Announcing Active Directory Identity Improvement on AKS on Azure Stack HCI

by Contributed | May 20, 2021 | Technology

This article is contributed. See the original author and article here.

We’re very pleased to announce that Group Managed Service Account (gMSA) for Windows containers with non-domain joined host solution is now available in the recently announced AKS on Azure Stack HCI Release Candidate!

The Journey

Since the team started the journey bringing containers to Windows Server several years ago, we have heard from customers that the majority of traditional Windows Server apps rely on Active Directory (AD). We have made a lot of investments in our OS platform, such as leveraging Group Managed Service Accounts (gMSA) to give containers an identity and can be authenticated with Active Directory. For example, this blog showcased improvements in the Windows Server 2019 release wave: What’s new for container identity. We have also partnered with the Kubernetes community and enabled gMSA for Windows pods and containers in Kubernetes v1.18. This is extremely exciting news. But this solution needs Windows worker nodes to be domain joined with an Active Directory Domain. In addition, multiple steps need to be executed to install webhook and config gMSA Credential Spec resources to make the scenario working end to end.

To ease the complexities, as announced in this blog on What’s new for Windows Containers on Windows Server 2022 – Microsoft Tech Community, improvements are made in the OS platform to support gMSA with a non-domain joined host. We have been working hard to light up this innovation in AKS and AKS on Azure Stack HCI. We are very happy to share that AKS on Azure Stack HCI is the first Kubernetes based container platform that supports this “gMSA with non-domain joined host” end-to-end solution. No domain joined Windows worker nodes anymore, plus a couple of cmdlets to simplify an end-to-end user experience!

“gMSA with non-domain joined host” vs. “gMSA with domain-joined host”

gMSA with non-domain joined host	gMSA with domain-joined host
Credentials are stored as K8 secrets and authenticated parties can retrieve the secrets. These creds are used to retrieve the gMSA identity from AD. This eliminates the need for container host to be domain joined and solves challenges with container host updates.	Updates to Windows container host can pose considerable challenges. All previous settings need to be reconfigured to domain join the new container host.

Simplified end to end gMSA configuration process by build-in cmdlets

In AKS on Azure Stack HCI, even though you don’t need to domain join Windows worker nodes anymore, there are other configuration steps that you can’t skip. These steps include installing the webhook, the custom resource definition (CRD), and the credential spec, as well as enabling role-based access control (RBAC). We provide a few PowerShell cmdlets to simply the end-to-end experience. Please refer to Configure group Managed Service Accounts with AKS on Azure Stack HCI.

Getting started

We have provided detailed documentation on how to integrate your gMSA with containers in AKS-HCI with non-domain joined solution.

1. Preparing gMSA in domain controller. 


2. Prepare the gMSA credential spec JSON file (This is a one-time action. Please use the gMSA account in your domain.)


3. Install webhook, Kubernetes secret and add Credential Spec.


4. Deploy your application.

If you are looking for this support on AKS, you can follow this entry on AKS Roadmap [Feature] gMSA v2 support on Windows AKS · Issue #1680.

As always, we love to see you try it out, and give us feedback. You can share your feedback at our GitHub community Issues · microsoft/Windows-Containers , or contact us directly at win-containers@microsoft.com.

Jing

Twitter: https://twitter.com/JingLi00465231

IoT at Microsoft Build 2021

by Contributed | May 20, 2021 | Technology

This article is contributed. See the original author and article here.

It’s hard to believe but it’s this time of the year again when we get to connect and you get to learn at Microsoft Build.

For this edition, the way you will be able to engage with the IoT team will be even more intimate than in the past with a series of Product Round Table sessions, as well as 1:1 consultation. RSVP rapidly as seats are need be reserved for these ones.

If you were to only watch one session, we highly recommend you tune in Sam George’s keynote: Building Digital Twins, Mixed Reality and Metaverse Apps. It will be played a couple times on Wednesday, May 26 | 2:00 PM – 2:30 PM Pacific Daylight Time and Thursday, May 27
6:00 AM – 6:30 AM PDT.

In addition to these opportunities to connect with the team, we will deliver some sessions.

Here is a list of all IoT sessions going on at Build this year:

For 1:1 consultation with Microsoft engineers, you can find the IoT ones on this page under the IoT tab:

As usual we will update this blog post with more content, pointers and resources.

