Marketplace Managed App intelectual property protection

Question

We are about to build our first managed app. This application consists of scripts (currently powershell scripts) that collect information and store results in provided storage account. Whole application is meant to be deployed to customer's tenant. What I want to do is to protect our scripts and not to reveal them to customers. What's the best way to achieve this and is managed app valid delivery mechanism for such scenario? Thanks.

Answer 1

@Radim Hampel Automation does not protect runbooks from a user reading the contents even with only read access, so an Automation account is not safe for IP protection in this case.

I would recommend using an Azure Function following this guide: https://learn.microsoft.com/en-us/azure/azure-functions/functions-reference-powershell?tabs=portal

Or, I would recommend using templates to deploy VM extensions that use a reference to your scripts in a storage account on your tenant. You can make the template authenticate privately with your storage account, so that a customer who even views the deployment won't be able to auth and retrieve your script: https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/template-tutorial-deploy-vm-extensions

------------------------------------------------------------------------------------------------------------------------------

Please do not forget to "Accept the answer" and "Up-Vote" wherever the information provided helps you to help others in the community.

Answer 2

I thought about Functions and it seems like they're reasonably easy to set up and relatively complex to protect the scripts.

VM extensions are more for setup and not for run time, so not suitable for this scenario.

Thank you for your input, it's highly appreciated!