VSCode Extension Deployment with Intune - Björn Sundling, David Sass - PSConfEU 2025
PowerShell Conference EUJune 23-26, 2025
Clarion Malmö Live
https://github.com/psconfeu/2025 (slides, code)
(final cut)
Abstract:
The VS Code extension marketplace is a double-edged sword: it gives us countless extensions which make our lives a lot ...easier, but on the other hand it contains malicious extensions impersonating popular tools or just plain simple info stealers. This means there is a significant risk that these extensions can leak your developer credentials together with your source code, and as is stands today we lack a clear way to manage these risk.
In this session, we’ll design and implement a governance solution using the combination of PowerShell, CI/CD workflows, pipelines, and artifacts together with code scanning, and finally with Intune to mitigate these risks. By the end, you’ll have a framework adaptable to other package ecosystems like NuGet and npm, bringing a scalable, enterprise-ready layer of security to your development workflows.
Summary (autogen):
This session focuses on deploying Visual Studio Code (VS Code) extensions using Microsoft Intune, led by David and Björn. The discussion begins with a light-hearted introduction, emphasizing their backgrounds and expertise in the fields of Intune and DevOps. David, a security domain architect, explains the need for managing supply chain risks, particularly for developers and system admins who often handle sensitive data and privileged access. Both speakers highlight serious incidents in the tech community, such as NotPetya and SolarWinds, where supply chain vulnerabilities led to significant breaches, emphasizing the urgent need for improved security practices in the software development lifecycle.
David continues by outlining the unique risks posed by the VS Code extension marketplace. As the industry witnesses an increase in malicious extensions targeting developers, the importance of vetting these tools becomes crucial. They share alarming instances where popular extensions contained vulnerabilities, putting countless users at risk. This vulnerability landscape drives home the message that security should not compromise developer experience; rather, proactive security measures should be integrated into the development process to enhance both productivity and safety.
Björn introduces the technical aspects of their project aimed at automating the installation and verification of trusted VS Code extensions via Intune. The starting point of the project was to establish a method for users to easily request new extensions without going through cumbersome approval processes. They envision a curated list of extensions that are both securely vetted and readily accessible, allowing developers to install approved tools through a straightforward self-service model. The speakers emphasize the importance of seamlessly integrating security checks into their workflow, such as verifying downloaded extensions against known signatures and running them through appropriate security tools.
A significant part of the discussion revolves around the intricacies of building a solution that can download and validate VS Code extensions. David and Björn delve into the technical challenges overcome in developing a working script to retrieve metadata and download the requisite VSIX packages from the Visual Studio Marketplace. They explain the process of reverse-engineering the APIs, which are not formally documented, showcasing their problem-solving skills in navigating technical constraints. The integration of these packages into Intune via PowerShell scripts forms the backbone of their solution, with a particular focus on ensuring that users get the correct versions of extensions while minimizing security risks.
Chapters:
00:00:00 VSCode Extension Deployment with Intune - Börn Sundling, David Sass - PSConfEU 2025
00:00:39 Introduction to VS Code Extensions
00:00:55 Supply Chain Risks in Development
00:06:11 The Importance of Security in Tools
00:08:13 Curating Trusted Extensions
00:09:46 Automating Software Installation with Intune
00:10:26 The Challenges of VS Code Extension Management
00:12:48 Implementing a Package Verification Process
00:15:04 Creating a User-Friendly Extension Request System
00:16:51 Verifying Downloaded Extensions
00:19:36 Uploading Extensions to Azure Blob Storage
00:23:05 Intune's Role in Extension Delivery
00:24:54 Packaging Extensions for Intune
00:30:37 Logging and Monitoring Installations
00:32:26 Future Improvements and Next StepsShow More
VSCode Extension Deployment with Intune - Björn Sundling, David Sass - PSConfEU 2025
PowerShell Conference EU June 23-26, 2025 Clarion Malmö Live ...
PowerShell Conference EU
June 23-26, 2025
Clarion Malmö Live
https://github.com/psconfeu/2025 (slides, code)
(final cut)
Abstract:
The VS Code extension marketplace is a double-edged sword: it gives us countless extensions which make our lives a lot ...easier, but on the other hand it contains malicious extensions impersonating popular tools or just plain simple info stealers. This means there is a significant risk that these extensions can leak your developer credentials together with your source code, and as is stands today we lack a clear way to manage these risk.
In this session, we’ll design and implement a governance solution using the combination of PowerShell, CI/CD workflows, pipelines, and artifacts together with code scanning, and finally with Intune to mitigate these risks. By the end, you’ll have a framework adaptable to other package ecosystems like NuGet and npm, bringing a scalable, enterprise-ready layer of security to your development workflows.
Summary (autogen):
This session focuses on deploying Visual Studio Code (VS Code) extensions using Microsoft Intune, led by David and Björn. The discussion begins with a light-hearted introduction, emphasizing their backgrounds and expertise in the fields of Intune and DevOps. David, a security domain architect, explains the need for managing supply chain risks, particularly for developers and system admins who often handle sensitive data and privileged access. Both speakers highlight serious incidents in the tech community, such as NotPetya and SolarWinds, where supply chain vulnerabilities led to significant breaches, emphasizing the urgent need for improved security practices in the software development lifecycle.
David continues by outlining the unique risks posed by the VS Code extension marketplace. As the industry witnesses an increase in malicious extensions targeting developers, the importance of vetting these tools becomes crucial. They share alarming instances where popular extensions contained vulnerabilities, putting countless users at risk. This vulnerability landscape drives home the message that security should not compromise developer experience; rather, proactive security measures should be integrated into the development process to enhance both productivity and safety.
Björn introduces the technical aspects of their project aimed at automating the installation and verification of trusted VS Code extensions via Intune. The starting point of the project was to establish a method for users to easily request new extensions without going through cumbersome approval processes. They envision a curated list of extensions that are both securely vetted and readily accessible, allowing developers to install approved tools through a straightforward self-service model. The speakers emphasize the importance of seamlessly integrating security checks into their workflow, such as verifying downloaded extensions against known signatures and running them through appropriate security tools.
A significant part of the discussion revolves around the intricacies of building a solution that can download and validate VS Code extensions. David and Björn delve into the technical challenges overcome in developing a working script to retrieve metadata and download the requisite VSIX packages from the Visual Studio Marketplace. They explain the process of reverse-engineering the APIs, which are not formally documented, showcasing their problem-solving skills in navigating technical constraints. The integration of these packages into Intune via PowerShell scripts forms the backbone of their solution, with a particular focus on ensuring that users get the correct versions of extensions while minimizing security risks.
