presentations on “Microsoft Teams as development platform”.
the expectations of the participants of this usergroups.
Our goal is to highlight Microsoft Teams as platform for line of business applications for users, administrators and developers. The different possibilities will be explained with examples. During the following meetups, there will be a short presentation on a focus topic.
In addition to these focus presentations, this usergroups has another goal: To provide a application for teams, that is developed by the community. This approach allows insights on how to develop an app for teams and how to leverage several technologies (Azure, Office 365) and methodologies (e.g. DevOps) at the same time.
What’s the TeamsDnA menu-butler application?
During the first meetup in July the usergroup did a bit of brainstorming. What could be a possible Microsoft Teams application? The brainstorming has been done with the following premise: What is an application that every company needs and every user is familiar with the use-case?
Menu-Butler was born.
Menu-Butler is your personal lunch assistant. With every intranet project the most common requirement probably is the easy retrieval of the daily and weekly menu for the user’s respective location.
Menu Butler is a personal assistant that integrates into Office 365 and Microsoft Teams seamlessly and helps to solve this requirement.
Your answer to nearly everything begins with… “It depends…”
Given the complexity, there are no simple answers. And although “it depends” is a cliché, it is simply an expression of the fact that as consultants we try hard to look at the customer with all his peculiarities before we answer.
You work in more tenants than you can remember the passwords for.
And although we know exactly which tool we would recommend for which application, we use quite different services that work independently of Office 365.
You have to scroll through your Microsoft Authenticator App* and provide a keychain for RSA tokens.
* ..and did create a folder on your smartphone’s home screen to have all the authenticator apps in one place.
Your single browser is Google Chrome because you need different profiles.
With Google Chrome you have the ability to create several user profiles and use them simultaneously. This is a great help and the only way to
do demos in Office 365 that require more than one active user.
keep up to date in your customers tenants
Your Laptop has more stickers than keys 🙂
In order to show our nerd status credibly and uniquely, we stick many geek stickers on our Laptops 🙂
While your devices are slim and elegant, your bag with cables and dongles becomes bigger and bigger.
With slim laptops a new challenge arises: You run out of ports. By now there are several standards on how to connect a laptop to a beamer: VGA, DisplayPort, DVI, HDMI, Thunderbold, Ethernet or via a ClickShare Dongle (which requires USB). You know there are even more but can’t list them.
You have at minimum three personal devices.
Seriously? Private, Business, Demo.
You are a travel pro.
You are on the road a lot, because you need to see your customers and spend a lot of time at conferences, SharePoint Saturdays and other community events – this makes you a #TravelPro.
Recently you thought about cleaning up your test and demo environments…
You have a messy pile of Site Collections, test-users and documents with random text in it.
Your parents describe your job using the words “does something with computers and clouds”.
Since you started working with computers you are RESPONSIBLE for every computer, smartphone and anything related to internet connectivity issues and the configuration of any television.
You are a WiFi and LTE addict.
All cloud services rely on a reliable internet connection. There are time, there is no such thing like a gigabyte direct route into a Microsoft data center. In these times you start to honor your very own LTE or WiFi network.
Recently I got a new laptop and I am planning to configure the laptops OS the best way possible.
As I’m a big fan of PowerShell DSC I want to use PowerShell DSC for this configuration. I did use PowerShell DSC in many customer engagements with Windows Server OS. Sadly the switch to Windows 10 was not as smooth as expected.
PowerShell Execution Policy
The very first and major blocking error was the PowerShell Execution Policy. Per default the PowerShell Execution Policy on Windows 10 is set to RemoteSigned. Not every DSC Module is remote-signed. A possible solution is not pretty: Setting the execution policy to a lower level of security.
As part of my configuration I did want to setup Hyper-V. Windows Features can be configured by using the WindowsFeature Resource. There is just one limitation that will error during runtime: The WindowsFeature Resource does require functions, that are only available in Windows Server OS. During runtime of the configuration there will be the following error message:
“Installing roles and features using PowerShell Desired State Configuration is supported only on Server SKU’s. It is not supported on Client SKU.”
