Retrospective for 2020

For many of the past years I’ve written a retrospective (2016, 2015, 2013, 2012, 2011, 2010) or look ahead (2019, 2014, 2013, 2012, 2011, 2010) post to walk through my goals.  2020 was a year unlike many others but I’ve been reflecting on what this year has meant to me, my family, and my career. Thanks again to my mentor Sean McDonough for encouraging me to get this written as I hadn’t written a looking ahead post at the start of the year.

Retrospective

2020 brought a number of changes to my life. I accepted a position with the newly created Microsoft Graph Customer and Partner Experience (CPx) team (link), my oldest daughter started kindergarten, and the COVID-19 pandemic changed the way many of us work / travel / live our lives.

Through all of the changes there have been a few constants though. Earlier this year I published a newsletter / post about “Positivity through uncertainty“. That theme continues in this post. As mentioned in a recent Twitter thread (link) I have been reflecting on my 2020 year. The #1 feeling I have is “being thankful”. I am thankful for:

  • my family is in good health
  • I have a great job that allows me to provide for my family
  • my team and company are extremely supportive and inspire me to share my best
  • my kids are each showing an early interest in different areas and my wife and I are working to encourage them on those
  • I’ve been keeping up with my monthly personal retrospectives for almost 3 years

Yes, living through this pandemic has added additional stresses to daily life, myself included. In response to that there are some activities that I have started or been keeping up to reduce or negate those stresses. Here are a few I recommend you look into if you aren’t already doing them.

Check-in with others regularly

Take the time to check in with family, teammates, neighbors, etc. on a regular basis. It can be a simple “how are you doing today?” or you can dig deeper. With my new teammates I try to have at least 15-25 mins every 2-3 weeks (separate from regular team meetings) to see how they are doing. Think all-inclusively of work, personal life, career progression, and more.

Know how to recharge yourself

Back when I delivered all-day workshops to customers 2-5 days in a single week I learned quickly that those sessions can easily drain your personal energy level, not just physically but also mentally and emotionally. Working remotely, being on video calls for hours a day, and attending to multiple family duties can also be just as draining. It is important that you find things that can “recharge your batteries”.

During the first half of this year I started to spend more time on video games, TV shows, and other “mindless” activities. The thing with all of those activities is that while they may help pass the time, they didn’t truly re-energize me or give me new inspiration.

The things that really give me energy are sharing out my knowledge / experience and giving other people a platform to share their own voice. Knowing this I try to find projects in my job or personal life that help me to do more of those types of things. A recent example is starting up the Microsoft Graph Mailbag blog series.

Focus on the important

You may have seen a diagram such as the below illustrating importance and urgency on separate axes.

Throughout my life I have tried to focus on the more important + urgent things in life and work, but I feel like 2020 pushed me more on this topic in all of the quadrants. I recommend using the preceding diagram (or something similar) to help guide you in taking an inventory of the things that you are currently working on and divide them up into the respective categories. This can help you focus on the “obvious priorities” while taking the appropriate actions with the others.

For another take on the prioritization aspects of life, read the story (there are many adaptations, this is just one) about the “big rocks of life” here: http://appleseeds.org/Big-Rocks_Covey.htm

The power of music

On multiple occasions over the past year music has been a source of joy, inspiration, community building, and more. I have witnessed the power of music bringing our Microsoft Graph team together during a holiday “name that tune” game time meeting all the way to the other end of the spectrum with my 1.5 yr old dancing with complete joy at the first few seconds of any (yes I mean “any”) song she hears. Personally I find music helps me get into a specific mood (read more at halfway through this post) when needed and also recharges my batteries.

The power of meditation / prayer / taking a breath

For me personally there is a positive effect to meditation / prayer. Whether you believe in an organized religion or not you can take a few deep breaths, close your eyes, listen to soothing music, and shut out all of the distractions of the world. This may be more difficult depending on your circumstances / noise levels / etc., but if it is a priority you can likely find a way to make it happen. A few times a week I like to pray the rosary in the early morning before others have woken up or late at night before bed. In a few short minutes I’m much more at ease and have a clearer mind afterwards.

Know the right time of day for the right work / activity

As mentioned above, I know that I’m best able to pray in the early morning or late night. Similarly I know that I’m not at my best for meetings in the late afternoon my time zone. I also try to avoid email in the morning as it will be 9am and then next thing you know it is noon and I haven’t gotten to the big tasks for the day yet.

Try to identify the times of day when you are at your best for specific tasks or activities. If it helps, put appointments on your calendar for those times so that you block out your day / week to get those done during the optimal times / days. It may also help having a to-do tracking list that you can write things down and then schedule those on your calendar similarly.

