MiniCon 2025

Authentication unpacked: What does MSAL actually do? Ben Reader

The lecture titled "Authentication Unpacked" explores the intricacies of authentication solutions, focusing specifically on the Microsoft Authentication Library (MSAL) and its use in PowerShell and other languages. Ben, a DevOps ...senior engineer from PatchMyPC, initiates the discussion by sharing his experiences and challenges associated with implementing authentication systems. He emphasizes the importance of securely managing authentication and provides a context for the session by referencing previous dialogues on the topic.

The presentation begins with a brief overview of MSAL, outlining its role in simplifying the authentication process across various platforms. Despite the widespread understanding of MSAL among the audience in 2025, Ben feels compelled to reiterate its foundational aspects before delving into more technical discussions, particularly concerning assembly load context (ALC) issues that arise during its implementation in PowerShell modules like AZ and MS Graph. These modules have incorporated their own versions of MSAL, leading to potential conflicts when users attempt to work with multiple modules in the same session.

Ben articulates the frustrations and complications associated with overlapping library versions, outlining scenarios where users encounter silent failures or misleading error messages. He stresses the urgency of addressing these issues through a unified library approach to minimize compatibility problems. This leads to a critical juncture in the lecture where the discussion shifts towards alternatives to MSAL. Although acknowledging its strengths, Ben raises the contentious question of whether developers should ever abandon the library in favor of custom solutions.

A key takeaway from the session is the notion that while it is technically feasible to write your own authentication logic, it is rarely recommended outside of specific contexts. Ben shares practical examples where developers may feel compelled to create their own solutions. He highlights several authentication flows, including interactive authentication, device code flow, client secret flow, and managed identity scenarios, showcasing both the simplicity and potential pitfalls of custom implementations. Throughout these demonstrations, Ben uses various programming languages, including PowerShell and Python, to illustrate the universal principles governing authentication without relying on MSAL.

Another critical point discussed is the reliance on secure authentication practices, such as proof of key code exchange (PKCE) for interactive flows, enhancing security by ensuring that only authorized users can process authentication requests. Additionally, Ben provides insights into utilizing managed identities, which can help streamline secure authentication in Azure resources without the need for traditional secrets or sensitive credentials.

In conclusion, the lecture not only dissects the mechanics of MSAL and authentication failures but also embarks on a broader conversation about the best practices in developing secure authentication solutions. Ben encourages an open dialogue among the audience for sharing experiences and best practices, underlining the importance of community knowledge in navigating the evolving landscape of authentication in cloud-native environments. The session wraps up by inviting questions, fostering an interactive atmosphere for attendees keen on exploring the topic further. All code discussed during the session is made available on Ben's GitHub for those looking to delve deeper into implementation.

Chapters:
00:00:00 Authentication unpacked What does MSAL actually do Ben Reader
00:00:36 Introduction to Authentication Unpacked
00:16:11 Interactive Authentication Techniques
00:19:28 Exploring Device Code Flow
00:20:47 Understanding Client Secret Flow
00:21:38 Leveraging Managed Identity FlowShow More

Authentication unpacked: What does MSAL actually do? Ben Reader

The lecture titled "Authentication Unpacked" explores the intricacies ...

PowerShell Security: A Journey Through Time - Miriam Wiesner & Anam Navied

This lecture explores the evolution of PowerShell security, with ...

This lecture explores the evolution of PowerShell security, with insights from Miriam, a Security Program Manager at Microsoft, and Anam, a software engineer on the PowerShell team. They delve into ...how security features have advanced through various PowerShell versions, emphasizing the importance of safeguarding scripts and automation within PowerShell.

Beginning with a historical perspective, the presentation outlines the initial challenges of earlier command-line interfaces (CLIs), such as CScript and Windows Script Host, which faced vulnerabilities and limited functionality. These CLIs lacked robust security features and often served as conduits for malware exploitation. Miriam and Anam narrate how Jeffrey Snover's vision, combining Unix principles with Windows systems, led to the development of PowerShell, starting in 2002. Their discussion reflects on how PowerShell fundamentally shifted the command-line environment by enabling object-oriented data manipulation and streamlined remote execution capabilities.

