620000 --> 0:03:17.500000 And we also have the REST API. 0:03:17.500000 --> 0:03:22.100000 I've talked about this in other videos throughout really all the courses 0:03:22.100000 --> 0:03:28.540000 here at INE. And it's at REST API that in the end of the day provides 0:03:28.540000 --> 0:03:30.560000 everything, right? 0:03:30.560000 --> 0:03:36.120000 So all of the other tools that you use to interact with Azure, what they're 0:03:36.120000 --> 0:03:40.840000 doing under the hood is they're actually making calls to this REST API. 0:03:40.840000 --> 0:03:46.080000 So you can really think of it as Azure having really just one way of interacting 0:03:46.080000 --> 0:03:48.320000 and that's through the API. 0:03:48.320000 --> 0:03:51.020000 And then these tools are built on top of that, right? 0:03:51.020000 --> 0:03:54.880000 And particularly the CLI and the Azure PowerShell, those are actually 0:03:54.880000 --> 0:04:00.220000 open sourced. You can go out and you can, you know, download the code 0:04:00.220000 --> 0:04:04.200000 for it or become involved in the project because it all goes on top at 0:04:04.200000 --> 0:04:07.420000 all, if you will, rests on the REST API. 0:04:07.420000 --> 0:04:11.320000 Now, if you're not familiar with REST API, long story short, you don't 0:04:11.320000 --> 0:04:14.820000 need to representational state transfer, but that doesn't matter. 0:04:14.820000 --> 0:04:19.920000 What matters is it's based on HTTP and HTTPS, which is just encrypted 0:04:19.920000 --> 0:04:24.520000 version, right? And so what that means is that pretty much everything 0:04:24.520000 --> 0:04:31.060000 talks HTTP. You are watching this now almost certainly over a system. 0:04:31.060000 --> 0:04:34.400000 Well, you are watching it over a system that talks HTTP, right? 0:04:34.400000 --> 0:04:36.980000 So this is universal as universal as it gets. 0:04:36.980000 --> 0:04:42.680000 And that's why REST API is so popular and so ubiquitous. 0:04:42.680000 --> 0:04:46.060000 And there's variations of it that, you know, here things like GraphGL, 0:04:46.060000 --> 0:04:47.380000 all sorts of other stuff. 0:04:47.380000 --> 0:04:49.140000 It doesn't matter. 0:04:49.140000 --> 0:04:52.700000 Okay, we're using the REST API. 0:04:52.700000 --> 0:04:56.360000 Okay. Now another key component, just switching gears here. 0:04:56.360000 --> 0:04:58.260000 So we're going to use the REST API. 0:04:58.260000 --> 0:05:01.440000 But, you know, if you think about it, we're running code. 0:05:01.440000 --> 0:05:03.400000 Okay, cool. What is that code going to be doing? 0:05:03.400000 --> 0:05:07.180000 Well, it's going to be doing something in the Azure environment. 0:05:07.180000 --> 0:05:11.220000 All right. And so in order to do that, it has to have the appropriate 0:05:11.220000 --> 0:05:17.100000 rights. And in order to have the appropriate rights, we have what are 0:05:17.100000 --> 0:05:18.100000 called service principles. 0:05:18.100000 --> 0:05:23.760000 Service principles identify within Azure AD and within Azure, your background 0:05:23.760000 --> 0:05:29.640000 services, your processes, and, you know, any, uh, daimons, okay? 0:05:29.640000 --> 0:05:32.800000 Your Azure service principles are treated as an identity. 0:05:32.800000 --> 0:05:34.840000 In fact, they are an identity. 0:05:34.840000 --> 0:05:40.800000 Just like you have a user account identity, you create a service principle, 0:05:40.800000 --> 0:05:42.320000 it's got its own identity. 0:05:42.320000 --> 0:05:45.900000 Like any other identity, it can be added to groups. 0:05:45.900000 --> 0:05:50.980000 It can be assigned roles at various levels, role-based access control, 0:05:50.980000 --> 0:05:54.700000 our back. And it has authentication. 0:05:54.700000 --> 0:05:58.500000 You can either use a secret, which is really just a password, or you can 0:05:58.500000 --> 0:05:59.920000 set it up with certificate base. 0:05:59.920000 --> 0:06:03.180000 And this is actually really important for a lot of automation. 