Everything about code signing and how not to use it

Signing software or a script conveys a feeling of security and additional quality. But there is not always a reason for this. How does code signing work? Which self-hosted infrastructure or cloud services are required? Which certificate is required, on which machines and how? How does the timestamp function work and why is it important? After answering these questions, we will look at when code signing increases security and when it is just a feeling of security and what the dos and don'ts are.

How to create intuitive cmdlets your audience likes

When designing cmdlets, many of the language features that PowerShell offers will help you get your work done efficiently and create code that is easy to read and maintain. However, the biggest impact of using PowerShell language features is the usability of your cmdlets. How are your cmdlets accepted by users? This session will cover all the features that will help you create intuitive cmdlets and give you examples to help you put what you've learnt into practice. We will look at classes and the concepts of them and modules.

An easy path from AA DSC to Azure Automanage Machine Configuration

Azure Automation State Configuration aka AA DSC is obsolete. The new thing is Azure Automanage Machine Configuration. How can you migrate smoothly from the old product to the new one? In this session we will review some of the basics of Azure Automanage Machine Configuration, but mainly focus on a simple migration path. This will include discovering some key differences and enhancements in Azure Automanage Machine Configuration and what this means for existing configurations and configuration data. If you are planning to move to Azure Automanage Machine Configuration, this session will give you a good starter kit.

Code Singing done right in a PowerShell Module Release Pipeline

You know how code signing works, or you may have attended the session "Everything about code signing and how not to use it". In this session, you will learn how code signing works in an Azure DevOps release pipeline. We will create, sign and release a PowerShell module fully automatically. The signing task should not have access to the certificate, and we will use an Azure Key Vault for additional security. For this we will use and extend the Sampler module scaffolding solution.

The PowerShell module toolbox and templates for Continuous Delivery

You've heard of module design considerations such as testing with Pester, linting and static analysis with ScriptAnalyser, community best practices, but it takes a lot of effort to enforce them in a build pipeline!
In this session we'll see how the Sampler module and templates used across the DSC and other communities to have an unified release approach. We all don’t want to waste time and here is a solution that does everything you need out of the box and considers most best practices in the PowerShell and DevOps space, no matter if you use PowerShell scripts, classes or DSC Resources. After this session you will value “Sampler” to build, test, pack and publish your module and be surprised how easy the predefined tasks can be configured, how testing, linting, code coverage, automatic versioning, changelog management, documentation and CI/CD support works. Sampler will improve the quality of your product and save you much time.

Azure Automanage Machine Configuration for large environments

You are on the verge of onboarding your on-premises systems to
Azure Arc and plan to manage them using Azure Automanage Machine Configuration?
Or do you already have everything set up, but want an overview of what is possible beyond pre-made Machine Configuration templates? This session has got you covered.

Using the popular DSC blueprint from the DSC community, you will be introduced to a scalable and manageable way
of creating machine configurations. You are invited to follow along in this session to create and publish configuration for your own machines.

Requirements to fully follow along:
- Compatible authoring environment: https://learn.microsoft.com/en-us/azure/governance/machine-configuration/machine-configuration-create-setup
- Access to an Azure subscription
- Permissions to create a storage account or upload to an existing storage account
- Permissions to create and assign policies
- VM(s) to manage, either Arc or Azure VMs

AutomatedLab - Expert

You have used AutomatedLab in the past, but feel that there must be more to it? You are unsure if your lab deployments can be further simplified?

In this session we will peek under the hood of AutomatedLab, learn about its configuration system, create a custom role and explore the settings for existing roles.

We will also expand on more advanced scenarios like hybrid labs that are connected to Azure Arc, running AutomatedLab against Azure Stack and more.

Lab as Code - Automate your lab deployments with ease

Ops! Are you tired of reinventing the wheel to create test environments for software evaluation, troubleshooting and learning?
Devs! Do you need more complex environments in your build and release pipeline that are recreated for each integration test?
Then this talk is perfect for you!

AutomatedLab targets Hyper-V and Azure and can be used to deploy simple scenarios like some domain joined servers up to highly complex scenarios like PKI, Azure DevOps Server / TFS, SCCM, Exchange, SQL and multiple AD forests or even all together for testing migrations, etc. Be quicker and more productive with a fully automated deployment system for labs and even more.