Have a great Microsoft Build 2021!

Go hybrid with the Microsoft 365 Collaboration Conference in Orlando, FL and online

by Contributed | May 20, 2021 | Technology

This article is contributed. See the original author and article here.

Go hybrid or go home. Wait, you can either stay home or join in-person. Win/Win!

The Microsoft 365 Collaboration Conference is a unique ‘hybrid’ event in Orlando, Florida. ‘Hybrid’ for everyone = speakers and attendees participating in person and virtually; for those who can travel safely as the vaccine rollout continues and virtually for those who are unable to join us in-person safely.

The event brings together business leaders, IT pros, developers, and consultants to learn how technology can power teamwork, employee engagement and communications, and organizational effectiveness. Each session is delivered by acclaimed presenters – thought leaders, engaged MVPs and product members from Microsoft working on Microsoft 365, Microsoft Teams, SharePoint, and Power Platform.

The Microsoft 365 Collaboration Conference is a unique ‘hybrid’ event in Orlando, Florida with three unique Microsoft keynotes.

You’ll find over 200 sessions, panels, and workshops for everyone who works with Microsoft 365, presented by Microsoft’s leaders and experts from around the world. Below, you can review the subset of keynotes and sessions delivered by Microsoft employees from the product groups.

The Microsoft 365 Collaboration Conference embraces all of Microsoft 365: Microsoft Teams, SharePoint, Power Platform, OneDrive, Yammer, Microsoft Stream, Outlook, Office applications, Power Apps, Power BI, Power Automate and more.

• What: Microsoft 365 Collaboration Conference to learn more | Register today


• When: June 8 – 10, 2021 | Hybrid event
  
  
  
  • Attend virtually or in-person (Walt Disney World | Swan and Dolphin, Orlando, FL)
  
  
  
  


• Presenters: 50+ speakers | 100 sessions | 15 workshops | 50 exhibitors


• Primary Twitter & hashtag: @M365Conf | #M365CONF + ask questions in advance: info@M365Conf.com


• Costs to participate:

Microsoft keynotes and sessions (all times listed in the US EST time zone)

Microsoft keynote sessions:

• Day One Keynote | “Microsoft 365: Your key to delivering on employee wellbeing and productivity goals” by @Karuana Gatimu | June 8^th, 9am-10am


• Day Two Keynote | “The future of work: productivity and employee experience” by @Dan Holme | June 9^th, 9am-10am


• Day Three Keynote | “What’s new and what’s next for the Microsoft Power Platform” by Charles Lamanna | June 10^th, 12m-1pm

Microsoft breakouts sessions:

• “Practical guidance for driving Microsoft 365 adoption” by Karuana Gatimu (6/8 10:30am – 11:30am)


• “Meet Microsoft Viva: a new kind of employee experience” by John Mighell (6/8 12pm – 1pm)


• “Building a vibrant community – from inclusive campaigns to empowering your groups” by Laurie Pottmeyer and Josh Leporati (6/8 12pm – 1pm)


• “Governance best practices for Office 365, including Microsoft Teams guidance” by Karuana Gatimu (6/8 2:15pm – 3:15pm)


• “Get to know Microsoft Lists” by Mark Kashman and Harini Saladi (6/8 3:45pm – 4:45pm)


• “Roadmap to end user learning with Microsoft 365” by Josh Leporati (6/8 3:45pm – 4:45pm)


• “What’s new for intelligent file experiences across Microsoft 365” by Ankita Kirti and Stephen Rice (6/9 10:30am – 11:30am)


• “How Visio integrates with Microsoft 365 apps to enhance virtual collaboration” by Nishant Kumar (6/9 12pm – 1pm)


• “Meeting & virtual event best practices” by Karuana Gatimu (6/9 12pm – 1pm)


• “The Latest in Microsoft Teams” by Karuana Gatimu (6/9 2:15pm – 3:15pm)


• “Tasks, Planner, & To-Do: Decrease stress and increase productivity” by TBA (6/9 3:45pm – 4:45pm)


• “Modern Calling – How Teams changes the way we communicate” by Sean Wilson (6/10 9am – 10am)


• “IT Pro deep dive – Microsoft Teams” by Stephen Rose (6/10 10:30am – 11:30am)


• “What’s new and next for Microsoft Search” by Bill Baer (6/10 10:30am – 11:30am)


• “SharePoint + Teams: Powering content collaboration” by Cathy Dew (6/10 2pm – 3pm)


• “Architecting your intelligent intranet” by DC Padur and Melissa Torres (6/10 3:30pm – 4:30pm)

View all Microsoft 365 Collaboration Conference (Orlando, FL) sessions.