0:06:03.180000 --> 0:06:08.020000 For example, the Azure automation account, if you're using Azure automation, 0:06:08.020000 --> 0:06:15.060000 sorry about that, to interact with, well, Azure. 0:06:15.060000 --> 0:06:21.940000 What's going to happen is the Azure automation creates a service principle, 0:06:21.940000 --> 0:06:26.880000 sets it up with a certificate and uses that to authenticate any time it 0:06:26.880000 --> 0:06:27.840000 needs to interact. 0:06:27.840000 --> 0:06:30.280000 Well, you would code it to do so, but there's examples. 0:06:30.280000 --> 0:06:35.040000 But anytime you need to interact automatically with Azure itself, if you 0:06:35.040000 --> 0:06:38.560000 are running automated scripts somewhere else, chances are very good that 0:06:38.560000 --> 0:06:42.780000 you are using a service principle to run those scripts because you don't 0:06:42.780000 --> 0:06:43.760000 want an interactive login. 0:06:43.760000 --> 0:06:49.860000 And a very safe way of doing that is with a certificate. 0:06:49.860000 --> 0:06:54.360000 Now, another variation, and this is one I absolutely love, is managed 0:06:54.360000 --> 0:06:59.260000 identities. Managed identities are covered in other videos. 0:06:59.260000 --> 0:07:04.640000 But what a managed identity is, is a service principle that is actually 0:07:04.640000 --> 0:07:08.100000 created by and managed by Azure. 0:07:08.100000 --> 0:07:12.640000 And you don't directly create these in Azure AD. 0:07:12.640000 --> 0:07:15.780000 Instead, let's say I've got a web app and I want that web app to interact 0:07:15.780000 --> 0:07:18.160000 with an Azure SQL database. 0:07:18.160000 --> 0:07:21.720000 I can go and just go to the web app and say I want to manage identity. 0:07:21.720000 --> 0:07:24.020000 It will create a managed identity. 0:07:24.020000 --> 0:07:27.400000 And then I can assign that managed identity access to whatever it needs. 0:07:27.400000 --> 0:07:29.300000 The cool thing is, it's managed. 0:07:29.300000 --> 0:07:35.280000 So when I, for example, deep provision or delete the web app itself, then 0:07:35.280000 --> 0:07:37.820000 the managed principles also deleted. 0:07:37.820000 --> 0:07:39.980000 So very cool capability. 0:07:39.980000 --> 0:07:42.440000 All right, and so those are service principles. 0:07:42.440000 --> 0:07:45.320000 Now, okay, we've got service principles. 0:07:45.320000 --> 0:07:48.960000 We've got this concept of the Azure API. 0:07:48.960000 --> 0:07:54.060000 How do we go about actually authenticating our service principles in this 0:07:54.060000 --> 0:07:56.740000 Azure API using REST? 0:07:56.740000 --> 0:08:00.100000 Well, it's actually a two step process. 0:08:00.100000 --> 0:08:05.280000 In the first step, you're going to actually not even integrate or interact 0:08:05.280000 --> 0:08:10.280000 with Azure. You're going to submit your credentials to a Microsoft authentication 0:08:10.280000 --> 0:08:14.000000 endpoint. And you're going to use a REST API for that. 0:08:14.000000 --> 0:08:16.400000 You're going to use what's called a post-verb. 0:08:16.400000 --> 0:08:19.980000 If you're not an HTTP developer, you don't really need to know that. 0:08:19.980000 --> 0:08:24.920000 But it's going to have this very generic primary login. 0:08:24.920000 --> 0:08:29.100000 Then you'll have your tenant ID and then the authentication. 0:08:29.100000 --> 0:08:32.780000 There's a few variations, but that's usually the one that you will use. 0:08:32.780000 --> 0:08:37.760000 Now, as part of that post, you're going to post the credentials of, in 0:08:37.760000 --> 0:08:39.740000 this case, the service principle. 0:08:39.740000 --> 0:08:43.660000 And when you post those credentials, assuming it is successful, you will 0:08:43.660000 --> 0:08:45.600000 receive an access token. 0:08:45.600000 --> 0:08:50.000000 And that is all you need that login.marche.com form. 0:08:50.000000 --> 0:08:54.400000 Then you really flip at that point, we'll kind of draw a line here. 0:08:54.400000 --> 0:08:59.860000 At that point, you flip into interacting with the actual Azure API. 0:08:59.860000 --> 0:09:05.640000 So really those first two elements are the first step to get your identity. 