Here are the top stories we found in our streams this week related to DevOps, VSTS, TFS and other interesting topics.

Top Stories

• How Microsoft Does DevOps - Dave Harrison
  An excellent write-up of an interview by Dave Harrison of Aaron Bjork with links to Aaron's excellent Agile at Microsoft talk and other content about how Microsoft does DevOps.
  
• Clean up your Team Project Collection prior to migrating to VSTS - Jesse Houwing
  Some hard won advice from Jesse Houwing from his experiences moving from TFS to VSTS - it goes a lot quicker if you only move the stuff you want to keep. Jesse shows you how to get rid of the stale data before migration.
• Setting wild card branch policies in VSTS - Gordon Beeming
  Gordon shares a very neat trick he learnt from Jeremy Epling - you can use wildcards to set branch policies for branches matching a naming convention (such as release/*)
• A quick look at the new SonarQube tasks for TFS and VSTS - Matteo Emili
  Matteo shows us around the hotly anticipated and newly released SonarQube tasks for VSTS. Gone are the /d days with handy options to integrate with MSBuild, Gradle or standalone and provide your own properties file.
• Git with Unity - Edward Thomson
  Edward has been digging into Unity and applying his years of history with Git to figuring out the best configuration when building on the platform.
• Giving Feedback - Brian Harry
  Finally, Brian Harry used his first day of his sabbatical to write up an excellent post on giving feedback.

Podcasts & Videos

• How Windows, Windows Store, Xbox & Surface streamlined their planning and centralized on VSTS - Donovan Brown
  A very in-depth interview with Jill Campbell a Group Program Manager who works in the Windows and Devices Group (WDG) in Microsoft. Jill describes how Windows moved from various tools to a unified process powered by VSTS, and how VSTS scales for them along with the flexibility and customizability which enabled them to be successful in managing over 11 million work items, across 33,000 users (across all of Microsoft) and with teams varying in processes ranging from Agile through to Waterfall.
• Radio TFS 157: Getting into the Groove
  Josh and Paul catch Greg up on the MVP Summit and while they can't share the content, sounds like they can share some of the colds they caught. Lots of news including TFS updates and TFS to VSTS migration tips.

If you have feedback or would like to see a story included in next weeks round-up then please leave a comment below or use the #VSTS hashtag on Twitter

Video credits: Greenwood Campbell at CherryBot Launch

YOLO "You only look once" by Joseph Redmon

A state of the art real-time object detection system that works using what I can only describe as magic: https://arxiv.org/abs/1612.08242

If you've seen any of the youtube.com videos demonstrating it, you may be curious to setup a development rig and play with it yourself.  However, setting up an environment isn't that simple as there are quite a few dependencies, all evolving at different cadence - depending on what you've already got installed on your machine you can end up in a bit of a mess and scratching you head as to why it's not working.

I spent a couple of hours this week setting up my Surface Book (with GPU) to experiment with YOLO.  However, after doing so could only get Tiny YOLO to work as kept hitting CUDA out of memory errors.  Then had a dawning moment, why don't I just use Azure's Deep Learning Virtual Machine (DLVM) with GPU?  Here is a guide to getting your own DLVM setup working with YOLO.

Note: There are numerous guides out there to walk through setting up a development environment for YOLO.  I strongly encourage you to read the following first: https://pjreddie.com/darknet/ and https://github.com/AlexeyAB/darknet/blob/master/README.md.

Solution

In the Azure Portal, create a Deep Learning Virtual Machine (DVLM) NC-Series GPU on Windows (Linux also available).  Once provisioned, remote in:

Dependencies

The DVLM has a bucket load of tools already installed on it.  However, there are a few updates and additional libraries you need to install to get YOLO up and running.

• Update the Visual Studio Installer
• Update Visual Studio Community 2017 (currently v15.6.4)
• Add the VC++ 2017 version 14.4 v14.11 toolset (for side by side MSVC toolsets: https://blogs.msdn.microsoft.com/vcblog/2017/11/15/side-by-side-minor-version-msvc-toolsets-in-visual-studio-2017/)

• Download OpenCV 3.40 (not higher as it won't work: https://github.com/AlexeyAB/darknet/issues/402) and extract to the path c:opencv_3.0
• Install CUDA 9.1 https://developer.nvidia.com/cuda-downloads (Windows 2016 version for DLVM)

Environment setup

• Your environment variables should look like the below including CUDNN (as per: https://github.com/AlexeyAB/darknet/blob/master/README.md#how-to-compile-on-windows) which is already installed on the DLVM at the path C:NVIDIAcuda

• Tweak the c:program filesNVIDA GPU Computing ToolkitCUDAv9.1includecrt host_config.h file to update it with the latest VS version:

• Clone the darknet repo: https://github.com/AlexeyAB/darknet.git
• Copy the C:Program Files (x86)Microsoft Visual StudioPreviewCommunityVCAuxiliaryBuild14.11 props file to the darknetbuilddarknet solution folder eg:

• Edit the darknet.vcxproj file to include the v14.11.props file copied above (again ref: https://blogs.msdn.microsoft.com/vcblog/2017/11/15/side-by-side-minor-version-msvc-toolsets-in-visual-studio-2017/)

• Open the darknet.sln solution - retarget the project

• Build (Release x64 bit)
• Open the solution/x64 output directory and you should see darknet.exe
• Copy the OpenCV dependencies into the output directory above:

• Download the YOLO9000 weights: http://pjreddie.com/media/files/yolo9000.weights
• Run solution/x64/darknet_coco_9000.cmd

Enjoy.

You simply gotta love Terraform for obvious reasons but now specially for the awesome Azure integration available to all of us!

As announced yesterday here we now have access to brand new offering Terraform solution in the Azure Marketplace. This solution will enable teams to use shared identity, using Managed Service Identity (MSI), and shared state using Azure Storage. These features will allow you to use a consistent hosted instance of Terraform for DevOps Automation and production scenarios.

So I decided to give this a try and deploy a Hello World Azure Function as I am a fanboy of Serverless so why not!

As explained in the link above, the first step was to deploy the already configure box with all the goodies including the Azure CLI, Terraform bit and get it going!

Next was to SSH to the box (Don't forget to enable Azure Security Center JIT VM Access!) and run the script already provided to set up the shared identity:

Now that the shared identity is setup we needed to run Terraform Init:

For the configuration file, I used the sample from Terraform site  and modified for this effort and saved it as azfunc.tf:

Running Terraform Plan did the validation and the last step was to run Terraform Apply to get this deployment going:

And before you know it my Azure Function was ready to rock and roll!

Make sure to give this a try if you have not and join the rest of us to adopt Terraform!

It’s that time of the year again when we see the UK’s top student developers coming together to create innovative solutions, looking to change the world. With the Imagine Cup UK National Finals fast approaching, we are excited to announce our 10 finalist teams, competing for their spot at the Worldwide finals this July.

Congratulations to the 10 UK Finalist teams…

1. Black Light - Firepoint: University of Abertay

Firefighting Training Simulator using both the HoloLens and Mixed Reality headset to educate and teach the public and trainee fighters on how to deal with different scenarios.

2. Higher Education App: Imperial College London 

This project is an application and website that allows users to make and share their own highly interactive educational content.

3. Interview Bot: The University of Manchester

A web application developed to prepare students for job and internship interviews. The application gives real-time feedback on the user’s response to interview-style questions, including sentiment analysis and a written transcript of the interview.

4. My Uni Bot: University College London & University of York

Assists universities in communicating with international applicants in an easier, cheaper and more effective way by answering their questions, reminding of deadlines and missing documents.

5. Pantry Logs: University College London

A solution to food waste. It scans and recognizes all the food items and logs this information into our mobile app. Our app notifies users when their food is close to expiring and sends recipe recommendations based on the types of food users already have.

6. War Space: Abertay University

A Real-Time Strategy game that builds a game level out of the Player's environment and adapts to any changes the Player creates to it.