The event brings together business leaders, IT pros, developers, and consultants safely for those who can travel as the vaccine rollout continues and virtually for those who are unable to join in-person.

BONUS | A word from @Jeff Teper about the broader value of the event (previously known as SharePoint Conference):

Thanks, Mark Kashman, senior product manager – Microsoft

Increase Efficiency with Azure Functions and Power Platform

by Contributed | May 20, 2021 | Technology

This article is contributed. See the original author and article here.

Overview 

In 2021, there will be a blog covering the webinar of the month for the Low-code application development (LCAD) on Azure solution.

LCAD on Azure is a solution that integrates the robust development capabilities of low code Microsoft Power Apps and the Azure products such as Azure Functions, Azure Logic Apps, and more.

This month’s webinar is ‘Increase Efficiency with Azure Functions and Power Platform’.

This blog will briefly recap Low-code application development on Azure, provide an overview of Azure Functions reusability, Durable Functions, and how to integrate Functions across the Power Platform.

This is a helpful blog for those new to Azure Functions and those who want to start integrating Azure Functions into their Power Platform build cases. 

What is Low code application development on Azure?   

Low-code application development (LCAD) on Azure was created to help developers build business applications faster with less code.

Leveraging the Power Platform, and more specifically Power Apps, yet helping them scale and extend their Power Apps with Azure services. 

For example, a pro developer who works for a manufacturing company would need to build a line-of-business (LOB) application to help warehouse employees track incoming inventory.

That application would take months to build, test, and deploy. Using Power Apps, it can take hours to build, saving time and resources. 

However, say the warehouse employees want the application to place procurement orders for additional inventory automatically when current inventory hits a determined low. 

In the past that would require another heavy lift by the development team to rework their previous application iteration.

Due to the integration of Power Apps and Azure a professional developer can build an API in Visual Studio (VS) Code, publish it to their Azure portal, and export the API to Power Apps integrating it into their application as a custom connector.

Afterwards, that same API is re-usable indefinitely in the Power Apps’ studio, for future use with other applications, saving the company and developers more time and resources.

To learn more about possible scenarios with LCAD on Azure go through the self-guided tour. 

Azure Functions Reusability 

Why should you reuse functionality? There are four key reasons: shorter development time, consistency, easier testing, and live proven code.

The shorter development time is driven by not having to build code again.

For example, if you’re validating a phone number with your application you don’t want to have to re-write the code for each nuanced small scenario, such as rebuilding a web app, then a portal, etc.

Not re-writing code even if it is being plugged into a new app enables shorter development time.

Additionally, this ties into greater consistency in your code creating a much cleaner user experience across platforms and devices.

Reuse of functionality also enables easier testing. 

When reusing functionality you can automate tests, however if you write new code each time, for each iteration you must manually test the code, subsequently increasing development time.

However, if you reuse functionality, once set up and spun up, every time you test apps down the line, all you need to do is check the Azure Function connection rather than starting from scratch.

Lastly, is the advantage of live proven code, which can’t be overstated. The separate aspects of functionality are already proven to work, therefore speeding up the application development lifecycle.

Durable Functions 

Durable Functions are an extension of Azure Functions, that let you write stateful functions in a serverless environment. The durable extension manages state, checkpoints and restarts out of the box.  

Durable Functions allow the creation of workflow activities like Logic Apps but are completely customizable and scalable. 

Durable Functions can be called both synchronously and asynchronously. Output from Functions can be saved to local variables and used later in execution. 

State and executions are managed within an Azure Table using the Event Sourcing Pattern and can be queried if needed.  

For example, if you want to fill in a field on a form and need to check input information across multiple databases, the orchestration capabilities of Durable Functions enable that functionality. 

Moreover, if you need all the tasks to happen at the same time or need them to happen in different patterns, you could build that functionality in Power Automate or Logic apps. 