0:09:05.640000 --> 0:09:09.700000 Then you take that token and you put it in every request that you make 0:09:09.700000 --> 0:09:14.940000 at that point forward to interact with the Azure API. 0:09:14.940000 --> 0:09:21.620000 Now, what I'd like to do is go ahead and demonstrate this. 0:09:21.620000 --> 0:09:25.780000 Now, what I'm going to do in this demonstration is I'm going to first 0:09:25.780000 --> 0:09:28.180000 create a service principle. 0:09:28.180000 --> 0:09:35.720000 And if nothing else, this is one of the most useful command line tools 0:09:35.720000 --> 0:09:40.080000 that you'll find, because creating service principles can be a little 0:09:40.080000 --> 0:09:44.860000 bit painful. And particularly if you're going through the PowerShell commandlets. 0:09:44.860000 --> 0:09:50.200000 And so in this case, I'm actually going to use an Azure CLI command that's 0:09:50.200000 --> 0:09:53.640000 pretty well known to generate my service principle. 0:09:53.640000 --> 0:09:56.960000 Then I'm going to take the identity information for that service principle, 0:09:56.960000 --> 0:09:59.600000 and I'm going to use it in a tool called Postman. 0:09:59.600000 --> 0:10:03.960000 And if you do anything with REST APIs, you are probably familiar with 0:10:03.960000 --> 0:10:08.880000 Postman. It is pretty much the de facto standard for interacting with 0:10:08.880000 --> 0:10:11.960000 REST APIs. And I'm going to go and I'm going to make those calls that 0:10:11.960000 --> 0:10:16.560000 I was just talking about and get my token, hopefully, and then go and 0:10:16.560000 --> 0:10:20.800000 use that token. So let's go ahead and let's get started up. 0:10:20.800000 --> 0:10:28.000000 Now, to start with, I've got this command, azadsp. 0:10:28.000000 --> 0:10:30.520000 All right, so that's my Azure CLI. 0:10:30.520000 --> 0:10:32.160000 I'm going against ad. 0:10:32.160000 --> 0:10:35.120000 I'm working with service principles and I want to create a service principle 0:10:35.120000 --> 0:10:37.320000 for role-based access control. 0:10:37.320000 --> 0:10:41.800000 And I'm going to name that service principle, INE, AAD API. 0:10:41.800000 --> 0:10:46.200000 All right, now I've got the HTTP because it expects a URI, and it'll just 0:10:46.200000 --> 0:10:47.820000 say that it converts it to URI. 0:10:47.820000 --> 0:10:52.840000 If I just put in INE, AAD API, that would be fine, but it would yell at 0:10:52.840000 --> 0:10:54.120000 me a little bit. 0:10:54.120000 --> 0:11:18.620000 All right, so let's go ahead and let's create that. 0:11:18.620000 --> 0:11:23.240000 Now, what's kind of interesting about this is that you'll notice it says 0:11:23.240000 --> 0:11:25.040000 retry and roll assignment creation. 0:11:25.040000 --> 0:11:27.020000 That always happens. 0:11:27.020000 --> 0:11:30.720000 And that's just one of those things where I'm like, okay, nuisance error. 0:11:30.720000 --> 0:11:33.740000 I could probably at some point go and try and find out what that is, but 0:11:33.740000 --> 0:11:35.220000 I'm fine with it. 0:11:35.220000 --> 0:11:39.520000 But there's some very important information here, the app ID, that is 0:11:39.520000 --> 0:11:42.140000 actually the ID of the service principle. 0:11:42.140000 --> 0:11:46.540000 The display name, the name, the password, right, that's the secret and 0:11:46.540000 --> 0:11:47.420000 then the tenant ID. 0:11:47.420000 --> 0:11:51.860000 Now I'm going to move these up and out of the way so I can still see them. 0:11:51.860000 --> 0:11:55.200000 So really not out of the way, but more so I can use them. 0:11:55.200000 --> 0:11:57.240000 And I'm going to pull up postman. 0:11:57.240000 --> 0:12:03.720000 Now, I've already got postman set up and this may be a little bit hard 0:12:03.720000 --> 0:12:04.660000 to see because I'm going to pull up postman. 0:12:04.660000 --> 0:12:10.540000 Because I always forget to up my zoom in a little bit there and zoom in 0:12:10.540000 --> 0:12:16.060000 a bit more. There should be a little bit better. 