Updates from Ignite 2016!

Here's my list of all the announcements, updates and news worthy things from Ignite 2016!

Summary:

I made it to many more sessions at this Ignite.  With my busy schedule this past year it has been a bit tough to keep up with the ever changing Office 365 landscape.  My focus has changed to watching for the things they do in the cloud as many of these changes will trickle down to SharePoint on-premises at some point.  Of the sessions I went too, only two ended up being a waste of time (simply because I had already been aware of the things going on, but thought maybe something new might be revealed).

Overall the venue was great, the buses were on time and timely.  The city was great, Uber was available and not expensive.  Lots of things to do in terms of entertainment and restaurants and the hotels were all fairly close together.  The venue was just as large as last year's in Chicago.  I'm thinking next time they should figure out a way to give an award to the person that walks the most, but since the Microsoft Band is now no more, might be difficult to track it!  I know my feet hurt at the end of every day!

Food was bad as expected.  If you have ever done a large event (such as an SharePoint Saturday) and rented a large venue such as a convention center, you will know the painfulness that is contracting with the venue's food vendors. Like the Amtrak days with its kick your butt if you say anything unions, Its unfortunate that we still are forced to endure not so great food (and evidently not much of it).  I think it would be great is Microsoft offered a non-meal pass in the future so we can spare ourselves the disappointment and at least get a good meal on our own terms. Or even send us the link to the vendor's site so we can drop them lots of nasty notes rather than blame Microsoft!

Expo Hall:

I was able to find time to wonder the entire Expo hall.  I always try to do this just to see what people are marketing and "trying" to sell.  There was a very heavy theme on "Monitoring" and "Security". As in…at least half of the companies were promoting between those two themes.  In whole, the exhibitors seemed to fall into these major categories:

  • Monitoring
    • Aggregated views across all your cloud services (Azure, Amazon, Google, on-premises)
    • Specific Application monitoring (Office 365, Box, etc)
  • Security
    • Auditing
    • Governance
  • HardwareDevice companies
    • Lots of video hardware (phones, conf call cameras)
  • Skype for Business
    • Seemed to be less than last year, but still noticeable.  Lots of re-sellers of software and hardware add-ons.  Seems there is still a lot of help one must need to use Skype in an enterprise.
  • Training
  • Software

CoolInteresting booths from my standpoint:

  • Puppet – The original Desired State Configuration software!  DSC came from a lot of the work that Puppet
    started and the Puppet products span much more than just windows (per Jeffery
    Snover – MS Tech Fellow aka JSnover aka creator of PowerShell- was based on
    UNIX make).
  • Lansa – TypeScript for everything (not just javascript).  Code generation on steroids.  Generate codeapps across many different
    platforms (ultimate code reuse).

  • ConversationalGeek new
    spin on books and marketing promotions. 
    Each book is sponsored by a company and then distributed for free!

Sessions:

Lots of great sessions this time around.  I couldn't really say that about last year, but as you might be able to figure out, many of the top SharePoint community members (Dan Holme, Chris McNulty, etc) have recently joined the Microsoft team and have been able to share their views from the outside with the product marketing and engineering teams.  Although not everyone has stayed in the Office group, it has been fun to watch them learn about the massive engine that is Microsoft and how difficult it is to move the mother ship!  I'm sure they have also gleaned the interesting side of taking "suggestions" from the community and who has a valuable opinion and who doesn't!  I'll still at some point find time to do my "famous" or "infamous" I suppose rating of all the sessions in the next few weeks.  I can say right now, the top session I attended was by Neil Hodgkinson (@nellymo).  His sessions are always filled with great data points, goodgreat demos and seem to leave you full-filled with something afterwards!  I highly suggest you watch any session he was in!

It seemed that a lot of the sessions were not very in depth and super technical (which is the stuff I love). I would have preferred a lot more 400 level sessions and not so much of the 200 level sessions.

You can download sessions from Channel9 or YouTube! You can also use this powershell script to download them!

