Microsoft Servers forgetting developers?

I do development using a Hyper-V guest with Server 2016 (and 2012R2).  These Virtual Machines (VMs) are hosted on Windows 10 Professional.  This is a requirement for SharePoint development.  This is desirable for web-based development to work in a similar environment that will host these applications (even if hosted in Azure).  Windows 10 is too far removed.

So when Microsoft released Server 2016 without UWP or Microsoft Store support, that was  bit of a surprise.  That meant no Edge browser support, so we cannot test our applications against their premiere browser.  We cannot develop and test UWP applications.  So we don’t support them.

Microsoft Windows Server 1709 is Server 2016 on Build 1709 but without an GUI.  So that isn’t very useful for running Visual Studio.  That means our developers (myself included) are using Server 2016 Build 1607 because we need a GUI for our development tools.  This means we can’t take advantage of 1709 features available in Windows 10.  This includes OneDrive Files On-Demand.  Why is this feature so OS-specific anyway?  It should be a product feature that we can install anywhere.  This makes no sense.

At the end of the day, Microsoft is making it hard to support OneDrive and Edge browser.  And UWP applications.  Okay, I am better about not supporting UWP applications if Progressive Web Apps (PWA) becomes a first class development platform in Visual Studio.  But think of all of the developers who program in C# and don’t want to learn JavaScript, HTML5, etc.  They are desktop developers, not web developers.

So they have created a set of really inconsistent platforms (read: fractured) and confusion with developers on how best to support various platforms.  Or not support them because it is too hard for us.  Developers help make the platform because the ecosystem cannot survive without them.

I will take a look at moving to Windows 10 Pro VMs as a development platform.  Maybe that is the way to go, with the exception of SharePoint development (unless such can be done with the upcoming SharePoint 2019).  In years past, it was too painful to do DevOps on a desktop OS while support a server OS.  That is why we developed on server OSes.  Time will tell.

Why we chose to use OAuth2

Single Sign-On (SSO) is a complicated topic once in the weeds.  Sure, at the high level it is easy at a conceptual level.  A user logs in once and can access all of the associated applications that participate in the SSO system.  It is complicated to implement.

OAuth2 seemed to be the most current adaptation used by various vendors, including Microsoft, Twitter, Google, and Facebook.  It is an open standard that handles authorization and authentication (with OpenID Connect).  It uses JSON for its payloads.  It is less complicated than other protocols.  Being a .NET developer, IdentityServer was a good fit with it being open source (originally on .NET Framework 4.x, now on .NET Core 2.0).

Modifying IdentityServer allowed us to integrate the solution with the desired authentication back-end systems.  We could choose Microsoft ASP.NET Identity Database (already setup really) or a custom user/password system.  This gives us complete control.  There are examples of using with 3rd party authentication systems (e.g. Google).  You can integrate it with Azure Active Directory (AAD), Windows Active Directory (AD), and even home brewed systems.

The down side is that it is still complicated, especially if you aren’t fluent with OAuth2 (which was my case).  There are a lot of examples, but determining which ones were the best to use and ultimately understanding how to implement different types of clients such as CORS with JavaScript, ASP.NET .NET Framework with Webforms and MVC, ASP.NET .NET Core with MVC, and .NET Framework Winforms.  Nuget packages are often needed with various different library versions and the moving nature of software libraries and IdentityServer (.NET Core 2.0 clients and resources don’t because it is all built-in now).

Then there are cookies, back channel communications, front channel communications (and being careful what crosses into that area for security sake), tokens (and how to refresh them if applicable), etc.

Using OAuth2 for SSO made it more complicated than if we wanted to have unified login (each app requires a login but shares the same credentials).  The Windows applications (e.g. Winforms) required interaction with the default browser.

It has taken me over 8 months to get where I am today and I am still learning.  In the end, is it worth it?  Yes it is.  We are using open standards that are well supported (even if it is a jungle out there).  This solution will be used for a long time so we wanted to invest in a solution that will be well supported going forward.  Even if the technology morphs, we have a good base solution that can adjust as needed.  These technologies will also mature and change less.  They cover all sorts of devices and have good browser support.

Too many Windows 10 Editions

Dear Microsoft,

Please reduce the number of Windows 10 Editions.  Please make the platform more consistent across the editions.  Today, you have Windows 10 Home, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, Windows 10 Pro Eduction, Windows 10 Enterprise LTSB, Windows 10 Enterprise, Windows 10 IoT, Windows 10 S, Windows 10 Team, Windows 10 Pro for Workstations.  Then there are the N and KN variants for Europe and South Korea.