Making your work visible - Including telemetry in your PowerShell modules

This talk will dive into connecting a module to Azure Application Insights in order to collect telemetry data. In very few, easy steps we will see how data is being transmitted, what the caveats are and what good telemetry can look like. We will talk about visualizing this data in a meaningful way and see why immediate feedback can be extremely beneficial to the development process. This is not only useful for Dev but also for Ops people looking for ways to visualize deployments on-premises or in the cloud and much more.

Telemetry is part of PowerShell Core and we added it to AutomatedLab to see how our module is used. The insight this has given us was tremendous and I feel that knowing when and how to use telemetry in a script or module is beneficial to administrators and developers alike. Making work visible is an important part of our jobs as dev and ops people and telemetry can play a major part in that.

Windows NTFS and registry ACL explained and managed

Is editing file or registry permission still uncomfortable? Does it always work or do you get errors when trying? How does inheritance work and how to view it in PowerShell? What are Windows Privileges and how to use them to work around the ACL / security? What is a security descriptor or SDDL?

Have you ever been removed from the ACL of a directory on a file server or been asked to restore permissions that somehow got screwed up? Pretty much unchanged since Windows NT4 there are still some mysteries to uncover around Windows Security. Managing permissions on NTFS volumes and the Windows Registry has gotten much easier thanks to PowerShell but some principals behind terms like security descriptor, DACL, SACL, inheritance are still quite unknown. This session covers the basics of how Windows controls access to many resources and how you can manage and report on these access lists with PowerShell. It also explains the term “privilege” (something that you see in the output of whoami.exe) and how you can make use of privileges to manage your resources much smoother in Windows PowerShell or PowerShell 6. You will learn how to access literally any file, regardless of how the ACL is defined, and how to manage, migrate, backup and restore permissions with very short and simple PowerShell statements.

This session also talks about module design and when it is a good idea to switch from PowerShell to C#. The source code of the NTFSSecurity is examined

DSC: Reviewing the basics

If you are interested in managing an infrastructure with DSC at scale, visit the talk “The DSC project blueprint or how to start a DSC project the right way”. In “DSC: Reviewing the basics” we are reviewing the concepts of DSC and getting you prepared for a CI/CD pipeline for your infrastructure.

DSC was introduced with PowerShell 4, but still only a few organizations are using it to manage a large infrastructure. One reason is the lack of best practices and templates. The talk “The DSC project blueprint or how to start a DSC project the right way” based on the DscWorkshop Project and the Microsoft whitepaper The release Pipeline Model is filling this gap and shows how a release pipeline for infrastructure as code can look like. If you haven’t used DSC for a while and want to review some of the terminology, principles and coding elements of DSC, this session get’s you back on track and prepares you to make the most of what is discussion in “The DSC project blueprint or how to start a DSC project the right way”. After the session you will be able to explain how the following things work: DSC configurations, configuration data, MOF and Meta.MOF files, what Windows does with MOF files, the DSC Pull Server on-prem and on Azure, DSC resources, composite resources.

The DSC project blueprint or how to start a DSC project the right way

Microsoft’s “Release Pipeline Model” whitepaper describes a new era of how IT systems should be managed nowadays. DSC is just one tool in a long too chain to control your infra through code via a CI/CD release pipeline. We present a working PoC that summarizes the learning of 3 hard years.

The documentation available around DSC quite often drives people into the wrong direction. At the very beginning things go quite well but if the requirements are getting more complex, they realize that configuration management, monitoring and reporting do not scale. Hashtables are not designed to store hundreds of computer configuration items, roles, location, etc. This session tells the story about a community open source project that has gone over two years to something like a blueprint for new DSC projects in pull mode. It explains how DSC works in a world described in the Microsoft’s Release Pipeline Model whitepaper. Not only DSC is part of the story but also Datum, TFS or Azure Pipelines, JEA and SQL reporting for DSC. If this is too much for starters, the DSC part of the project is also applicable for DSC push scenarios and does not require anything but DSC and Datum. If you are planning to introduce DSC in your environment or enhance an existing implementation, attend this session to learn about best practices learned in the field and be able to describe and realize an infrastructure release pipeline that adds trust, scalability, flexibility and speed.