PowerShell's first version, released in 2006, marked a significant advancement with the introduction of script signing, which allowed users to validate the authenticity of scripts while cautioning that merely signing a script does not guarantee its security. The lecturers illustrate how application control tools like AppLocker can help establish trust for executing scripts. They also clarify the misconception surrounding the execution policy, which is not a security control but rather a safeguard against unintentional script execution.

As the conversation progresses to PowerShell version 2, attendees learn about enhancements in remote management and the introduction of privileges, illustrating how PowerShell began incorporating more nuanced security features. With version 3 came module logging and the ability to enforce constraints, representing further strides in safeguarding the execution environment from malicious scripts. The presenters stress the importance of logging and monitoring to detect unauthorized actions, citing how attackers often target older versions of PowerShell, specifically version 2, due to its inadequate security logging.

Continuing through the versions, version 4 introduces Desired State Configuration (DSC) for automating system management and self-healing capabilities, while version 5 introduces significant security features such as script block logging and constrained language modes. Both Miriam and Anam emphasize the increasing sophistication of security measures in PowerShell, such as Amsi, which integrates antivirus checks to inspect code before execution.

As they cover PowerShell version 6 and its cross-platform capabilities, the discussion highlights the move towards open-source software, enhancing transparency and security across environments. PowerShell 7, released in 2020, introduces lockdown mode and further restrictions on potentially dangerous operations, reflecting a heightened focus on security as threats evolve.

The lecture wraps up with practical recommendations for users: regular updates to secure versions of PowerShell, the necessity of logging, and cultivating a security-first mindset during script interactions. The duo concludes by underscoring that as the security landscape continues to shift, active engagement with PowerShell's security features remains essential to defending against potential threats in an ever-evolving technological environment.

Chapters:
00:00:00 PowerShell Security A Journey Through Time Miriam Wiesner and Anam Navied
00:00:39 Introduction to PowerShell Security
00:07:04 PowerShell Version 1 Features
00:08:28 PowerShell Version 2 Innovations
00:12:35 Enhancements in PowerShell Version 3
00:18:02 PowerShell Version 4: Desired State Configuration
00:20:01 PowerShell Version 5: Major Security Overhaul
00:26:14 Cross-Platform PowerShell Version 6
00:28:07 PowerShell Version 7: Lockdown and Security Features
00:33:05 Conclusion and Best PracticesShow More

The Human Side of PowerShell Scripting - Jeff Hicks

The lecture presented by Jeff Hicks, a seasoned PowerShell MVP, delves ...

The lecture presented by Jeff Hicks, a seasoned PowerShell MVP, delves into the "human side" of PowerShell scripting, focusing on the importance of understanding the end user in the development ...process. Hicks emphasizes the transition from purely technical mechanics to a more user-centric approach when writing scripts. He highlights that effective PowerShell scripting goes beyond syntax and mechanics; it's fundamentally about crafting code that caters to the needs and expectations of the users who will interact with it.

Hicks outlines essential concepts that every PowerShell user should understand, stressing that PowerShell commands do not operate in isolation. He warns against the trap of over-reliance on AI tools that generate syntax, as these tools lack the nuance of understanding user needs and experiences. Properly writing PowerShell code requires consideration of who will be using it, their level of expertise, and the environments in which the scripts will operate. By addressing these factors, scripts can be crafted to minimize friction and enhance user experience.

Throughout the lecture, Hicks discusses practical coding scenarios, demonstrating how to create scripts that accommodate varied user inputs. He explains the significance of input validation and parameter handling, illustrating these concepts with examples. By removing assumptions about user input, scripts can be designed to guide users smoothly through their tasks. Hicks shares coding techniques to improve user interaction, such as employing argument completers and parameter validation to reduce the burden on users to enter the correct input.