How about this?  Windows 10 Home, Windows 10 Pro, Windows 10 Enterprise, and Windows 10 IoT.  That is it.  4 editions are plenty. This covers home users, home super users, corporate users, and devices/embedded.

All of the editions have the following modes.  S mode locks Windows down (can only get apps from the Microsoft Store).  LTSB mode will stop updates, except security patches, disable UWP applications (if you must – I still think this is wrong).  Exclude multimedia, making it a separate Microsoft Store application(s) so N and KN can go away.

This will make your product more competitive, easier to support, and provide more value to users.  This will help IT folks talk to regular users about their needs and help them make choices.  This will help regular users when purchasing equipment.


Struggling to keep up

NuGet “Heck”

Oh NuGet, how I love and hate thee.

You make it easy to get packages (libraries) for a project inside of Visual Studio 2017.  You make it easy to update packages.  You help identify where multiple projects might be on different version for a given package.

You are also make it easy to break a project, causing code to no longer compile or work properly.

Those that have used NuGet in their projects know how much of a pain it can be.  NuGet dependency updates can break your code (and often do).  Removing a NuGet package doesn’t give a clue what is happening with respect to unused dependencies.

What do I need to help?

  • Rollback capabilities.  Stop making me backup the projects beforehand manually
  • Allow me to uninstall a package and optionally select any dependencies in the chain, rather than giving me an error and making me manual uninstall the dependent packages.
  • Review potential problems in the projects within a solution (inspection would be a good thing)
  • Always require release notes to be viewed easily, before I install (or upgrade) a package
  • While ReSharper (R#) can help remove unused NuGet packages, this should be something that Visual Studio has already built-in (and I really like R# but this seems like a basic service item)

I am sure there are other things that could help.  I cringe right now when I see there are NuGet updates.  And with enterprise projects, the trepidation increases.

Windows 10 S

Think of Windows 10 S as the S-Edition of Windows 10 Pro.  Meaning, it is Windows 10 Pro, but locked down.  So it is a specific secured configuration.  When in S mode, it will only run applications that come from the Microsoft Store or are preinstalled.  So it won’t run a lot of applications, including Visual Studio, most Adobe applications, Google Chrome, many printer driver applications (although many printers will work, potentially with limited functionality), etc., until they are available in the Microsoft Store.

Windows 10 S can be unlocked and become a regularly functioning Windows 10 Pro through the Windows Store.  If a fee is required ($49 for Windows Pro), it is managed and collected with the Windows Store (or Microsoft Store for Education, which allows Windows S to be unlocked to Windows 10 Pro Edition for Education customers).  A valid Windows 10 Pro product key also works.  Once you switch to Windows 10 Pro, you cannot switch back to Windows 10 S.

The S mode is available for Windows 10 Enterprise and will be available for Windows 10 Home in the future.  So why use this S mode?  It will be less expensive, perhaps to compete with Google OS devices.  It will be more secure.  It will be more strict in that applications can’t just throw in startup applications that run in the background.  These consume battery, decrease reliability, and consume resources (CPU, RAM, etc.).

While S mode doesn’t allow joining Windows Active Directory, it does support Windows Azure Directory joining.  BitLocker is available as long as the underlying Windows 10 OS supports it (such as Pro, Enterprise).

This edition might drive developers towards PWA (Progressive Web Apps) or UWP, although it is unlikely.  Windows 2016 Server doesn’t support UWP (for running or developing).  While still much better than Windows RT, Windows 10 S hasn’t really taken off.  Low cost educational devices are not yet available.  It is ahead of its time in being overly aggressive in not supporting key non-store applications (e.g. Google Chrome), and there isn’t any development strategy in place that is obvious (inside of Microsoft or with partners/vendors/enterprises).  Many printer drivers with add-on utility programs simply won’t work and cannot be installed.

However, users who can take advantage of Windows 10 S, such as those that can find their apps in the Windows Store or use a web browser (well, really only Edge) to access their information, can benefit from additional security, less startup applications (no Windows Services, no scheduled tasks, no applications in the startup folder, etc.) which will speed up the experience and reduce CPU/RAM drag, and increase potentially battery life (presuming you aren’t just watching videos all day).

How does this compare to the iPad?  One could draw a lot of parallels with a reduced operating system (iOS versus MacOS and Windows 10 S versions Windows 10 Pro).  But it really depends how you use your devices.  Many could use either device if all they need is email, browser, Skype, Netflix, and so forth.  The Apple Store has a lot more applications,  And higher quality.  The browser experience may be mixed with mobile Safari versus Edge.  Windows 10 S has a mouse.  Windows 10 S can be changed to Windows 10 Pro and “unlocked” for the full Windows experience.  Windows 10 S has a much better Microsoft Office application experience.

