Fun with PowerShell, Azure Automation and Microsoft Teams

I’m currently working on a solution at work which is ultimately a contribution to our process of trying to keep on top of our proof of concept environments usage of networking and in particular ip address ranges. We have a rolling set of Azure Virtual Networks that vary in size from a class C to the occasional class A when we have a silly scale HPC or Kubernetes CNI requirement for a gazillion addresses in a big subnet.

The solution is coming together in very small building blocks and this post is to provide me (and you interwebs folks) with a reference to the filter syntax for List all teams in Microsoft Teams using Microsoft Graph.

Although the automation method shouldn’t really matter for what is effectively a big REST API, you know how it is when you have to translate syntax and fiddle around with quotation marks and things. Anyway, to cut a long story short the rough PowerShell script for List all teams in Microsoft Teams in PowerShell is:

# PowerShell to list all teams in your tenant
# Assumes you have set up your certificate authentication
$appId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$tenantId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$cert = Get-AutomationCertificate -Name 'AzureAutomationCertificate'

# Magic we are doing needs beta apis for the filter to work
Select-MgProfile -Name "beta"

# Authenticate to MS Graph
Connect-MgGraph -ClientID $appId -TenantId $tenantId -Certificate $cert

# Get list of Teams i.e. Groups with the special resource provisioning options set
$teams = Get-MgGroup -Filter "resourceProvisioningOptions/Any(x:x eq 'Team')"
$teamscount = @($teams).Count
Write-Verbose "The number of teams is $teamscount" -Verbose

# Close Connection to MS Graph
Disconnect-MgGraph

A few caveats and notes

  • This isn’t a full working example, in my case I’m using Azure Automation Runbooks and they are very very particular about their outputs and object handling. I’m still working on my translation.
  • It assumes you have done the work to create a self-signed certificate, create the app registration, uploaded the certificate to the app registration *and* set it up in your automation account. (I might do a meta post on this as I found one blog post that had the wrong parameters for the cert generation and generated a cert file of format cer with a pfx extension…)
  • This is being written for an Azure Automation Account in PowerShell, remember to add the relevant modules that are needed. I was adding individual modules as I found them first but you will probably be quicker just using Microsoft.Graph – you will find it in the gallery. Otherwise for the above you will need Microsoft.Graph.Authentication, and Microsoft.Graph.Groups.
  • If your tenant is anything like ours then you will always get 100 as the count of teams, due to the way that the apis manage their output length.
  • The script doesn’t do anything useful but I thought it might help to see the filter syntax

References, Source Material and Inspiration

How life goes in circles

That a significant pointer would be found in a response on GitHub by Darrel Miller is quite fascinating. I met Darrel on the expo floor at Microsoft Ignite in Orlando in 2018 and only really because I was after some “Swag” and had to get a card stamped by various Product Managers and Architects on the Microsoft 365 stand. At the time I was up to my neck in Azure and trying my best to get away from SharePoint (and Microsoft 365) and my discussions with the people on those stands were all to try and get me to talk to Graph and get back in to SharePoint Development with the new SPFx thing.

So it’s taken me about 2 and a half years, but I’m finally getting there. Thankyou Darrel – check him out on twitter etc!

Passed AZ-400 Designing and Implementing Microsoft DevOps Solutions

I’m delighted to say that I passed AZ-400 Designing and Implementing Microsoft DevOps Solutions on Monday November 23rd 2020. After MS-500 this was “fun” if such a thing can be said about a Microsoft Exam.

To prepare I did things quite informally in that I didn’t spend any money on courses or test exams but spent the time to do every learning path from the list on the syllabus page and the additional learning paths from the featured training for AZ-400 on the Microsoft Partner training page.

My method is to create a OneNote section for each exam I target and then I create lists of links to training along with an estimate of how long the training says it will take. The handy thing about the learning paths and profile page is that it counts down as you complete sections, meaning that it feels like you are making progress. When I feel I am on the home stretch I book the exam with however long I feel like I need. With this exam I’ve had the benefit this year of supporting an iOS mobile application development project on the Microsoft Platform which really helped me to understand the build and distribution aspects of that.

I make sure that I do every exercise I can and it was excellent to see how good GitHub is – I’m quite old and have worked with Microsoft technologies since Visual SourceSafe and before the Microsoft acquisition of GitHub. The training that the latter offers is really really good for a free to use resource.

Other than that my take on the exam is that it is a wide ranging topic so the exam is basically DevOps where one part of the solution is a Microsoft product. This means it pivots – you won’t necessarily be using a “Microsoft” build solution like Azure DevOps or GitHub to build your solution if you are developing in Visual Studio and so on.