7. Bad Flamingo: The University of Cambridge

Pictionary, with an AI twist

8. Soothey - An RNN-Powered Mental Healthcare Bot: University of Oxford

Mental illness is more common than diabetes, heart disease or even cancer. We combat this by early prevention with an RNN powered mental healthcare bot, so people with light symptoms can fine-tune their thought patterns using CBT-based techniques.

9. Visual Cognition: University College London & University of Cambridge  

We improve the internet accessibility for those with visual impairments by using machine learning, powered by Microsoft’s Cognitive Services, to generate the missing image descriptions.

10. Wellbeing Bot - Common Room: University of Oxford

Our project seeks to bring the myriad counselling services universities and colleges offer to a more accessible, online platform.

The UK Final will be on Friday 6th April at Microsoft HQ, London, UK

Each of these teams will pitch their solution to a panel of expert judges, consisting of

Rob Fraser (Commercial Software Engineering, Microsoft UK and Ireland Lead)

Haiyan Zhang (Innovation Director at Microsoft Research)

Michael Wignall (Microsoft UK CTO)

Louise O’Connor (Executive Producer at Rare Ltd).

They will have the have the difficult task of choosing who will go through to the worldwide finals this July, which will take place at Microsoft HQ, Redmond, Seattle, US.

The UK Winners Prize Pot

1^st prize (£5000 and an Xbox One X per person)

2^nd prize (£3000)

3^rd prize (£2000).

Good luck to all our finalists and we look forward to announcing our UK winners!

If you are interested in entering the Imagine Cup 2019 next year, sign up here.

Other day I was assisting a customer who had a unique need to bind a Certificate from within C# code using Powershell. A direct API call won't work due to some constraints, so Powershell was the other option. Customer also didn't want any Powershell window to pop-up, so we need to code around it.

Here is the code sample:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Management.Automation;
using System.Collections.ObjectModel;

namespace ExecutePowershell
{
 class Program
 {
 static void Main(string[] args)
 {
 ExecutePowershellClass pwrshell = new ExecutePowershellClass();
 pwrshell.ExecuteCommand();
 Console.ReadLine();
 }
 }
 class ExecutePowershellClass
 {
 public void ExecuteCommand()
 {
 using (PowerShell myPowerShellInstance = PowerShell.Create())
 {
 //powershell script to get version number and list of processes currently executing in the machine.
 string sScript= "$PSVersionTable.PSVersion;get-process"; //REPLACE THIS sScript WITH THE POWERSHELL 
 //COMMAND BELOW. BASICALLY BUILD YOUR OWN STRING BASED ON YOUR NEED

// use "AddScript" to add the contents of a script file to the end of the execution pipeline.
 myPowerShellInstance.AddScript(sScript);

// invoke execution on the pipeline (collecting output)
 Collection<PSObject> PSOutput = myPowerShellInstance.Invoke();

// loop through each output object item
 foreach (PSObject outputItem in PSOutput)
 {
 if (outputItem != null)
 {
 Console.WriteLine(outputItem.ToString());
 }
 }
 }
 }
 }
}

Powershell COMMAND to bind a certificate

# Import IIS web administration Module
Import-Module WebAdministration

New-SelfSignedCertificate -DnsName website.test.com -CertStoreLocation cert:LocalMachineMy

$certificate = Get-ChildItem Cert:LocalMachineMy | Where-Object {$_.subject -like "*website.test.com*"} | Select-Object -ExpandProperty Thumbprint

Write-Host $certificate

Get-WebBinding -Port 443 -Name website.test.com | Remove-WebBinding

Remove-Item -Path "IIS:SslBindings*!443!website.test.com"

New-WebBinding -Name "Default Web Site" -IPAddress "*" -HostHeader "website.test.com" -Port 443 -Protocol https -SslFlags 0

get-item -Path "cert:localmachinemy$certificate" | new-item -path IIS:SslBindings.0.0.0!443!website.test.com -Value $certificate -Force

Note: You need to modify the hostname and binding accordingly.

Final Update: Saturday, March 24th 2018 13:09 UTC

We’ve confirmed that all systems are back to normal as of 11:44 UTC. Our logs show the incident started on 2018/03/24 23:46 UTC and that during the 12 hours and 02 minutes that it took to resolve the issue. During the impact time, customer experience delay in emails notifications. Sorry for any inconvenience this may have caused.

• Root Cause: There is a special character in the email header causing email job to fail.
• Chance of Re-occurrence: Medium pending a hotfix deployment.
• Incident Timeline: 12 hours and 02 minutes – 2018/03/23 11:44 UTC through 2018/03/24 23:46 UTC

Sincerely,
Anmol Bhasin

Update: Saturday, March 24th 2018 07:43 UTC

Our DevOps team identified the issue causing this email notification failures. and applied a quick mitigation. Currently back ground job is clearing the backlog email queue and it is expected to take few hour for all backlog to finish. Root cause is fully understood at this time. There will be a hotfix deployed on Monday to avoid reoccurrence of this issue, The problem began at 2018-03-21 06:00 AM UTC. We have the necessary detection added for the weekend to get an alert if issue reoccur.

• Next Update: Before Saturday, March 24th 2018 19:45 UTC

Sincerely,
Anmol Bhasin

Update: Saturday, March 24th 2018 01:58 UTC

Our DevOps team identified the issue causing this email notification failures. and applied a quick mitigation. Currently back ground job is clearing the backlog email queue and it is expected to take few hour for all backlog to finish. Root cause is fully understood at this time. There will be a hotfix deployed on Monday to avoid reoccurrence of this issue, The problem began at 2018-03-21 06:00 AM UTC. We will have necessary detection added for the weekend to get an alert if issue reoccur.

• Next Update: Before Saturday, March 24th 2018 06:00 UTC

Sincerely,
Sudheer Kumar

Initial Update: Saturday, March 24th 2018 00:23 UTC

We're investigating issues with emails not been sent for any account creation, account invitation, changes to credentials and order confirmation for marketplace

• Next Update: Before Saturday, March 24th 2018 03:00 UTC

Sincerely,
Sudheer Kumar

I am in South-Africa to share our DevOps journey at DevConf, a community driven, developer focused, one-day conference hosted annually.

After a 23.9167-hour trip from Vancouver to Johannesburg I arrived at the hotel at midnight … followed by 24hours of no sleep, resulting in a few frazzled days. What I really enjoyed for the first two days was the downpour of large rain drops, lightening, and thunder … something we seldom experience in Vancouver.

Here are a few pictures to share the experience:

Flight from Vancouver to Calgary.

Connecting flight at my favourite Schiphol Airport. Noticed a strange plane in the background.

A bit of swag I packed – VSTS and DevOps stickers and a handful of quick reference posters that summarize key themes of our DevOps journey. My suitcase will never be the same again, after one of the Maple Syrup bottles imploded during the flight. 

It’s a sunny Saturday morning at the Birchwood conference centre, started with a healthy breakfast.

Plans for the weekend – meet with my good old friend Peter, with Robert MacLean who’s running the conference, and locate and secure some Biltong.  

2018.03.23: (This is a reboot of a previous post. I revised the title, script, and photos a bit.)

I was working on a support case recently when it was brought to my attention that this cmdlet, Export-SCOMEffectiveMonitoringConfiguration,  does not output ALL contained instance configurations even when the "-RecurseContainedObjects" parameter is used. Yes, really!  It outputs configuration data for only one instance of each particular type, be it a logical disk or Ethernet adapter etc., you only get monitor and rule configuration output for one of a kind in the resulting .csv file. If you have three logical disks (i.e. C:, D:, E:) you will only see configuration data for one of those, whichever one gets enumerated first by the cmdlet. 

To overcome this limitation I've written a script that targets a group, and "recurses" all contained objects, outputs each configuration set to a separate file, then merges all of the files together to create one complete .CSV. (Thanks to Matt Hofacker for the idea) It can optionally open the complete dataset with PowerShell GridView (great idea StefanRoth!) for easy viewing and filtering. The merged CSV file can be opened in Excel if needed.

