2. Passioned by technologies, development and community
Vincent Biret
@baywet
bit.ly/vince365
MVP Office Servers and Services
Azure and Office 365 developer @ 2toLead
3. Devs, devops, deciders. Endless possibilities, faster time to market, focus on business
value
For whom this session is?
4. Agenda
•The new stack for SharePoint Framework
•What are azure functions?
•Azure Active Directory
•The Microsoft Graph
•Better together! + Demo
•Conclusion
12. Benefits
• First party extension model
• Open source based
• More examples
• More community support
• Bigger developer community
• Bigger choice of tools
• Smaller footprint
15. A decade ago, a lot of time was spent on physical considerations to build solutions
Before cloud
How often should
I patch my
servers?
How can I increase server
utilization?
How I deploy new code to my
server?
Which packages
should
be on my server?
It takes how long to provision a new vm?
16. When IaaS came out, the next burden for applications became the logical infrastructure
IaaS
How often should
I patch my
servers?
How can I increase server
utilization?
How I deploy new code to my
server?
Which packages
should
be on my server?
It takes how long to provision a new vm?
17. PaaS solved some of the complexity by making infrastructure transparent
PaaS
How can I increase service
utilization?
How I deploy new code to my
service?
Which packages
should
be on my service?
18. Serverless, a better version of PaaS, aims to let you focus on the business logic and
consumption by encapsulating other considerations
Serverless
How I deploy new code to my
service?
19. Improving the « pay for what you use » and the elasticity principles, it also provides a
total abstraction of servers
Serverless definition
20. Enable your team to deliver solutions faster, in a mosre structured way moving the focus
on the business logic
Benefits
21. From zero to productions in 7 steps! Microsoft’s answer to serverless
Azure functions
• Pick a language
• Pick a trigger
• Add some inputs/outputs
• Write the business logic code
• (test/deploy)
• Scale your service
• Ship to production!!!
24. SKU’s & scale
• Leverage App Service plan
• Tiers: Free, Shared, Basic, Standard, Prenium
• Cost based on reserved VMs
• You have to manage scale
• Comsuption based Plan
• Cost Based # of Executions, Duration and Memory (GB.s)
25. Besides the browser, you can use VS2017 + Azure SDK or VSCode + Azure F CLI
Tooling
27. Or Modern web developers’ nightmare
Authentication and Authorisation
28. AAD has become the key central identity service for Microsoft and provides a seamless
experience to end users.
Microsoft’s Central Identity Service
• Leveraged by all Office 365 workloads
• Stores Users, Groups, Applications…
• Provides many capabilities
• Hybrid: SSO, Federation, Synchronisation
• Enforced security: MFA, geo-fencing,
• Increased Productivity: SSPR, B2C
29. As application developers we DO NOT want to store username/password. Delegating that
responsability to AAD diminushes the exposed surface a lot if our app gets compromised
Basic principle (ultra simplified)
MS Graph
Open Id Connect + OAuth 2.0
30. Situation is painful, v2 slowly catching up, Microsoft is trying to improve it. When starting
a project, take the limitations into account and go from there.
ADAL and MSAL
• Two auth libraries from Microsoft for AAD
• ADAL talks to v1 endpoints
• MSAL talks to v2 endpoints
• MSAL still in preview but commercially supported
31. V1 is still recommended if you’re only working with O365 accounts. Microsoft is working
hard to migrate services and make models converge.
Two endpoints: details
• V2 brings:
• Unified Authentification and
autorisation for MSID and AAD
• Dynamic Scopes (opposed to
ressources)
• Client credential flow
• On Behalf Flow
• V2 Limitations:
• # of secrets
• securing APIs
• Not showing up in Azure Portal
• no wildcard redirect URL
• Limited « resources » available today
34. Microsoft is making huge investments to this API not only for third parties.
Last year’s updates
35. Microsoft made a subsequent investment for a few years to unify it’s API’s, authentication
modes and data formats as well as deliver a converging model.
Why the Microsoft Graph?
90%
of Fortune 500
companies
Use
Office 365
100M
Monthly
Active users
Office 365
paying
subscriptions
8T
objects
in Microsoft
Graph
(emails, events,
calendars, users, files…)
36. Teams and Project Rome still in beta. Also provides licensing, reporting and other APIs.
Microsoft is putting a HUGE commitment in the citizen developer movement.
Workloads
38. Microsoft has made it’s API available to a lot of different eco-system removing the pain of
having to write the boiler plate code. Java, Android and IOS still in preview
SDKs
41. Only with functions v2, still in preview. Most important ones being webhooks + auth that
allow you to do anything. You can also leverage flow as a relay.
Azure Functions + Microsoft Graph
•Excel table input/output bindings
•OneDrive File input/output bindings
•Outlook output binding
•Auth token input binding
•WebHook triggers/binding
42. All the new SPFX capabilities came out with 1.4.1. It’s becoming seamless to integrate
those technologies together.
SharePoint Framework + Azure Functions
• SPFX helps “linking” AAD app + SPFX solution
• SPFX helps “getting the tokens”
• SPFX helps “talking to the graph/secure API” (preview)
• Azure functions can be “secured” via bearer token (AAD)
44. The “be nice, eh” solution
The need
• We want to encourage people to have better interactions
• For that we’re going to “scan” their emails
• Score the sentiment
• Have a webpart that displays average score per user on the company
portal
45. The solution requires a minimal development effort thanks to the integration between
the services provides by Office 365 and the infrastructure provided by Azure.
The architecture
MS
Graph
1
4
1 – Users send/receive emails
2 – Exchange communicates with
Graph
3 – Graph triggers our function for
analysis
4 – Users log into SP Portal
5 – SPFX webpart contacts Azure
function for data
49. Microsoft is committed to delivering a consistent experience taking into account
particularities of the different market segments
Availabilities for US government
• Azure Functions GA
• No portal experience
• No consumption plan
• Microsoft Graph GA
• Some restrictions might apply on app registrations for some tenants
• Graph Explorer not supported
• SharePoint Framework GA (some of it)
• Few particularities around Auth when talking to Graph, APIs…
50. I swear, I’m going to stop talking soon and let you free
Conclusion
First the user accesses APP/API as anonymous
App redirects him to AAD to first authenticate, then consent/grant, authorize.
AAD redirects the user to the application, with the identity token.
That identity token can be leveraged to request an access token to other resources/scopes.
Client credential flow: service can id alone without impersonification (service account)
On behalf flow: in a certain context an app can relay authentifcation via API to present APP + user and not only user (in excel for eg)
On behalf flow will help a lot office add-ins to access custom APIs
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-limitations
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-compare
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-on-behalf-of
https://myignite.microsoft.com/sessions/55110?source=sessions
It’s a tremendous opportunity for developers whether you’re ISV, consultants or at a customers to provide rich and inovative applications.Doesn’t add any cost to office 365.
Also provide some form of intelligence