Folks,
Looking for a solution that would allow integration of Azure VM with SharePoint Online.
So the data stored on Azure VM can be viewed from SharePoint Online.
Please suggest where I should look further.
Create enterprise applications in the Azure Services portal
In the Azure portal, on the leftmost pane, select Azure Active Directory.
Go to Enterprise applications, and then select All applications.
To add a new application, select New application at the top of the dialog box.
In the search box, enter SharePoint on-premises. Select SharePoint on-premises from the result pane
Specify a name for your SharePoint on-premises instance, and select Add to add the application.
In the new enterprise application, select Properties, and check the value for User assignment required?.
In this scenario, the value is set to No.
Configure SharePoint on-premises
Create a new trusted identity provider in SharePoint Server 2016.
Sign in to the SharePoint server, and open the SharePoint Migration Shell. Fill in the values:
$realm is the identifier value from the SharePoint on-premises domain and URLs section in the Azure portal.
$wsfedurl is the SSO service URL.
$filepath is the file path to which you have downloaded the certificate file from the Azure portal.
$realm = “urn:sharepoint:sps201x”
$wsfedurl=”https://login.microsoftonline.com/2c4f1a9f-be5f-10ee-327d-a95dac567e4f/wsfed”
$filepath=”C:\temp\SharePoint 2019 OnPrem.cer”
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($filepath)
New-SPTrustedRootAuthority -Name “AzureAD” -Certificate $cert
$map1 = New-SPClaimTypeMapping -IncomingClaimType “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name” -IncomingClaimTypeDisplayName “name” -LocalClaimType “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn”
$map2 = New-SPClaimTypeMapping -IncomingClaimType “http://schemas.microsoft.com/ws/2008/06/identity/claims/role” -IncomingClaimTypeDisplayName “Role” -SameAsIncoming
$ap = New-SPTrustedIdentityTokenIssuer -Name “AzureAD” -Description “Azure AD SharePoint server 201x” -realm $realm -ImportTrustCertificate $cert -ClaimsMappings $map1,$map2 -SignInUrl $wsfedurl -IdentifierClaim $map1.InputClaimType
Enable the trusted identity provider for your application.
In Central Administration, go to Manage Web Application and select the web application that you want to secure with Azure AD.
On the ribbon, select Authentication Providers and choose the zone that you want to use.
Select Trusted Identity provider, and select the identify provider you just registered named AzureAD.
Select OK.
Grant access to a guest account to SharePoint on-premises in the Azure portal
In the Azure portal, select Azure Active Directory > Enterprise applications. Select the previously created enterprise application name, and select Single sign-on.
On the Set up Single Sign-On with SAML page, edit the User Attributes & Claims section.
In the Required claim zone, select Unique User Identifier (Name ID).
Change the Source Attribute property to the value user.localuserprincipalname, and select Save.