Operations Manager 2012, R2 - UR2

Enjoy.

Download

For the next few days I’ll try to share a few of the discussions before, during, and after DevConf, a community driven, developer focused, one-day conference hosted annually.

Feature flags are definitely a hot topic. Here are some of the questions we discussed over the past 2 days and my thoughts.

How do we use feature flags in VSTS?

Buck’s feature flags blog post and his presentation/article are a great source to get an understanding of the custom-built feature flag system we’re using with Team Foundation Server (TFS) and Visual Studio Team Services (VSTS).

Do the Rangers use the same FF as VSTS?

The Rangers use the LaunchDarkly SaaS solution. You can find our learnings in this blog series.

Are feature flags free?

No, they introduce additional testing - for as long as a feature flag is in the code, you need to test all possible ways that the code could run using boolean (true, false) or multi-value flags. Sounds easy for a handful of flags, but when you reach hundreds of flags you’ll have a complex test plan to ensure all possible code paths are functional.

Then there’s the maintenance – deciding when and how to delete feature flags in your code. We expect our autonomous, self-organizing, and self-managing teams to take care of the feature flag maintenance and deleting stale flags. When you’re using LaunchDarkly you get a visual flag status on the dashboard, making is easier (not easy) to identify flags that are stale and candidates for deletion. 

When do we remove feature flags?

We have no process (yet), relying on feature teams to decide when to delete their feature flags. As Buck states “Many feature flags go away and the teams themselves take care of that They decide when to go delete the feature flags. It can get unwieldy after a while, so there’s some natural motivation to go clean it up. It’s easy– you delete things."

We’re still in an exploratory stage, looking for ways to identify stale feature flags and ensuring that they are deleted to avoid lingering technical debt that will haunt you.

Reference Material

• Deploying new releases: Feature flags or rings?
• Phase the features of your application with feature flags
• Phase the roll-out of your application through rings

This is an issue we see time to time that worries our customers. In most cases, this is a by-design benign warning that simply telling us a verification has been deferred to runtime.

If you select your Application pool in IIS Manager and choose the basic settings, you will see following window:

Now if you click on "Test Settings…", you may see a yellow icon next to Authorization section and a corresponding warning message as follows:

Here is the warning details: The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain><computer_name>$ has Read access to the physical path. Then test these settings again.

This is just a warning, not Error. Path authorization couldn't be tested at configuration time, but it will be tested at runtime.

I worked on a new situation, when we need to connect to a Azure SQL Database using SQL Alias in the same way that we have SQL Server on-premise. Unfortunately, there is not supported, but we are going to test and make it successfully.

As the alias is not supported in Azure SQL Database let me share with you 3 alternatives:

ALTERNATIVE 1: Using SQL SERVER Management Studio and cliconfg 64 bits - “C:windowssyswow64cliconfg.exe”

• First, lets try to open the cliconfg for 64 bits, we provided the name of the alias, our server name and TCP/IP protocol.

• Second, we are going to connect to our Azure SQL Database using the alias name.

• Third, I need to specify in the user name username@servername, because working with Azure SQL Database, all connections will go through a Proxy/Firewall, (you don’t have a physical server you have a logical entity). This firewall/proxy receive the incoming connection and reroute the connection to the server that is running your database (each database that we have in Azure is running in different virtual machines, except, elastic pool that are running multiple databases in the same SQL Instance and hence in same virtual machine)

ALTERNATIVE 2: Using SQL SERVER Management Studio and modify the C:WindowsSystem32driversetchost

• First, I identified the current IP for proxy/firewall for the server (unfortunately, this IP could change without notice and we cannot provide these IPs for this proxy/firewall but normally it might not change too often.

• Change the file C:WindowsSystem32driversetchost adding a new entry.

• Using SQL Server Management Studio, connect to the server, like this:

ALTERNATIVE 3: Using SQL SERVER Management Studio and cliconfg 32 bits - “C:windowssystem32cliconfg.exe”

• Unfortunately, I don’t have any operating system in 32 bits, but, following the details of Alternative 1 it should be work.

Enjoy!

A bit of history

When you talk about Cloud Computing, you cannot avoid talking about networking, it is the glue that maintain everything together, and permit users to access their resources, and services to talk each other. At the core of Azure networking, since the very beginning, it is the Azure Load Balancer. If you probably remember the early days of Web and Worker roles in Azure PaaS v1, and the first version of IaaS Virtual Machines, probably you don’t Azure Load Balancer (LB) itself: in front of these resources, you had this piece of networking technology that allowed traffic to be balanced over a set of multiple compute instances.

At that time, LB was invisible and not configurable, with few exceptions. There was also a distinction between Azure Software Load Balancer (SLB) and Azure Internal Load Balancer (ILB), reflecting the first wave of improvement to this part of the platform. Even if ILB term continue to exist in the documentation, we generally talk about “Azure Load Balancer” (LB), it doesn’t matter if the front-end IP address is internal (ILB) or external (SLB). Within the scope of this article, I will refer to Azure Layer-4 Load Balancer as “LB”, Layer-7 Azure Application Gateway is not considered. Additionally, there is no more Azure Service Management (ASM) improvements for LB, all new features, and what discussed here, will be referred to Azure Resource Manager (ARM) API model.

Introduction of a new Load Balancer SKU

Azure is now approaching this 10^th birthday, and a new massive wave of improvements is coming under the name of “Azure Standard Load Balancer” (Standard LB) :

Load Balancer Standard

https://azure.microsoft.com/en-us/updates/public-preview-load-balancer-standard

Azure Standard LB will incorporate massive improvements in performance, scale, resiliency and covering new scenarios that previously was not possible to implement. Before proceeding, let me clarify the new naming and the introduction of SKU separation: new improved Azure LB type will be the “Standard” SKU, while the previous LB version will go under “Basic” SKU, that is the current one not in preview. NOTE: There is no retirement announced for “Basic” SKU. Just to emphasize more that these SKUs are different, and that Standard has been built from the ground up in a new stack, it is not possible to dynamically upgrade from one to the other, at least today. Even if SKUs are not mutable, a procedure is provided to change, but will cause some downtime, you can check here. Before talking more in depth about technical features, let me highlight two important differences between these two SKUs:

• Pricing

Standard and Basic SKUs have very different pricing. The Basic LB is free of charge, while the standard Azure Load Balancer has a charge associated with it. That pricing will be based on the number of rules configured (load balancer rules and NAT rules) and data processed for inbound originated flows. However, there will be no hourly charge for the standard load balancer itself when no rules are configured. Additionally, ILB scenario is not charged at all. You can check pricing details here.

• Subscription Limits

Standard SKU comes with greater capacity and scalability, then some of the max thresholds per region per Azure subscription are different. In this article, please note the different values for the number of rules, front-end configurations, and backend pool size:

Introduction of a new IP Public Address SKU

Azure “Standard” SKU for Load Balancer is not coming alone, we are also going to have a “Standard” SKU for Public IP addresses (now still in preview). These are strictly related, new IP SKU is necessary and tightly bound to the Load Balancer used: concept here is reflected in the rule that dictate the usage of “Standard” IP with “Standard” LB, not possible to mix. All public IP addresses created before the introduction of SKUs are Basic SKU public IP addresses. With the introduction of SKUs, you have the option to specify which SKU you would like the public IP address to be. You may wonder why this has been created, I have my idea on that, not officially confirmed, but if you look at the feature list, it seems to be related to the (upcoming) introduction of Azure Availability Zones (AZ):

IP address types and allocation methods in Azure

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-ip-addresses-overview-arm

I will talk more in depth about “Availability Zones” (AZ) later in this article. In the meantime, let me ask your attention on four important points:

• SKU choice: Azure LB Standard SKU does require Azure IP Standard SKU.
• Standard public IP SKU is static only: this will have an impact on cost and maximum number of IPs you will be able to deploy, as you can read at this and this links.
• Availability Zones: if you want to use LB in AZ scenario, you must use Standard SKU.