The session also explores the concept of meaningful feedback during code execution. Hicks advocates for the use of verbose outputs and debugging messages, which can significantly aid users in troubleshooting and understanding what is happening within the scripts. He describes how clear, informative error messages and written debug logs can alleviate confusion and enhance the overall user experience. This focus on transparency improves the reliability of scripts, making them easier to maintain and troubleshoot over time.

As Hicks transitions to discussing outputs, he notes the necessity of providing rich, meaningful objects that users can easily manipulate. He encourages scripting that separates data collection from formatting concerns, allowing for versatile use cases of the output. By delivering a comprehensive set of properties in the output, developers empower users to interact with the data in ways that best suit their needs, whether it be for reporting or further processing.

Hicks also addresses the importance of thinking about the future, urging developers not to limit their scripts based on current usage scenarios alone. By anticipating potential needs users may have down the line, scripters can build flexibility into their commands. This foresight, combined with an understanding of user contexts, contributes to the creation of PowerShell functions that are not only functional but also enjoyable to use.

In summary, the lecture emphasizes the philosophy of designing PowerShell scripts with the end-user in mind. This requires a balance of technical prowess and empathy, understanding that each command run has real-world implications for the user. Hicks calls on the audience to shift their mindset from simply generating code to crafting elegant tools that enhance the user experience and facilitate easier maintenance for future developers. By fostering this human-centric approach, PowerShell scripting can indeed be recognized as a craft—one that values meaningful interaction and efficiency for its users.

Chapters:
00:00:00 The Human Side of PowerShell Scripting Jeff Hicks
00:00:27 The Human Side of PowerShell Scripting
00:01:58 Essential PowerShell Concepts
00:03:52 The Role of AI in Scripting
00:06:32 Understanding User Expectations
00:13:46 Handling User Input
00:16:13 Anticipating User Behavior
00:18:04 Enhancing Code Usability
00:24:05 Providing Feedback During Execution
00:30:44 Output and Object Management
00:36:51 Crafting Rich Output
00:46:34 Designing for User Experience
00:52:18 The Craft of PowerShell ScriptingShow More

AutomatedLab Basics - Jan-Hendrik Peters

In this lecture, Jan-Hendrik Peters introduces Automated Lab, a ...

In this lecture, Jan-Hendrik Peters introduces Automated Lab, a framework designed to automate the process of deploying lab environments, primarily through Hyper-V and Azure. He begins by detailing his background, ...highlighting his extensive experience in PowerShell and cloud engineering, which culminates in his passion for simplifying lab setups through automation. The presentation aims to guide attendees through the foundational aspects of Automated Lab, enabling them to utilize it for various scenarios, including training, testing, and prototyping.

Peters explains the origins of Automated Lab, noting that it was developed to assist consultants and engineers in quickly creating reproducible environments that mirror client scenarios. This functionality is particularly beneficial for training workshops, where instructors can ensure all participants operate within the same configuration without detrimental risks. He elaborates on the framework's flexibility, supporting both Windows and Linux environments, while emphasizing the ease of installation and initial configuration. Peters highlights the importance of powerful foundational tools and commands, guiding the audience through the installation process of the Automated Lab PowerShell module and offering tips for navigating dependencies effectively.

As the discussion progresses, Peters transitions into a demonstration segment where he walks the audience through setting up a lab using Automated Lab. He shares practical insights on establishing lab sources and utilizes sample scripts to create a streamlined deployment process. Peters emphasizes that regardless of the host's operating system, the setup process remains consistent, integrating relevant commands for both Hyper-V and Azure-based environments. He showcases how to configure the necessary folder structure and sources efficiently, and illustrates the method to enable or disable telemetry for enhanced data collection about usage patterns.

Diving deeper into the demo, Peters explores the lab deployment intricacies, including the nuances of orchestrating operating system installs and managing virtual machines. He details how to create a new lab definition, add virtual machines, and assign roles such as domain controllers seamlessly. His meticulous approach underlines the framework's capabilities for operating at scale, providing attendees with insights into creating complex network configurations and experimenting with various system roles without the usual overhead of manual setup.