Chapters:
00:00:00 VSCode Extension Deployment with Intune - Börn Sundling, David Sass - PSConfEU 2025
00:00:39 Introduction to VS Code Extensions
00:00:55 Supply Chain Risks in Development
00:06:11 The Importance of Security in Tools
00:08:13 Curating Trusted Extensions
00:09:46 Automating Software Installation with Intune
00:10:26 The Challenges of VS Code Extension Management
00:12:48 Implementing a Package Verification Process
00:15:04 Creating a User-Friendly Extension Request System
00:16:51 Verifying Downloaded Extensions
00:19:36 Uploading Extensions to Azure Blob Storage
00:23:05 Intune's Role in Extension Delivery
00:24:54 Packaging Extensions for Intune
00:30:37 Logging and Monitoring Installations
00:32:26 Future Improvements and Next StepsShow More
June 23-26, 2025
Clarion Malmö Live
https://github.com/psconfeu/2025 (slides, code)
(final cut)
Abstract:
The VS Code extension marketplace is a double-edged sword: it gives us countless extensions which make our lives a lot ...easier, but on the other hand it contains malicious extensions impersonating popular tools or just plain simple info stealers. This means there is a significant risk that these extensions can leak your developer credentials together with your source code, and as is stands today we lack a clear way to manage these risk.
In this session, we’ll design and implement a governance solution using the combination of PowerShell, CI/CD workflows, pipelines, and artifacts together with code scanning, and finally with Intune to mitigate these risks. By the end, you’ll have a framework adaptable to other package ecosystems like NuGet and npm, bringing a scalable, enterprise-ready layer of security to your development workflows.
Summary (autogen):
This session focuses on deploying Visual Studio Code (VS Code) extensions using Microsoft Intune, led by David and Björn. The discussion begins with a light-hearted introduction, emphasizing their backgrounds and expertise in the fields of Intune and DevOps. David, a security domain architect, explains the need for managing supply chain risks, particularly for developers and system admins who often handle sensitive data and privileged access. Both speakers highlight serious incidents in the tech community, such as NotPetya and SolarWinds, where supply chain vulnerabilities led to significant breaches, emphasizing the urgent need for improved security practices in the software development lifecycle.
David continues by outlining the unique risks posed by the VS Code extension marketplace. As the industry witnesses an increase in malicious extensions targeting developers, the importance of vetting these tools becomes crucial. They share alarming instances where popular extensions contained vulnerabilities, putting countless users at risk. This vulnerability landscape drives home the message that security should not compromise developer experience; rather, proactive security measures should be integrated into the development process to enhance both productivity and safety.
Björn introduces the technical aspects of their project aimed at automating the installation and verification of trusted VS Code extensions via Intune. The starting point of the project was to establish a method for users to easily request new extensions without going through cumbersome approval processes. They envision a curated list of extensions that are both securely vetted and readily accessible, allowing developers to install approved tools through a straightforward self-service model. The speakers emphasize the importance of seamlessly integrating security checks into their workflow, such as verifying downloaded extensions against known signatures and running them through appropriate security tools.
A significant part of the discussion revolves around the intricacies of building a solution that can download and validate VS Code extensions. David and Björn delve into the technical challenges overcome in developing a working script to retrieve metadata and download the requisite VSIX packages from the Visual Studio Marketplace. They explain the process of reverse-engineering the APIs, which are not formally documented, showcasing their problem-solving skills in navigating technical constraints. The integration of these packages into Intune via PowerShell scripts forms the backbone of their solution, with a particular focus on ensuring that users get the correct versions of extensions while minimizing security risks.
Chapters:
00:00:00 VSCode Extension Deployment with Intune - Börn Sundling, David Sass - PSConfEU 2025
00:00:39 Introduction to VS Code Extensions
00:00:55 Supply Chain Risks in Development
00:06:11 The Importance of Security in Tools
00:08:13 Curating Trusted Extensions
00:09:46 Automating Software Installation with Intune
00:10:26 The Challenges of VS Code Extension Management
00:12:48 Implementing a Package Verification Process
00:15:04 Creating a User-Friendly Extension Request System
00:16:51 Verifying Downloaded Extensions
00:19:36 Uploading Extensions to Azure Blob Storage
00:23:05 Intune's Role in Extension Delivery
00:24:54 Packaging Extensions for Intune
00:30:37 Logging and Monitoring Installations
00:32:26 Future Improvements and Next StepsShow More
PowerShelling Active Directory - far and wide - Evgenij Smirnov - PSConfEU 2025
PowerShell Conference EU June 23-26, 2025 Clarion Malmö Live ...
PowerShell Conference EU
June 23-26, 2025
Clarion Malmö Live
https://github.com/psconfeu/2025 (slides, code)
Abstract:
Everybody knows Get-ADUser -Filter * -Properties *, and in a lab or a small(ish) production environment, you can even get by using ...the built-functionality, not caring about filtering or your scripts' execution time. The situation changes dramatically if your Active Directory landscape is big - be it in terms of object count, group nesting depth, domain topology, number of forests or all of the above!
In this session, we will look at proven techniques for successfully using PowerShell with sizeable Active Directory environments, explore several everyday use cases and, if time permits, even one or two exotic ones.
Summary (autogen):
Evgenij, explores the intricacies of using PowerShell for managing and scripting with Active Directory (AD). With over three decades of experience in the field, including significant expertise with Active Directory, he sets the stage by highlighting the relevance of the topic in modern IT environments. Evgenij emphasizes that despite the evolving landscape, Active Directory remains a foundational technology, which serves as the premise for his forthcoming discussions.
The lecture begins with an examination of the limitations inherent in the native PowerShell commandlets associated with Active Directory. Evgenij articulates the challenges faced when dealing with large sets of objects — a problem that many in attendance are likely to encounter in their work. He critiques the Active Directory Web Services (ADWS) model, which, while functional, may not operate optimally in all situations due to its reliance on web services that diverge from the widely-used LDAP protocol. This divergence raises questions about accessibility, performance, and the overall architecture of PowerShell modules interfacing with AD.
Evgenij provides insights into alternative approaches to scripting within AD using System.DirectoryServices classes found in the .NET framework. This includes a low-level look at directory manipulation and object management through scripts designed for effective querying. The lecture also touches on the importance of understanding the context of Active Directory environments — emphasizing the need for identifying domain controllers upfront, as well as establishing appropriate configurations and permissions for successful data retrieval.
Throughout the session, Evgenij presents his findings on performance comparisons among various tools, including comparisons between the native AD module, System.DirectoryServices, and the PS OpenAD module developed by Jordan Borean. He showcases intricate examples of performance tests in controlled environments, where the number of objects and operational speed is meticulously documented.
One notable part of the lecture involves a practical demonstration of processing paged results effectively. Evgenij explains the concept of indexing and its critical role in optimizing performance. He illustrates how using indexed attributes can drastically decrease retrieval times for large sets of data, with ratios of execution speed varying significantly based on the attribute used in searches. This insight serves as a powerful reminder for attendees about the potential speed-ups available through thoughtful schema management.
Evgenij explores more advanced concepts such as recursive group memberships and nested loops within Active Directory, drawing attention to the necessity of careful coding practices to mitigate resource usage during execution. He discusses methods for detecting looped membership, warning of performance penalties associated with certain built-in functions due to the complex calculations involved.
The discussion shifts to best practices surrounding permissions processing in Active Directory. Evgenij underscores the importance of permissions and their implications for organizational security. He introduces the notion of incorporating Security Descriptor Definition Language (SDDL) strings for efficient permissions management, demonstrating how regex can be leveraged to quickly identify the permissions assigned to specific users.
