Newsletter #7 – Make it easy and enjoyable to collaborate

Business people collaborating on a paper

In the last week I had 3 distinct examples of scenarios where someone asked me to collaborate with them on a project.  In two of those scenarios it was difficult or unclear on where and how I was supposed to add my content or feedback.  In the third scenario it was extremely easy to incorporate my content.  Which do you think was the most efficient and enjoyable experience?

If you are asking others to collaborate with you, whether on a document, code sample, speech, etc., make it as easy as possible for those people to know where and how to proceed.  Better yet, create the “landing zone” / template / etc. for them to put their content and walk through the process yourself.

Did you need to make any adjustments before you could begin work?  Multiply those seconds / minutes it took by the number of people you are asking to collaborate.  On a small scale this could be you spending 5 mins to collectively save others an hour or two, but on a larger scale (ex. building an SDK, creating documentation) maybe this will impact thousands or millions (or more) people to save them hours or days collectively.  Also they may be more likely to want to collaborate with you again in the future.

Take the time to make it easy and enjoyable for others to collaborate with you.

-Frog Out

Installing Windows Packages with winget

In this post I’ll tell you about the Windows Package Manager and winget tool (currently in preview) for installing Windows packages. Feel free to use my sample script as a starting point for downloading useful tools and applications for Windows.

Background

Last week my primary laptop (~4 months old) ran into some issues and I attempted a restore from a weekly backup taken just a few days before. Unfortunately the restore put the machine into an unusable state (a sign that I won’t be using that backup software any longer). After a re-install of Windows I was once again put to the task of re-installing dozens of applications. I have gone through this process many times before, but this time around I thought it would be good to test out the new Windows Package Manager and winget tool.

Solution

Disclaimer: At time of writing, Windows Package Manager and the winget  tool are in public preview and may be substantially modified before they are generally available. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Use the winget tool to install and manage applications
https://docs.microsoft.com/en-us/windows/package-manager/winget

The first step is to install the winget tool. There are a few options for installation and I chose to download from the releases from the winget repository.

Once installed you can run commands for search, show, install and more. I tested a few installations interactively but once I got the hang of it I scripted out a list of commonly used tools and applications that I use on almost all of my machines. Below is my script that you are free to copy and adapt as you see fit. I have chosen PowerShell to run the script but that is not a requirement.

Note: If you do not see the below Gist please refer to code at this location: PS-WinGet_Apps_To_Install.ps1

winget install Microsoft.dotnet
winget install Microsoft.PowerShell
winget install Microsoft.WindowsTerminal
winget install Postman.Postman
winget install Notepad++.Notepad++
winget install Telerik.Fiddler
winget install Microsoft.VisualStudioCode
winget install Microsoft.VisualStudio.Enterprise
winget install Microsoft.Powertoys
winget install microsoft.mousewithoutborder
winget install OBSProject.OBSStudio
winget install VideoLAN.VLC
winget install LINQPad.LINQPad
winget install WinDirStat.WinDirStat
winget install Microsoft.AzureCLI
winget install Microsoft.AzureStorageEmulator
winget install Microsoft.AzureStorageExplorer
winget install Microsoft.AzureFunctionsCoreTools
winget install Microsoft.EdgeDev
winget install Microsoft.Teams
winget install GitHub.cli

Do read the note (link) in documentation about scripting winget. If an installer launches a new process that can lead to starting the next installation before the previous completes. This may result in unexpected issues or failed installations.

Conclusion

I found winget to be very helpful in re-installing a dozen or more applications on my refreshed laptop. The next time you need to install (or re-install) an application I would encourage you to check for it with the Windows Packager Manager and winget tool. Happy installing!

-Frog Out

Presenting at Collab365 GlobalCon3

I have the privilege of presenting “Introduction to Microsoft Graph Development” at the upcoming Collab365 GlobalCon3 taking place Sept 8-11, 2020.  This is a free online conference with MVPs and experts from around the world presenting on developer, IT Pro, and adoption topics.

