Currently, there are a two main projects, that I'm aware of, that allow third party applications to query azure. These are:

* https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-graph-api
* https://developer.microsoft.com/en-us/graph/

The latter seems to have been succeeded by the former, but the documentation isn't as strong for SDK's (specifically python).

I would like to be able to query azure to see if the users in my Azure active directory have two factor required on login.

I'm wrting a tool which interacts with several cloud service providers, to determine the state of users / application keys. Security issues are its main focus and I've not been able to implement similar functionality with azure.

I'm told this is possible only by power shell. If it is possible by power shell, then the commands being executed must be being sent to azure somehow. If its via a web API, the API exists, but may not be documented if its interacting with either of those two API's.

Dear MS, i'm simple enchanted with the azure plataform. As a 3 world businessman, i try to look forward and see big and small business sharing the same technology, on next years. can we think as fabien (open erp) and look forward? with all visual suít and etc... why we cant focus on small business, whoio needs technology too? i guarantee that, Microsoft will sell more Windows and office licenses than ever. Maybe small business ppl arent ready now, but they shall be on future, when a lot of developers will come with a lot of options for us............... idk,maybe i'm just a dreamer, but this shall become truth on the near future!!

thnak you

I love using App Service Environments; however, the cost is shocking. We like that our App service can communicate over our express route to our data center. I gained some new understandings with how these services work on the back-end and it seems confusing. I have an understanding that normal App Service Plans operate such that a fault tolerant pair is available in a different part of the data center and in the event of a failure, your code is moved to the other pair. This is great and I love that. With ASE's the architecture changes and the use of fault tolerant VM's is used instead. This seems to break away from the original architecture of App Service Plans. It seems more logical if you could drop a Resource (maybe not necessarily an App Service Plan) inside a VNET (and on an existing subnet) that would have a fault tolerant partner hidden in the back end just like with the public versions of these services (I'm ok if you even have to reserve IP's for the services). This would operate much like Availability Sets for VM's. This would also seem to cut costs down for customers and allow us to deploy a great many of these services. I would even be OK with managing a series of NAT rules for external services. Currently, the scale time and usability of ASE's make it really hard for me to justify the costs.

If any part of my understanding is incorrect, I would appreciate clarification.

The ARM IF function (https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-template-functions-logical#if) is incredibly useful for templates, but evaluates both sides of the result (True and false) which causes lots of issues.

See:
* https://stackoverflow.com/questions/45979991/arm-template-conditional-output-parameters
* https://stackoverflow.com/questions/45923848/can-i-have-an-arm-template-resource-with-a-copy-array-of-0-to-n

A very simple example of this is in this template:

{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {
"AVSRootName": "AVSRoot"
},
"resources": [
{
"name": "[if(bool('true'), concat(variables('AVSRootName'),div(10, 2)),concat(variables('AVSRootName'),div(10, 0)))]",
"type": "Microsoft.Compute/availabilitySets",
"location": "[resourceGroup().location]",
"apiVersion": "2015-06-15",
"dependsOn": [],
"tags": {
"displayName": "AVS"
},
"properties": {
"platformUpdateDomainCount": 1,
"platformFaultDomainCount": 1
}
}
]
}

Which will always throw this error:

Validation returned the following errors:
: Deployment template validation failed: 'The template resource '[if(bool('true'), concat(variables('AVSRootName'),div(10, 2)),concat(variables
('AVSRootName'),div(10, 0)))]' at line '11' and column '10' is not valid: The template language function 'div' tried to divide by zero. Please
see https://aka.ms/arm-template-expressions for usage details.. Please see https://aka.ms/arm-template-expressions for usage details.'.

Template is invalid.