Chapters:
00:00:00 PowerShelling Active Directory - far and wide - Evgenij Smirnov - PSConfEU 2025
00:00:12 Welcome to the first session after launch
00:34:24 Dealing with Nested Group Memberships
00:38:36 Handling Permissions in Active DirectoryShow More
June 23-26, 2025
Clarion Malmö Live
https://github.com/psconfeu/2025 (slides, code)
Abstract:
Everybody knows Get-ADUser -Filter * -Properties *, and in a lab or a small(ish) production environment, you can even get by using ...the built-functionality, not caring about filtering or your scripts' execution time. The situation changes dramatically if your Active Directory landscape is big - be it in terms of object count, group nesting depth, domain topology, number of forests or all of the above!
In this session, we will look at proven techniques for successfully using PowerShell with sizeable Active Directory environments, explore several everyday use cases and, if time permits, even one or two exotic ones.
Summary (autogen):
Evgenij, explores the intricacies of using PowerShell for managing and scripting with Active Directory (AD). With over three decades of experience in the field, including significant expertise with Active Directory, he sets the stage by highlighting the relevance of the topic in modern IT environments. Evgenij emphasizes that despite the evolving landscape, Active Directory remains a foundational technology, which serves as the premise for his forthcoming discussions.
The lecture begins with an examination of the limitations inherent in the native PowerShell commandlets associated with Active Directory. Evgenij articulates the challenges faced when dealing with large sets of objects — a problem that many in attendance are likely to encounter in their work. He critiques the Active Directory Web Services (ADWS) model, which, while functional, may not operate optimally in all situations due to its reliance on web services that diverge from the widely-used LDAP protocol. This divergence raises questions about accessibility, performance, and the overall architecture of PowerShell modules interfacing with AD.
Evgenij provides insights into alternative approaches to scripting within AD using System.DirectoryServices classes found in the .NET framework. This includes a low-level look at directory manipulation and object management through scripts designed for effective querying. The lecture also touches on the importance of understanding the context of Active Directory environments — emphasizing the need for identifying domain controllers upfront, as well as establishing appropriate configurations and permissions for successful data retrieval.
Throughout the session, Evgenij presents his findings on performance comparisons among various tools, including comparisons between the native AD module, System.DirectoryServices, and the PS OpenAD module developed by Jordan Borean. He showcases intricate examples of performance tests in controlled environments, where the number of objects and operational speed is meticulously documented.
One notable part of the lecture involves a practical demonstration of processing paged results effectively. Evgenij explains the concept of indexing and its critical role in optimizing performance. He illustrates how using indexed attributes can drastically decrease retrieval times for large sets of data, with ratios of execution speed varying significantly based on the attribute used in searches. This insight serves as a powerful reminder for attendees about the potential speed-ups available through thoughtful schema management.
Evgenij explores more advanced concepts such as recursive group memberships and nested loops within Active Directory, drawing attention to the necessity of careful coding practices to mitigate resource usage during execution. He discusses methods for detecting looped membership, warning of performance penalties associated with certain built-in functions due to the complex calculations involved.
The discussion shifts to best practices surrounding permissions processing in Active Directory. Evgenij underscores the importance of permissions and their implications for organizational security. He introduces the notion of incorporating Security Descriptor Definition Language (SDDL) strings for efficient permissions management, demonstrating how regex can be leveraged to quickly identify the permissions assigned to specific users.
Chapters:
00:00:00 PowerShelling Active Directory - far and wide - Evgenij Smirnov - PSConfEU 2025
00:00:12 Welcome to the first session after launch
00:34:24 Dealing with Nested Group Memberships
00:38:36 Handling Permissions in Active DirectoryShow More
Malmö, in retrospect - PSConfEU 2025
A QUICK NOTE We have tried to review the 4 days in Malmö in a humorous ...
A QUICK NOTE
We have tried to review the 4 days in Malmö in a humorous way. We hope you like our little ‘language joke’. Curated subtitles are available in German ...and English. Have fun, we look forward to your comments.
PowerShell Conference EU
June 23-26, 2025
Clarion Malmö Live
https://github.com/psconfeu/2025 (slides, code)
The participants
Miriam Wiesner (https://www.linkedin.com/in/miriamwiesner/)
Dominik Betz (https://www.linkedin.com/in/dominik-betz)
Thorsten Butz (https://www.linkedin.com/in/thorstenbutz/)
Related videos
a) Miriam's session about the "evil cookie monster" in 2025
I’m in your browser, eating your cookies - Miriam Wiesner - PSConfEU 2025
https://youtu.be/8xDcq0pPNPs
b) Miriam's prvieous session from 2024
Practical PowerShell Empowerment For Protectors (Blue Team) - Miriam Wiesner - PSConfEU 2024
https://youtu.be/JgqbR-7O7TI
c) Shorten the code (also) with Dominik
Community demos and closing session - PSConfEU 2025
https://youtu.be/QaOPbOeFNC4
Greetings
.. to Xavier (https://www.linkedin.com/in/xavier-clinquart/)
from the belgian PowerShell (User Group https://bepug.be)
Summary (autogen):
In this episode, we delve into the recent PowerShell Conference, where Miriam, Dominik, and Thorsten share our experiences and key takeaways from four exhilarating and exhausting days of learning and networking. The excitement is palpable as we celebrate the conference's upcoming return to Germany for its anniversary in 2026, reflecting on our shared love for travel and the sense of community fostered at these events.
Miriam opens up about her experience at this year's conference, highlighting the joy of reconnecting with PowerShell enthusiasts and making new connections. Despite the inevitable post-conference syndrome setting in, she emphasizes the energy and camaraderie that make the effort worthwhile. Dominik echoes these sentiments, sharing his own experiences from previous years, underscoring the importance of these gatherings for professional growth and community support.
We then casually transition into a light-hearted discussion about language and the challenges of speaking English in a predominantly German context. This leads us to the intriguing thought of how our multilingual podcast might be received by listeners. The conversation then shifts to the themes and topics presented during the conference. Miriam elaborates on her session, which involved demonstrating a real-world attack scenario where Multi-Factor Authentication (MFA) was bypassed. She reflects on the feedback received and highlights the complexities of security demonstrations in today's digital landscape.
Dominik shares his fascinating journey through the coding contest at the conference, where he optimized a PowerShell script significantly with the help of AI. He discusses how collaboration with AI tools can lead to unexpected and superior solutions, emphasizing the importance of critical thinking and educated prompting. We explore how these technologies can enhance our work but also stress that foundational knowledge in coding and security principles remains crucial.
The discussion inevitably steers toward the future of technology, particularly AI’s role in programming and security. Miriam, working as a Security Research Product Manager at Microsoft, shares insights into upcoming trends and challenges in her field. We ponder the impact of AI on the coding profession and the importance of understanding the underlying principles despite the increased reliance on artificial intelligence tools.
As we wrap up, we reflect on the challenges of promoting new technologies like PowerShell within traditional corporate environments. Dominik notes how it's easier to drive change within his team than across the entire organization, highlighting the ongoing need for advocacy and education in the workplace.
As we look forward to next year’s conference in Wiesbaden, we express our gratitude for the opportunity to connect and share our insights, eagerly anticipating the future of PowerShell and the vibrant community that supports it.