Title: Introduction to Microsoft Graph Development

Abstract: “I hear that I need to use Microsoft Graph for developing against Office 365 but I have no clue where to start.” “I want to grant access to company data without throwing in the entire kitchen sink.” Fear not fellow developers and admins. This session we will ramp you up to a 200 level knowledge on the pertinent parts of Microsoft Graph including endpoints available, syntax, authentication flows, and more. We will also cover useful examples of what can be accomplished using these APIs. Prior experience with Microsoft Graph is not required but can be helpful.

You can also purchase an all-access pass which includes lifetime access to the videos, additional e-books, and more.  Looking forward to participating in this great event.

Calling Microsoft Graph Endpoint with Delegated Implicit Authentication Does Not Include Azure AD Roles

Recently I was working with a Microsoft Graph partner and ran into an interesting scenario around calling Microsoft Graph endpoints from SharePoint Framework (SPFx) web parts using delegated permissions that I want to share.

Scenario

The partner was building a SPFx web part that was making calls to Microsoft Graph using the MSGraphClient. While making calls to specific endpoints on Microsoft Graph they were receiving a 403 Forbidden error response. We checked the permissions granted and consented and everything appeared in order.

403 Forbidden error screenshot.

Digging deeper into the MSGraphClient implementation I found that it uses an ImplicitMSALAuthenticationProvider for acquiring the authentication token. Implicit authentication is important to keep in mind in this scenario.

Use the MSGraphClient to connect to Microsoft Graph https://docs.microsoft.com/en-us/sharepoint/dev/spfx/use-msgraph

Microsoft Graph JavaScript Client Library – Authenticate for the Microsoft Graph service https://www.npmjs.com/package/@microsoft/microsoft-graph-client#2-authenticate-for-the-microsoft-graph-service

I used https://jwt.ms (provided by the Microsoft Identity Platform team) to decode a sample token from the partner and then again to decode an access token I had acquired in my lab environment. I noticed that the partner’s access token did not have the “wids” claim while my lab access token did have that claim.

Thanks to a contact in O365 software engineering who was able to confirm that the “wids” claim contains the tenant-wide roles assigned to the user. As noted in the documentation implicit authentication flows may not return the “wids” claim due to token length concerns.

Screenshot of documentation on "wids" claim.  Highlight that this claim might not be returned for implicit authentication flow.

Microsoft identity platform access tokens – payload claims

https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens#payload-claims

Looking at one of the Microsoft Graph endpoints that the partner was calling (getOffice365GroupsActivityDetail) we found the below note explaining that when using delegated permissions (which the partner was using) the user context must also be assigned to an appropriate Azure AD limited administrator role.

Note: For delegated permissions to allow apps to read service usage reports on behalf of a user, the tenant administrator must have assigned the user the appropriate Azure AD limited administrator role. For more details, see Authorization for APIs to read Microsoft 365 usage reports.

https://docs.microsoft.com/en-us/graph/api/reportroot-getoffice365groupsactivitydetail?view=graph-rest-1.0#permissions

Putting the pieces together, the query was failing an authentication check because the access token passed to the endpoint did not have the necessary claim containing the assigned Azure AD roles. Hence the “invalid permissions” response.

Conclusion

This is an edge case scenario that took some collaboration with various groups within Microsoft to track down. Many thanks to my peers who helped with identifying additional information as we investigated. I submitted a pull request to the SPFx documentation that has been merged to call out this behavior (see Known Issues on this link). So far that I can tell only the Microsoft 365 usage reports endpoints on Microsoft Graph may have an Azure AD role requirement.

Authorization for APIs to read Microsoft 365 usage reports
https://docs.microsoft.com/en-us/graph/reportroot-authorization

Hopefully this post helps others who may run into this scenario. If you find additional similar scenarios feel free to let me know in the comments.

-Frog Out

Outlook Calendar Tips for Remote Teams

As mentioned in my last blog post A New Role with Microsoft Graph Team, I mentioned I am joining the Microsoft Graph team. One of the nice aspects of our team is that we are diverse and globally dispersed. With the different time zones that our team all reside in I thought it would be helpful to review a few of my calendar settings in Outlook desktop and Outlook on the Web to help with scheduling meetings or calls.