Parties:

  • AvePoint – Tongue and Groove – how can you say anything bad about how @JulieRLui finds and sets up these awesome parties?!?  She's the best!
  • Metalogix – Downtown – This was a joint venture and being that most people left around the 20 minute mark, I'm guessing that speaks for itself.  I actually had dinner at the "Commerce Club" and then took a small walk (<2 minutes to the Ritz for the BA Insight party).
  • Microsoft #SharePint – Westin Downtown – What a fun venue!  A rotating bar at the top of the Westin downtown.  Incredible views, nice classy atmosphere!  We even got the group to do a shout out and group picture to #LindaStrong!
  • BA Insight – Ritz Carlton – A very small get together at the Ritz Carlton.  Jeff Fried (@JeffFried) is a good guy and he always does his best to make everyone feel welcome!  Most of the who's who bailed on the Metalogix party and stopped by the BA Insight party.  Good times!
  • PixelMill – AirBnb House – Another small get together at a AirBnB a couple blocks away from the convention center.  Yours truly was the bartender and again, the who's who of our SharePoint land stopped in and said hi. 
  • Attendee Party – Centennial Park – Although we didn't go, we did have a nice vantage point from the sky bar at the Glenn Hotel.  After about an hour, most people started to head over our way as we were tweeting killer pics from high above the park!
  • @SPCPartyPatrol – oh man, where didn't we go!  Next year, if you really want to have a good time, be sure to follow @SPCPartyPatrol.  You won't be led to anything bad (well, I guess that's a matter of perspective).

Announcements:

Here is a list of the various announcementsupdatesdetails that I was able to gather from Ignite 2016.

  • SharePoint – On-premises SharePoint 2016 is getting several of the new features released to Office 365.  The first of these changes will show up in Feature Pack 1 in Nov.  This is the update I have been waiting for and will be the catalyst for customers to get serious about the upgrade or install of SharePoint 2016!
    • Feature Pack 1
      • Min Roles changes – you can now implement smaller POCDev farms
      • Taxonomy Cloud Service Application – sync of your term groupssets from on-premises to Cloud
      • Custom App Launcher – ability to customize the App Launcher
      • OneDrive UX and API – The /me endpoint that I loved so much on the OneDrive consumer side was moved to OneDrive for business and is now being delivered to on-premises!
    • Release Cadence – you can expect more changes to come after feature pack 1
      • Public Update monthly
      • Feature Pack 1 (Nov 2016)
      • Feature Pack 2 (second half of 2017)
  • Active Directory Federation Services (ADFS)
    • Check out @helloitsliam tweets from the @MrADFS session, you can also check out the session here
    • No longer need for On-premises Multi-factor server with ADFS – you can use Azure MFA
    • Conditional Access through ADFS
    • Policy templates
    • Better Certificate support via Claims
    • Per App login customization
    • Set-ADFSProperties changes
    • ADFS Rapid restore tool for Dev, Test and Prod scenarios
    • Domain Admin rights need to install ADFS
  • Azure AD (Std/Premium)
    • Bad Password Attempts reporting
    • Stat – 47.8% of Azure AD auths are via ADFS
    • Stat – every day they
      • Process 14B signins
      • Analyze 10TB of data
      • Deflect 1.5 million attacks
    • Replication error report with quick fixes
    • Group based license assignment
    • Azure AD Connect enables AD Group Synchronization with Office 365 Groups
    • Lift and Shift is new term (#BRK3252) – Azure AS Domain Services
    • Azure AD Pass-Through Auth (PTA) offers similar features as ADFS (#BRK3107)
    • Attribute quarantine vs object
    • Identity Protection – see hack and enforce user MFA
  • Azure
    • https://blogs.technet.microsoft.com/stbnewsbytes/2016/09/26/cloud-platform-release-announcements-for-september-26-2016/
    • Azure Monitor – Monitor cloud and on-premises HyperV and Vmware workloads
  • Microsoft Intune
    • Lots of improvements around Android management
    • More iOS and Mac support
  • YammerNot dead, Dead, not dead, dead, not dead again…we all are wondering what is going on here!
    • New – Yammer group creation causes AzureAD to create O365 group (#BRK2019)
    • Yammer notes moving to OneNote
    • Yammer Groups ~= Office 365 groups
      • Where created determines where feed data will go (Yammer vs Outlook)
    • Edit Yammer Posts
    • Seamless file sharing to Yammer from OneDrive (with permissions at group level)
    • Yammer translate built in (but no Klingon support) #BRK2018
  • SPFramework – You can get started by following the steps here
    • Tools you need:
      • npm (microsoft scope)
      • Typescript
      • gulp
      • react
      • yeoman
  • Skype for Business wow, who would have thought "Skype" would have gone so far?  I was there the day the MS execs signed the deal with eBay to buy Skype.  Man it has come a long way!
    • iOS 10 update has more integration with Phone features
      • CallKit Support
    • Skype Broadcasting
    • MacOS client release (Oct)
    • Real-time transcription and translation by EOY
    • PSTN calling in Franch and Spain (Oct 2016)
    • Move users to regional data centers via PowerShell
    • Video Meeting with no plug in Office Web Apps (OWA)
    • No conversion from UCMA to Trusted Application API
    • Skype Teams – *shhhh* – the "slack" killer?!? You'll have to wait and see!
  • MS Flow
    • Create flow from mobile device
    • Flow connector (???)
  • Networking – this wasn't a part of Ignite, but it happened during it!
  • OneDrive
    • Offline and Online selective sync is back!
    • SharePoint Online and OneDrive folders sync'd
    • Activity Center (view status)
    • 20 new Browser based thumbnail previews
    • iOS and Android notification of files shared with you
    • View stats on file views
    • Multiple files downloaded as a ZIP
    • Stats
      • 10B new files each month
      • 150M mobile app downloads
      • 25 Petabytes of data each month
    • OneDrive API coming to SharePoint 2016 on-premises
    • API changes coming #BRK3082
      • Custom File Handlers
      • File Tags
      • Custom Metadata extensions
      • File versions
      • ":" notiation and "UploadSession" support
  • Delve
    • https://blogs.office.com/2016/09/26/connect-to-expertise-and-content-with-new-people-experiences-throughout-office-365/
    • Office Graph is now Microsoft Graph
    • Delve Analytics is now MyAnalytics
    • People Profile page is updated
    • People Hover is updated
  • Partnerships
  • Products
    • Windows Server 2016
      • Nano Server – headless HyperV feature
        • 400-500MB fast boot OS
      • Storage Spaces Direct (S2D)
        • 2 and 3-node support
      • Containers
        • Windows
        • Hyper-V
      • Key Storage Drive
        • Shielded VMs and Bitlocker protected VMs for older OSs
    • System Center 2016
      • Insights and Analytics (Azure SQL, MySQL, VMware)
      • Automation and Control (keep systems up to date)
      • Security and Compliance (threat detection)
      • Protection and Recovery (backup and restore with Linux and VMWare)
    • Microsoft StaffHub
  • Security
    • Windows 10 Security Features
    • Edge Browser Features
  • Office 365
    • New App Launcher
    • New Admin UI
    • Conditional Access – Access Policies (network, device)
      • https://blogs.office.com/2016/09/26/enhanced-conditional-access-controls-encryption-controls-and-site-classification-in-sharepoint-and-onedrive/
    • Customer controlled keys
    • Team site classification
    • hybrid auditing