I enjoyed the training for this exam as it is heavy on automation but also straight forward to follow along with the setup I have. I’m fortunate to have an Visual Studio subscription allocated to me as part of working for a Microsoft Partner and the tooling and Azure Subscription that come with this was essential in completing a number of the exercises on Microsoft Learn as you follow along in VS Code, GitHub, Azure DevOps and Azure in building solutions.

Certification Badge for Microsoft Certified DevOps Engineer Expert
Microsoft Certified DevOps Engineer Expert

I’m up to date with my other Azure Exams so I also achieved an Expert Certification with this pass which is a nice feeling!

Speed up your DNS in the UK – really ?

Being male I’m probably obsessed with fiddling when I could probably spend my time doing something productive. One obsession is tuning (I spent more than the value of my first car on “performance parts”) which I’ve slowly cured over the years and now refuse to modify my cars.

Funnily enough one thing that has made a real difference to my internet performance now that I have broadband is to ignore the popular opinion on websites and actually benchmark my home dns performance and then stick to it.

In my case I’m fortunate to have a decent router that has a caching dns service (rather than simple pass through) and I’ve set this to query the fastest dns server I can get to on my connection. All connections on my LAN point to the dns server on my router by getting the settings through DHCP.

Rather than blindly pointing to Google or Cloudflare, please benchmark your performance by using a DNS performance tool. As I’m very old I like to use GRC’s DNS Benchmark. Yes I’m a Windows user so I probably excluded a bunch of readers but for the rest of us it is a simple .exe and creates an INI file (remember those?) when you create a custom resolvers list.

If you are like me and don’t live in the US then run the program (this is what apps used to be called) and create a custom resolver list, then run a benchmark and adjust your network.

Read and weep – in my case Cloudflare takes ten times as long to resolve an cached dns lookup as my router and Google thirty times as long. Unfortunately the cliche is that the fastest dns is that provided by the vendor of my connection. Your mileage may vary, which is why you should test.

Now to deal with the challenge of dns settings when you have failover between two ISPs!

Passed Exam AZ-500: Microsoft Azure Security Technologies

I’m very happy to share that I passed Microsoft Exam AZ-500: Microsoft Azure Security Technologies yesterday.

Azure Security Engineer Associate Badge

Although I expected a decent result, I had the usual trepidation before the exam and woke up really early on the day. This started building up naturally as the date approached, but in the days leading up to the exam I noticed that the length of the exam was the longest I have seen at 210 minutes. (Part of my preparation methods is to put an appointment in my diary for the exam and location – I’ll write this up as part of my exam prep post one day!). The length got me thinking about labs and things and confirmed when I got the announcement at the beginning of the sitting that it included 1 lab.

A “lab” is a practical test of your skills on a particular subject and although it’s getting on for a year or so that Microsoft Azure exams have included labs, so far I’ve not had any and I was a bit nervous.

I progressed through the various sections steadily and I kept an eye on the clock. I’d read a few horror stories of candidate’s time keeping going awry and them running out of time. As it was I didn’t get too bogged down and proceeding at my usual pace. The curve of dread was quite amusing (in hindsight) and peaked about a third of the way in to the exam as I got a bit stressed at what I didn’t know. Then as I progressed through the questions it settled down as I encountered elements that I was confident in.

The practical test came at the end and I had over 2 hours left and actually began to enjoy that part. I’ll admit that I just used the portal to complete my activities but was reassured that the direction giving acknowledged that certain parts would take time to complete and that I could progress with the tasks as needed while it waited. I’m fortunate that my “day job” has a lot of hands-on work and I’m logged in to an azure subscription almost every day (after elevating my permissions through privileged identity management!). I applied the same deliberate pace and double checked each setting and user. If I was to build a test system against a live portal then I could imagine the type of process that I would interrogate the Azure Resource Model to check that configuration had been carried out correctly. This is just the same as naming conventions and azure policy checking so at each pivotal point I paused and made sure that I was reading things correctly – just like following a technical design. In a real life situation I would also use scripting as a confirmation step but took a pragmatic approach with the tools I had.

I was ambivalent at the end and it doesn’t do to be overconfident, and the lab introduced another twist at the end. I clicked the Finish Exam button and the response came back almost immediately:

‘Thank you for taking this Microsoft Certification exam. Your test results will be available once scoring is complete. You may exit the exam now without affecting the scoring process by clicking the “End” button. Your score report will be available online in your Microsoft Learning dashboard at www.microsoft.com/learning/dashboard

Talk about an anti-climax and it even sent it to the printer (the chap at the test centre asked if I really wanted to keep it!). So I was a little high and dry and while in limbo decided to get the bus back to the office while I waited and then I collected my stuff from the locker and fired up my work phone for the colleague support network on Microsoft Teams!