In the end, time will tell and choice is good.  Microsoft is ahead of the game with Windows 10 S.  With Progressive Web Apps on the horizon, the potential for improved Microsoft Store apps, and a locked down system that feels more agile, there is a lot of possibilities to benefit users.


For well over 8 years, I have avoided paying for cable TV.  There was a time I was paying over $100 for the privilege to have channels I never watched and increase my couch potato actions to make sure I was using what I paid to have.  Unfortunately, there is good content on several cable TV channels.  I have heard the argument that paying for channels you don’t need allows less popular channels to exist.  Shouldn’t supply and demand dictate?  And the excuse by cable companies that they cannot unbundle is just their way of making sure they maximize profits now without regard to the long term damage created towards their customers who are turned off by their tactics.

Enter Sling.  They have a streaming service that provides some al-la-cart choices, lower cost, and the ability to start/stop the service as needed in my life.  In the winter, I am more likely to catch a show or sport event.  In the summer, it is time to be outside and not watch TV.

While not perfect, it has really come a long way.  Their Windows 10 application (UWP-based) is actually decent.  The web browser works.  Their iOS (testing on iPhone and iPad) and TvOS (tested on Apple TV) apps work.  Their DVR service is handy.

If you are an aggressive TV watcher, then it might frustrate still, unless you would like to reduce your costs as much as possible.  For the casual watcher, it does a good job.  I have been able to watch the Olympics on NBCSN and Olympic Channel.  I had been watching the World Cup Alpine Ski racing up to the Olympics to get caught up with the various athletes and their disciplines (Downhill, Super-G, GS, Slalom, Combined).

This is a taste of the future – a centralized (single provider – not separate apps for each piece of content – that is a hassle!), lower cost, a-la-carte service that is accessible from multiple devices.

Net Neutrality, Early 2018

On 12/14/2017, the FCC changed the rules, effectively eliminating Net Neutrality, so consumers legally lost equal access to all content for a given price based on bandwidth speed and amount of data consumed. With Net Neutrality, we could use the data as we wished, accessing the services desired on the same equal field. Paying for more data or bandwidth allows Internet Service Providers (ISPs) to receive more funds to pay for increased infrastructure improvements while still keeping an equal playing field for all content providers (and ISPs for that matter).

In each market, the internet services providers are essentially a monopoly.  While I could use my mobile carrier’s data, realistically for my data needs, I really only have DSL (one provider) and Cable (one provider).  This constraint is similar for most and for many one or both providers are not especially favorable in the big picture.  Like telecommunication providers before them, they provide the connectivity (or phone back in the day) to the rest of the world and should be treated as a basic essential service.  In reality, Internet access is required to live life such as getting a job, pay bills, monitor credit, research information, do schooling, collaborating, book flights, and so forth.  In essence, Net Neutrality helps people in a manner that is already stacked against them with the ISP monopolies.

One major problem for me is that ISPs also provide content.  They have every incentive to provide poor service to other content providers and give premium access to their content.  They can now charge extra to access outside content so their services look more attractive.  This is a very big conflict of interest.

Fortunately, while untested legally at this point, states are coming to rescue where the FCC (and specifically Ajit Pai, chairman of the Federal Communications Commission) has failed us individuals.  They are helping to represent their constituents.  There is overwhelming support by individuals to have Net Neutrality.  People should come before business on basic (essential) services.  Time will tell how this shakes up.  But it is a good idea to keep an eye on what is happening and keep the conversation going.

iPhone X cross out?

The iPhone X has a lot of nice features.  It feels good in the hand.  It has a nice edge-to-edge screen. It is stylish and unique (especially with the notch).

What is problematic about it is numerous.

It has the notch (unique but looks silly, especially until apps catch up, unless you make the screen smaller.  This gives the perception to users that the screen has lost real estate.

It doesn’t have a thumbprint reader, not even on the back.  This is a big deal for daily use.  I am constantly unlocking the phone.  Having to position the screen just right is annoying.  Facial recognition is a good idea, especially if an additional authentication factor could be used (thumbprint and facial recognition for those very security conscious folks).  But it has a hassle factor too.  Now if they had been able to incorporate an under the screen thumbprint reader and been the first mobile phone to market with this feature, that would have earned Apple big innovation points.

It is expensive.  Way too expensive.  The iPhone 8 and 8+ are much less and there are solid Android competitors that are also much less.  Do we really need OLED for a lot more cost?

Siri is terrible.  Granted, this isn’t specific to the iPhone X, but users don’t necessarily know that.  None of the digital assistants are great but Siri is the worst of the mainstream bunch.

The iPhone is still a good device.  It is my favorite for providing support since it is the same for everyone.  The carriers don’t control iOS and the update process.