Other Ignite Reviews:

Enjoy, see you in Orlando in 2017! You can pre-register here!

Chris
@givenscj

Installing Service Bus 1.0 and Service Bus 1.1 in Azure VM – Exit code: 15010 – Error 1722 – Installation success or error status: 1603

Have been doing a lot of Azure provisioning lately and ran across an interesting issue with the latest VMs in Azure.  Seems some registry keys are missing which will cause you to run across these errors:

MSI (s) (44:CC) [21:33:14:551]: Note: 1: 1722 2: DoFabricSetup 3: C:Program FilesWindows FabricinFabricFabric.Code.1.0MSIHiddenAppLauncher.exe 4: FabricSetup /operation:install /gac /trace:"C:ProgramDataWindows FabricFabriclog" /fabricDataRoot:"C:ProgramDataWindows Fabric\" /traceBufferSizeInKB:128 /traceFileSizeInMB:128 /fabricPrincipal:"contosos2admin" CustomAction DoFabricSetup returned actual error code 1 (note this may not be 100% accurate if translation happened inside sandbox)

FabricSetup.EventLog,wevtutil failed to install manifest C:Program FilesWindows FabricinFabricFabric.Code.1.0WF.man. Exit code: 15010 

A partial solution was provided across a couple posts out there, but nothing that comprehensiving fixes it right away:

  • https://blogs.msdn.microsoft.com/distributedservices/2014/12/16/common-appfabric-1-1-installation-errors-with-and-without-sharepoint/ – Talks about various reasons why you might get these errors, none resolved my issue
  • http://sharepoint.stackexchange.com/questions/69320/error-installing-azure-workflow-server-during-2013-install – Talks about a service not being enabled, but in my case it was
  • http://blog.symprogress.com/tag/azure-worker-role/Shows that Channel "0" is missing in another instance
  • https://alasdaircs.wordpress.com/2014/08/15/azure-vm-agent-breaks-your-server– Shows that the Azure VM Agent causes an issue with installing and uninstalling things.  This partially fixes the problem, but was missing the "0" channel.  Adding it with the right values fixes the Service Bus install issue:

Here is the full registry file to get Service Bus 1.0 and Service Bus 1.1 to install in Azure VMs:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWINEVTPublishers{9148c98f-152c-44d3-a496-26350c475d74}ChannelReferences]
"Count"=dword:00000004