Anyway to wind forward I was about 10 minutes in to my bus journey when the congratulatory email came through on my phone and I was able to see my score report. Although it doesn’t really matter, the score was a good 100 points over the pass mark which I’m happy about as it’s content I should know in my day job.

My thoughts on the exam – here’s a summary without any NDA busting:

  • Like the admin exam the exam outline calls out the Azure services that will be included and these will be in the exam. Inevitably this is not everything that the extensive platform provides and this is a relief!
  • The exam has good coverage of the built in protection in Virtual Networks and Azure AD. Unlike the real world where you might have federation or Network Virtual Appliances in the mix, this exam rightly focuses on the “out of box” provision.
  • Time management is crucial in giving yourself space to address the lab. That said my first lab was a really good experience – it was actually the easiest part of the whole exam to understand and answer as it covered things I do almost every day. The flip side was that it took me as long to do the single lab I had as it did to answer the other sections.

And finally, as well as building on the other hands-on work (and exams) the preparation material I used for this exam was:

  • Featured training for exam AZ-500 – as a certification that counts towards a Microsoft Partner Competency, it is called out by Microsoft.
  • Skylines Academy AZ-500 Course – Nick Colyer’s course on udemy has a good step by step coverage of most of the content. As ever remember to follow along in your own portal. I bought it months ago during one of the regular sales on the platform.
  • Skylines Academy AZ-500 Practice Questions – this came through as I was in my latter stages of preparation. About 60 odd questions and a good way to poke me out of exam fatigue. Not a huge number but again so cheap that it was a no brainer to further my learning.
  • Pixel Robots bunch of links for AZ-500 – this saved a bunch of time looking for references but compared to some of Richard’s other blog posts is a little out of date at the time of writing.

Of course you should spend lots of time in the Azure Documentation as this is an awesome reference and gets lots of feedback through GitHub. I also found a pluralsight path for AZ-500 but at a total of 42 Hours when I looked there was no time I would be able to cover it all in the time I wanted to spend.

Azure DevTest Lab Artifact Secure Channel Error

As part of my work in Azure Architecture and Operations we make extensive use of Azure DevTest Labs as they are a useful way to facilitate end user compute for advanced users like Developers and Data Scientists.

In that we tend to use the Azure Data Science Virtual Machine as it includes a whole bunch of tools that cover 90% of our end-user needs and it is very easy to provide secure access with a self-service element and maintain control while managing the demand on our small team.

Recently I was preparing a lighter machine based on a Windows 2016 image with just the tools we required for 6 months of Python related development. Many of the sample artifacts make use of Chocolately which is really handy for deploying applications as there is a great library of packages.

I developed and tested the Artifact set last week but when it went to initial UAT it failed with “ERROR: Exception calling “DownloadString” with “1” argument(s): “The request was aborted: Could not create SSL/TLS secure channel.”.

I traced this to the Ensure-Chocolatey function and specifically the line that downloads and runs install.ps1 . Hunting around the internet let me do a discussion about TLS versions and that the webclient defaults to TLS 1.0. I wasn’t able to confirm this in the environment I had but I was able to check SSL on the chocolatey target using ssl labs i.e. https://www.ssllabs.com/ssltest/analyze.html?d=chocolatey.org

This indicated that the server the machine was connecting to was only accepting TLS 1.2 and above. I forced the script to use this using [Net.ServicePointManager]::SecurityProtocol¬†=¬†“tls12” above the webclient call and this fixed the issue for the time being.

Update 04/02/2020

In examining the pull request 613 related to this in azure devtest labs I discovered that Chocolatey previewed the change in their blog post Removing Support For Old TLS Versions On The Chocolatey Website.

My year in Microsoft exams 2019

I completed my last Microsoft exam of 2019 a week ago with a successful attempt at MS-900. With December approaching and a two week vacation approaching I’m taking a little rest before diving in to preparation for my next exam. I have AZ-500 booked for the earliest opportunity at a local test centre which turned out to be February.

A year is a long time and with a couple of significant personal events in 2019 I’d forgotten how much I’d achieved.

Azure Architecture AZ-30x exams

I began the year with Exam AZ-300: Microsoft Azure Architect Technologies as my second iteration of Azure Architecture exams (having done 70-534: Architecting Microsoft Azure Solutions in my first iteration). That was followed just over a month later with Exam AZ-301: Exam AZ-301: Microsoft Azure Architect Design.

