question

RadimHampel-6355 avatar image
0 Votes"
RadimHampel-6355 asked ·

Marketplace Managed App intelectual property protection

We are about to build our first managed app. This application consists of scripts (currently powershell scripts) that collect information and store results in provided storage account. Whole application is meant to be deployed to customer's tenant. What I want to do is to protect our scripts and not to reveal them to customers. What's the best way to achieve this and is managed app valid delivery mechanism for such scenario? Thanks.

azure-managed-applications
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SadiqhAhmed-MSFT avatar image
0 Votes"
SadiqhAhmed-MSFT answered ·

@RadimHampel-6355 Automation does not protect runbooks from a user reading the contents even with only read access, so an Automation account is not safe for IP protection in this case.

I would recommend using an Azure Function following this guide: https://docs.microsoft.com/en-us/azure/azure-functions/functions-reference-powershell?tabs=portal

Or, I would recommend using templates to deploy VM extensions that use a reference to your scripts in a storage account on your tenant. You can make the template authenticate privately with your storage account, so that a customer who even views the deployment won't be able to auth and retrieve your script: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-tutorial-deploy-vm-extensions


Please do not forget to "Accept the answer" and "Up-Vote" wherever the information provided helps you to help others in the community.

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RadimHampel-6355 avatar image
0 Votes"
RadimHampel-6355 answered ·

I thought about Functions and it seems like they're reasonably easy to set up and relatively complex to protect the scripts.

VM extensions are more for setup and not for run time, so not suitable for this scenario.

Thank you for your input, it's highly appreciated!

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.