Differences

This shows you the differences between two versions of the page.

--- software:chipmunk:getting_started [2025/08/15 14:02] – [Installation Steps] support@smikar.com
+++ software:chipmunk:getting_started [2025/08/20 16:51] (current) – [Prerequisites] support@smikar.com
@@ Line 31: / Line 31: @@
   * A **TLS certificate** in PEM format (certificate + full chain) and matching private key, with CN/SAN matching your DNS name.
   * (Optional) A static IP address (public or private) and corresponding DNS entry for reliable access.
+  * An Entra ID group that grants admin access to Chipmunk (i.e. ChipmunkAdmins)
 ===== Prerequisites =====
@@ Line 36: / Line 37: @@
 Before installing Chipmunk, you’ll need:
   * **Azure Storage Account (General Purpose v2)**
-    - Create a container named **chipmunkarchive**.
+    * Create a container named **chipmunkarchive**.
-    - Generate a **container-scoped SAS URL** for `chipmunkarchive` with **racwdl** permissions (Read, Add, Create, Write, Delete, List) and HTTPS-only access.
+    * Generate a **container-scoped SAS URL** for ''chipmunkarchive'' with **racwdl** permissions (Read, Add, Create, Write, Delete, List) and HTTPS-only.
-    - Example: `https://<storageaccount>.blob.core.windows.net/chipmunkarchive?sp=racwdl&st=YYYY-MM-DDTHH:MM:SSZ&se=YYYY-MM-DDTHH:MM:SSZ&spr=https&sv=2024-11-04&sr=c&sig=<yoursassignature>`
+    * Example: <code>https://&lt;storageaccount&gt;.blob.core.windows.net/chipmunkarchive?sp=racwdl&st=YYYY-MM-DDTHH:MM:SSZ&se=YYYY-MM-DDTHH:MM:SSZ&spr=https&sv=2024-11-04&sr=c&sig=&lt;yoursassignature&gt;</code>
   * **Azure AI (Cognitive Services)**
-    - An active Azure AI (Language or Cognitive Search) resource.
+    * An active resource in your region.
-    - **Endpoint URL** (e.g., `https://<your-ai-resource>.cognitiveservices.azure.com/`).
+    * Provide the **Endpoint URL** (e.g., ''https://&lt;your-ai-resource&gt;.cognitiveservices.azure.com/'') and **API key**.
-    - **API key** from the Azure AI resource.
   * **Entra ID (Azure AD) App Registration**
-    - Create or use an existing application registration.
+    * Create or use an existing application registration.
-    - Record the **Tenant ID**, **Application (client) ID**, and **Client Secret**.
+    * Record your **Tenant ID**, **Application (client) ID**, and **Client secret**.
-    - Assign the following **API permissions** and **grant admin consent**:
+    * Assign the following **API permissions** and **grant admin consent**:
+      * //Microsoft Graph — Application permissions//
+        * AuditLog.Read.All
+        * Calendars.Read
+        * ChannelMessage.Read.All
+        * Chat.Read.All
+        * Chat.ReadBasic.All
+        * Contacts.Read
+        * Directory.Read.All
+        * Files.Read.All
+        * Files.ReadWrite.All
+        * Group.Read.All
+        * Mail.Read
+        * Mail.Send
+        * Sites.Read.All
+        * Sites.ReadWrite.All
+        * Team.ReadBasic.All
+        * TeamMember.Read.All
+        * TeamSettings.Read.All
+        * TeamSettings.ReadWrite.All
+        * User.Read.All
+      * //Microsoft Graph — Delegated permission//
+        * User.Read
+      * //Office 365 Exchange Online — Application permission//
+        * full_access_as_app  (EWS; scope with an Application Access Policy if required)
-    **Microsoft Graph — Application permissions**
+  * **Networking**
-      * AuditLog.Read.All
+    * Existing **VNet** and **Subnet** for the appliance.
-      * Calendars.Read
+    * **Static IP** (public or private) and matching **DNS A/AAAA** record.
-      * ChannelMessage.Read.All
+    * DNS name must match the TLS certificate (e.g., ''chipmunk.yourcompany.local'' or ''chipmunk.yourcompany.com'').
-      * Chat.Read.All
-      * Chat.ReadBasic.All
-      * Contacts.Read
-      * Directory.Read.All
-      * Files.Read.All
-      * Files.ReadWrite.All
-      * Group.Read.All
-      * Mail.Read
-      * Mail.Send
-      * Sites.Read.All
-      * Sites.ReadWrite.All
-      * Team.ReadBasic.All
-      * TeamMember.Read.All
-      * TeamSettings.Read.All
-      * TeamSettings.ReadWrite.All
-      * User.Read.All
-    **Microsoft Graph — Delegated permission**
+  * **TLS Certificate**
-      * User.Read
+    * **PEM** format (server certificate + intermediate chain) **and** matching **private key**.
+    * CN/SAN must match the DNS name above.
-    **Office 365 Exchange Online — Application permission**
+  * **Email Notification Settings** //(optional but recommended)//
-      * full_access_as_app (EWS; scope with an Application Access Policy if required)
+    * **From**: a valid mailbox in your tenant (e.g., ''chipmunk-alerts@yourcompany.com'').
+    * **To**: operations/alerts mailbox (e.g., ''admin@yourcompany.com'').
-  * **Networking**
+    * **SMTP server**: ''smtp.office365.com''
-    - An existing **VNet** and **Subnet** for the appliance.
+    * **SMTP port**: ''587'' (STARTTLS) or ''25'' if internal relay.
-    - **Static IP address** (public or private) and matching DNS A/AAAA record.
-    - DNS name should match the TLS certificate (e.g., `chipmunk.yourcompany.local` or `chipmunk.yourcompany.com`).
-  * **TLS Certificate**
-    - PEM format (certificate + full chain) and matching private key.
-    - CN/SAN must match the DNS name above.
-  * **Email Notification Settings** (optional but recommended)
-    - From address: valid mailbox in your tenant (e.g., `chipmunk-alerts@yourcompany.com`).
-    - To address: where alerts will be sent (e.g., `admin@yourcompany.com`).
-    - SMTP server (e.g., `smtp.office365.com`).
-    - SMTP port (e.g., `587` with STARTTLS or `25` if internal relay).
 ===== Using Chipmunk =====