I’ll be honest and say I don’t remember a huge amount about the exams (a family bereavement in April being the probable reason) but historically I’ve enjoyed them as they really make you think about how to use Azure technology.

Passing these two exams obtained Microsoft Certified: Azure Solutions Architect Expert.

Managing SharePoint 2016 Server

I started the year with hopes to get another year for my MCSE Productivity but personal events somewhat got in the way and I struggled with this one, mainly due to it being outside of my current core working set and because the real world needed attention at the time.

I’ve got a post dedicated to this one but needless to say, my repeated attempts reduced my run rate somewhat.

Everything is an experience and I really benefit from an understanding employer who doesn’t add to the pressure I put on myself. The last time I had a challenge like this was with 70-532: Developing Microsoft Azure Solutions which was my last exam nemesis!

The low run rate meant that I missed a mini goal of grabbing the transition exam for the new MS pieces but to be honest I just had to let it go. Sometimes the pace of the transition exams doesn’t allow enough time between personal life and exam centre availability.

Passing this exam refreshed for 2019 my Microsoft Certified Solutions Expert: Productivity.

Microsoft Cloud Fundamentals

So I found myself in November and with life settling down I decided to hit two of the fundamentals exams as my employer had an initiative to get everyone through AZ-900: Microsoft Azure Fundamentals and was paying a one-off bonus for this and the other cloud fundamentals exam MS-900: Microsoft 365 Fundamentals.

The first gave me a bit of a jolt as I didn’t sail it like I thought I would, so I worked harder and got a bit more of a respectable pass in the latter. (See – technically a pass is a pass but I still measure based on score!?)

Passing these exams got me certifications for Azure Fundamentals and Microsoft 365 Fundamentals.

2019 my exam year

  • Number of exams passed in 2019 : 5.
  • Number of exams sat in 2019 : 7.
  • Certifications Gained / Refreshed in 2019 : 4.

Passed AZ-900

I’m happy to say that I’ve passed AZ-900 as part of my employer’s initiative to have everyone go through the Azure Fundamentals exam. This is a recognition that cloud is a core part of their business.

My thoughts? I perhaps underestimated the exam and although I passed well I didn’t ace it. I’ve scored more in other “harder” exams so I’d recommend what I try to tell myself – look through the actual product being tested (Azure Portal Features) and if you want to score more you’ll have to remember some of the detail of features and charging structures. I think the classic learning tips of What? How? When? for each exam objective will serve you well.

I’m beginning to realise that all of the exams are treated seriously and a pass (even for fundamentals) actually means something. Respect to my non technical colleagues and a little nudge to myself to treat things seriously!

I passed Microsoft Exam 70-339 Managing Microsoft SharePoint Server 2016

I’m really happy to say that I (finally) passed 70-339 Managing Microsoft SharePoint Server 2016 on Friday after a couple of failed attempts. This was my 32nd exam pass and my first time pass percentage is quite high, mainly as I tend to be very careful about booking exams when I think I am well and ready for an exam. So what was different this time ?

1. I didn’t respect the exam

I think a run of first time passes on exams made me a little complacent and I relied too much on the good results I got with the official practice exam. I should have remembered how hard I found the breadth of the previous generation of SharePoint exams and though about the implications of a single exam for the whole product (there used to be two administrative exams for each version of SharePoint). I probably came short and should have thought harder about the implications of elements in the exam outline.

Having the product in front of you to try things out is also a proper lesson well remembered.

2. Study and exams don’t exist in a bubble

When I failed first time I took the standard approach and booked for a couple of weeks after, on the basis that my fail mark was just short of the required pass mark. Then some family stuff came up which meant that I didn’t get a lot of sleep the night before the exam and had a lot on my mind. This happens and there isn’t a lot that can be done; life is unpredictable and it’s important to work to live rather than get things the wrong way around. Reflecting on this made me think about my attitude during preparation and what techniques and methods might help with all of the aspects of my life.

3. Sit exams when you know stuff

This inelegant heading refers to my experience that sitting exams on subjects that directly relate to your day job is so much easier than others. I’ve not been working daily with SharePoint 2016 since my last job and I think that even that was focused on a narrow band of deployment. Both this exam and 70-532 Azure development were tough and that was because I didn’t have the day to day depth in a subject area like I have with Azure Architecture and Administration. Stretch targets are good but they need the work.

4. Sit exams when they are current

What I mean by this is that there is a natural curve to an exam lifetime. Some Microsoft exam areas are particularly current like the Azure Administration and Architecture exams and apart from tweaks to the platform will be active and up to date. I think the perfect set of circumstances is a year or so after an exam goes live in a technology that is in wide use. Contrast this to 70-339 which has been available since mid 2016 and relates to a product which has undergone a fundamental change in delivery – most users of SharePoint will now use the online product.