Throughout the session, Peters interacts with the audience dynamically, addressing common concerns and troubleshooting as issues arise during the live demonstration. He highlights the significance of automation in reducing potential errors and simplifying repetitive tasks, which is crucial for both novice and experienced users. By the end of the lecture, attendees gain a foundational understanding of how Automated Lab operates, equipped with the confidence to leverage this tool for their specific needs, whether that be for personal projects, training environments, or professional development initiatives.

Chapters:
00:00:00 AutomatedLab Basics Jan Hendrik Peters
00:00:22 Introduction to Automated Lab
00:10:35 Documentation and Lab Sources Setup
00:12:37 Configuring Telemetry and Sources
00:19:15 Advanced Configuration Options
00:24:21 Setting Up Your Lab Environment
00:28:16 Installing Software Packages
00:32:14 Exploring Roles and ScenariosShow More

Command Intelligence AIShell’s MCP Integration & Built-In Tools for PowerShell - D. Wang & S. Bucher

The lecture focuses on the new features and capabilities of the AI ...

The lecture focuses on the new features and capabilities of the AI Shell, a command-line interface tool designed to integrate AI assistance into the CLI environment, particularly within PowerShell. Steven ...Bucher and Dongbo Wang lead the discussion, highlighting various functionalities and enhancements that empower users to navigate command lines more confidently and efficiently.

Initially, Bucher provides context about AI Shell, outlining its intended purpose to alleviate the intimidation many users feel when working with command lines. He describes AI Shell as a supportive colleague, effectively transforming the command line interface experience by utilizing the power of AI systems and large language models (LLMs). The goal is to assist users in generating commands, explaining parameters, and ensuring they realize the implications of their actions in real-time.

The conversation then transitions to the Model Context Protocol (MCP), which serves as a pivotal infrastructure that enables AI models to access functional commands and tools. Wang explains that MCP empowers the AI to not just predict the next word but to execute commands that can retrieve or manipulate data effectively, such as checking the weather or listing storage accounts. This powerful feature enhances the AI Shell's usability, making it a practical addition for both new and experienced users.

The core of the session is a detailed live demonstration by Wang. He introduces several commands within AI Shell focusing on how it interacts with PowerShell through a sidecar experience that allows for rich interactions during a connected PowerShell session. He illustrates various command functionalities, such as starting the AI Shell, invoking commands directly from the session, and querying the AI for assistance in generating and fixing PowerShell commands based on user input.

Wang showcases the AI Shell's built-in tools, emphasizing their utility for retrieving context information and running commands seamlessly within PowerShell. For example, he demonstrates how users can inquire about Git configuration or troubleshoot common errors with AI Shell providing corresponding commands and explanations to rectify mistakes. This interaction is particularly beneficial for beginners who are still familiarizing themselves with command line constructs.

Throughout the demonstration, Wang effectively illustrates the wide range of commands provided by the AI Shell, emphasizing its natural language processing capabilities, error analysis, and command execution on behalf of users. He walks through scenarios where the AI generates appropriate commands based on user queries, highlighting its ability to understand context and provide precise guidance without needing to switch back and forth between different interfaces.

Towards the end of the lecture, discussions about MCP server configurations are introduced. Wang describes how users can set up and configure their MCP servers, enabling the AI Shell to interface with external data sources or retrieve documentation. He reinforces the idea that creating MCP servers can enhance the functionality of the AI Shell, offering the potential for tailored spaces that interact with specific user environments.

Bucher concludes with information on how attendees can get started with AI Shell, encouraging them to explore its features, whether on Windows or other operating systems, and to contribute feedback as the project continues to evolve. The session highlights the immense potential of integrating AI with command-line operations, making technology more accessible to users of all skill levels.