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWINEVTPublishers{9148c98f-152c-44d3-a496-26350c475d74}ChannelReferences]
@="Microsoft-WindowsAzure-Diagnostics/GuestAgent"
"Id"=dword:00000010
"Flags"=dword:00000000

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWINEVTPublishers{9148c98f-152c-44d3-a496-26350c475d74}ChannelReferences]
@="Microsoft-WindowsAzure-Diagnostics/Diagnostic"
"Id"=dword:00000010
"Flags"=dword:00000000

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWINEVTPublishers{9148c98f-152c-44d3-a496-26350c475d74}ChannelReferences1]
@="Microsoft-WindowsAzure-Diagnostics/Runtime"
"Id"=dword:00000011
"Flags"=dword:00000000

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWINEVTPublishers{9148c98f-152c-44d3-a496-26350c475d74}ChannelReferences2]
@="Microsoft-WindowsAzure-Diagnostics/Heartbeat"
"Id"=dword:00000012
"Flags"=dword:00000000

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWINEVTPublishers{9148c98f-152c-44d3-a496-26350c475d74}ChannelReferences3]
@="Microsoft-WindowsAzure-Diagnostics/Bootstrapper"
"Id"=dword:00000013
"Flags"=dword:00000000

Enjoy!
Chris

Azure Access Control Services (ACS) is dead

I recently went through the exciting process of setting up our SanSpug.org site to support various authentication mechanisms (LiveID, Google, Federated Auth, etc).  I started off using Azure Access Control Services (ACS) because I thought it had everything I could ever want in a login aggregation platform.  However, I soon realized that it just wasn't able to meet the simple needs of a small SharePoint User Group.  And now that I know it can't meet those needs, I doubt it really meets the needs of large organizations either. 

A bit about ACS

To be fair,  ACS was the first of its kind.  I remember when it was first released, it was sooooo cool.  It really was.  I built some cool labs off of it (the old UI), then the UI "disappeared" (at least, the link was gone from Azure at one point), only to reappear again in the latest incarnations.  ACS isn't a part of the main Azure portal.  It has its own interface, which has confused me to this day being that all the other services are moving into the current portal.  Here's a screen shot of the two:

 

Why they are separate probably has to do with (put some random excuse here, but likely because of "legacy" configurations). It would make much more sense that Azure added ACS as its own separate application in the Azure Portal. 

So what can we do with ACS?  If you are familiar with ADFS, then you get the point.  I can created "Identity Providers", "Relaying party applications" and claims rules between the two.  The latter being one of the strengths of ACS (Quick history lesson, ADFS 1.0 was a real piece of junk, that left only one option, that option being ACS. It could do all the things that ADFS 2.0 was about to do).  So what kinds of identity providers can we add?  Well, here they are:

 

Hmm, interesting.  So they have preconfigured providers for LiveID, Google and Yahoo.  Fair enough, those don't actually need an application (client id and client secret) created for them.  But "Facebook".  Ummm, that one needs an app created for it to do federated auth.  Ok, let's do it.  Added a facebook app used to be fairly easy back in the day, now the UI sucks.  And the process to get a simple "App Stub" created requires a canvas page?  Whatever.  Fail on facebook's part.  Ok, back to ACS.  So they are allowing us to do federated auth to OAuth providers.  Ok.  So how do I add others?  Like Twitter?  Maybe Yammer?  Oh…YOU CAN'T!  But you can do WS-Federation all day long.  Boring.  Oh, did I mention the Google one doesn't work anymore?  Yeah, Google seems to have disabled the interface that ACS was using.

Ok, so ACS is dead "to me".  So what do I do now?  Do I build my own?  Ugg, that means I need to register an app in EVERY possible OAuth provider on the planet.  Similar hoops to jump through (approve the app, screen shots, canvas page, terms…ugg, no thank you). 

Let's do some research, maybe someone built a better ACS?  Maybe someone did all that work to register an app EVERYWHERE? After a few google searches, some tweets…I find….Auth0.com. 

Auth0 is the ACS killer.  I have no doubt that after the right people at Microsoft see what they have built, Auth0 will be picked up in a M&A transaction.  I'm going to tell the guys to hold out and get 4-5 offers and bid the price up.  I have no doubt, they will go for $100Ms in a liquidity event.  So why are they so cool?  Because you can add ANYTHING!  Check this $^&%^% out!  Database, Social and Enterprise:

Database (think ASPNETDB – this is a biggy for SP2015 by they way):

 

Social (oh right…ACS gives us…Facebook…totally lame):

 

Enterprise:

Wait…do you see the one at the bottom?  Yeah…that's SharePoint Apps for on-premises (courtesy of Chris Beckett consulting services).  Oh…do you see the O365 and Windows Azure AD one?  Oh yeah…that's Azure AD Apps…umm, so why are you using ACS again?