Conclusion

What started out as a retrospective on 2020 turned into a “share my positivity and tips” post. Needless to say, I hope that each and every one of you can look back at 2020 and find as many positive things as you can and celebrate them with others. They can be small things or big things but don’t keep them just to yourself. Next up is looking forward to 2021. Have a great start to this year!

-Frog Out

Presenting at M365 Collaboration Conference Virtual Event Dec 2020

I have the privilege of co-presenting “Setting Up Your Environments for Microsoft Graph Development” with my new teammate Fabian Williams at the upcoming M365 Collaboration Conference Virtual Event taking place Dec 9-11, 2020. The focus is to bring our incredible Microsoft 365, SharePoint, Microsoft Teams and Power Platform communities together for an informative and engaging online event.  The keynote and sessions are free online with MVPs and experts from around the world presenting on developer, IT Pro, and adoption topics. I look forward to seeing you there.

When: Wed, December 9th, 2020 at 2:00-2:45pm Eastern Standard Time

Title: Setting Up Your Environments for Microsoft Graph Development

Abstract: “Microsoft Graph development in production is ok, right?” “Let me use the global admin account for testing.” In this session we will ramp up developers and admins on the preparation they need to configure multiple environments for Microsoft Graph development. This includes tools for testing APIs, accounts with a variety of configurations, Azure AD domain roles and policies, and more. Learn about potential blockers (and ways to avoid them) that customers and users may run into. Introductory experience with Microsoft Graph is helpful but not required.

Newsletter #7 – Make it easy and enjoyable to collaborate

Business people collaborating on a paper

In the last week I had 3 distinct examples of scenarios where someone asked me to collaborate with them on a project.  In two of those scenarios it was difficult or unclear on where and how I was supposed to add my content or feedback.  In the third scenario it was extremely easy to incorporate my content.  Which do you think was the most efficient and enjoyable experience?

If you are asking others to collaborate with you, whether on a document, code sample, speech, etc., make it as easy as possible for those people to know where and how to proceed.  Better yet, create the “landing zone” / template / etc. for them to put their content and walk through the process yourself.

Did you need to make any adjustments before you could begin work?  Multiply those seconds / minutes it took by the number of people you are asking to collaborate.  On a small scale this could be you spending 5 mins to collectively save others an hour or two, but on a larger scale (ex. building an SDK, creating documentation) maybe this will impact thousands or millions (or more) people to save them hours or days collectively.  Also they may be more likely to want to collaborate with you again in the future.

Take the time to make it easy and enjoyable for others to collaborate with you.

-Frog Out

Installing Windows Packages with winget

In this post I’ll tell you about the Windows Package Manager and winget tool (currently in preview) for installing Windows packages. Feel free to use my sample script as a starting point for downloading useful tools and applications for Windows.

Background

Last week my primary laptop (~4 months old) ran into some issues and I attempted a restore from a weekly backup taken just a few days before. Unfortunately the restore put the machine into an unusable state (a sign that I won’t be using that backup software any longer). After a re-install of Windows I was once again put to the task of re-installing dozens of applications. I have gone through this process many times before, but this time around I thought it would be good to test out the new Windows Package Manager and winget tool.

Solution

Disclaimer: At time of writing, Windows Package Manager and the winget  tool are in public preview and may be substantially modified before they are generally available. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Use the winget tool to install and manage applications
https://docs.microsoft.com/en-us/windows/package-manager/winget

The first step is to install the winget tool. There are a few options for installation and I chose to download from the releases from the winget repository.

Once installed you can run commands for search, show, install and more. I tested a few installations interactively but once I got the hang of it I scripted out a list of commonly used tools and applications that I use on almost all of my machines. Below is my script that you are free to copy and adapt as you see fit. I have chosen PowerShell to run the script but that is not a requirement.

Note: If you do not see the below Gist please refer to code at this location: PS-WinGet_Apps_To_Install.ps1

winget install Microsoft.dotnet
winget install Microsoft.PowerShell
winget install Microsoft.WindowsTerminal
winget install Postman.Postman
winget install Notepad++.Notepad++
winget install Telerik.Fiddler
winget install Microsoft.VisualStudioCode
winget install Microsoft.VisualStudio.Enterprise
winget install Microsoft.Powertoys
winget install microsoft.mousewithoutborder
winget install OBSProject.OBSStudio
winget install VideoLAN.VLC
winget install LINQPad.LINQPad
winget install WinDirStat.WinDirStat
winget install Microsoft.AzureCLI
winget install Microsoft.AzureStorageEmulator
winget install Microsoft.AzureStorageExplorer
winget install Microsoft.AzureFunctionsCoreTools
winget install Microsoft.EdgeDev
winget install Microsoft.Teams
winget install GitHub.cli

Do read the note (link) in documentation about scripting winget. If an installer launches a new process that can lead to starting the next installation before the previous completes. This may result in unexpected issues or failed installations.

