Updating PowerShell Core


To determine your current PowerShell version, run the following:

Thanks to Thomas Maurer and his blog post: https://www.thomasmaurer.ch/2019/07/how-to-install-and-update-powershell-7/

Installing and Updating the Azure Az PowerShell module (vs. AzureRM)

Remove the AzureRM PowerShell module

To install the Az PowerShell module, you must first remove the AzureRM module.  You can check which version(s) of AzureRM you already have installed.

If you see a message like the following, then you’re ready to install the Az PowerShell module.

PackageManagement\Get-Package : No match was found for the specified search criteria and module names 'AzureRM'.
If you don’t see that, then you need to uninstall AzureRM first.


If neither of those options work, try the following.

Install the Azure PowerShell module

Then running the following code to install Az should succeed.

Update the Azure PowerShell module

If you already have the Az PowerShell module installed, you can update it with the following code.

Reinstall the Azure PowerShell module

If you have any issues updating using PowershellGet, then you should reinstall, rather than update. Reinstalling is done the same way as installing, but you need to add the -Force parameter:

Check the version of the Azure PowerShell module

Authenticate to a WebAPI using AAD with SQL Server


  1. Have an Azure subscription.
  2. Have an Azure SQL Server in that subscription.
  3. Have an Azure SQL database named “Logbook” hosted by that Azure SQL Server.
  4. Install the Az PowerShell Module.
  5. Install the latest version of SQL Server Management Studio (SSMS) (currently v18.5).

Background Information

  1. https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication
  2. https://docs.microsoft.com/en-us/azure/app-service/configure-authentication-provider-microsoft
  3. https://docs.microsoft.com/en-us/aspnet/core/tutorials/first-mvc-app/start-mvc?view=aspnetcore-3.1&tabs=visual-studio
    1. This uses SQL Server Express LocalDB, not full SQL Server.
  4. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn
    1. I don’t think we need hybrid authentication at all.
  5. Azure SQL options to consider:
    1. Azure SQL Database
    2. I don’t think we need a Managed Instance.
  6. Authentication methods to consider:
    1. Active Directory Universal Authentication, which includes Multi-Factor Authentication (MFA).
      1. This works with SSMS.
      2. Is this only on-premises (AD) vs. AAD?
    2. Azure AD cloud-only identities
    3. Active Directory Interactive Authentication