Chapters:
00:00:00 Malmö, in retrospect - PSConfEU 2025
00:00:33 Introduction to the Podcast
00:01:25 Conference Reflections
00:02:33 Session Highlights
00:05:05 Video Release Strategy
00:05:39 Contest Achievements
00:07:41 AI in Coding
00:09:50 Insights on Learning
00:10:48 Future of AI
00:12:17 Customer Engagement
00:12:58 Agentic Design Discussion
00:14:36 Security in AI
00:15:23 Looking Ahead
00:17:08 PowerShell in the Workplace
00:18:29 Closing ThoughtsShow More
We have tried to review the 4 days in Malmö in a humorous way. We hope you like our little ‘language joke’. Curated subtitles are available in German ...and English. Have fun, we look forward to your comments.
PowerShell Conference EU
June 23-26, 2025
Clarion Malmö Live
https://github.com/psconfeu/2025 (slides, code)
The participants
Miriam Wiesner (https://www.linkedin.com/in/miriamwiesner/)
Dominik Betz (https://www.linkedin.com/in/dominik-betz)
Thorsten Butz (https://www.linkedin.com/in/thorstenbutz/)
Related videos
a) Miriam's session about the "evil cookie monster" in 2025
I’m in your browser, eating your cookies - Miriam Wiesner - PSConfEU 2025
https://youtu.be/8xDcq0pPNPs
b) Miriam's prvieous session from 2024
Practical PowerShell Empowerment For Protectors (Blue Team) - Miriam Wiesner - PSConfEU 2024
https://youtu.be/JgqbR-7O7TI
c) Shorten the code (also) with Dominik
Community demos and closing session - PSConfEU 2025
https://youtu.be/QaOPbOeFNC4
Greetings
.. to Xavier (https://www.linkedin.com/in/xavier-clinquart/)
from the belgian PowerShell (User Group https://bepug.be)
Summary (autogen):
In this episode, we delve into the recent PowerShell Conference, where Miriam, Dominik, and Thorsten share our experiences and key takeaways from four exhilarating and exhausting days of learning and networking. The excitement is palpable as we celebrate the conference's upcoming return to Germany for its anniversary in 2026, reflecting on our shared love for travel and the sense of community fostered at these events.
Miriam opens up about her experience at this year's conference, highlighting the joy of reconnecting with PowerShell enthusiasts and making new connections. Despite the inevitable post-conference syndrome setting in, she emphasizes the energy and camaraderie that make the effort worthwhile. Dominik echoes these sentiments, sharing his own experiences from previous years, underscoring the importance of these gatherings for professional growth and community support.
We then casually transition into a light-hearted discussion about language and the challenges of speaking English in a predominantly German context. This leads us to the intriguing thought of how our multilingual podcast might be received by listeners. The conversation then shifts to the themes and topics presented during the conference. Miriam elaborates on her session, which involved demonstrating a real-world attack scenario where Multi-Factor Authentication (MFA) was bypassed. She reflects on the feedback received and highlights the complexities of security demonstrations in today's digital landscape.
Dominik shares his fascinating journey through the coding contest at the conference, where he optimized a PowerShell script significantly with the help of AI. He discusses how collaboration with AI tools can lead to unexpected and superior solutions, emphasizing the importance of critical thinking and educated prompting. We explore how these technologies can enhance our work but also stress that foundational knowledge in coding and security principles remains crucial.
The discussion inevitably steers toward the future of technology, particularly AI’s role in programming and security. Miriam, working as a Security Research Product Manager at Microsoft, shares insights into upcoming trends and challenges in her field. We ponder the impact of AI on the coding profession and the importance of understanding the underlying principles despite the increased reliance on artificial intelligence tools.
As we wrap up, we reflect on the challenges of promoting new technologies like PowerShell within traditional corporate environments. Dominik notes how it's easier to drive change within his team than across the entire organization, highlighting the ongoing need for advocacy and education in the workplace.
As we look forward to next year’s conference in Wiesbaden, we express our gratitude for the opportunity to connect and share our insights, eagerly anticipating the future of PowerShell and the vibrant community that supports it.
Chapters:
00:00:00 Malmö, in retrospect - PSConfEU 2025
00:00:33 Introduction to the Podcast
00:01:25 Conference Reflections
00:02:33 Session Highlights
00:05:05 Video Release Strategy
00:05:39 Contest Achievements
00:07:41 AI in Coding
00:09:50 Insights on Learning
00:10:48 Future of AI
00:12:17 Customer Engagement
00:12:58 Agentic Design Discussion
00:14:36 Security in AI
00:15:23 Looking Ahead
00:17:08 PowerShell in the Workplace
00:18:29 Closing ThoughtsShow More
Community demos and closing session - PSConfEU 2025
This is the final session of PSConfEU 2025 in Malmö! Congratulations ...
This is the final session of PSConfEU 2025 in Malmö!
Congratulations to the winners of the "Fasten the code" competition:
- Daniel Lettau
- Dominik Betz
- Matthias Pfaffmann
- Erik Rasmussen
Chapters:
00:00:00 Community demos ...
00:00:38 Xavier Clinquart / BPUG): Fasten the code
00:04:50 Frank van Zandwijk: Ansible enabled through Azure Arc SSH
00:08:22 Alexandre Jardon: WinBGP
00:14:24 Gijs Reijn: What's new in Microsoft DSC 3.1
00:20:35 James ONeill: Tied Variables
00:25:10 Christian Ritter: Events?! We don't speak Event-Log here
00:30:40 Marnix Van Lint: Message of the day AKA MOT
00:35:07 Ben Reader: Everyone's Password is "123"
00:40:46 Björn Sundling: Ben's password may be 123 - but your's shouldn't be
00:46:50 Justin Grote: A very quick demo about an error message
00:47:32 Adam Driscoll: Run PowerShell 7 in PowerGui
00:50:05 Jordan Borean: @SplattingEnhancements
00:55:57 Closing ceremonyShow More
Congratulations to the winners of the "Fasten the code" competition:
- Daniel Lettau
- Dominik Betz
- Matthias Pfaffmann
- Erik Rasmussen
Chapters:
00:00:00 Community demos ...
00:00:38 Xavier Clinquart / BPUG): Fasten the code
00:04:50 Frank van Zandwijk: Ansible enabled through Azure Arc SSH
00:08:22 Alexandre Jardon: WinBGP
00:14:24 Gijs Reijn: What's new in Microsoft DSC 3.1
00:20:35 James ONeill: Tied Variables
00:25:10 Christian Ritter: Events?! We don't speak Event-Log here
00:30:40 Marnix Van Lint: Message of the day AKA MOT
00:35:07 Ben Reader: Everyone's Password is "123"
00:40:46 Björn Sundling: Ben's password may be 123 - but your's shouldn't be
00:46:50 Justin Grote: A very quick demo about an error message
00:47:32 Adam Driscoll: Run PowerShell 7 in PowerGui
00:50:05 Jordan Borean: @SplattingEnhancements
00:55:57 Closing ceremonyShow More
A lazy coders guide to exploiting class features - James O'Neill - PSConfEU 2025
PowerShell Conference EU June 23-26, 2025 Clarion Malmö Live ...