Creating it in PowerShell requires only an additional parameter “Sku” to be specified with value “Standard”:

New-AzureRmPublicIpAddress -Name $pubIpName -ResourceGroupName $rgname -AllocationMethod Static -Location $location -Sku Standard -IpAddressVersion IPv4

NOTE: Azure Public IP address Standard SKU cannot be used with VPN Gateway nor Application Gateway.

New LB Standard SKU features

During the past years, for several of my Azure projects, I faced several kinds of issues and limitations for the now named Azure “Basic” Load Balancer SKU. Looking at the list of improvements for “Standard” SKU in the article below, I’m impressed and glad that now almost everything has been finally solved. Let me report the list below along with my comments and experiences from those projects.

Azure Load Balancer Standard overview

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-overview

Backend Pool

The Backend pool is essentially the pool of “compute” instances that the LB will forward the traffic to. During one of my project in the past, I faced two distinct issues, here are the descriptions and how Standard SKU is aiming to solve now:

• Scalability: max limit of 100 VM instances. Now with Standard SKU the limit has been raised 10x up to 1000.
• Flexibility: only configurations with VMs (or VM Scale Sets – VMSS) into a single Availability Set (AS) were possible. Now with Standard SKU you can include every VM instance inside the same VNET, standalone or in multiple AS.

Frontend Configuration

Multiple Frontend IP configuration: in reality, this is possible also with Basic SKU (see here), but with Standard SKU it has been enhanced. You can now use these multiple IPs to scale on the number of ephemeral ports for SNAT. If you had problems in the past with SNAT port exhaustion, you should use LB Standard SKU with additional front-end Standard SKU IPs. Read carefully here on scenarios and how to solve potential issues.

Availability Zones

AZ is a very important feature that will become available soon, currently in preview in selected regions. Without this feature, is not possible to have fault-isolated locations within an Azure region, providing redundant power, cooling, and networking. Availability Zones allow customers to run mission-critical applications with higher availability and fault tolerance to datacenter failures, using synchronous data replication, to achieve zero data loss in case of single zone failure. With AZ, Azure will be able to provide 99,99% HA SLA for its Virtual Machines. If you want to use a Load Balancer and a Public IP that is zone-resilient, you must use Standard SKU for both these objects.

It is worth noting the following notes about “zonal” and “zone-redundant” concepts:

1. Azure “Load Balancer”, “Virtual Network” and “Subnet” are region wide objects, that is regional, and never zonal.
2. Both public and internal Load Balancer support zone-redundant and zonal scenarios.
3. “Public IP” address can be created local to a zone (zoned) or regional, that is zone-resilient: in the former case, you need to specify a zone when creating the object, in the latter instead, you should not.

For additional details you can read the article below:

Standard Load Balancer and Availability Zones

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-availability-zones

If you want to know more on Azure Availability Zones, you can read my blog post below:

Why Azure Availability Zones

https://blogs.msdn.microsoft.com/igorpag/2017/10/08/why-azure-availability-zones

HA Ports

This feature is available only with Standard LB SKU and in internal load balancing scenarios (ILB), cannot be used with internet facing public IP. Mechanic is very simple: you can write a simple single rule that will balance *all* TCP or UDP ports and protocols. Without this feature, you need to explicitly write a load balancing rule for each port, with a maximum threshold of 250 using Basic SKU internal load balancing.

High Availability Ports overview

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-ha-ports-overview

Which kind of scenarios can have benefits from this? First usage is for Network Virtual Appliances (NVAs). With (HA) Ports is easy to configure a single load balancing rule to process and distribute VNet traffic coming across any Layer 4 port to your NVAs increasing reliability with faster failover and more scale-out options.

You can create such rule easily using the Azure Portal or PowerShell (ARM template and Azure CLI 2.0 are also available following these instructions):

New-AzureRmLoadBalancerRuleConfig -Name "HAPortsLBrule” -FrontendIpConfiguration $FEconfig -BackendAddressPool $BEPool -Protocol "All" -FrontendPort 0 -BackendPort 0

In the cmdlet above, please pay attention to the usage of “FrontEndPort”, “BackendPort” and “Protocol” switches.

Monitoring and Diagnostics

Using Basic SKU for Azure Load Balancer (LB), once enabled as described here, three different type of loggings are available: Audit, Health Probe and Alerts. The last one is particularly useful to troubleshoot potential issues on the LB, such as SNAT port exhaustion. All these logs can be collected and stored on an Azure storage account, and then analyzed using tools like PowerBI. What is new in Standard SKU is the possibility to retrieve important metrics and counters that will give you a much better insight on how your LB is working. You can get the list of metrics available for an Azure Standard LB resource using the Azure Portal (via Azure Monitor integration) or PowerShell cmdlet “Get-AzureRmMetricDefinition” from “AzureRM.Insights” module:

The first two “counters” will tell you about effective availability of frontend IP (VIP) and backend internal IP (DIP), the other counters are self-explanatory. For the description of each item, please see this article. This functionality is an addition to diagnostics already available in the Basic SKU that you can still leverage:

High-availability SLA

I personally love SLAs, as something that permits you to build your architecture on solid bases, and “resell” to your final customers an application that they can rely upon.  Standard LB SKU comes with a new brand high-availability SLA of 99,99%, Basic SKU is not covered here. Very useful and nice improvement.

SLA for Load Balancer

https://azure.microsoft.com/en-us/support/legal/sla/load-balancer/v1_0

The new metric monitoring feature, will allow you to easily assess availability, and other counters, from the Azure Portal with nice customizable diagrams.

Breaking changes in Azure LB Standard SKU

I decided to dedicate a section to this topic because there are two breaking changes in the behavior of the Azure Load Balancer Standard SKU, compared to the previous Basic SKU. If you are already using the latter, and planning to move to the former, please read carefully my notes below and associated documentation links:

• Network Security Group (NSG): When you assign a standard SKU public IP address to a virtual machine’s network interface, you must explicitly allow the intended traffic with a network security group. Communication with the resource fails until you create and associate a network security group and explicitly allow the desired traffic. This is for obvious security reasons.
• VM outbound connectivity: if a VM is part of a Standard LB backend pool, outbound connectivity is not permitted without additional configuration. This is totally different from Basic LB, where a VM has totally open outbound connectivity to the Internet. To permit the VM outbound connectivity, a load-balancing rule (NAT rule is not sufficient) must be programmed on the LB Standard SKU, as explained in the article below (see “Scenario 2: Load-balanced VM without an Instance Level Public IP address”):

Outbound connections in Azure

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-outbound-connections

NOTE: There is an exception to the rule I just gave you, I will explain you in a minute.

The article above is a very interesting piece of Azure networking architecture, I strongly recommend you read entirely if you want ot have a complete understanding of Azure LB behavior. What is worth reading is the list of scenarios for outbound VM connectivity:

Regarding the exception I mentioned in the previous note, as you can read for the first scenario, if you add an additional IP configuration to your VM, with an Instance Level Public IP, your VM will be able to reach outbound Internet.

What is still missing?

As I said at the beginning of this article, Azure Load Balancer (LB) Standard SKU solved most of the problems I faced in the past, an amazing work from Azure Networking team. As a Cloud Architect for my customers and partners, there are still a couple of “nice to have” details I would like to know:

1. Load Balancer latency: officially, there is no mention on how much overhead the traffic will get flowing through the load balancer. I have done my tests in the past and have my idea, and you can do easily your own, but there is no SLA on that.
2. Load Balancer throughput: how many Gbit/s or Pps (Packets per second) an Azure load balancer can sustain? There is no capacity guidance around this, I suspect because Azure load balancers run on a multi-tenant infrastructure, then numbers may change.

Regarding the second point, in the past was rare to hit throughput cap, other limits kicked in before. But now you can scale the backend pool to 1000 VMs, then will be interesting to do some performance tests at scale. Anyway, let me close my article with the sentence contained in the overview article for Azure Standard Load Balancer:

....Low latency, high throughput, and scale are available for millions of flows for all TCP and UDP applications.....