0:12:16.060000 --> 0:12:18.700000 And so I've got a call set up. 0:12:18.700000 --> 0:12:25.320000 It's a post. And I'm posting to login .marcheself.com slash this tenant 0:12:25.320000 --> 0:12:29.840000 ID, OAuth2 token. 0:12:29.840000 --> 0:12:31.300000 Now tenant ID is a variable. 0:12:31.300000 --> 0:12:33.800000 And I've got variable set up. 0:12:33.800000 --> 0:12:38.320000 And what I need to do though is I need to take the app ID that was just 0:12:38.320000 --> 0:12:41.660000 generated and put that in as the app ID. 0:12:41.660000 --> 0:12:55.780000 And the password that was also just generated. 0:12:55.780000 --> 0:12:58.380000 Put that in as the secret. 0:12:58.380000 --> 0:13:10.160000 All right. And then with that, I'm actually ready to generate my token. 0:13:10.160000 --> 0:13:13.420000 Now I'm posting this. 0:13:13.420000 --> 0:13:20.260000 Okay. And in here, in addition to tenant ID, I've got the grant type. 0:13:20.260000 --> 0:13:22.220000 So these are going to be client credentials. 0:13:22.220000 --> 0:13:24.000000 The client ID is the application ID. 0:13:24.000000 --> 0:13:25.920000 The client secret is the secret. 0:13:25.920000 --> 0:13:31.020000 And the resource that I want access to is the management interface for 0:13:31.020000 --> 0:13:38.840000 Azure. So I'm going to go ahead and send that. 0:13:38.840000 --> 0:13:40.980000 And I've got a status 200. 0:13:40.980000 --> 0:13:43.140000 That is a good thing. 0:13:43.140000 --> 0:13:46.320000 And let's go back. 0:13:46.320000 --> 0:13:47.860000 There we go. Okay. 0:13:47.860000 --> 0:13:51.460000 And if I go down here, what's important is this access token. 0:13:51.460000 --> 0:13:52.800000 So I get some information. 0:13:52.800000 --> 0:13:55.300000 This is in the body of the response. 0:13:55.300000 --> 0:13:57.820000 Again, what's really critical is this access token. 0:13:57.820000 --> 0:14:00.080000 So I'm going to take this access token. 0:14:00.080000 --> 0:14:04.000000 And I'm going to copy it. 0:14:04.000000 --> 0:14:08.560000 I'm going to go back to my variables and back to this access token that 0:14:08.560000 --> 0:14:10.760000 I've obviously used before. 0:14:10.760000 --> 0:14:13.780000 Put in my new access token. 0:14:13.780000 --> 0:14:18.460000 All right. So I went and again, we'll take a quick look again at what 0:14:18.460000 --> 0:14:21.120000 was part of that post. 0:14:21.120000 --> 0:14:26.460000 Oh, it doesn't want to let me. 0:14:26.460000 --> 0:14:34.320000 Okay. So again, I sent body information over in that post. 0:14:34.320000 --> 0:14:39.980000 And you know, receive this access token. 0:14:39.980000 --> 0:14:44.680000 All right. Now I've got my next send. 0:14:44.680000 --> 0:14:47.380000 Now this is a get that means I'm requesting information. 0:14:47.380000 --> 0:14:51.160000 And what I'm doing is I'm going to the subscription. 0:14:51.160000 --> 0:14:54.980000 So I'm going to manage my management data, Azure.com. 0:14:54.980000 --> 0:15:00.120000 I'm going to my subscription and I'm going to list my resource groups. 0:15:00.120000 --> 0:15:04.300000 And now it's got one parameter, which is a query string API version. 0:15:04.300000 --> 0:15:05.880000 That's really not that important. 0:15:05.880000 --> 0:15:08.100000 What is important is my headers. 0:15:08.100000 --> 0:15:10.640000 And I've got this one header authorization. 0:15:10.640000 --> 0:15:14.920000 And I've got it set up to be the word bearer followed by that token. 0:15:14.920000 --> 0:15:18.400000 Okay. Now, again, the variables that I'm using just make it a little easier 0:15:18.400000 --> 0:15:20.020000 to do all of this. 0:15:20.020000 --> 0:15:22.600000 All right. And then nothing in the body. 0:15:22.600000 --> 0:15:32.060000 And so if I send that, okay, what I get back is a list of my resource 0:15:32.060000 --> 0:15:37.040000 groups. Okay. So and again, the actual details of this, not that important, 0:15:37.040000 --> 0:15:38.560000 but it is pretty cool. 0:15:38.560000 --> 0:15:40.520000 You know, for example, here's demo assets permanent. 