Azure Grant for Nonprofits and Custom Scopes Explained

Azure Grant for Nonprofits is a program that provides free or discounted Azure services to eligible nonprofits, allowing them to reduce costs and focus on their mission.

Eligible nonprofits can receive Azure credits, which can be used to cover the cost of Azure services, including compute, storage, and networking.

The Azure Grant for Nonprofits program is available in over 40 countries worldwide, making it a valuable resource for nonprofits globally.

To be eligible, nonprofits must meet certain criteria, such as being a registered 501(c)(3) organization in the US or a similar designation in their country of operation.

The Microsoft Azure Grant is a fantastic opportunity for nonprofits to leverage cloud technology and enhance their impact. Nonprofits can receive a $2,000 (USD) grant to get Azure-ready and start using cloud technology to streamline operations and secure data.

To qualify for the grant, nonprofits must be registered as a 501(c)(3) organization or the equivalent outside the United States. Certain types of organizations, such as schools, healthcare organizations, and government entities, may not be eligible.

Here are some tips to make the most of your grant: Start Small: Begin with one or two projects, such as moving your website to the cloud or setting up cloud storage for documents.Utilize Azure Resources: Microsoft offers extensive documentation, tutorials, and support for nonprofits using Azure.Partner with Experts: If managing cloud services feels overwhelming, consider partnering with an IT consultant or an expert in nonprofit tech.

Microsoft is a company that's been around for a while, and they're known for creating a wide range of products and services. They've got a big initiative called Tech for Social Impact that aims to help nonprofits digitally transform. Microsoft Azure is a key part of this initiative. Azure is a cloud computing platform that lets organizations store data and run applications. It's also a powerful tool for things like data analytics and AI development.

You might like: Azure Data Studio vs Azure Data Explorer

Microsoft Azure Grant offers nonprofits a chance to access advanced cloud services without breaking the bank. With up to $2000 in annual credits, organizations can run essential services in the cloud, such as website hosting and email services, without incurring hefty IT infrastructure costs.

Microsoft Azure provides world-class security features, helping nonprofits safeguard their sensitive data and comply with various privacy regulations. This is especially important for organizations handling donor information and program details.

Cloud-based solutions can automate and optimize day-to-day operations, allowing nonprofits to focus on their mission rather than administrative tasks. This can be a huge time-saver and help organizations scale more efficiently.

Azure's services scale according to your needs, whether your nonprofit is small or large. From launching a single application to managing a complex IT system, Azure offers flexibility to grow as your organization does.

Here are some ways nonprofits can benefit from Microsoft Azure:

To register an application with Azure AD, you'll need to create an app registration in the Azure portal. Select Azure Active Directory and then under Manage, choose App registrations > New registration. Enter a display name for your application, such as DemoClientApp01, and choose the first option for supported account types. Leave the redirect URI blank for now.

You'll need to follow a series of steps to create the app registration, including signing into the Azure portal, selecting Azure Active Directory, and registering the application. Make sure to save the client ID and tenant ID from the overview of your application, as you'll need these later.

You might enjoy: Azure App Insights vs Azure Monitor

Here's a step-by-step guide to creating the app registration:

After registering the application, you'll need to select API Permissions and note that Microsoft Graph → User.Read delegated permission is already assigned for sign in user profile.

Access tokens are issued by Azure AD as JSON Web Tokens (JWTs) that contain claims, and can also be opaque tokens conforming to the OAuth 2.0 framework.

To get an access token, you can use Postman and select the Grant Type as Authorization Code, filling in the required information such as Client ID, Client Secret, and Scope. The access token is then used to exchange the authorization code for an access token.

The access token can be verified and trusted because it is digitally signed, consisting of three parts separated by dots: Header, Payload, and Signature.

You might enjoy: Azure Access

An access token is a JSON Web Token (JWT) that contains claims and is issued by Azure AD. It can also be an opaque token that conforms to the OAuth 2.0 framework.

The authorization server redirects the user to a redirect_uri with authorization code, which includes the code as a query parameter. You can extract the code from the query parameter.

To get an access token, you can use Postman or send an HTTP GET and POST request to the authorization server. The authorization server redirects the user to a redirect_uri with authorization code.

Here's what you need to include in the POST request body to get an access token:

Access tokens are short lived and can be refreshed using a refresh token. To get a Refresh Token, include the offline_access scope when initiating a token request. The response will include an additional token called refresh_token.

Here's what you need to include in the POST request body to refresh an access token:

Assigning permissions and scopes is a crucial step in securing your Azure AD applications. You can add an application to assign permissions and scopes by registering a new Azure AD Application, in this case, DemoWebApp.

A fresh viewpoint: Azure Auth Json Website Azure Ad Authentication

To expose an App through scopes, you can add scopes to DemoWebApp by creating custom scopes like api://{application-id}/profile.read, api://{application-id}/profile.write, api://{application-id}/profile.delete, and api://{application-id}/profile.update. These scopes can be assigned to either admins and users or admins only consent.

Custom scopes are used to provide granular permission to consumers. For example, you can create a custom scope like api://{application-id}/Read.All and add it to the application API permissions. This scope can be used to grant access to resources for authorized users and client apps that access your API.

In Azure Active Directory, navigate to the application properties and add permission from API Permissions > Add a permission > My APIs and select the DemoWebApp created in the above step. Select Delegated Permission from type of permissions and choose profile.read and profile.update delegated permissions and click Add Permissions.

Here are some key differences between Admins and users consent and Admins only consent scopes:

These differences are crucial when it comes to granting consent to your applications. If a scope requires Admins only consent, then permissions can only be consented by an administrator.