PowerShell Conference EU
June 23-26, 2025
Clarion Malmö Live
https://github.com/psconfeu/2025 (slides, code)
Abstract:
A lot of us avoid writing PowerShell classes, or find we have now need; this session will show some of the benefits ...that classes bring for organizing code, but it will also look at things we can do to without ever having to define a class of our own to get PowerShell to save us and effort.
Summary (autogen):
This session , titled "A Lazy Coder's Guide to Exploiting Class Features," offers a comprehensive exploration of techniques in PowerShell programming, particularly focused on utilizing class features effectively. The speaker shares personal insights and experiences drawn from years of experience both in academia and the tech industry, emphasizing the importance of practicality and efficiency in coding practices.
The session begins with an overview of the speaker's background, highlighting a transition from extensive corporate experience at Microsoft to freelance and writing endeavors. As the discussion unfolds, the speaker reflects on the frequent repetition of common coding techniques and how these have influenced his approach to writing a PowerShell book, specifically the reasons why one might choose to forego the use of PowerShell classes. This sets the stage for an engaging exploration of when and how to utilize classes within PowerShell, challenging conventional computer science teachings about object-oriented programming and class structure.
Key topics include a detailed examination of the PowerShell type system, emphasizing that while classes are a useful tool, they aren't always necessary. The speaker explains how PowerShell's extensible type system allows for the augmentation of existing objects without the need to define classes from scratch. Illustrating this point, he discusses the common use of existing class structures and how they can be effectively manipulated through methods like `Add-Member` and `Update-TypeData`. The session also covers the benefits of integrating formatting XML files to customize the presentation of data, aiming to enhance the user experience when working with command outputs.
Throughout the presentation, the speaker utilizes practical examples, including a demo that interacts with the National Rail system and showcases how to format output data effectively for better readability. By leveraging name-only classes, attendees learn how to improve object handling within their scripts, which significantly aids in code clarity and efficiency. The concept of IntelliSense is also highlighted, illustrating how to make coding in PowerShell more intuitive by ensuring that properties and methods are readily discoverable.
The complexity of working with classes is addressed, particularly in relation to method definitions and property management. The speaker navigates through potential pitfalls, such as the handling of `db null` values and the considerations around read-only properties. The discussion emphasizes that while scripting can often be a straightforward process in PowerShell, the nuances of object-oriented programming can introduce additional challenges, which can be mitigated through careful class design and implementation.
As the lecture progresses, it covers various ways to extend object functionality dynamically, illustrating how to determine when to utilize functions versus additional members on objects for better API call handling. The finale encapsulates the key takeaways: if formatting isn’t necessary, simply add members; if formatting is required, utilize type names and XML files; and for improved IntelliSense, construct minimal custom classes.
The session closes with an invitation for questions, allowing attendees to engage directly with the speaker for personalized insights into their PowerShell queries, ensuring that participants leave with a deeper understanding of how to effectively exploit class features in their coding endeavors.
Chapters:
00:00:00 A lazy coders guide to exploiting class features - James O'Neill - PSConfEU 2025
00:00:14 Introduction to Lazy Coding
00:09:01 PowerShell Class Features
00:15:17 Demonstrating PowerShell Classes
00:17:56 Working with Formatting Data
00:21:53 Enhancing Output with IntelliSense
00:26:30 Creating Custom Class Definitions
00:27:14 Extending Type Members
00:35:26 Final Thoughts on Class UsageShow More
June 23-26, 2025
Clarion Malmö Live
https://github.com/psconfeu/2025 (slides, code)
Abstract:
A lot of us avoid writing PowerShell classes, or find we have now need; this session will show some of the benefits ...that classes bring for organizing code, but it will also look at things we can do to without ever having to define a class of our own to get PowerShell to save us and effort.
Summary (autogen):
This session , titled "A Lazy Coder's Guide to Exploiting Class Features," offers a comprehensive exploration of techniques in PowerShell programming, particularly focused on utilizing class features effectively. The speaker shares personal insights and experiences drawn from years of experience both in academia and the tech industry, emphasizing the importance of practicality and efficiency in coding practices.
The session begins with an overview of the speaker's background, highlighting a transition from extensive corporate experience at Microsoft to freelance and writing endeavors. As the discussion unfolds, the speaker reflects on the frequent repetition of common coding techniques and how these have influenced his approach to writing a PowerShell book, specifically the reasons why one might choose to forego the use of PowerShell classes. This sets the stage for an engaging exploration of when and how to utilize classes within PowerShell, challenging conventional computer science teachings about object-oriented programming and class structure.
Key topics include a detailed examination of the PowerShell type system, emphasizing that while classes are a useful tool, they aren't always necessary. The speaker explains how PowerShell's extensible type system allows for the augmentation of existing objects without the need to define classes from scratch. Illustrating this point, he discusses the common use of existing class structures and how they can be effectively manipulated through methods like `Add-Member` and `Update-TypeData`. The session also covers the benefits of integrating formatting XML files to customize the presentation of data, aiming to enhance the user experience when working with command outputs.
Throughout the presentation, the speaker utilizes practical examples, including a demo that interacts with the National Rail system and showcases how to format output data effectively for better readability. By leveraging name-only classes, attendees learn how to improve object handling within their scripts, which significantly aids in code clarity and efficiency. The concept of IntelliSense is also highlighted, illustrating how to make coding in PowerShell more intuitive by ensuring that properties and methods are readily discoverable.
The complexity of working with classes is addressed, particularly in relation to method definitions and property management. The speaker navigates through potential pitfalls, such as the handling of `db null` values and the considerations around read-only properties. The discussion emphasizes that while scripting can often be a straightforward process in PowerShell, the nuances of object-oriented programming can introduce additional challenges, which can be mitigated through careful class design and implementation.
As the lecture progresses, it covers various ways to extend object functionality dynamically, illustrating how to determine when to utilize functions versus additional members on objects for better API call handling. The finale encapsulates the key takeaways: if formatting isn’t necessary, simply add members; if formatting is required, utilize type names and XML files; and for improved IntelliSense, construct minimal custom classes.
The session closes with an invitation for questions, allowing attendees to engage directly with the speaker for personalized insights into their PowerShell queries, ensuring that participants leave with a deeper understanding of how to effectively exploit class features in their coding endeavors.
Chapters:
00:00:00 A lazy coders guide to exploiting class features - James O'Neill - PSConfEU 2025
00:00:14 Introduction to Lazy Coding
00:09:01 PowerShell Class Features
00:15:17 Demonstrating PowerShell Classes
00:17:56 Working with Formatting Data
00:21:53 Enhancing Output with IntelliSense
00:26:30 Creating Custom Class Definitions
00:27:14 Extending Type Members
00:35:26 Final Thoughts on Class UsageShow More
Error Handling - A Mystery in Red - Fred Weinmann - PSConfEU 2025
PowerShell Conference EU June 23-26, 2025 Clarion Malmö Live ...
PowerShell Conference EU
June 23-26, 2025
Clarion Malmö Live
https://github.com/psconfeu/2025 (slides, code)
Abstract:
"Blood Will Flow.