Examples on GitHub

Since the Standard SKU Load Balancer is new, and some behaviors are different from the past, I created some very simple samples using PowerShell you can play with and customize. You can find at this link on GitHub. Please be aware that these are NOT production ready, I created them only for learning purpose. Additionally, the code in the samples is not intended to be launched all in once. Instead, you should carefully review each commented section, understand the effects, then run it to observe the outcome.

1. SAMPLE[1]: Create a simple zoned VM with an instance level Standard IP (ILPIP). Look how to create a VM in a specific Azure Availability Zone (AZ), then create a new Standard SKU type Public IP and use it to expose the VM. A Network Security Group (NSG) is necessary to permit traffic through the Standard Public IP, differently from Basic Public IP as done in the past, where all the ports were open for VM access.
2. SAMPLE[2]: Create a new type Standard SKU Load Balancer (LB), and use it in conjunction with a new Standard SKU type Public IP. Then, create two "zoned" VMs with Managed Disks, each one hosted in a different Azure Availability Zone (AZ). Worth noting that the two VMs will be in the same subnet and Virtual Network, even if in different AZs. Finally, will be demonstrated how Standard Load Balancer will transparently redirect to the VM in Zone[2] if VM in Zone[1] will be down. In this sample, the necessary NSG will be created and bound to the subnet level, not at the specific VM NIC as in the previous example.
3. SAMPLE[3]: Create a Standard SKU internal Load Balancer (ILB) with HA Port configured and 1 zoned VM behind it. You will see how the publishing rule for this feature is different, and how it works with VM created in a specific Zone.
4. SAMPLE[4]: You will see here how to retrieve metric definitions and values for Standard SKU Load Balancer (LB), using PowerShell.

Conclusions

Azure new Standard SKU for Load Balancer has been officially released yesterday. It is a key component for many new Azure scenarios, most important for Azure Availability Zones (AZ). Additionally, it provides greater scalability and new diagnostic and monitoring capabilities that were missed in the Basic SKU release.  Hope you enjoyed my article, feel free to send me your notes and feedbacks. You can follow me on Twitter using @igorpag. Regards.

The answer is Yes! but your database needs to have in the compatibility level 130 or above. If your database compatibility level is less than 130 you could get an error about "incorrect syntax near the keywork with" or "invalid syntax".

Please, follow these steps to read a JSON file from a Azure Blob Storage from SQL Server Management Studio:

1. Download the latest version of SQL Server Management Studio.
2. Connect to your Azure SQL Database and run the following TSQL in order to identify the compatibility level version of your database: select * from sys.databases
3. If your database has the compatibility level than 130 you need to change it, if not you will not be able to use OPENJSON. We need to change running the following TSQL command: ALTER DATABASE DotNetExample SET COMPATIBILITY_LEVEL = 130. Remember that Azure SQL Database supports right now the compatibility level of 140 ( SQL SERVER 2017 ).
4. Create your JSON file and upload it to the Azure Blob Storage. You could use, for example, Microsoft Azure Storage Explorer
5. Give the permissions to read data in the Azure Blob Storage and copy the key.
6. Using SQL Server Management Studio:

Create a new credential:

CREATE DATABASE SCOPED CREDENTIAL MyAzureBlobStorageCredential
WITH IDENTITY = 'SHARED ACCESS SIGNATURE',
SECRET = 'sv=2017-04-17&ss=bfqt&srt=sco&sp=rwdl&st=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';

Create a new external data.

CREATE EXTERNAL DATA SOURCE MyAzureBlobStorage
WITH ( TYPE = BLOB_STORAGE,
LOCATION = 'https://xxxxx.blob.core.windows.net',
CREDENTIAL= MyAzureBlobStorageCredential);

Run the following TSQL to read the data from a JSON file. (In my case, I created a JSON with the results of sys.dm_db_resource_stats execution)

SELECT book.* FROM OPENROWSET (BULK 'ResourceDB.json',DATA_SOURCE = 'MyAzureBlobStorage',  SINGLE_cLOB) as j
CROSS APPLY OPENJSON(BulkColumn)
WITH( [end_time] datetime , [avg_cpu_percent] [decimal](5, 2), [avg_data_io_percent] [decimal](5, 2) , [avg_log_write_percent] [decimal](5, 2) , [avg_memory_usage_percent] [decimal](5, 2), [xtp_storage_percent] [decimal](5, 2), [max_worker_percent] [decimal](5, 2) , [max_session_percent] [decimal](5, 2) , [dtu_limit] [int] ) AS book

Enjoy!

又到了一年一度的 Imagine Cup 這個由 Microsoft 針對學生所舉辦的科技大賽的報名時間，就讓 MSP 來告訴你怎麼樣完美的完成報名吧！

Step 1. 登入 Microsoft Imagine

首先請在看文章的你，點選 這裡 進到 Microsoft Imagine 的首頁。
接著請點選右上角的登入！

Microsoft Imagine 首頁

之後請登入你的微軟帳號（非學生信箱），若沒有微軟帳號請點選「建立一個吧！」的按鈕。

Step 2. 確認 Microsoft Imagine 帳戶資訊

如果是先前已經使用過 Micrsoft Imagine 的帳號，會直接跳到 Micrsoft Imagine 帳戶管理頁面，如圖：

請點選左方的編輯進行資料確認。

非第一次使用 Microsoft Imagine

如果是新建立的帳號則會請你直接輸入資料：

第一次登入 Microsoft Imagine

※要注意國家與 Imagine 競賽地區都要選擇台灣喔！

※完成之後請回到帳戶頁面進行 Imagine Cup 的報名與建立隊伍！

Step 3. 報名 2018 Imagine Cup！

回到帳戶頁面之後點選 2018 Imagine Cup 下方的立即報名按鈕。

進行 Imagine Cup 的報名

稍待片刻之後會跳轉到報名完成的頁面，提示你已完成報名！

報名完成的提示頁面

看到這個頁面之後就可以進入下一步囉！

Step 4. 來建立團隊吧！

從上面的頁面中點選左上方的帳戶按鈕，回到帳戶管理頁面。
接著請往下滑動頁面，在建立團隊的區塊停下，輸入你的隊名並點選提交！

新增團隊

點選提交之後會出現下列畫面，部分資訊會由系統直接帶入，請將其他必填選項完成。

填寫團隊資訊

當你建立完團隊，回到 Microsoft Imagine 帳戶管理頁面就可以看到自己剛剛所建立的團隊囉！

這時候只需要點選管理，便可以進行團隊資訊的修改與新增隊員（至多 3 人）。

恭喜你完成 2018 Imagine Cup 的報名！

Final Step！上傳團隊的專案

前往參加比賽的最後一個步驟，便是提交要參賽的專案！

在完成上面的所有步驟之後，可以回到 Microsoft Imagine 的帳戶管理頁面，在 2018 Imagine Cup 的地方點選「提交 >」的按鈕，便會跳轉到上傳專案的頁面。

在進行專案的提交時需要準備下面幾項：

1. 專案標題
2. 專案敘述（最多 255 個字元）
3. 專案提案（內容請包涵團隊與專案的介紹）
   • Word 或是 PDF 檔案不能超過 10 頁
   • PPT 檔案不能超過 20 張
   • 檔案限制為 100 MB
4. 專案檔案
   • 只接受 ZIP
   • 大小限制為 1GB，超過請按照說明操作
5. 專案檔案介紹
   • 只接受 DOC、DOCX、PDF 與 ZIP
   • 大小限制為 10 MB
6. 其他選填項目

上傳完所有指定項目之後，按下提交就可以囉！

"Talent wins games, but teamwork and intelligence wins championships" – Michael Jordan

New culture of work

Just like sports, fostering a culture of teamwork is essential for a productive enterprise. Teamwork is about team members working together, building upon each other's expertise, sharing their experiences, expressing their opinions and thereby building culture that helps companies innovate. Hallmark of a highly productive team is culture where members believe in sharing information rather than keeping it to themselves. Again, just like any team sports, team members need to cultivate trust among each other. They need to believe that whole is always greater than a pie. And just like Michael Jordan said, aim at winning the championship, not individual games.