The other thing (excuse) is that the online documentation has shifted to the next iteration of the product and a whole bunch of historical items have got harder to find. To be blunt with myself I think this highlights that you need to have hands-on access to the product for proper study and in not doing this I set myself up (see point 1). That said, the exam outline still has the objective “configure connections to Access Control Service” which at the time of writing has been retired for almost a year!

5. Back off and regroup

Like my car driving test (I love driving!) sometimes I have to work hard to achieve something and sticking at it is a test of personality. Unfortunately due to what must be a bit of a personality defect it can take a couple of fails for me to realise that I have to buckle down and examine my strategy. In the case of 70-339 I waited a month or two after my second fail to have a think, see how things were going and take a bit more time out. In something I think is like a classic retry pattern I introduced a delay. Of course in development the delay would be a bit more regular in nature but hopefully you get my point.

In summary

I’m now going to pick off the two Microsoft cloud fundamentals exams for a bit of light relief and in support of my employer’s plan to have everyone in the company certified in AZ-900 and I’m also planning to do the next generation of the expert certification in Microsoft 365.

As it was the SharePoint pass gave me the 2019 badge for my MCSE in Cloud Productivity – perhaps this was my last 70-XXX exam!

MoPOP Museum of Pop Culture Seattle

I changed jobs just over a year ago and an awesome part of my new Employer’s approach to staff development is that they send members of the team to conferences and training.

I had the privilege of attending a boot camp for cloud architects in Bellevue, run by Microsoft for their Partners and also had a day in between travelling from Scotland to Seattle to have a look at the city with my colleagues.

We basically got lost after visiting Pike Place Market, we thought we were heading towards lake Union but hadn’t read the map quite correctly. So we looked around and spotted the Space Needle fairly nearby (it’s a bit of a spottable land mark) and headed towards that.

The majority view was that we didn’t want to spend the money on going up the Space Needle so we went next door in to MoPOP Museum of Pop Culture. As I discovered this has a fairly significant connection to Microsoft as I saw one exhibit after another from the Paul G. Allen collection and it slowly dawned that a founder of the museum was also co-founder of Microsoft.

This place is amazing; it starts with the swoopy architecture which has a monorail bursting through it. Then the inside is all modern clean lines with doors and stairs leading to themed exhibits.

There are closed off exhibitions behind doors that cover elements like films or people or open areas that open out to the full height of the museum.

Well worth a visit.

50055: This exam is not currently offered. Please select another exam.

I failed a Microsoft Exam last Friday – yes it’s true, on occasion I fail an exam. One (amongst the many) fantastic attitude at my current employer is that a Microsoft exam fail is part of the journey of discovery. A couple of my new colleagues also remark that any significant score over the “pass” mark is a waste of study time and I can kind of see where that comes from.

The error message above was displayed by the web page when I attempted to book a resit of 70-339 Managing Microsoft SharePoint Server 2016 and let to discovery of an interesting quirk of the system and what retake policy means in practice.

If you’ve booked exams for the last few years you will have been informed of the latest on retake policy which has been tweaked and firmed up to an extent to give candidates a proper chance between resits and not to try to brute force the attempts. At the time of writing the Exam retake policy states:

  1. If a candidate does not achieve a passing score on an exam the first time, the candidate must wait at least 24 hours before retaking the exam.

This time I was particularly keen to book my resit as soon as possible, the practicalities of availability in Edinburgh means that I was expecting to have to wait a couple of weeks at least for availability so I didn’t expect the 24 hours to be a problem. I went through the exam details page, clicked “Schedule Exam”, confirmed my details and the link accounts page and got redirected back to the same page with a light yellow banner “50055: This exam is not currently offered. Please select another exam.”

Exam Booking – 50055: This exam is not currently offered. Please select another exam.

So I tried a few different ways without success; inprivate, different devices and all gave the same error. I tried telephoning to be told that I would have to wait 24 hours to book. So I waited 24 hours after the end of my exam and still couldn’t book.

I was finally able to rebook through the Pearson Vue site at 18:30 on the Monday after my exam on the Friday; the exam was scheduled to end at 12:30 (My times are BST). The half hour seems more than coincidental and the take away is that the systems will prevent the booking taking place until at least a number of hours have passed on business days.

I don’t fail exams often and I certainly don’t plan to, and hopefully you don’t either. So when the unthinkable happens don’t panic and take time to regroup and make plans. And wait a day and a bit before you try to rebook!