The iPhone 8 and 8+ are just more realistic devices in the Apple ecosystem in terms of daily features and acquisition cost.

iPhone Batterygate is short term

I generally like Apple products. They are attractive and work well. One complaint that has always been present and kept me from the Mac OS as my primary platform is their dumbing things down too much. When a technical problem arose, they expected users to get help from, well, Apple. Or a reseller. Information on self-help was sparse. They didn’t realize how harmful it was to technical people to have such a closed system. These are the same people that could significantly promote their technology.

And now, they have done it again. They thought they were doing the right thing by providing maximum battery life at the cost of performance. They were thinking for us. They benefited with old phones getting pitched for faster new phones, made more amazing with a greater perceived delta in performance. They didn’t disclose the fact that we could replace batteries to preserve our phones a little longer and reduce “digital waste”.

Apple needs to understand that outside of their fan-base they need to be a lot more transparent.  They could have given us an option to adjust battery life vs performance (how amazing of an option would that have been?!).  They need to understand that we don’t want to have to change our phones every year (or even two) – that should be our individual decision based on our choices absent of manipulation or potential coercion.

In some ways this is similar to VW Dieselgate in that actions were taken to manipulate the system to their benefit and it wasn’t disclosed until an outside person made it known.  I have lived through this debacle thus naturally comes to mind.

While it may not have the same environmental impact, this will cause confidence issues and there will be greater scrutiny into their products.  Apple has spent many years to gain the trust of the typical buyer that wouldn’t purchase a Mac and aren’t apple loyalist.s  How this will impact?  Only time will tell.  My guess is that unlike the VW scandal, this shall pass despite the betrayal.  Phones cost a lot less than cars.  Apple still makes a good product that is consistent and easy to support.  The iPhone market hasn’t dropped.  Apple is taking action that helps us now.  While we are temporarily angry (it takes little effort to be indignant while a lot of effort to change our ecosystem) and they have lost long term trust for some, we are now better informed consumers understanding we can take our products to Apple ($29 to replace right now instead of the normal $80) or a 3rd party (accepting risk vs price) for a new battery.  Or we can try to replace ourselves if so bold or interested.  There is no current fix for most of the formerly beloved VW TDIs and likely no Apple employee jail time.

This is also an opportunity for all (including those hurt) to review the other options available (on the Android OS really) to see if Apple still measures up or if it is time to bail and rethink your platform.  Ultimately, the drama will cool off and we will return to our own cool-headed thinking and selection process that represents our best interests for the time being.

Joining Azure Active Directory (1703+)

The process of joining an Azure Active Directory (AAD), starting with Windows 10 build 1703, has changed.

Why Azure AD Domain Join?

There are a number of benefits of joining AAD so you are able to use your Azure AD / Office 365 login:

  1. Centralized login credentials, especially nice with multiple devices
  2. Eliminate Office 365 and Azure-based login prompts when accessing word-based resources (e.g. Single Sign-On or SSO).
  3. Enterprise-based roaming of user settings across joined devices without the need for a Microsoft Account (e.g.
  4. Access to Windows Store for Business using the AAD account.
  5. Doesn’t require a Windows Domain Controller (Windows Active Directory, or WAD) for smaller businesses.

If you are an enterprise (or even a smaller business with local authentication services on Windows AD, you can connect AAD to WAD and automatically link devices via Group Policy to AAD.

This requires allowing devices to join the Azure Active Directory. This is done via the Azure AD Portal. Navigate to Azure Active Directory and Devices, and finally Device settings.

Notice that the setting Users may sync settings and app data across devices is missing. This is because Intune and AAD Premium are not being used.

Without this setting being enabled, on Windows 10, the following will be displayed (Sync is not available for your account. Contact your system administrator to resolve this.) to end users with respect to Syncing your settings (which is available when a Microsoft Account is used).

Azure AD Domain Join

Windows 10 devices can join AAD for centralized authentication and limited management (unless you have an Intune Subscription).

Click on Start and then Settings. Click on Accounts.

Click on Access work or school. Click on Connect.

Click on Join this device to Azure Active Directory link:

Ignore the fact that the title states Microsoft account, which could be confused with a Microsoft Account. This is the right place for using AAD logins.

Enter in your AAD login (email address) and click Next button:

Enter in the password for the account and click Sign in button (noting that your screen will look slightly different, depending on the branding done on the AAD side of things):

Confirm you are joining the right organization and click Join button:

If all goes well, you will receive a confirmation message and can click Done.

You are now connected to the domain AAD (so the account is technically AzureAD\ using the previous examples).

It is recommended you restart your computer and login with the new login by clicking Other user on the login screen and entering the email address of your AAD login.