Telemetry and Metrics

Are you freaking kidding me?  ACS would never have thought this up.  You get telemetry on when and how your users are logging in:

 

The logs are also pretty sweet:

 

You see the profile JSON response in the Logs that contains the Access Token (if provided) so if you need to debug something, you have everything you need!

 

Wait…it gets better (but maybe a bit confusing for you that haven't been doing this stuff for a while).  In addition to allowing your Apps access to all these federated OAuth platforms, it itself is an App registry.  You can create your App in the Auth0 interface, which is then exposed as a WS-Federation end point!!!  Holy $%&^&$^!  Forced to use ACS, but you think it sucks like I do?  Hey…add your Auth0 WS-Federation endpoint, and just like one of those "I saw it on TV adds", "Set it and forget it!":

 

APIs:

Oh baby…if they weren't already ahead of the competition.  This is the future.  Forget about all those APIs you have to write to and learn.  Why bother with the auth parts?  All you need is to call the API and get that JSON response back.  Here's what they support:

 

Rules:

Do you have some ACS rules?  Yeah, they support that too…what they don't have is an ACS rule importer.  That would be so slick. Easily migrate from crappy old ACS, to shiny new Auth0:

 

Custom Emails:

Just to add insult to injury…woah…custom emails…custom whatever!  When someone hits your fed auth endpoint…send em an email based off the claims!

 

Is ACS Dead?  Yeah, to me it is.  To the masses that didn't know any better, consider yourself educated.  As the word spreads, I'm sure there will be a mass ACS exodus very soon!

Chris

Windows Azure MessageBus for consumption by SharePoint 2010?

I recently tweeted:

"Azure needs to
have a message bus for Social Computing Activity Streams with a common
auth (LiveId/OpenID) and BizTalk like plugs…#DREAMIN"

But I have no doubt that it is going to happen. It will be a massive MSMQ (message queue) in the cloud with BizTalk like adapters that will allow us to send our "Encrypted" messages with routing info (very similar to the current EDI platforms today), but rather than EDI, we are free to choose our format other than a routing message on the top of it!

This all sounds familiar though right?  I just mentioned EDI, a very condensed text/tab based format for sending data.  Problem with EDI, proprietary networks that have high entry costs and lets face it, UGLY.  Will it continue to live?  Yeah, for a few more years at least.  What will it give way to?  XML has taken it's fair share for the past 10 years, more likely…JSON formatted messages?  Definitely not XML, some of you may have seen my tweet "Web Services RIP (1999-2009)".  It was funny, and some people didn't like it too much, but unfortunately…its TRUE.

What else sounds familiar?  Oh, only the fact that it has been done elsewhere too, Mastercard, Visa, and American Express have the largest transaction systems in the world.  Trillions of dollars of transactions (and similar number of transaction counts) occuring everyday!  At a previous company we even tapped into the massive network of transactions (hence why I know how to get your credit card number) to pump messages into the systems.  We built memory based databases and built a massive message bus that accepted messages and routed them for processing by multiple subscribers, super cool stuff!  We even did object oriented database rather than the older relational forms (another long blog post).

What makes this time so different?  People.  Social Computing has opened the eyes of individuals to be able to "brag" through "ego" about what they are doing.  And it may not be all "ego", but pretty close.  So now we can see the concept of "Activity" streams being built around everything we do!  Every time we purchase something, start our car, make a phone call, all our every day events will be able to be pumped into the message queue in the sky for subscribers to be able to "plug" into and watch our every move!

Thanks to innovative applications like Facebook, they have paved the way for every new application to have a concept of "Activity" streams in ATOM format where these message are going to be bought and sold to the masses for behavior analysis! 

And so on to our best friend SharePoint 2010.  SharePoint 2010 has an "extensible" activity stream.  This stream will allow every application you touch, to "pump" messages into the stream queue for people to monitor!  Imagine if you will, every system you work with inside your company pumping status messages back about you.  Are you doing your job?  Your activity stream says you aren't!  Thinking what I am thinking at this point?  Lots of applications, both good and bad will come of this. 

From a user standpoint, activity stream data will be VERY sensitive.  From an "Application" standpoint, if we are to say that a user in SharePoint is an "Application", then activity streams create a whole new world of possibilities!

If companies simply stick to a user is a user for their streams, we may start to see government step in soon and limit the types of things that WILL start to happen with the technology.

Insightful eh? Enjoy!
Chris