Leveraging Durable Functions enables greater detail and options for functionality.

Lastly, these Functions scale rapidly to meet demand levels, however when inactive they rest until called upon again.

Functions Integration across the Power Platform 

Power Apps 

There are 3 types of Power Apps available to integrate with Azure Functions. Note that this blog will be covering JavaScript, however you can write Azure Functions in any language.

First, there are Dataverse forms. Dataverse forms are used within Model Driven applications that can contain JavaScript Functions that fire on load or property change. These functions can call out to Azure Functions for long running queries. Thus, enabling your colleagues to leverage your Azure Function.

Second, are Power Component Framework controls (PCFs). They are a web packet that you can put in both model-driven app forms and canvas apps. The code can be called from either place, if used to call out an Azure Function it creates a double layer of reusability and can separate deployment for use across your business.

Third, are Power Apps Portals. These scripts are very similar to Dataverse forms and can be embedded into a portal to call any web API and call an Azure Function from the portal. Security will have to be handled differently for public facing portals than internal applications.

Power Automate 

In the webinar Lee Baker covers the stages of when and how to connect a Power Automate flow to an Azure Function.

When? You can start when a record is selected in a model driven app, hitting the on-demand flow button, pushes those records to Power Automate. Or you can use standard Dataverse triggers when creating, reading, updating, and deleting (CRUD).

How? HTTP request actions from Power Automate or Logic Apps, can put data or URLs incorporate and get payloads back to use in Azure Functions, or you can build a custom connector.

You would build a custom connector because HTTP requests are often blocked by data loss policies in Power Platform environments but can circumnavigate policies.

Custom connectors can be created in accordance with data loss policies but pull the HTTP request directly into the canvas application via Azure Functions for a secure and streamlined approach. 

Conclusion

This is just the beginning of what is possible with the integration of APIs into Power Apps via Azure Functions. To learn more about the integration of Azure Functions and Power Apps watch the webinar covered in this blog titled “Increase Efficiency with Azure Functions and Power Platform”. 

To get hands on experience creating a custom connector and extending a Power App with custom code as covered in this blog, start with the new learning path “Transform your business applications with fusion development”. 

After completing the learning path, if you want to learn even more about how extend your low code applications with Azure and establishing a fusion development team in your organization read the accompanying e–book “Fusion development approach to building apps using Power Apps”.

Storage Migration Service now supports NetApp

by Contributed | May 20, 2021 | Technology

This article is contributed. See the original author and article here.

Heya folks, Ned here again. Eagle-eyed readers may have noticed in the April 22, 2021-KB5001384 monthly update for Windows Server 2019 – and now in the May 2021 Patch Tuesday – we added support for migrating from NetApp FAS arrays onto Windows Servers and clusters. I already updated all our SMS documentation on https://aka.ms/storagemigrationservice so you’re good-to-go on steps. There’s a new version of the Windows Admin Center SMS extension that will also automatically update to support the scenario.

We tried to make this experience change as little as possible from the previous scenarios of migrating from Windows Server and Samba. The one big thing to know – and we reiterate this in the docs and WAC – is that you must have a NetApp support contract, because you need to install the NetApp PowerShell Toolkit, which is only available behind that licensed customers-only support site.   

You’ll see the new option once you patch your orchestrator server with the May monthly update, update your WAC SMS extension, and install the NetApp PowerShell toolkit on your orchestrator:

After you create a new job and see the new Prerequisites helper screen, you simply give the network info and creds for your NetApp FAS array and we’ll find all the CIFS (SMB) SVMs running. It’s actually a bit easier than Windows Server sources; since there is a known host array to enumerate, we save you typing in all the SMB servers.

Then you provide the Windows admin source credentials just like usual, and pick which CIFS (virtual) servers you want to migrate. 

After that, the migration experience is almost exactly the same as you’re used to with Windows and Samba source migrations. You still perform inventory, transfer, cutover just like before with exactly the same steps. The one difference is that since NetApp CIFS servers don’t use DHCP, you will choose to assign static IP addresses or use NetApp “subnets” before you start cutover. Voila.

I’ll get a video demo of the experience up here when I find the time. Busy bee with many new things coming soon, eating up my blogging time. :D

– Ned “NedApp” Pyle