<Update 2020-11-05>Update screenshots for meeting duration to include new option for end early or start late. Thanks to my teammate Glenn Block for the suggestion.</Update>

Working / Meeting Hours

Set your working / meeting days and hours so that teammates will know when you are generally available for scheduled meetings or calls. Personally, I wake up early most days and hence my start of the day is likely earlier than some others.

Outlook desktop: File -> Options -> Calendar -> Work time

Outlook calendar settings for working hours

Outlook on the Web: Settings -> Calendar -> View -> Meeting hours

Outlook on the Web calendar settings for meeting hours

Time Zones

Since my team is all over the world, it is important to be aware of time zones for scheduling meetings. In Outlook desktop it is possible to set your primary time zone and display 2 additional time zones. In the following screenshot I have set Eastern Time (US & Canada) as my primary time zone with additional time zones for Pacific Time (US & Canada) and East Africa Time (Nairobi). I have purposely kept the labels short so that they fit easily in the display on calendar views.

Outlook desktop: File -> Options -> Calendar -> Time zones

I have only been able to add a single time zone in Outlook on the Web. If someone knows a way to add multiple please let me know in the comments or contact me.

Outlook on the Web: Settings -> Calendar -> Language and time

End Meetings Early / Start Meetings Late

Whether you are hosting a meeting in-person or online there are many reasons you may want to end your meeting early or start your meeting late including:

  • Allow attendees time to walk to their next meeting room
  • Encourage attendees to wrap up their meeting without overlapping the following time block
  • Give attendees time for a mental break / chance to use the restroom in between meetings
  • …and more

Outlook desktop: File -> Options -> Calendar -> Calendar options

Outlook on the Web: Settings -> Calendar -> Events and invitations -> Shorten duration for all events

Share Free / Busy Times

In addition to setting your working / meeting hours, you can also come to show your free / busy times (and more) with other people.

Outlook desktop: File -> Options -> Calendar -> Calendar options -> Free/Busy Options

By default you may see that all users in your organization are able to see your free / busy times. You can adjust permission levels to show more details or add / remove additional people to have access to view your calendar.

Outlook on the Web: Settings -> Calendar -> Shared calendars

Publish Calendar

Aside from showing your free / busy times to people internal to your organization, sometimes you may want to publish your calendar to people external to your organization. Currently I have found this easiest to do through Outlook on the Web.

Outlook on the Web: Settings -> Calendar Shared calendars -> Publish a calendar

After you publish your desired calendar you can provide people with either an HTML (render in browser) or ICS (universal calendar file format) link.

Conclusion

In this post I walked through a number of calendar settings and preferences on my Outlook desktop and Outlook on the Web client. I hope this helps you to think of the diverse and global audience that you may be working with currently or in the future. If you have any additional tips you recommend please share them in the comments.

-Frog Out

A New Role with Microsoft Graph Team

For the past ~9 years I have had the personal and professional pleasure to be a Premier Field Engineer (PFE) with Microsoft. I love the passion and knowledge that my peers and I share on a daily basis with our customers and each other. Recently though an opportunity opened up that I couldn’t say no to.

Starting May 26th I am joining the Microsoft Graph team as a Sr. Customer & Partner Experience (CPX) PM. This is an entirely new role for the team and I will be the first member. I’m looking forward to the new opportunities and working with amazing teammates, many of whom I’ve worked with on side projects for the past 1-2 years.

I plan to continue writing content for my personal blog at least every other month, but you may see more Microsoft Graph related content or cross postings on the Microsoft Graph Blog. Considering that my highest viewed posts in the past few years have been Microsoft Graph related that may not be much of a change though 😉. I’ll also be more active on the newly released Microsoft Q&A site as well as Stack Overflow under the “microsoft-graph” tag.

Thanks to everyone who has helped and encouraged me in my growth with Microsoft Graph. Special thanks to Jeremy Thake, Yina Arenas, Jason Johnston, Darrel Miller, Vincent Biret, Gavin Barron, Srinivas Varukala, and many more.

-Frog Out