Controlling multiple Azure tenants with Microsoft365DSC and Azure Pipelines

Do you have multiple tenants in Azure that should all be configured the same? You have separate Azure tenants for Dev, Test and Prod and these tenants should be configured almost the same? A greenfield approach is always easy, but what about when you have an already production tenant and want to bring it into control? How can you export the configuration data from a tenant and turn it into something readable and manageable?

All this can be achieved with Microsoft365DSC if you build appropriate tooling around it. But in this session, we go one step further and combine Microsoft365DSC with Azure Pipelines and all the best practices we have learned in the DSC community over the last years to build a comfortable and robust release pipeline. The approach shown does not only work in theory but is already being implemented by a number of companies.

From PowerShell One-Lines to Functions to Modules

Still many scripts in the wild use hard-coded variables and the code needs to be changed in some places to run in other environments or in a different context. PowerShell provides many features for writing robust yet flexible and even beautiful code that is easy to maintain, package and even easier to use. In this session, we will fly through the most important features and give you code examples to guide you later.

Maintain and release your code like a pro: The Release Pipeline Model

This session focuses on basic but important best practices for releasing software and scripts: Build and Release, Linting, Testing and Code Coverage, Versioning, Changelog Control and more. All this should be fully automated and standardized.

No matter how complex or simple your PowerShell code is, the solution (https://github.com/gaelcolas/Sampler) shown here will make your development and release process a lot easier and raises your code and product quality to a new level - and it is fun (mostly).

Use Microsoft365DSC to easily control all your tenants

Microsoft365DSC got pretty famous, but most people use it only for exporting a tenant configuration. However, this is not the purpose of DSC. Using the Microsoft365DscWorkshop, we have successfully put a number of Azure tenants under source control.

It is time to get ready for DSC v3

With the imminent release of DSCv3, it’s time to get accustomed to how it works and how to migrate. DSC v3 follows the same idea as its predecessor but is technically very different. We will explore the essence of DSC v3, investigating the design and features. By comparing DSC v3 with v1.1 and v2, you will gain a comprehensive understanding of the evolution and improvements made. To bring these concepts to life, we will conduct a live demonstration, migrating a simple DSC configuration step by step to DSC v3, highlighting the critical differences and new capabilities and how to utilize the vast amount of available DSC resources with DSC v3.

This session is aimed at people with existing DSC knowledge and experience.

Continuous Delivery with GitHub Actions

If you are in charge of one or more pieces of code, you are confronted with a number of repetitive and boring tasks like deployment processes, security checks, linting or running Pester tests. All this can be outsourced to a coworker named GitHub actions and thereby freeing you to focus on more critical aspects of your mission critical projects. This session introduces you to GitHub actions its most important components if it comes to PowerShell projects. A release pipeline sometimes comes with a lot of burdens, especially if it doesn't work as expected; hence the session also explains what your code should look like so that you can take full advantage of GitHub actions. We will create a small PowerShell module together with fully automated build, test and deploy and this by only using GitHub.

All you need to know is PowerShell. The session introduces you to GitHub Actions and the concept of a release pipeline.

Entra ID and M365 as Code with DSC

Microsoft365DSC is widely recognized for exporting tenant configurations, but its true potential goes far beyond that. This session will showcase how to use Microsoft365DSC in tandem with the Microsoft365DscWorkshop to bring Azure tenant configurations under source control seamlessly. With a fully automated project template setup, you'll be ready to manage your tenants efficiently by the end of the session.

In this session you will learn about the “release pipeline model” and how to do changes to your Azure environment as at team in a secure, safe, automated, transparent and self-documenting way. We will cover how to propagate your change through the usual stages: Dev, Test and Prod. By adopting the principles discussed, you will keep your different environments in sync. This concept scales from 2 to as many tenants as you like.

In this workshop you will learn about the principle of Infrastructure as Code, why it is important and how it benefits you, your team and your organization. You will learn about available tools such as Azure DevOps release pipelines, DSC and Microsoft365DSC in particular, Pester, PSScriptAnalyzer, automated dependency resolution and many other things in a single project. In these 4 hours you will receive the concentrated knowledge of the DSC community of the last 10 years.

This workshop is aimed at an audience that knows PowerShell well. Knowledge of DSC 1.1 / 2.0 is helpful, but not essential thanks to the sophisticated toolset.

You should have at least one Azure test tenant with global admin rights available. A development VM with Git, PowerShell 7 and VSCode should be installed in this tenant. During the workshop, you will set up an additional VM for each tenant you want to control.