Configuration Steps

      1. Create and populate Azure AD.
        1. https://stackoverflow.com/questions/40370571/how-do-i-add-a-microsoft-account-to-azure-active-directory
      2. Optional: Associate or change the active directory that is currently associated with your Azure Subscription.
      3. Create an Azure Active Directory administrator for the Azure SQL Database server, the managed instance, or Azure Synapse.
      4. Configure your client computers.
      5. Create contained database users in your database mapped to Azure AD identities.
      6. Connect to your database by using Azure AD identities.
  1. Create AAD App:
    1. Certificates & secrets > New client secret.
      1. Enter a description, select the validity duration, and select Add.
  2. Create an Azure AD administrator for Azure SQL server
    1. Each Azure SQL server (which hosts a SQL Database) starts with a single server administrator account that is the administrator of the entire Azure SQL server.
    2. A second SQL Server administrator must be created, that is an Azure AD account.
    3. This principal is created as a contained database user in the master database.
    4. As administrators, the server administrator accounts are members of the db_owner role in every user database, and enter each user database as the dbo user.
    5. Provision an Azure Active Directory administrator for your Azure SQL Database server
      1. In the Azure portal, in the upper-right corner, select your connection to drop down a list of possible Active Directories. Choose the correct Active Directory as the default Azure AD. This step links the subscription-associated Active Directory with Azure SQL server making sure that the same subscription is used for both Azure AD and SQL Server.
      2. Chose “Visual Studio Ultimate with MSDN”.
      3. Search for and select SQL server in the Azure Portal.
      4. On SQL Server page, select Active Directory admin.
      5. In the Active Directory admin page, select Set admin.
        1. I could not select my Azure Portal login account.
      6. Created the LogbookAdministrators group in AAD.
        1. Added my Azure Portal login account as Owner and Member of the group.
        2. I was able to use this group as the AAD administrator.
    6. Run SSMS to connect to the SQL database with an account that is a member of the LogbookAdministrators AAD group.
    7. Logged into the SQL Server using SSMS with:
      1. Server Type: Database Engine
      2. Server Name: <Logbook Server Name>
      3. Authentication: Azure Active Directory – Universal with MFA
      4. User Name: member of LogbookAdministrators AAD group
      5. Click “Connect”.
      6. Enter your administrator account name and password when prompted.
  3. Create contained database users in your database mapped to Azure AD identities.
    1. Azure Active Directory authentication requires database users to be created as contained database users. A contained database user based on an Azure AD identity, is a database user that does not have a login in the master database, and which maps to an identity in the Azure AD directory that is associated with the database. The Azure AD identity can be either an individual user account or a group.
    2. Database users (with the exception of administrators) cannot be created using the Azure portal. The access permission must be granted directly in the database using Transact-SQL statements.
    3. Invited my personal e-mail account to this AAD.
      1. Created the LogbookUsers group in AAD.
      2. Added my personal e-mail account to it.
      3. Successfully accepted the invitation via e-mail!
    4. To create an Azure AD-based contained database user (other than the server administrator that owns the database), connect to the database with an Azure AD identity, as a user with at least the ALTER ANY USER permission. Then use the following Transact-SQL syntax:
      1. CREATE USER <Azure_AD_principal_name> FROM EXTERNAL PROVIDER;
      2. Azure_AD_principal_name can be the user principal name of an Azure AD user or the display name for an Azure AD group.
        1. I think the reason this didn’t work against my user account is because it was invited to the AAD tenant and isn’t an actual AAD account.
      3. You can do this while logged into SSMS as a member of the LogbookAdministrators AAD group.
      4. Right-click on the Logbook database.
      5. Select “New Query” on the Logbook database.
      6. CREATE USER "user@domain.com" FROM EXTERNAL PROVIDER;
        1. Msg 33130, Level 16, State 1, Line 1
          Principal ‘user@domain.com’ could not be found or this principal type is not supported.
        2. Also tried with [] around the account name instead of double-quotes.
        3. Maybe the administrator hasn’t been added to the Logbook database yet?
          1. Read this post on Stack Overflow.
        4. Get-AzSqlServerActiveDirectoryAdministrator -ResourceGroupName "logbook" -ServerName "logbook" | Format-List
        5. This returned my group DisplayName for an administrator, not a specific account.
        6. To create a contained database user representing an Azure AD or federated domain group, provide the display name of a security group:
        7. Tried this instead: CREATE USER [LogbookUsers] FROM EXTERNAL PROVIDER;
        8. Success!
          1. I’m still not sure why my user account didn’t work.
    5. When you create a database user, that user receives the CONNECT permission and can connect to that database as a member of the PUBLIC role. Initially the only permissions available to the user are any permissions granted to the PUBLIC role, or any permissions granted to any Azure AD groups that they are a member of. Once you provision an Azure AD-based contained database user, you can grant the user additional permissions, the same way as you grant permission to any other type of user. Typically grant permissions to database roles, and add users to roles. For more information, see Database Engine Permission Basics. For more information about special SQL Database roles, see Managing Databases and Logins in Azure SQL Database. A federated domain user account that is imported into a managed domain as an external user, must use the managed domain identity.
  4. Note: Removing the Azure Active Directory administrator for Azure SQL server prevents any Azure AD authentication user from connecting to the server. If necessary, unusable Azure AD users can be dropped manually by a SQL Database administrator.
    1. Tried logging in using AAD Password Authentication and got the following:
      1. Cannot connect to logbook.database.windows.net.
      3. Login failed for user ‘<token-identified principal>’. (Microsoft SQL Server, Error: 18456)
      4. For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&EvtSrc=MSSQLServer&EvtID=18456&LinkId=20476
    2. Unfortunately, that link took me to the Microsoft home page.
    3. I had to specify “logbook” for the database name in the options.
  5. Assign contained database users to SQL roles.
    1. ALTER SERVER ROLE db_datareader ADD MEMBER LogbookUsers; failed.
    2. ALTER ROLE db_datareader ADD MEMBER LogbookUsers; succeeded!
    3. ALTER ROLE db_datawriter ADD MEMBER LogbookUsers; succeeded!
  6. I successfully tested creating and deleting rows in logbook database tables!
  7. Create a WebAPI that can create and delete rows in the logbook database.
  8. https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-web-api-call-api-overview
  9. http://docs.identityserver.io/en/latest/quickstarts/5_entityframework.html