Conclusion

I found winget to be very helpful in re-installing a dozen or more applications on my refreshed laptop. The next time you need to install (or re-install) an application I would encourage you to check for it with the Windows Packager Manager and winget tool. Happy installing!

-Frog Out

Presenting at Collab365 GlobalCon3

I have the privilege of presenting “Introduction to Microsoft Graph Development” at the upcoming Collab365 GlobalCon3 taking place Sept 8-11, 2020.  This is a free online conference with MVPs and experts from around the world presenting on developer, IT Pro, and adoption topics.

Title: Introduction to Microsoft Graph Development

Abstract: “I hear that I need to use Microsoft Graph for developing against Office 365 but I have no clue where to start.” “I want to grant access to company data without throwing in the entire kitchen sink.” Fear not fellow developers and admins. This session we will ramp you up to a 200 level knowledge on the pertinent parts of Microsoft Graph including endpoints available, syntax, authentication flows, and more. We will also cover useful examples of what can be accomplished using these APIs. Prior experience with Microsoft Graph is not required but can be helpful.

You can also purchase an all-access pass which includes lifetime access to the videos, additional e-books, and more.  Looking forward to participating in this great event.

Calling Microsoft Graph Endpoint with Delegated Implicit Authentication Does Not Include Azure AD Roles

Recently I was working with a Microsoft Graph partner and ran into an interesting scenario around calling Microsoft Graph endpoints from SharePoint Framework (SPFx) web parts using delegated permissions that I want to share.

Scenario

The partner was building a SPFx web part that was making calls to Microsoft Graph using the MSGraphClient. While making calls to specific endpoints on Microsoft Graph they were receiving a 403 Forbidden error response. We checked the permissions granted and consented and everything appeared in order.

403 Forbidden error screenshot.

Digging deeper into the MSGraphClient implementation I found that it uses an ImplicitMSALAuthenticationProvider for acquiring the authentication token. Implicit authentication is important to keep in mind in this scenario.

Use the MSGraphClient to connect to Microsoft Graph https://docs.microsoft.com/en-us/sharepoint/dev/spfx/use-msgraph

Microsoft Graph JavaScript Client Library – Authenticate for the Microsoft Graph service https://www.npmjs.com/package/@microsoft/microsoft-graph-client#2-authenticate-for-the-microsoft-graph-service

I used https://jwt.ms (provided by the Microsoft Identity Platform team) to decode a sample token from the partner and then again to decode an access token I had acquired in my lab environment. I noticed that the partner’s access token did not have the “wids” claim while my lab access token did have that claim.

Thanks to a contact in O365 software engineering who was able to confirm that the “wids” claim contains the tenant-wide roles assigned to the user. As noted in the documentation implicit authentication flows may not return the “wids” claim due to token length concerns.

Screenshot of documentation on "wids" claim.  Highlight that this claim might not be returned for implicit authentication flow.

Microsoft identity platform access tokens – payload claims

https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens#payload-claims

Looking at one of the Microsoft Graph endpoints that the partner was calling (getOffice365GroupsActivityDetail) we found the below note explaining that when using delegated permissions (which the partner was using) the user context must also be assigned to an appropriate Azure AD limited administrator role.

Note: For delegated permissions to allow apps to read service usage reports on behalf of a user, the tenant administrator must have assigned the user the appropriate Azure AD limited administrator role. For more details, see Authorization for APIs to read Microsoft 365 usage reports.

https://docs.microsoft.com/en-us/graph/api/reportroot-getoffice365groupsactivitydetail?view=graph-rest-1.0#permissions

Putting the pieces together, the query was failing an authentication check because the access token passed to the endpoint did not have the necessary claim containing the assigned Azure AD roles. Hence the “invalid permissions” response.

Conclusion

This is an edge case scenario that took some collaboration with various groups within Microsoft to track down. Many thanks to my peers who helped with identifying additional information as we investigated. I submitted a pull request to the SPFx documentation that has been merged to call out this behavior (see Known Issues on this link). So far that I can tell only the Microsoft 365 usage reports endpoints on Microsoft Graph may have an Azure AD role requirement.

Authorization for APIs to read Microsoft 365 usage reports
https://docs.microsoft.com/en-us/graph/reportroot-authorization

Hopefully this post helps others who may run into this scenario. If you find additional similar scenarios feel free to let me know in the comments.

-Frog Out