To get around this issue I created the following Script Resource:
If you never heard of chocolatey head over to their website: The package manager for Windows. Chocolatey is a package manager for windows and allow you to install software from their repository very easy. The even provide a DSC Resource to automate this process even further.
Implementing the cChocoInstaller comes with a small hurdle: Make sure you have the InstallDir created before using the cChocoInstaller resource. I use a File Resource in dependency with chocolatey to avoid this glitch.
PowerShell Desired State Configuration (DSC) enhances your setup experience of new environments like no other technique before. There are around 270 different DSC resources available that provide methods used to configure windows server components and software like:
I’m using DSC very frequently. It gives me great advantages over my previous PowerShell scripts. I can use DSC in combination with Azure DSC to configure my systems and track their status. Configuration drifts can only happen for parts that are not part of my configuration.
The part that is missing: PowerShell DSC is a per node technology. Every server, that I want to configure must have a local configuration manager (LCM), that is responsible for applying my configuration. The LCM is responsible for applying the configuration either as local system account or as a configurable account.
Fast forward: Currently more and more people switch to Software as a Service (SaaS) offerings like Office 365. Office 365 offers many configuration options, but there is no LCM available, that would handle the configuration.
Let’s speak about a possible Office 365 DSC resource.
This resource should be responsible for administering Office 365 in a DSC way. I see the following options on how to apply a configuration to Office 365:
Create a configuration and apply this configuration on node “localhost”. This means we are using the current computer and the LCM to apply a configuration to a SaaS.
This looks like an “ok” solution. The configuration depends on the local system and nothing of the configuration gets apply to the local system. This feels odd.
Azure Runbooks offer a way to run a PowerShell script, reuse PowerShell Modules and schedule the script.
Compared to a local PowerShell and LCM Azure Runbooks could be the way to go. A SaaS to configure another SaaS – this feels kind of perfect – but won’t work as many cmdlets are dependant on .NET components, that can’t be loaded into Azure Runbooks and this is very not DSC.
Maybe there are other options available, that I can’t think of. If you have a suggestion, feel free to leave a comment.
Currently the most resources focus on products and functions that life on a Windows Server System – the configuration is specific to a Node.
Thoughts about an Office365DSC Resource
Now many customers start using Office365. In Germany customers are very aware of their data and sometimes spend a good amount of time to define a governance for Office365.
With an option to configure Office365 with DSC, they could gain a lot of comfort and overview of what is configured and how. Working with test tenants would be very easy, as you could replicate your production settings to your test tenant easily – despite there is no Office365 DSC Resource available yet.
What are the current options to script your Office365 administration?
Why not to script everything and use DSC instead?
DSC is about configuration management. If I want to update any setting in the Office 365 admin centre, a DSC configuration seems to be the best option.
The scripting guy would load the PowerShell Module, the CLI or open the admin portal to change a setting with a function call like:
IWantToSetThis-Function -Something This
With DSC there would happen something else:
State = "This"
DSC would try to get the current setting for “Something”, compare the parameter “State” to “This” and only if they differ, call the function above.
Is DSC only a better approach to script?
I’m a big fan of using the DSC approach. In the end it’s just PowerShell, but in a better structured manner. Having a predefined set of Get-, Set- and Test-Functions (and with Office365DSC Export-Function) allows to reuse the functionality provided.
Today I was very happy to find a neat solution to handle configuration data for a DSC configuration. I was facing the following challenge:
In a SharePoint DSC Configuration I want to reuse several SQL Aliases that are created during run time of the DSC configuration based on the configuration data.
In recent DSC setups my configuration did look like this:
and I created the SQL Alias with the following lines of code:
This far there was no struggle at all. Creating a SQL Alias with DSC is very straight forward, even if there is the need to create more than one.
The struggle got real the moment I had to reuse the Alias Name in SharePoint. How do I properly access the Alias? Do I iterate over all aliases again and filter or do I hard code the alias name or…? None of the before felt right.
My solutions is pretty simple: Why not change the array to another hash table – A hash table allows to access the data more easily. 🙂
Final challenge: How can I iterate over a hash table? A hash table object has two properties: keys and values:
So what changed in my SharePointDsc configuration part? Now I can address my SQL Alias properly without having any troubles:
Have you ever wondered how SharePoint 2016 MinRoles are working under the hood? Everything is about the ShouldProvision method of the SPServiceInstance class.