Or at least something of a similar color, which anybody spending any time with PowerShell will be well aware of: ...Errors.
They happen and we have to deal with them, and most of the time that works well.
Until, that is, the weird and unexpected happens - throw statements get swallowed, ""Task Completed Successfully"" even though the script failed horribly and oh so many more oddities that seem hard to explain.
Join us for a quick look behind the scenes and discover ...
- the ""Sometimes-Terminating""-Exceptions
- why scripts don't fail when they should
- why ""throw"" is not a terminating exception
- how to set traps and ambush your errors"
Summary (autogen):
This lecture focuses on the intricacies of error handling within PowerShell, specifically distinguishing between terminating and non-terminating exceptions. The session begins with a personal narrative from the speaker, who reflects on their professional journey with PowerShell and the significance of overcoming error messages that often plague script execution. The speaker emphasizes the pivotal moment when they transitioned to utilizing PowerShell effectively, highlighting the importance of properly understanding and handling errors.
The presentation dives into the mechanics of error types in PowerShell. It elaborates on the concept of terminating versus non-terminating exceptions, presenting real-world scenarios that illustrate the challenges and behaviors associated with each type. The speaker recounts experiences where tasks appeared to complete successfully despite an underlying storm of error messages, provoking a deeper inquiry into why PowerShell behaves this way. The discussion introduces the primary functionality of the PowerShell pipeline and how error handling plays a crucial role in maintaining its resilience.
Throughout the lecture, the emphasis shifts to practical coding strategies, advocating for the use of `try-catch` blocks to manage errors effectively. The speaker demonstrates how altering the `ErrorAction` parameter influences the flow of scripts, explaining that commands may fail silently or cause a script to halt, depending on the settings. As the lecture progresses, the speaker showcases code examples, illustrating how to implement proper error handling through both traditional non-terminating and terminating errors. The explanation captures the subtleties involved in determining the appropriate type of error to handle based on the expected outcomes within the script.
The discussion also covers how to create custom terminating exceptions and the benefits of the `$PSCmdlet` variable, which can be used to throw errors more reliably while ensuring proper logging and error tracking. The speaker highlights the importance of a structured approach to script design, advocating for default templates that include `ErrorActionPreference` settings and centralized error handling practices like `trap` statements. This enables further cleanup and logging in case of failures, ensuring that all errors are addressed effectively within the broader context of the script.
In closing, the speaker invites questions, addressing various concerns related to script design, exception handling, and best practices for error management. This interactive segment emphasizes community learning and the practical application of concepts discussed throughout the lecture. The speaker leaves the audience with actionable insights and a deeper understanding of PowerShell error handling, reinforcing the idea that while errors are an inevitable part of programming, they can be managed deftly with the right knowledge and strategies.
Chapters:
00:00:00 Error Handling - A Mystery in Red - Fred Weinmann - PSConfEU 2025
00:00:14 Welcome to our talk on error handling
00:11:19 Handling Non-Terminating Exceptions
00:12:43 Implementing Terminating Exceptions
00:14:00 The Mystery of the Throw Statement
00:19:27 Understanding Sometimes Terminating Exceptions
00:25:42 The Power of Trap Statements
00:31:10 Designing Scripts for Error Handling
00:38:05 Troubleshooting with Stack Traces
00:42:35 Exit Codes and Best PracticesShow More
June 23-26, 2025
Clarion Malmö Live
https://github.com/psconfeu/2025 (slides, code)
Abstract:
"Blood Will Flow.
Or at least something of a similar color, which anybody spending any time with PowerShell will be well aware of: ...Errors.
They happen and we have to deal with them, and most of the time that works well.
Until, that is, the weird and unexpected happens - throw statements get swallowed, ""Task Completed Successfully"" even though the script failed horribly and oh so many more oddities that seem hard to explain.
Join us for a quick look behind the scenes and discover ...
- the ""Sometimes-Terminating""-Exceptions
- why scripts don't fail when they should
- why ""throw"" is not a terminating exception
- how to set traps and ambush your errors"
Summary (autogen):
This lecture focuses on the intricacies of error handling within PowerShell, specifically distinguishing between terminating and non-terminating exceptions. The session begins with a personal narrative from the speaker, who reflects on their professional journey with PowerShell and the significance of overcoming error messages that often plague script execution. The speaker emphasizes the pivotal moment when they transitioned to utilizing PowerShell effectively, highlighting the importance of properly understanding and handling errors.
The presentation dives into the mechanics of error types in PowerShell. It elaborates on the concept of terminating versus non-terminating exceptions, presenting real-world scenarios that illustrate the challenges and behaviors associated with each type. The speaker recounts experiences where tasks appeared to complete successfully despite an underlying storm of error messages, provoking a deeper inquiry into why PowerShell behaves this way. The discussion introduces the primary functionality of the PowerShell pipeline and how error handling plays a crucial role in maintaining its resilience.
Throughout the lecture, the emphasis shifts to practical coding strategies, advocating for the use of `try-catch` blocks to manage errors effectively. The speaker demonstrates how altering the `ErrorAction` parameter influences the flow of scripts, explaining that commands may fail silently or cause a script to halt, depending on the settings. As the lecture progresses, the speaker showcases code examples, illustrating how to implement proper error handling through both traditional non-terminating and terminating errors. The explanation captures the subtleties involved in determining the appropriate type of error to handle based on the expected outcomes within the script.
The discussion also covers how to create custom terminating exceptions and the benefits of the `$PSCmdlet` variable, which can be used to throw errors more reliably while ensuring proper logging and error tracking. The speaker highlights the importance of a structured approach to script design, advocating for default templates that include `ErrorActionPreference` settings and centralized error handling practices like `trap` statements. This enables further cleanup and logging in case of failures, ensuring that all errors are addressed effectively within the broader context of the script.
In closing, the speaker invites questions, addressing various concerns related to script design, exception handling, and best practices for error management. This interactive segment emphasizes community learning and the practical application of concepts discussed throughout the lecture. The speaker leaves the audience with actionable insights and a deeper understanding of PowerShell error handling, reinforcing the idea that while errors are an inevitable part of programming, they can be managed deftly with the right knowledge and strategies.
Chapters:
00:00:00 Error Handling - A Mystery in Red - Fred Weinmann - PSConfEU 2025
00:00:14 Welcome to our talk on error handling
00:11:19 Handling Non-Terminating Exceptions
00:12:43 Implementing Terminating Exceptions
00:14:00 The Mystery of the Throw Statement
00:19:27 Understanding Sometimes Terminating Exceptions
00:25:42 The Power of Trap Statements
00:31:10 Designing Scripts for Error Handling
00:38:05 Troubleshooting with Stack Traces
00:42:35 Exit Codes and Best PracticesShow More
Mastering AI Shell and dive into AI Operations - Steven Bucher - PSConfEU 2025
PowerShell Conference EU June 23-26, 2025 Clarion Malmö Live ...
