Wednesday, 27 November 2019

Retro: Organising a Multi-city Developer Bootcamp




So, last year was a very special year for me, exactly a year ago I've been thrilled to share with more than 11 MVPs across APAC region the honor of hosting 6 Office Developer Bootcamp, what made last year special is that we continuously kept raising the bar.  Starting in 2017 with the first Global Office 365 Developer Bootcamp we had only three cities: Sydney, Melbourne and Auckland for the first year. For 2018 we decided to increase the count by 100% adding Brisbane, Hong Kong and Kuala Lumpur to the mix.  You might wonder why HK & KL, I will let you guys know a bit later.

I thought - with a little nudge from Shiva to share some of the lesson I've learnt in organizing Office 365 Developer Bootcamp across such diverse cities/communities, it goes as below in no particular order:
1.       Pull an awesome team together:  Having Ashish, Cameron, John, Paul and Chris and many more to support this event was a key to success in both 2017 & 2018.
2.       Plan your trip right: if you decided to do a lot of travelling, you got to plan it right, I remember booking a multi-city trip from Sydney->Auckland->Brisbane then back to Sydney. It helps with the budget and kept the MRs less annoyed.
3.       Remote Event Planning is stressful:  I think we could all agree that it's easier to run an event in your city, for last year I believe the toughest event of all was Kuala Lumpur. The main reason that I had no co-speakers and I had to arrive to Microsoft Malaysia very early in the morning having flew in the night before (the people who knows me very well I'm not a morning person and I can't function properly before 10 am!). I also had to change the room setup to match the desired setup (classroom). I still feel bad for the attendees as I ran the whole event from 8am to 3pm.
This year I'm fortunate to have a whole team in Kuala Lumpur to support the event and almost 200 registrations for the event, I even decided not to travel and do a remote session, that would keep someone very happy!
4.       Keep a dynamic Event Format   This is something I've done completely wrong in the first year, what might be your typical event in one place of the world is completely different in another place as the attendees’ expectation might be completely different. You will have to tailor your content to fit the location, having a local team will definitely point you to the right direction
5.        Do your best to understand the culture differences for almost every city, Friday was our first choice for the event day as we discovered that a weekend full day training events usually have a very high dropout rate. 
That wasn't the case for Kuala Lumpur, although I'm a Muslim with two Mohammeds in my name, I completely forgot that Malaysia is a Muslim majority country and they either have Friday off or half working day, I had to move the date to Tuesday and change my hotel and tickets.


So why Kuala Lumpur and Hong Kong, the reason is very simple, it was easier for me to travel to these cities visa free as I still hold an Egyptian passport!

 I'll leave you guys with some photos from the events





Friday, 8 November 2019

Protecting your your WebAPI using Azure AD


In this post, I will discuss yet another useful feature you can use Azure AD specially if you are building something that uses your Microsoft 365 Identity platform.
let's assume you're building an app that uses some of Microsoft 365 capability and integrates with it via the Graph API also you have your own custom APIs that connects to your custom application, you want to expose your custom application functionality via REST APIs to your app. The trick here is you want to protect your custom build APIs and hopefully manage to have a consistent experience.

In the past I've used IdentityServer to provide this functionality when I used to build fully custom solutions, but for this time I was thinking I was already using Azure AD to connect to MS Graph APIs, what if I can use it to protect my own custom endpoint.

The answer is pretty straight forward, you can easily protect your custom built API using Azure AD or event Azure B2C if you are  building a consumer type app.

  1. You'll need to create an Azure App registration by navigating to your portal.azure.com then going into Azure AD and create a new app.
  2. In the process of creating your new app you can choose whether it's for a single tenant vs. Multi-Tenant or it could be accessed via a consumer account (Microsoft Personal Accounts), in this case for simplicity I'll choose an single tenant option.
  3. After you create the new app, you will find an option called (Expose an API)
  4. In this screen you can define your API scopes and also ensure that your client application which you already have been using to access Microsoft Graph or any other Microsoft cloud endpoints is added as authorised client application.
  5. If you have done all of that you have completed the configuration part, now what you need to do to make your API protected by Azure AD is simple and very well explained in this Github repo https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore-v2
Now your API will be protected by Azure AD, the other challenging part is to figure out scopes/Roles to provide a more mature endpoint authorization, as I mentioned before you can define scopes for your API in Azure AD and then you can use these scopes to protect either a whole controller or a specific action using the AuthorizeForScopes attribute


A very easy straight forward approach I found is to define Application Roles within Azure AD app registration and use Authorize Attribute with Roles. you can add users to specific application role

using the "Enterprise Applications" section of Azure AD and it could be either a direct assignment or your can assign a security group to a role if you have Azure AD P1 or P2 subscription.