This issue is still under investigation – current I think this issue occurs, when SharePoint is installed, followed by a Language Pack and then the creation of the farm. Checking the compliance status of the min role at this particular time will result in a not compliant state.
Microsoft introduced with SharePoint 2016 a new feature called “MinRoles”. MinRoles offer a new way on how to create SharePoint topologies. The following MinRoles are available:
A role made for all loads in context of serving SharePoint
This role is optimized for all services that need to run in a SharePoint Farm – without the Search loads
Hosting the Distributed cache service
Search All services associated to the search load of SharePoint
This role is needed if you plan on using Business Intelligence loads, as they are not pat of the other MinRoles
In October 2016 Microsoft release Feature Pack 1 (FP1) for SharePoint 2016. The FP1 offers two new MinRoles (MinRolesV2):
Front-end with Distributed Cache
Application with Search
These two roles combine the prior roles, so that customers can create high available (HA) farms for SharePoint with less servers. Prior to FP1 you did need at least two servers of (each) role: 2 WFE, 2 App, 2 Search, 2 Distributed Cache. In total 8 servers. After you install FP1 you can switch to the combined min roles and will be able to create a SharePoint HA Farm with 4 servers instead. This offering focuses on SharePoint customers with HA requirements, but not enough workload for hosting 8 SharePoint servers.
With each MinRole a set of services can be run on a server. SharePoint 2016 enforces the state of these services. For a complete list of all services that belong to a role, visit the technet documentation.
Behind the scenes
New “Services in Farm” experience in Central Administration
The following screenshot shows the “Services in Farm” page of SharePoint 2016 Central Administration:
A soon as any MinRole is defined the Services on Server page will show the selected servers role and for each service the status and its compliance state. SharePoint offers you some options:
you can stop a service
you can fix a non-compliant state of a service with one click
Where does this MinRole compliance information come from?
In a recent customer engagement I stumbled across something, that bothered me. The customers SharePoint Farm uses MinRolesV2 and I did check the Microsoft Documentation for wich services are allowed on the server. After a while I had a service in a not compliant state and did not know why. I reached out to the community, but did not end up, with a define answer:
Today I spend some time with the SharePoint source code and did find the answer:
SharePoint Service instances are represented by the SPServiceInstance class. Every SharePoint Service Instance (e.g. SPWindowsTokenServiceInstance) derives from this class and overrides the following method:
public virtual bool ShouldProvision(SPServerRole serverRole)
There is a additional internal method: ShouldProvisionInternal, which does some additional the tests for the following roles:
When your server is of the roles above, the ShouldProvision method will be called with both single roles and the combined role. If any of these tests returns true, then this role is compliant.
Not knowing, whether the documentation is wrong or the code, I did investigated the SPWindowsTokenServiceInstance code.
The implementation above, does not include tests for the MinRolesV2 – but the non V2 roles are introduced through the ShouldProvisionInternal method anyway. Following this, there is no error in the code or the documentation. This applies for the Microsoft.SharePoint.dll in Version: 16.0.4561.1000
The code above is taken from a Microsoft.SharePoint.dll in File Version: 16.0.4639.1002
This means the current documentation does not reflect the code properly. In case, that I read the code properly, the the only allowed role to host C2WTS with the MinRoleV2 is the Custom role.
Conclusion: There is a drift in the documentation. When I’m not mistaken, I do not need the C2WTS in a non-BI enabled farm. The BI enabled farm does need a MinRole Server “Custom” to run reporting services and other roles. This answers why, the C2WTS is no longer allowed in any other role. Maybe someone should update the documentation…
I did double check the code of the ShouldProvisionInternal and ShouldProvision methods and have a strong believe, that there is something wrong to determine the MinRole compliance. Find below a screenshot of what I think the returns should be, but somehow are not!
Following this code: The result should be that the MinRoleV2 ApplicationWithSearch should be able to run the Claims to Windows Token service.
I really hope, someone can me help me to figure this out. Is there any part, I do not read correctly?