The Windows Command-Line: Windows Terminal & WSL 2 (SK135)

Kayla Cinnamon and Craig Loewen

  1. Windows Terminal
    1. Version 1.0 has shipped!
    2. Links
      1. Windows Store: https://aka.ms/terminal
        1. Stable channel with monthly releases.
        2. First update after v1.0 scheduled for July 2020.
      2. Windows Terminal Preview in the Store: https://aka.ms/terminal-preview
        1. First update scheduled for June 2020.
      3. GitHub Repo: https://github.com/microsoft/terminal
      4. Blog: https://aka.ms/cliblog
      5. Docs: https://aka.ms/terminal-docs
    3. Demo
      1. You can tell that the application for PowerShell and cmd.exe are the same by examining their property pages.
      2. People wanted tabs, panes, background colors, background images, more fonts, etc.
      3. Will render Unicode and UTF-8 which allows for foreign languages, emoji, etc.
      4. Backward compatibility prevented this for the old application hosting cmd.exe and PowerShell.
      5. Windows Terminal dynamically detects your WSL distros and adds entries for them to your profile list.
      6. Add any settings that you want to apply to all of your profiles to the "defaults" section of settings.json.
      7. She showed her “Build” color scheme.
    4. Keyboard Shortcuts (Default)
      1. Ctrl+Shift+T: Open a new tab with your default profile.
      2. Ctrl+Shift+n: Open a new tab with profile # n.
      3. Ctrl+Shift+F: Find text in the window.
      4. Ctrl+,: Open settings.json in your default JSON editor.
      5. Alt+Settings: Show global settings (defaults.json).
      6. Alt+Shift+D: Open a new pane (i.e. Duplicate).
      7. Ctrl+Shift+W: Close the current pane or the entire Terminal if only one pane is present.
    5. Command-Line Parameters
      1. wt -h or wt --help: Display command-line parameters.
      2. wt -d . : Opens a new Windows Terminal in the current directory
      3. cmd.exe: wt -d . ; split-pane -p "Windows PowerShell" -H
      4. PowerShell: wt -d . `; split-pane -p "Windows PowerShell" -H
    6. Experimental Features
      1. Add the following line to your settings.json file.
      2. "experimental.retroTerminalEffect": true
      3. I had to open a new cmd.exe tab in order to see this take effect.
      4. Kayla used the PxPlus IBM VGA8 font with the retro effect.
    7. Customize Your Color Schemes
      1. https://docs.microsoft.com/en-us/windows/terminal/customize-settings/color-schemes
      2. More sample themes: https://github.com/mbadolato/iTerm2-Color-Schemes/tree/master/windowsterminal
      3. Also see the Terminal team’s ColorTool to apply color schemes.
    8. What’s Next
      1. Color Picker for your tabs.
      2. Rename tabs.
      3. Settings UI (not coming in June).
  2. WSL (Windows Subsystem for Linux) 2
    1. Access all of your Windows files directly from the Linux environment.
    2. Run Windows executables from a bash (or other) shell.
    3. You can also go the other way:
      1. Access Linux files from Windows.
      2. Invoke Linux binaries from Windows.
    4. Includes a real Linux kernel built by Microsoft.
    5. Running in a lightweight VM.
    6. WSL 2 is typically 3-6x faster than WSL 1.
    7. Docker Desktop client for Windows can now use WSL 2.
    8. VS Code Remote will build Linux apps from a Windows UI.
    9. WSL 2 provides File Explorer integration to your Linux file system.
      1. Each distro looks like another folder.
    10. wsl --installenables all required optional components.
      1. Requires a reboot.
      2. Then it will install your specified distro.
    11. GPU compute is the # 1 requested feature and will be coming to WSL in the future.
      1. Enables parallel computing.
      2. Much faster on a GPU than a CPU.
      3. Machine Learning and AI development both benefit.
      4. Image filtering is just matrix math.
      5. For example, AI determines that the user drew the number 2.
      6. nVidia Drive Net demo.
        1. Analyze images to find where people and cars are.
      7. Training Data -> ML Algorithm -> Trained Model
      8. The ML Algorithm depends on an ML Framework.
      9. Framework could be TensorFlow or pyTorch.
      10. Those depend on hardware acceleration APIs like CUDA or DirectML.
        1. For DirectML, it can leverage any DirectX 12 GPU.
        2. This is great for students who may not have nVidia CUDA graphics cards.
      11. Those APIs call into the GPU on your machine.
      12. The WSL team has changed the Hardware Acceleration API layer.
      13. They have partnered with hardware vendors like nVidia, AMD, and Intel. 
      14. They have provided drivers that are aware of WSL.
      15. The team has also made changes internally to WSL and to the Microsoft Linux kernel to make this possible.
      16. Make sure you have WSL installed: https://aka.ms/wslinstall.
      17. Install the right driver for your GPU.
        1. Instructions will be available when these changes are released to Windows Insiders.
      18. Run your Linux ML workflows inside of WSL!
        1. Open your WSL distro, git clone your project, and get started.
    12. GPU Demo
      1. He has a folder with SqueezeNet.
      2. It’s a popular image recognition neural network.
      3. He can run Python to train it.
      4. You can see the GPU being used (actually spiking) in Task Manager, Performance tab.
      5. You can run these workflows across different GPU vendors!
    13. What’s Next for WSL?
      1. wsl.exe --install to allow one command installations will be available in the next few months.
      2. GPU Compute in WSL will be available in the next few months.
      3. GUI application support in WSL will be available, but not in the next few months.
    14. Demo of GUI Application Support
      1. In one command window, he’s got the Wayland Compositor running.
        1. Running a Wayland server inside of Linux and connecting this to an RDP client on the Windows host machine.
        2. wlwsld --debug --wl-debug
      2. In the other, SpaceInvadersDeepQLearning.
        1. He switched into the media folder.
        2. Ran eog, eye of gnome.
        3. Then he restarted the Wayland server, moved up a directory, and ran gedit.
        4. Then he restarted the Wayland server again and ran mpv file.mp4 to really put it through its paces, i.e. playing a video file.
    15. Links
      1. Twitter: @craigaloewen
      2. WSL Github: https://github.com/microsoft/wsl
      3. WSL Docs: https://aka.ms/wsldocs