Chapters:
00:00:00 Command Intelligence AIShell’s MCP Integration and Built In Tools for PowerShell Dongbo Wan…
00:00:23 Welcome to Power Show Conference EU
00:03:35 Introduction to AI Shell
00:04:47 Understanding Model Context Protocol
00:07:36 AI Shell Demo Begins
00:19:42 Error Handling and Fixing Commands
00:25:25 Exploring Built-in Tools
00:28:31 MCP Server Support
00:35:39 Resources and Further Learning
00:37:46 Building Custom MCP ServersShow More

DSCv3+MCP - Steve Lee

In this lecture, the speaker introduces the concepts of Desired State ...

In this lecture, the speaker introduces the concepts of Desired State Configuration (DSC) and Model Context Protocol (MCP), aiming to demystify their functionalities and encourage audience engagement. Attendees are prompted ...to indicate their familiarity with DSC and MCP, setting the stage for a deeper exploration of these frameworks. The speaker, who has extensive experience at Microsoft, particularly in system management, gives a brief personal introduction, highlighting their role in developing PowerShell and various related products.

The lecture outlines the structure of DSC version 3, emphasizing its revolutionary nature compared to its predecessors. The new version aims to provide a simpler, more flexible resource authoring experience, allowing developers to write in multiple programming languages rather than being restricted to PowerShell. This improvement addresses user feedback regarding the complexity of previous DSC versions. Moreover, DSC v3 moves away from outdated methodologies and embraces contemporary formats like JSON and YAML, aligning with popular industry standards to facilitate the configuration management process. The speaker emphasizes DSC's ability to manage settings declaratively and idempotently, offering the audience clarity on how configurations can be reapplied without causing unintended side effects.

Following the DSC overview, the focus shifts to MCP, explained as a protocol for enabling seamless interaction between language models and real-world tools. The speaker links the emergence of MCP to advancements in AI, particularly in the realm of large language models. These models, trained on substantial datasets, can interpret natural language requests, but require a standardized approach to interact with various resources and prompts effectively. The lecture discusses the significance of MCP servers, which facilitate this interaction and warns against using untrusted servers, highlighting security considerations.

The speaker shares a personal anecdote from a past conference, illustrating the practical application of MCP in addressing real-world problems, such as switching display settings for a presentation. This narrative underscores the potential of intelligent agents to simplify complex tasks, creating a vision for how MCP can transform everyday operations. As the lecture progresses, the speaker shares insights and advice for those interested in developing their own MCP servers. The discussion touches on concepts like token management in language models, illustrating the need for careful consideration in tool design to ensure effective communication and task execution.

The presentation transitions to a demo section, showcasing the existing tools available in the MCP preview, including functionalities to list DSC resources and perform various operations. The speaker emphasizes the importance of crafting effective outputs for both humans and language models, exploring the need for comprehensive documentation and contextual information that enhances user experience.

In the latter part of the lecture, the speaker provides a live demonstration using tools like the MCP Inspector and VS Code to connect and interact with the MCP server, displaying the practical applications of the discussed concepts. The demo highlights both the potential and limitations of current implementations, revealing areas for further improvement.

Towards the conclusion, the speaker outlines future directions for the MCP project, including introducing new tools and enhancing documentation for better user interaction. A notable focus is placed on engaging the audience to contribute to resource development and testing within the community, encouraging collaborative efforts to enrich the ecosystem. The lecture wraps up with key takeaways, reinforcing the importance of DSC v3 in modern configuration management and advocating for a proactive approach in adopting agentic software to streamline processes.

Chapters:
00:00:00 DSCv3+MCP Steve Lee
00:00:18 Introduction to DSC and MCP
00:00:31 Understanding DSC: Desired State Configuration
00:05:07 Exploring MCP: Model Context Protocol
00:08:37 The Birth of the MCP Project
00:10:23 Creating an MCP Server
00:13:34 Tools Available in Preview
00:14:55 Live Demo: MCP Inspector
00:22:51 Interacting with the MCP Server
00:26:13 Utilizing Windows Settings Resource
00:33:10 Testing with Pester
00:39:20 Future Plans and Call to ActionShow More

MiniCon 2025

Authentication unpacked: What does MSAL actually do? Ben Reader

Have a look at the PSConfEU MiniCon 2025 schedule!

Contact info

Additional links