Logic app create support

Sourav 120 Reputation points
2024-12-24T21:55:44.95+00:00

Hello-

I want to create a logic app to create a workflow which will copy files from SharePoint online (when the file is approved on SharePoint site) to azure storage specific container/folder.

  1. We need to ensure security standard and best practice,the storage account is already behind a firewall and enable to connect from specific vnet only .
  2. I need to know if I should go with consumption or standard plan and why ? Assume we need to go with standard as vnet is not supported for consumption plan, is this the right use case to go with standard?

3.What configuration steps should we choose while creating the logic app as there are few options to select while creating the logic app in the portal including the networking tab.

4.do we need to use service account as only option to connect to SharePoint online from logic app, I don't see any other option available?

5.What do we need to connect logic app to azure storage? service principal or managed identity? We have a service principal already.

Please don't give chatgpt response, I would like to have specific answers only.

Thanks!

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
3,278 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Chakaravarthi Rangarajan Bhargavi 865 Reputation points MVP
    2024-12-25T12:11:50.7333333+00:00

    Hi Sourav,

    Thanks for the question! Here are detailed responses to your queries, incorporating relevant details from Azure Logic Apps documentation:

    1. Should you use Consumption or Standard Plan? Why?

    You should go with the Standard Plan because your Azure Storage account is behind a firewall and configured to allow connections only from a specific VNET. The Consumption Plan does not support VNET integration, while the Standard Plan provides features like private endpoints and VNET integration. As detailed in Deploy single-tenant Logic Apps with private endpoints, single-tenant Logic Apps in the Standard Plan are designed for scenarios requiring secure networking.

    1. What configuration steps should you choose while creating the Logic App?

    When setting up the Logic App in the Azure portal, ensure the following:

    • Plan Selection: Opt for the Standard Plan to leverage VNET integration and networking security.
    • Networking: Configure Private Endpoint integration for secure access to your storage account behind a firewall, as noted in the Logic Apps overview.
    • Monitoring: Enable Application Insights for effective workflow monitoring, as recommended in the Logic Apps diagnostics.
    1. How to connect to SharePoint Online from Logic App?

    To connect to SharePoint Online, use a service account, as the Logic App’s SharePoint Connector requires credentials for authentication. As noted in the Logic Apps documentation, a service account ensures secure and compliant access to SharePoint resources. Ensure that this account has permissions for the required file operations.

    1. How to connect Logic App to Azure Storage? Should you use Service Principal or Managed Identity?

    The recommended approach is to use Managed Identity to connect Logic Apps to Azure Storage. Managed Identity eliminates the need for storing credentials and simplifies access control. Assign the Storage Blob Data Contributor role to the Logic App’s Managed Identity to enable access. This approach aligns with best practices outlined in the Cloud Adoption Framework for secure service-to-service authentication.

    Hope this answer helps you! If you find the response helpful, please mark it as helpful and accept the answer. Feel free to reach out with any further questions—I’d be happy to assist!


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.