PowerShell Conference EU
June 23-26, 2025
Clarion Malmö Live
https://github.com/psconfeu/2025 (slides, code)
Abstract:
How often do you get an error in the CLI or leave your terminal to look up command syntax on the web? ...Now with AI Shell you can get a personal AI assistant integrated into your CLI to help! In this session learn how to use AI Shell, a CLI tool that integrates AI assistants into your CLI. AI Shell connects with Azure OpenAI Deployments and Copilot in Azure, enhancing efficiency and error recovery. This platform is starting to unlock a new emerging space we are coining as AI Operations (AI Ops). Learn more about what this space is and what the future holds for it.
Summary (autogen):
Steven Bucher, a product manager on the PowerShell team at Microsoft, presents an overview of a product developed by his team, AI Shell, alongside a discussion on AIOps. He begins by noting the rapid pace of change in AI technologies, which adds a layer of complexity to his presentation. Giving context to his work in PowerShell, Bucher details his involvement over the past few years, particularly with tools aimed at enhancing user experience with PowerShell, such as AI Shell and PS Readline.
The discussion transitions into the challenges faced by new users interacting with command-line interfaces (CLI) like PowerShell. Bucher highlights the steep learning curve associated with these tools, pointing out that the command prompt can be intimidating, especially to beginners. He notes that while experienced users can leverage built-in help features like "get help" or "man pages", there is an overwhelming number of commands and cmdlets available—over 6,000 in Azure PowerShell alone and more than 50,000 in Microsoft Graph. This vastness, compounded with ambiguous documentation and complex parameter requirements, makes it difficult for users to effectively utilize the CLI.
AI Shell emerges as a solution to these challenges. Bucher demonstrates the functionality of this PowerShell module, which integrates AI capabilities directly into the shell environment. By running "Start-AI Shell", users can access a side pane where an AI agent, modeled after popular AI chat platforms, assists them in generating and troubleshooting commands. The tool not only provides command suggestions but also helps clarify the syntax and functionality of each command, significantly lowering the bar for new users. The integration allows users to receive immediate feedback on their queries without the need to switch contexts.
The demonstration includes real-time examples, showcasing how AI Shell helps generate PowerShell commands, resolve user errors, and even guide users through complex command structures. Bucher emphasizes that AI Shell functions not only as a command generator but also as an intelligent assistant that learns user behavior and preferences, thereby enhancing the scripting experience. Various commands and features are introduced, such as "slash commands" for executing tasks within the AI Shell and the distinction between generating commands and executing them in the primary shell.
Additionally, Bucher explains the partnership between multiple AI providers that can be integrated into AI Shell. The flexibility of the module allows users to leverage various AI agents, including those from OpenAI and Azure, making it extensible and tailored to specific needs. He discusses using Azure OpenAI within AI Shell and highlights how users can deploy their own instances with increased security and customization options.
Towards the end, Bucher briefly touches on AIOps, defining it as a strategy that utilizes AI to streamline IT operations and service management. He suggests that the capabilities afforded by tools like AI Shell can be utilized in automating operational workflows, incident management, and even anomaly detection in systems. Conclusively, he invites users to try out AI Shell, stressing that it is open-source and currently in public preview, and encourages feedback to improve its functionality further. The lecture wraps up with a Q&A session, during which Bucher addresses various queries regarding AI Shell's capabilities and future enhancements.
Chapters:
00:00:00 Mastering AI Shell and dive into AI Operations - Steven Bucher - PSConfEU 2025
00:00:16 Introduction to AI Shell
00:11:05 Exploring AI Shell Features
00:16:19 AI Shell Cross-Platform Experience
00:17:39 User Experience and Interactions
00:19:48 Agent Configurations and Customization
00:23:39 Utilizing Azure OpenAI
00:28:02 Copilot in Azure Integration
00:31:47 Understanding AIOps
00:34:30 Q&A SessionShow More
June 23-26, 2025
Clarion Malmö Live
https://github.com/psconfeu/2025 (slides, code)
Abstract:
How often do you get an error in the CLI or leave your terminal to look up command syntax on the web? ...Now with AI Shell you can get a personal AI assistant integrated into your CLI to help! In this session learn how to use AI Shell, a CLI tool that integrates AI assistants into your CLI. AI Shell connects with Azure OpenAI Deployments and Copilot in Azure, enhancing efficiency and error recovery. This platform is starting to unlock a new emerging space we are coining as AI Operations (AI Ops). Learn more about what this space is and what the future holds for it.
Summary (autogen):
Steven Bucher, a product manager on the PowerShell team at Microsoft, presents an overview of a product developed by his team, AI Shell, alongside a discussion on AIOps. He begins by noting the rapid pace of change in AI technologies, which adds a layer of complexity to his presentation. Giving context to his work in PowerShell, Bucher details his involvement over the past few years, particularly with tools aimed at enhancing user experience with PowerShell, such as AI Shell and PS Readline.
The discussion transitions into the challenges faced by new users interacting with command-line interfaces (CLI) like PowerShell. Bucher highlights the steep learning curve associated with these tools, pointing out that the command prompt can be intimidating, especially to beginners. He notes that while experienced users can leverage built-in help features like "get help" or "man pages", there is an overwhelming number of commands and cmdlets available—over 6,000 in Azure PowerShell alone and more than 50,000 in Microsoft Graph. This vastness, compounded with ambiguous documentation and complex parameter requirements, makes it difficult for users to effectively utilize the CLI.
AI Shell emerges as a solution to these challenges. Bucher demonstrates the functionality of this PowerShell module, which integrates AI capabilities directly into the shell environment. By running "Start-AI Shell", users can access a side pane where an AI agent, modeled after popular AI chat platforms, assists them in generating and troubleshooting commands. The tool not only provides command suggestions but also helps clarify the syntax and functionality of each command, significantly lowering the bar for new users. The integration allows users to receive immediate feedback on their queries without the need to switch contexts.
The demonstration includes real-time examples, showcasing how AI Shell helps generate PowerShell commands, resolve user errors, and even guide users through complex command structures. Bucher emphasizes that AI Shell functions not only as a command generator but also as an intelligent assistant that learns user behavior and preferences, thereby enhancing the scripting experience. Various commands and features are introduced, such as "slash commands" for executing tasks within the AI Shell and the distinction between generating commands and executing them in the primary shell.
Additionally, Bucher explains the partnership between multiple AI providers that can be integrated into AI Shell. The flexibility of the module allows users to leverage various AI agents, including those from OpenAI and Azure, making it extensible and tailored to specific needs. He discusses using Azure OpenAI within AI Shell and highlights how users can deploy their own instances with increased security and customization options.
Towards the end, Bucher briefly touches on AIOps, defining it as a strategy that utilizes AI to streamline IT operations and service management. He suggests that the capabilities afforded by tools like AI Shell can be utilized in automating operational workflows, incident management, and even anomaly detection in systems. Conclusively, he invites users to try out AI Shell, stressing that it is open-source and currently in public preview, and encourages feedback to improve its functionality further. The lecture wraps up with a Q&A session, during which Bucher addresses various queries regarding AI Shell's capabilities and future enhancements.