Creating Microsoft 365 apps with Microsoft Graph Toolkit

Wednesday, May 20, 3:30 PM – 3:45 PM EDT

Nikola Metulev, Microsoft (@metulev)

I had really wanted to see Nikola build a Toolkit app from end-to-end, but he only had 15 minutes for the entire demo and discussion.  Here are the links I think I need to be able to build the demo.

  1. https://docs.microsoft.com/en-us/graph/toolkit/get-started
  2. https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
  3. https://docs.microsoft.com/en-us/graph/toolkit/providers/msal
  4. https://graph.microsoft.com
  5. https://mgt.dev
  6. https://aka.ms/mgt

This blog post also looks very helpful:

  1. https://cmatskas.com/accelerating-ms-graph-development-with-the-new-toolkit/

Here is the HTML page that should make it all work:

<!DOCTYPE html>
<html lang="en">
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <script src="https://unpkg.com/@microsoft/mgt/dist/bundle/mgt-loader.js"></script>
    <mgt-msal-provider client-id="insert GUID here"></mgt-msal-provider>
    <mgt-person person-query="beth" person-card="hover"></mgt-person>
  1. Version 1.3 of the Toolkit should be released in a few weeks.
  2. It was built with Web Components, which are supported by all major browsers and frameworks now.  They are natively rendered by the browser.
  3. The Toolkit eliminates all of the boilerplate code that was previously necessary.

Load more