So, what is all this to do with Microsoft Teams? It is:

• The spirit of working in open,
  
• Sharing by default,
  
• and Trusting by default.
  

Emails and Instant Messaging applications have made us all productive by speeding up time is takes to communicate between team members, and now it is time to speed up the reach of information. If we want to speed up our innovation, we need to:

• Change our culture,
  
• Our habit and
  
• Our tools of communication.
  

At the same time:

• We need to start trusting,
  
• We need to start sharing, and
  
• We need to start building upon each other's contribution.
  

Please note, sharing in this context does not mean compromising on information protection or compromising security. Information is the new oil, and it needs to be protected. Context here is sharing within your team members with all the controls and policies appropriately configured for security, privacy and compliance.

If you are using emails and IMs are your primary communication tools, and still are on the fence on adopting Microsoft Teams, this article will walk you through benefits that your team is missing by not making the change. It's a team effort, the team has to be all in to gain the benefits.

Why Conversations rock!

Emails restrict the consumption of information to folks who are chosen by the author of email. Whereas by using Teams conversation, information is available to all existing as well as future members of the team.

Benefits of Teams conversation compared to emails

• Conversations are available to new members who join the team. New members can quickly ramp up on history and context.
  
• Access to conversation is removed when members leave the team. In case of emails, the information is available in the member's inbox even when they leave team.
  
• Information is always available in the context of a team. Emails are transactional in nature and do not live within a team's context
  
• Author of conversation can use @ mentions to notify specific members, channel or a team. This generates a notification for the consumer of the information thereby raising the importance for the consumer. Emails do not have such notification functionality
  
• Conversations in Teams can be supplemented with pulling information directly from an app (either Microsoft, enterprise or 3rd party app).
  
• Ability for members to like conversations thereby increasing the significance of the information
  

Why Teams Chats is better

Teams provide persistent chat between 2 or more people, whereas instant messaging (IM) is transactional in nature where the context is lost when conversation ends

Benefits of Teams Chat compared to IM

• Teams provides persistent chat that preserves conversation context.
  
• Members in a chat can pull in new members. Since conversation is persisted, new members can view conversation history
  
• Member can add a Tab that pulls in data from apps
  
• Files shared in chat are automatically stored in OneDrive. Permissions to the file are automatically updated for members in the chat
  
• Members in chat can quickly get access to all files shared in the conversation through Files tab
  

Why meetings in Teams are cooler

Meetings in Teams allows members to be productive by providing access to conversations and recordings before and after the meeting.

Benefits of meetings in Teams compared to Skype For Business

• Meetings scheduled and recorded within a Teams channel is available to new members.
  
• Plugin-less meeting join from Edge or Chrome browser
  
• User is alerted if they are speaking on mute. How cool is this!
  
• Ability for members who are not in invite to join meetings
  
• Persistent conversations during and after meeting
  

Get started today!

Be the champion for change.

Continued from DevConf’s log #1 – Flights, floods, and lack of sleep. Spent the weekend relaxing, mentally preparing for the conference, and enjoying the sun, food, and discussions.

Part of the mental preparation is to practice the session and ensure the 60-75min talk can be delivered in the 45min DevConf slot. I focused on grounding my feet to create the foundation of a relaxed, automated, and passionate session that delivers value. Recognise the practice of “continuous learning and improving”?

Here are a few pictures to give visual context:

Conference centre without the rain.

It’s called the RED cross for a reason – I give up!
 

Enjoyed a long catch-up lunch with my good old friend at Mandela Square.

Only South-Africans will understand me enjoying a Spur Goodie Burger, Black Label, and Biltong

Enjoyed a great dinner and chat with Robert, who’s one of the pivotal organizers of the DevConf event. A few photos from the DevConf presentation rooms. Notice the lack of a bowtie?
 

T-2 sleeps until the event begins

Sharing a few of the discussions before, during, and after devconf, a community driven, developer focused, one-day conference hosted annually.

The questions that were asked the most over the past few days are “What’s DevOps”, “Can’t I buy DevOps”, and “How do I get started”. Here’s my three [cents | pennies].

What’s DevOps?

It’s pivotal to bookmark Donovan’s What is DevOps post and optionally decorate your laptop with the DevOps sticker.

It’s a crisp one-sentence definition of DevOps, emphasizing the need for continuous delivery of value. It’s a thing (mindset, set of practices, …) that’s based on a journey of continuous learning and improving your people, process, and products. It’s a continuous and endless journey - you cannot flip a feature flag and enable DevOps.

Can’t I buy DevOps?

No! As suggested above, it’s a journey, not a product. You cannot buy DevOps. Buying a product does not give you DevOps.

How do I get started?

I would start by pasting Donovan’s definition of DevOps on my bathroom mirror to burn it in into my brain.

Next review transformation journeys, such as DevOps @ Microsoft – the learnings will enable faster traction and ensure that it will not take you years to do your transformation. Once you have your own transformation journey you should be transparent and share it with the community. More importantly, you’ll have a testimonial that’s invaluable when your customer asks the same question.

If you’re working with a customer in the worst possible situation, you can also read Donovans’s how do we get started with DevOps blog post.

---

New reference slide, inspired by the new Garage t-shirt

I love the new t-shirt the Garage Intern coaches received.

It triggered a new reference slide to emphasize that DevOps is not about rainbows and magical unicorns, but a mindset, practices, and a journey of continuous learning and improving.

What do you think?

Other devconf Q&A’s

• devconf discussions – Feature Flags

This feature will be available in VSTS after the deployment of the Sprint 132 update is completed.

Now you can publish markdown files from a git repository to the VSTS Wiki. Developers often write SDK documents, product documentation, or README files explaining a product in a git repository. Such pages are often updated alongside code in the code repository. Git provides a friction free experience where code and docs can live on the same branch and are reviewed together in pull requests and are released together using the same build and release process.

There are few issues with hosting such pages in code repositories:

1. Viewers of this documentation need to sift through tons of code to find and read the content
2. Documentation inherently needs ordering i.e a structure that can dictate a page hierarchy. Git does not offer ordering of files therefore you end up seeing all pages in the alphabetical order only
3. Managing documentation versions is cumbersome i.e. it is not easy to find documentation of product release 1.0, 2.0, or other past releases.
4. There is no ubiquitous search or discovery to find all documentation at one place. Markdown files in git repository are discoverable through code search while the wiki pages are discoverable through wiki search.

You can read about more use cases in this user voice.

Solution

Now, VSTS Wiki allows you to publish markdown files from a folder in a git repository as Wiki pages. So let’s see how it works.

Publishing MD pages from code as Wiki

For the purpose of this blog post, I am creating a sample repository. Let's say I have a code repository on Azure Node.js SDK that contains all my code and documentation. The conceptual folder has a bunch of markdown files that I need to publish to VSTS Wiki.

Sample git repository containing code and documentation

If you are a first time user of VSTS Wiki and you navigate to the Wiki hub, you see two options.

Publish code as Wiki shows up for first time users of Wiki

• Create Wiki – creates your first project wiki (read more)
• Publish code as Wiki – publishes markdown files from a git repository as Wiki

In case you are already using Wiki, then you will see Publish code as Wiki in the wiki breadcrumb.

Publish code as Wiki shows up on an existing Wiki 

When you click on Publish code as Wiki, you see a dialog to select a repository, branch, and folder that you want to publish as wiki. You can also give your wiki a friendly and memorable name.

Map a wiki to a git repo

If you use the entire repository for documentation purposes, then you can select the root of the repository to publish all markdown files in the repository as wiki.

When you publish a branch in a git repo as wiki, the head of the branch of the git repo is mapped to the wiki. Therefore any changes made in this folder in the published branch will immediately reflect in Wiki. There are no other workflows involved.

And that’s it. All the content from the git repo will show up in the Wiki. Now you have a mirror image of the folder in the git repo in Wiki that will continue to get updated as developers write documentation in their git repo.