Chapters:
00:00:00 Mastering AI Shell and dive into AI Operations - Steven Bucher - PSConfEU 2025
00:00:16 Introduction to AI Shell
00:11:05 Exploring AI Shell Features
00:16:19 AI Shell Cross-Platform Experience
00:17:39 User Experience and Interactions
00:19:48 Agent Configurations and Customization
00:23:39 Utilizing Azure OpenAI
00:28:02 Copilot in Azure Integration
00:31:47 Understanding AIOps
00:34:30 Q&A SessionShow More
Entra Authentication 101 - Fred Weinmann - PSConfEU 2025
PowerShell Conference EU June 23-26, 2025 Clarion Malmö Live ...
PowerShell Conference EU
June 23-26, 2025
Clarion Malmö Live
https://github.com/psconfeu/2025 (slides, code)
Abstract:
Working with Microsoft APIs can be an interesting experience.
Just a simple Connect-MgGraph in your console? Easy enough, but how about scheduled tasks?
In ...a Function App? What do scopes need and what's up with those App Registrations? Enterprise Applications? Confused? Well, come on over and get things clarified.
Summary (autogen):
Fred Weinmann, a Cloud Solution Architect at Microsoft, focuses on Entra Authentication 101. The presentation begins with a brief historical overview of authentication, outlining the evolution from basic methods to more extensive systems such as Active Directory and Kerberos. Fred then outlines the limitations of traditional methods, emphasising the security vulnerabilities that often arise when user credentials are transmitted directly to web servers.
Moving on to Entra and OAuth authentication, Fred clarifies that, although Entra enhances authentication, it doesn’t replace OAuth. He then explains how Entra improves security by verifying an application's identity before granting access tokens. This method aims to reduce the risks associated with unauthorised access by providing better visibility and control over user activity through unified signals at the identity management level.
Throughout the session, hands-on demonstrations are conducted using PowerShell. Fred begins by creating a new application through the Azure portal, emphasising the importance of understanding application IDs and tenant IDs to facilitate access. He explains the difference between delegated permissions, which act on behalf of a user, and application permissions, which allow broader access without direct user interaction. He also discusses the need to assign and grant admin consent for permissions, showcasing the complexity of managing permissions across different services such as Microsoft Graph and SharePoint.
Fred gives a practical demonstration of how to connect to various Microsoft services through PowerShell, addressing common errors and challenges. He emphasises the importance of configuring specific permissions in the Azure portal for effective interaction with services and alludes to the differences between app registration and enterprise applications. He emphasises the importance of security when managing authentication secrets, and the transition from using client secrets to certificates, which provides a more robust method of authentication with minimal exposure to sensitive information.
The lecture then goes on to explore advanced authentication scenarios involving managed identities, as well as the potential complexities that can arise when applying permissions across different Azure platforms. Fred makes a clear distinction between using authorisation codes for user authentication and client secrets for service accounts, further elucidating the security and access control implications.
In the latter part of the presentation, Fred addresses common misconceptions and operational challenges related to Microsoft authentication mechanisms, including the complexities of token management and the effect of refresh tokens on user sessions. The lecture concludes with an invitation to further discuss and explore Entra authentication. A slide featuring valuable resources for attendees to utilise in their own implementations is provided, thereby reinforcing the collaborative spirit of learning and knowledge sharing within the community.
Chapters:
00:00:00 Entra Authentication 101 - Fred Weinmann - PSConfEU 2025
00:00:20 Introduction and Acknowledgements
00:01:09 Early Authentication Methods
00:05:38 Transition to Entra and OAuth
00:12:57 Application Registration Process
00:21:02 Access Tokens and SharePoint Requests
00:22:14 Refresh Tokens Explained
00:23:59 Understanding Consent and Permissions
00:27:49 Managed Identities and Service Principles
00:32:48 Client Secrets vs. Client Certificates
00:37:44 Certificate-Based Authentication
00:39:49 Device Code Authentication
00:41:26 Web Account Manager Authentication
00:42:41 Managing Permissions for Function Apps
00:46:37 Conclusion and Next StepsShow More
June 23-26, 2025
Clarion Malmö Live
https://github.com/psconfeu/2025 (slides, code)
Abstract:
Working with Microsoft APIs can be an interesting experience.
Just a simple Connect-MgGraph in your console? Easy enough, but how about scheduled tasks?
In ...a Function App? What do scopes need and what's up with those App Registrations? Enterprise Applications? Confused? Well, come on over and get things clarified.
Summary (autogen):
Fred Weinmann, a Cloud Solution Architect at Microsoft, focuses on Entra Authentication 101. The presentation begins with a brief historical overview of authentication, outlining the evolution from basic methods to more extensive systems such as Active Directory and Kerberos. Fred then outlines the limitations of traditional methods, emphasising the security vulnerabilities that often arise when user credentials are transmitted directly to web servers.
Moving on to Entra and OAuth authentication, Fred clarifies that, although Entra enhances authentication, it doesn’t replace OAuth. He then explains how Entra improves security by verifying an application's identity before granting access tokens. This method aims to reduce the risks associated with unauthorised access by providing better visibility and control over user activity through unified signals at the identity management level.
Throughout the session, hands-on demonstrations are conducted using PowerShell. Fred begins by creating a new application through the Azure portal, emphasising the importance of understanding application IDs and tenant IDs to facilitate access. He explains the difference between delegated permissions, which act on behalf of a user, and application permissions, which allow broader access without direct user interaction. He also discusses the need to assign and grant admin consent for permissions, showcasing the complexity of managing permissions across different services such as Microsoft Graph and SharePoint.
Fred gives a practical demonstration of how to connect to various Microsoft services through PowerShell, addressing common errors and challenges. He emphasises the importance of configuring specific permissions in the Azure portal for effective interaction with services and alludes to the differences between app registration and enterprise applications. He emphasises the importance of security when managing authentication secrets, and the transition from using client secrets to certificates, which provides a more robust method of authentication with minimal exposure to sensitive information.
The lecture then goes on to explore advanced authentication scenarios involving managed identities, as well as the potential complexities that can arise when applying permissions across different Azure platforms. Fred makes a clear distinction between using authorisation codes for user authentication and client secrets for service accounts, further elucidating the security and access control implications.
In the latter part of the presentation, Fred addresses common misconceptions and operational challenges related to Microsoft authentication mechanisms, including the complexities of token management and the effect of refresh tokens on user sessions. The lecture concludes with an invitation to further discuss and explore Entra authentication. A slide featuring valuable resources for attendees to utilise in their own implementations is provided, thereby reinforcing the collaborative spirit of learning and knowledge sharing within the community.
Chapters:
00:00:00 Entra Authentication 101 - Fred Weinmann - PSConfEU 2025
00:00:20 Introduction and Acknowledgements
00:01:09 Early Authentication Methods
00:05:38 Transition to Entra and OAuth
00:12:57 Application Registration Process
00:21:02 Access Tokens and SharePoint Requests
00:22:14 Refresh Tokens Explained
00:23:59 Understanding Consent and Permissions
00:27:49 Managed Identities and Service Principles
00:32:48 Client Secrets vs. Client Certificates
00:37:44 Certificate-Based Authentication
00:39:49 Device Code Authentication
00:41:26 Web Account Manager Authentication
00:42:41 Managing Permissions for Function Apps
00:46:37 Conclusion and Next StepsShow More