This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.
Azure Managed Applications enable deploying your solution’s resources via an ARM template into the customer’s tenant. Further, they enable the publisher to restrict customer access to deployed resources. This puts maintenance into the hands of the publisher, who will manage the Azure Managed Application’s updates.
In this article you’ll learn more about the deployment architecture, the artifacts that make up the deployment package, how publishers maintain the solution installations and finally, a bit about metered billing from within Azure Managed Applications.
The deployment architecture
As mentioned, the Azure Managed Application deploys resources onto the customer’s tenant at time of purchase. Resources to deploy include anything that may be deployed via an ARM template. This could mean databases, other PaaS services, VMs, and more.
Resources deployed by ARM are created in a special resource group in the customer’s tenant known as the Managed Resource Group (MRG). By default, the MRG allows customers read access and publishers contributor access. This means publishers have more access to the deployed resources than the customer even though the solution is running in the customer’s tenant.
This access model means the intellectual property deployed in the solution may be protected from the customer even though the customer is paying for the runtime costs of the solution components as it is deployed on their tenant.
The deployment package
To create an Azure Managed Application offer, you'll need to prepare a ZIP file containing specific artifacts for upload to Partner Center. The deployment package consists of two key files: createUiDefinition.json and mainTemplate.json.
These files are detailed in the following sections.
This file defines the customer’s experience at the time of purchase. During deployment, an interactive questionnaire (think of it as a form) is displayed to the customer to collect information relevant to the deployment.
Information collected might include things such as the following.
- Name of the resource group to deploy into. This is the MRG.
- The names of the resources to deploy, such as the name of a database server.
- Or any other information the publisher needs to gather before deployment begins.
Once information is collected from the customer, the information is passed into the ARM template as a set of input parameters, enabling customer-specific deployments.
This JSON file is the ARM template that accepts input parameters from the output of createUiDefinition.json. In the resources section of the ARM template, one defines the resources to be deployed. This can include anything from virtual networking components to databases to custom virtual machines.
mainTemplate.json accepts the outputs of the createUiDefinition.json- fueled deployment experience as input parameters enabling the ARM template to accept values used to determine deployment behaviors.
When the ARM template is deployed, all resources defined in the template are deployed into the MRG in the customer’s tenant.
Since the publisher has contributor access to the MRG, and the customer has read-only by default, it is incumbent upon the publisher to maintain the services of the solution. For example, if the solution has VMs as part of the deployment, this may include patching the VMs for the latest Microsoft Defender updates or other OS patches.
Manual maintenance of a solution deployed to an MRG may be accomplished through the Managed Application Center service in the Azure Portal. This service enables the publisher to access the resources deployed for all customer subscriptions.
Alternatively, a publisher can create automated update processes using marketplace APIs to access the resources in the MRG.
One of the notable advantages of Azure Managed Applications is their support for metered billing, allowing you to charge customers based on their system usage or transactions, in addition to a flat monthly fee. For example, you can implement usage-based charges, such as a fraction of a cent per email sent by the application.
To enable this billing model, configuration in Partner Center is required. Once your solution is published, you can utilize the metered billing APIs to send charges that will appear on the customer's monthly bill, providing a transparent and flexible pricing model.
If you are looking for a powerful deployment model for your solution, which protects your intellectual property and enables deployment to the customer’s tenant, Azure Managed Applications may be for you.
Learn more about this offer type in the Azure Managed Applications on-demand course from Mastering the Marketplace.
Azure Managed Applications offer a powerful and secure deployment model that ensures the protection of your intellectual property while enabling seamless deployment within the customer's Azure tenant. With simplified maintenance and robust metered billing capabilities, Azure Managed Applications empower publishers to deliver exceptional solutions while offering customers flexibility and cost-effectiveness.
To deepen your understanding of this offer type, explore the comprehensive Azure Managed Applications on-demand course from "Mastering the Marketplace." Unlock the potential of Azure Managed Applications and elevate your solution deployment experience.