Markdown files published from git repository to VSTS Wiki 

Once you click publish, we look for all markdown files recursively under the folder and its sub folders. If a sub-folder does not contain a markdown file, it will not show up in Wiki.

Edit pages & add new pages

You can also add new pages or edit existing pages in the git repository and these pages will appear in the wiki immediately. Clicking on the Edit page button in Wiki takes you to the underlying git repository.

Publish another version

As your product grows, you may add various versions to the product. Therefore you may have a need to write documentation regarding the various versions of the product.

Wiki now supports publishing multiple versions of the content. You can click on Publish new version.

Publish another branch from code repository as wiki

Next, select the branch that indicates the new version, and click on Update.

Select another branch from code repository

Now you have two different versions of documentation residing in the same wiki.

VSTS Wiki showing documentation from multiple branches 

Reordering pages

Another issue with content hosted in version control is that you have no control over the ordering of the files and all files show up in alphabetical order. However, ordering the content is a basic need for content published in any wiki.

In VSTS Wiki, once you publish the content, you can add a .ORDER file at a folder level in your git repository to create your own page order.

.ORDER file to manage order of pages in Wiki

In the above example, I added a .ORDER file and added titles of few pages in a particular order. Once, I commit this change, the ordering of pages in wiki changes to mimic what I mentioned in the .ORDER file.

Changed order in Wiki hierarchy

Promoting folders to Wiki pages

Once the  markdown files are published as Wiki, the sub-folders in the git repository will appear as follows.

Folders in git mapped to VSTS Wiki 

In a wiki, there is an inherent need to have a hierarchy of pages, therefore you need a better treatment for folders. Now, you have the ability to promote a git repo folder to a page in wiki by following these simple steps:

• If you want to promote the folder called 'includes' as a wiki page then create a page called 'includes.MD' at the same hierarchy as the folder

Promote a folder to a wiki page - includes.md is at the same hierarchy as includes folder

• Commit the changes to the branch and view the page in Wiki. Now you see that 'includes' does not appear as a folder but rather is appears as a wiki page.

VSTS Wiki shows a git folder as a Wiki page

Searching published wiki pages from code

All the markdown files published as wiki are searchable in the Wiki hub. Currently, files from the first published branch are indexed.

Un-publish a wiki

We understand that there could be moments when you could have published a code repository by mistake or the code repository content may turn stale therefore you may have a need to un-publish a wiki.

You can simply click on "Unpublish wiki" to remove the mapping between the git repository and wiki.

Unpublish wiki

Unpublishing a wiki will have no impact on the markdown pages in the code repository. i.e. all the pages in the git repository are still intact and you can always publish the pages from the code repository again at a later time.

Unpublishing a wiki has no impact on the markdown pages in the code repository

When you unpublish a wiki, the pages are also removed from the search index therefore you will not be able to search pages in wiki once the wiki is unpublished.

What features are coming next?

1. Fix broken links on page move or page rename (70 votes)

Report Issues or Feature request

If you have a feature request or want to report a bug:

1. Report a Wiki bug on developer community
2. New feature request for Wiki 

Written by Natalie Afshar

What exactly is mixed reality? And how does it compare with augmented reality and virtual reality?

Well, virtual reality (VR) usually involves a fully immersive virtual experience including head mounted displays, while augmented reality (AR) involves an overlay of content on the real world, and mixed reality (MR) takes it one step further where the holographic content is anchored to the real world, and interacts with it in real time, for example overlaying a virtual architectural model on a table or surgeons overlaying a virtual x-ray on a patient while performing an operation.

Microsoft have a Mixed Reality (MR) offering called Windows Mixed Reality which allows anyone with the latest Windows10 update to experiment with holographic technology. Windows Mixed Reality offers a whole suite of creative tools, from Paint 3D to Mixed Reality Viewer and Remix 3D, which I will explain in more depth below. These tools allow students and teachers to be active creators of mixed reality content, rather than just passive consumers: they can experiment with 3D drawing, mixed reality video editing and even 3D printing or creating 3D content with Unity.

This is useful for schools and teachers because you don’t actually need an expensive VR headset to start creating and experimenting - a readily available mixed reality solution can be accessed by anyone with the latest build of Windows10, with the Fall Creators Update, and a PC with a webcam.

For IT admins who want to read more about the Fall Creators Update and how to get started, click here.

It also updates your device with the latest security features. Windows Defender Antivirus specifically safeguards against malicious apps including ransomware attacks and threats like WannaCry, and it continuously scans your device to protect against any potential threats in real time through the cloud protection service.

If you’re not sure if you already have the Fall Creators update, you can check your device to see which version of Windows 10 you’re on here.

Here is some more information about tools in Windows Mixed Reality - you might want to share these resources with teachers.

The Mixed Reality viewer feature uses the web-cam on your laptop to embed virtual 3D objects into real world images and videos. For example, the above image shows a rover being overlaid into a photo of a boy standing next to a car. You can rotate and move around an object so it fits realistically into the photo.

The Story Remix feature in the Photos app allows you to insert 3D objects directly into videos. For example, above is a video of a dinosaur placed into a football game, as the girl kicks a ball of flames. Watch the tutorial here.

Paint 3D is the updated version of the old favourite Windows Paint. It allows simple 3D creation and editing in a modern interface. You can doodle in 2D and convert it to a 3D object using the Magic Select tool and see your creations in MR through the Mixed Reality Viewer app.

The 3D Builder app allows you to build and 3D print any design you create, without having to know how CAD works. Previously you would need some CAD knowledge to 3D print, but 3D Builder simplifies this. You can also import designs you find online and print to any 3D printer that has a Windows-compatible printer driver. The app can be used as a reference and a test tool for 3D-editing, and for validating 3MF files that you create.

Taking it one step further, for advanced learners, you can create professional 2D or 3D games with Unity (3^rd Party App).

For more in-depth information of the newest features of the Fall Creators Update, read here.

Our mission at Microsoft is to equip and empower educators to shape and assure the success of every student. Any teacher can join our effort with free Office 365 Education, find affordable Windows devices and connect with others on the Educator Community for free training and classroom resources. Follow us on Facebook and Twitter for our latest updates.

A common scenario in web application development is a frontend web application accessing some backend API. The backend API may provide an interface to some shared business system or database (e.g., a customer or inventory database) and the frontend web application may be a business system interacting directly with customers or employees. We see this scenario when a frontend application uses services such as Microsoft Graph API. In a previous blog post, I have discussed how to configure web app authentication (a.k.a. Easy Auth) such that it provides user authentication for the web app but also grants a token to the Graph API. In this blog post, I will expand on this scenario by showing how one can do the same with a custom backend API.

The scenario is illustrated below:

Specifically, the backend Web API requires users to present a bearer token when accessing this API. This token authorizes the user to access the API and based on claims in the token the user may have access to all or parts of the API. However, the user does not access the API directly, rather access happens through a web app and the user will authenticate with Azure Active Directory (AAD) credentials when accessing the web app. Once authenticated, the user will obtain a token for accessing the backend API and the web app will present this token to the API when it needs to access it.

As illustrated, this scenario actually requires two AAD app registrations; one for the Web API and one for the web frontend. We will walk through how to create these and connect them appropriately such that when the user authenticates using the app for the frontend web app, they will get a token for the backend API.

I have created a very simple example backend Web API, which you can find here on GitHub. This is a API uses bearer token authentication and will allow users to create lists in a database. They can be to do lists, shopping lists, etc. Each user will only have access to their own lists. As you can see in the code we use an Azure Active Directory app registration to set up the bearer token authentication.

To set up the app registration, go to the Azure portal and find the App Registrations pane in Active Directory:

After creating the app registration, we will modify the manifest for it to define some scopes for the API. The simple API above doesn't actually use any sophisticated features like that, but if you have had to select which delegated privileges the application should require, e.g. User.Read, User.ReadBasic.All, etc. for Graph API, you will be familiar with the concept and you may wish to define such scopes for your API. Hit the "Manifest" button to edit:

I will not repeat the whole manifest here, but to define a new scope called ListApi.ReadWrite, I have modified the oauth2Permissions section as follows. The id for the new scope is a GUID that you can generate yourself, e.g. with the New-Guid PowerShell cmdlet.

