LEAP 2019 – day 2

Recap of day 2 of the LEAP event. You can find the recap of day 1 here.

Power BI – developer extensibility

Day 2 kicks of with a session on Power BI. Not how to use it, but how to extend it and aims to cover common developer scenarios.

Important take away from this session: developer live for Power BI starts at http://dev.powerbi.com. You will find:

  • documentation
  • developer scenarios
  • source code

“The app owns the data” meaning users of the dashboards do not need PowerBI Pro licenses to use them. With anonymous embedding you do not get the benefits of filtereing data based on user access or roles. With true Power BI Embedding you can filter and present data based on identity or role.

Power BI Embedding through code is done with “powerbi.js”. It is as easy as grabbing an embed token and url, pick a dataset and a view mode.

Different SKU’s are available and licensing can be tricky. There is a comparison matrix available to assist you with that.

Explore APIs and experiment with the Power BI Embedded Playground:

For non Power BI User Embedding you now still need a Master App Account. An App Only Token Account is coming soon, so things like MFA will not get into your way!

PowerBI supports Streaming and Realtime Dashboards with a number of datatypes.

The team added PowerShell capabilities for Power BI Admins to answer questions like: what datasets are published in the cloud, are Identities and Roles required, Identity creators of datasets and what connections are used?


No slides, just the speaker (Stuart Kwan) and some whiteboard diagrams. The session will provide the tools to think about federated identity. The first one is based on a “Three body diagram”: Client – Secure Token Service – Server. With every identity scenario you should always consider the three basic mechanics:

  • First: Trust Graph (who trusts who)
  • Second: Protocol Sequence (how we communicate)
  • Third: Claims Transformation (convert to new token with the claims from the trusted STS)

Manually craft a login sequence:


In a passive scenario the JWT token is consumed and not used again. It is replaced with a session cookie.

The second scenario is based on the “Four body diagram”: Client – STS1 – STS2 – Server.

Stuart finishes up talking us through a full protocol sequence diagram for an active client. In this case Outlook (OL) that uses Azure AD Authentication Library (ADAL) and a Web View to connect to Exchange Online (EXO). In this case it is configured in a federated scenario with Azure AD (AAD) and an on-premises Active Directory Federation Services server (ADFS). It exchanges both an Access Token (AT) as well as an Refresh Token (RT):

The Code Behind The Vulnerability

This talk starts with an explanation of the Microsoft Bulletin Process and continues with a detailed view on 10 different security bulletins.

The slides from this session will be posted on: https://idunno.org/

Diagnostics in the cloud with Azure Monitor APM

Monitoring has become more complex over the last years. Different languages, different ways of logging, different systems. Azure Monitor aims to make it easier, all the way down to the application through observability.

Monitoring tells you whether the system works. Observability lets you ask why it’s not working.

Baron Schwartz

Azure Monitor is now the consolidated result of a lot of products and services, including Application Insights and Log Analytics:

  • Unified Monitoring
  • Data Driven Insights
  • Partner Integrations

Demo 1: Different Application Insights Dashboards.

See the Azure documentation for more information on the different types of dashboards.

Demo 2: Live Stream Analytics.

It allows you to select and filter metrics and performance counters to watch in real time, without any disturbance to your services:

  • Inspect stack traces
  • Profiler
  • Snapshot debugger
  • Live performance testing

Demo 3: Application Insights Profiler

It is intended to capture data from production in 2 minute samples per hour by capturing requests to show what code is doing over time.

Demo covers: Application Insights Profiler to run on demand performance tests. You can run the loadtest directly from the Azure Portal: see the docs for more information.

Demo 4: Snapshot debugging from the Application Insights blades.

It allows you to collect a debug snapshot from your live web application and take it to Visual Studio for analysis (and link up the correct symbols with source code if available).

AI, Microsoft and Partners

What is AI and what can it do. What toolchains does Microsoft support?

The difference between ML and AI: “If it is written in Python, then it is machine learning, but if it is written in PowerPoint, it is AI.

The Big Bang in AI: the SuperVision algorythm

  • Beginner: Start with a blogpost Machine Learning is fun!
  • Medium: Coursera courses on Machine Learning
  • Advanced: reddit.com/r/machinelearning

You need a lot of labeled data to train your models. Label yourself or acquire pre-labeled data.


Accelerated State of DevOps: https://cloudplatformonline.com/2018-state-of-devops.html

Demo: getting started with Azure DevOps

You get 10 Parallel jobs with unlimited minutes per month for free:

Azure Pipelines is part of the Azure DevOps tools, but also available standalone if that is all you need. Azure Pipelines offers cloud-hosted pipelines for Linux, macOS, and Windows with 10 free parallel jobs and unlimited minutes for open source projects.

If your source code resides on GitHub, it is even easier to get started with CD/CD! If you browse the GitHub CI Marketplace, you will find a plan to integrate with Azure in just a few clicks! 

Demo: setting up diverse pipelines with Azure Pipelines.

Run your tests and record the test results for each test step using Microsoft Test Runner. You can use the web runner for web apps, or the desktop runner for desktop app data collection.

Link for the slides: https://aka.ms/leap2019