0:15:40.520000 --> 0:15:42.240000 That's one of my resource groups. 0:15:42.240000 --> 0:15:47.120000 Great. Okay. Now a little bit more interesting. 0:15:47.120000 --> 0:15:51.460000 I'm going to go over here to this put. 0:15:51.460000 --> 0:15:55.960000 Put is going to allow me to send updates. 0:15:55.960000 --> 0:16:02.200000 Now, in this case, I am going to send an update to deploy a template. 0:16:02.200000 --> 0:16:08.020000 Okay. And so again, what I have is I've got HTTPS management subscriptions, 0:16:08.020000 --> 0:16:13.360000 my subscription resource groups. 0:16:13.360000 --> 0:16:17.940000 And the API version and the resource group, if I click on that, is actually, 0:16:17.940000 --> 0:16:23.340000 does actually say, so deployments. 0:16:23.340000 --> 0:16:25.060000 And I'm going to have a res test. 0:16:25.060000 --> 0:16:27.340000 That's going to be the name of the deployment. 0:16:27.340000 --> 0:16:32.660000 All right. Now, if I go to headers, there's my authorization token again. 0:16:32.660000 --> 0:16:35.140000 Anything I'm going to do is based on the token. 0:16:35.140000 --> 0:16:36.540000 And then the body. 0:16:36.540000 --> 0:16:38.240000 Now, you're not a developer. 0:16:38.240000 --> 0:16:42.060000 I'm not expecting you to be able to, you know, jot down this, this JSON. 0:16:42.060000 --> 0:16:47.820000 I will tell you that this is taken pretty much directly from some examples. 0:16:47.820000 --> 0:16:53.920000 You can see by my very studious control of my tags there. 0:16:53.920000 --> 0:16:57.440000 Hey, but what this does is says, okay, I'm going to deploy. 0:16:57.440000 --> 0:17:00.000000 I'm going to use a deployment and I've got a template and some random 0:17:00.000000 --> 0:17:03.280000 template. And I never, honestly, never even remember what this actually 0:17:03.280000 --> 0:17:06.940000 deploys, which would be a bad idea in general, but it's going to work 0:17:06.940000 --> 0:17:12.320000 for this. Okay. So what I'm going to do is go ahead and send that. 0:17:12.320000 --> 0:17:17.700000 Okay. So I sent it. 0:17:17.700000 --> 0:17:21.200000 And down here, I get status 200. 0:17:21.200000 --> 0:17:24.320000 We are okay. Great. 0:17:24.320000 --> 0:17:25.420000 Okay. What did that do? 0:17:25.420000 --> 0:17:32.720000 Well, if I go, not to my tenant, but to my resource groups and I go to 0:17:32.720000 --> 0:17:36.880000 that resource group. 0:17:36.880000 --> 0:17:39.820000 And I go to deployments. 0:17:39.820000 --> 0:17:44.660000 I see I have a deployment that has been running for 27 seconds. 0:17:44.660000 --> 0:17:48.380000 I have quite a few deployments here, but this is the deployment that I 0:17:48.380000 --> 0:17:54.540000 just sent. And it looks like it has created a public IP, a virtual network 0:17:54.540000 --> 0:17:58.880000 and a NIC. And right now it is creating a virtual machine. 0:17:58.880000 --> 0:18:01.580000 Okay. Or provisioning. 0:18:01.580000 --> 0:18:05.300000 All right. And if I click back, now you'll see that I've got these resources. 0:18:05.300000 --> 0:18:13.200000 So I was able through just standard HTTP calls over the HTTPS protocol 0:18:13.200000 --> 0:18:20.760000 to log in as a service principal to retrieve information from my subscription 0:18:20.760000 --> 0:18:27.980000 and also to actually automate the process of generating resources using 0:18:27.980000 --> 0:18:29.340000 a service. A template. 0:18:29.340000 --> 0:18:32.860000 Okay. Again, unless you're a developer, these are probably not actions 0:18:32.860000 --> 0:18:34.180000 you're going to take. 0:18:34.180000 --> 0:18:38.720000 But if you're working with Azure, if you're working with security, it 0:18:38.720000 --> 0:18:41.740000 is important to understand how this works because whether you're using 0:18:41.740000 --> 0:18:47.020000 the portal or the Azure command line utilities or a third party application, 0:18:47.020000 --> 0:18:51.360000 this is how that application is going to integrate with the Azure resources.