  "oauth2Permissions": [
    {
      "adminConsentDescription": "Allow application access to ListApi on behalf of user",
      "adminConsentDisplayName": "Access ListApi (ListApi.ReadWrite)",
      "id": "08b581aa-6278-4811-a112-e625a6eb8729",
      "isEnabled": true,
      "type": "User",
      "userConsentDescription": "Allow application access to ListApi on behalf of user",
      "userConsentDisplayName": "Access ListApi (ListApi.ReadWrite)",
      "value": "ListApi.ReadWrite"
    },
    {
      "adminConsentDescription": "Allow the application to access ListApi on behalf of the signed-in user.",
      "adminConsentDisplayName": "Access ListApi",
      "id": "de81bb7a-4378-4e61-b30b-03759f49ba53",
      "isEnabled": true,
      "type": "User",
      "userConsentDescription": "Allow the application to access ListApi on your behalf.",
      "userConsentDisplayName": "Access ListApi",
      "value": "user_impersonation"
    }
  ]

After this, we are done with the app registration for the API. Make a note of the application ID and you should also make a note of your AAD tenant ID. You can deploy the API in an Azure API App, you will need to define the following app settings:

{
  "ADClientID": "SET-TO-APPLICATION-ID",
  "ADInstance": "https://login.microsoftonline.com/TENANT-NAME-OR-ID/"
} 

In this case, the app registration is in an AAD tenant in the commercial cloud (as indicated by the login.microsoftonline.com URL) but you could have used an Azure Government tenant instead.

With the API deployed, we will move on to the app regstration for the frontend web application. In the same way as before, we will create a new app registration. Make a note of the Application ID and for this application, we will need to create a key. To understand why this is necessary, consider the fact that once the user is authenticated we will need to ask for a token for the backend API on behalf of the user and in that role the this app registration will act as an identity of sorts and it will need a password. So hit the Keys pane:

You can create a key by giving it a name, a duration and hit save. The key will be displayed when you hit save and only once. After you navigate away from that page, the key will not be shown again, so make sure you make a note of it.

Next step is to connect this app registration to the app registration for the backend API. You will do this in the same way that you add "Required Permissions" for say the Graph API:

In this case, hit "Select API" and search for the name of the app registration that you created from for the API. Once you select it, you can choose which scopes the application will need:

Notice that the scope we defined above shows up and you can select it. Before we actually deploy a client, this is a good time to check that all of this works. I will show you how to do this using Postman. First step is to select OAuth2 authentication:

Then hit "Get New Access Token", which will bring up this dialog:

Here are the values you need to enter:

• Grant Type: Authorization Code
• Callback URL: https://www.getpostman.com/oauth2/callback
• Auth URL: https://login.microsoftonline.com/TENANT-ID-OR-NAME/oauth2/authorize?resource=APPLICATION-ID-FOR-FOR-WEB-API
• Access Token URL: https://login.microsoftonline.com/TENANT-ID-OR-NAME/oauth2/token
• Client ID: APPLICATION-ID-FOR-FRONT-END-WEB-APP
• Client Secret: YOUR SECRET CREATED IN PORTAL
• Scope: ListApi.ReadWrite
• Client Authentication: Send client credentials in body

A note on the "Callback URL", you have to register this callback URL for your app registration for this to work. Otherwise you will get an error saying it is not a registered callback URL and you should add it. You will also need to add the callback URL for actual client application. Say we deploy the client in a web app called mywebapp and we set up Easy Auth (see below), the callback URL would be something like https://mywebapp.azurewebsites.net/.auth/login/aad/callback. Here is how those reply URLs look in this examples:

After hitting "Request Token" you will be taken through the login procedure for AAD and the token should be displayed. If you have the option of using a PIN, don't. Postman doesn't handle that well, use username and password (combined with MFA) instead. Hit "Use Token" at the bottom of the dialog and it will populate the token field in Postman. After that, you should be able to query the backend API:

Now that we know that we have a backend API and we can get a token for it using the app registration for the frontend web app, we can go ahead and deploy the frontend web application (the client). I have written a simple List Client MVC application, which calls the backend API. The application is designed to be deployed with Easy Auth, once the user has authenticated and if we have made sure that access to the backend resource is requested (see below), we can use code such as this:

        public async Task<IActionResult> Delete(int id)
        {
            string accessToken = Request.Headers["x-ms-token-aad-access-token"];

            var client = new HttpClient();
            client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
            var response = await client.DeleteAsync("https://listapi.azurewebsites.net/api/list/" + id.ToString());

            return RedirectToAction("Index");
        }

In this example function we are deleting a list item. Notice that we are using the x-ms-token-aad-access-token request header, which will contain the bearer token after signin and we are passing that token on to the API.

You can deploy the code into an Azure Web App and then set up Easy Auth with powershell. Because we need to make sure that we set additionalLoginParams for the web app authentication, it is not straightforward to do it in the portal. If you would like to learn how to set this manually using Postman, you can look at this blog post. I have also made a PowerShell tool called Set-WebAppAADAuth that does it all for you, it is part of my HansenAzurePS PowerShell module as of version 0.5. You can install this module with:

Install-Module HansenAzurePS

Or browse the source if you just want to see the steps for setting up authentication. With the tool, you can set the authentication as seen below. Here is a script that creates a web app and sets the authentication correctly:

$ClientID = "APP-REG-ID-FRONTEND-WEB-APP"
$ClientSecret = "SECRET-FOR-FRONTEND-WEBAPP"
$IssuerUrl = "https://login.microsoftonline.com/TENANT-ID-OR-NAME/"
$AdditionalLoginParams = @( "resource=APP-REG-ID-BACKEND-WEB-API")

$ResourceGroupName = "ListClientResourceGroup"
$WebAppName = "ListClientAppName"
$Location = "eastus"

#New resource group
$rg = New-AzureRmResourceGroup -Name $ResourceGroupName -Location $Location

#App Service plan
$asp = New-AzureRmAppServicePlan -Name $WebAppName `
-ResourceGroupName $rg.ResourceGroupName -Location $rg.Location

#New Web App
$webapp = New-AzureRmWebApp -ResourceGroupName $rg.ResourceGroupName `
-AppServicePlan $asp.Id -Location $rg.Location -Name $WebAppName

#Finally the authentication settings.
Set-WebAppAADAuth -ResourceGroupName $rg.ResourceGroupName `
-WebAppName $webapp.Name -ClientId $ClientID `
-ClientSecret $ClientSecret -IssuerUrl $IssuerUrl `
-AdditionalLoginParams $AdditionalLoginParams `
-Environment AzureCloud

The Environment parameter refers to the cloud where your web app is location. In the example above, we are using AAD in commercial Azure and the web app is also in commercial Azure, but you can mix and match to suit your specific scenario.

With the application deployed, you can now try to access it. You should get prompted for login credentials and you will be asked to accept that the application will have access to information on your behalf, including access to the List API as defined above:

If you hit OK, you will get access and through the "List" link at the top of the page, you can now access your list (e.g., to do list or shopping list):

The toy application used in this example is not intended to be production code. The List API uses an in memory database, so when the app restarts all the lists are gone. It is only intended to be used for illustration purposes.

The workflow presented above, where we add the additional resource parameter to get a token for the API, only solves part of the problem if you need to access multiple backend APIs. Say for instance you want to access the Graph API and a custom API. In that case, you need to use an "on-behalf-of" workflow in your code to obtain tokens for additional APIs. This may be a subject of a later blog post, in the meantime, if you want to learn more about Azure Active Director and how to integrate it with your applications, please consult the Azure Active Directory Developers Guide, where you can find lots more information about app registrations and various authentication workflows.

Let me know if you have questions/comments/suggestions.