Azure Managed Applications (AMA)

A few weeks ago I was looking into Azure Managed Applications (AMA) for one of our customers. AMA is not a service that you would come across in your day to day work with Azure.

 Azure managed applications enables offering cloud solutions that are easy for consumers to deploy and operate.

To make a managed application available to all customers, you can publish it in the Azure marketplace.
To make it available to only users in your organization, you can publish it to service catalog.

The key benefits of publishing your Azure Managed Application to Azure Marketplace 

  • Managed Service Providers (MSPs), Independent Software Vendors (ISVs), and System Integrators (SIs) can offer their solutions to all Azure customers
  • Publishers can define terms for managing the application, and all charges are handled through Azure billing.
  • Customers don't have to maintain, update, or service managed applications.
  • Consumers have limited access to critical resources, don't need to worry about making a mistake when managing it.

The key benefit of publishing your Azure Managed Application to Service catalog
  • Offer pre-approved, compliant solutions to users in the organization.

The Overview flow of Publishing  Azure Managed Application

When customer Deploys Azure Managed Application,  there will be two resource groups under their subscriptions. The consumer manages one resource group, and the publisher manages the other resource group. When defining the managed application, the publisher specifies the levels of access. The publisher can request either a permanent role assignment or just-in-time access for an assignment that is constrained to a time period.

How to build an Azure Managed Application?

  • Create a template ("mainTemplate.json") that defines the resources to deploy with the managed application. It's an ARM template and you can have linked/nested template in it.
  • Define the user interface elements for the portal "CreateUiDefinition.json" to get the required parameters when deploying the managed application.
  • (Optional) Define the user interface elements for the portal "viewDefinition.json" to show custom reports and allow customised actions on the azure managed application resource. 
  •  Create a .zip package that contains the required template files. I
  • Decide which user, group, or application needs access to the resource group in the user's subscription.
  • Create the managed application definition that points to the .zip package and requests access for the identity.

A below sample provisions one storage and one Azure function resource under customer's subscriptions.

To know more about Azure managed applications have a look at