GitHub – Azure/Login – Allow custom expiry time for OIDC token

OIDC is the recommendation method to login to Azure from GitHub pipelines now as it provides better security and doesn’t rely on storing a secret.

Currently OIDC login tokens expire in just 5 minutes🔥, causing long running scripts to fail.

Related GitHub Issue: https://github.com/Azure/login/issues/180.

Your Azure credentials have not been set up or have expired, 
1955 | please run Connect-AzAccount to set up your Azure credentials. 
1956 | ClientAssertionCredential authentication failed: A 
1957 | configuration issue is preventing authentication - check the 
1958 | error message from the server for details. You can modify the 
1959 | configuration in the application registration portal. See 
1960 | https://aka.ms/msal-net-invalid-client for details. Original 
1961 | exception: AADSTS700024: Client assertion is not within its 
1962 | valid time range. Current time: 2022-10-20T07:47:12.7446078Z, 
1963 | assertion valid from 2022-10-20T07:37:08.0000000Z, expiry time 
1964 | of assertion 2022-10-20T07:42:08.0000000Z. Review the 
1965 | documentation at

❌ Bad example – Error on deployment – assertion valid from 2022-10-20 07:37 to 2022-10-20 07:42 🔥(5 minutes)

- uses: azure/login@v1
        with:
          client-id: ${{ env.CLIENT_ID }}
          tenant-id: ${{ env.TENANT_ID }}
          subscription-id: ${{ env.SUBSCRIPTION_ID }}
          enable-AzPSSession: true

❌ Bad example – Needs 1 more parameter – (e.g. token-expiry: 30M)

- uses: azure/login@v1
        with:
          client-id: ${{ env.CLIENT_ID }}
          tenant-id: ${{ env.TENANT_ID }}
          subscription-id: ${{ env.SUBSCRIPTION_ID }}
          enable-AzPSSession: true
          token-expiry: 30M

✅ Good example – Allow the token expiry to be set to a more reasonable time

Outlook – Anyone using “Focus time” appointments? (from Viva Insights)

Hey Viva Insights Team,

I liked the idea of Outlook giving me time to do work without interruption. All these little appointments appeared in my calendar and I was going to focus and get work done.

Clearly I was dreaming. Does anyone successfully use the auto created appointments “Focus time”?

Figure: I had heaps of these auto created appointments. People interrupted me anyway, so with a heavy heart, I deleted them

Suggestion #1

> Microsoft Viva Insights has scheduled your focus time in accordance with your focus plan and work week settings. 
> To edit your settings, visit your settings page at Protect Time Settings.

In an Outlook appointment, when I decide to click this link, I expected to see a button “Delete” or “Unsubscribe”

Suggestion #2

When using this people don’t think of it as a “Plan”… I reckon they think of it as a recurring appointment.

So testing it out, I click “Get Started”…

Figure: Try it out by clicking “Get started”

I am just looking, I should be able to click “Cancel”… I did not know what “Leave Plan” was about.

Also popping up these questions should only happen after I have been using it for more than 24 hours.

Figure: This was weird. You don’t want to be asking users questions this early. It is annoying to the user and useless data for Microsoft

Help me have Recurring Appointments

Microsoft Bookings – www.microsoft.com/en-au/microsoft-365/business/scheduling-and-booking-app

This looks to be a nice scheduling & bookings app.

It might work for prospects booking themselves for initial meetings.

I was hoping it might be a bit more powerful. We looked at it for some customer scenarios and discovered it does not support recurring appointments – an instant showstopper!

I guess an alternative to look at now is the Dynamics 365 Resource Scheduling… Anyone use that?

More on Tech Community – Microsoft Bookings.

Help my menus have a nice way to customize them with images 

For our customers we get their SharePoint site pointing to Teams and vice versa… I believe it is the right thing to do but the right emoji would cause this to be more UI obvious ✨

In SharePoint there is an issue with menu customization that blocks good UX. E.g. I want to have links to both the SharePoint portals and the right Teams in the menu.

Figure: Plain menu without icon/emojis is not very welcoming
Figure: Emojis make it a bit nicer in some cases. In this case they are the wrong UI… I want to emphasize the fact that these are links to Teams (rather than SharePoint) being https://teams.microsoft.com/l/team/xxxxx

Ideally we should be able to use SharePoint and Teams official icons, i.e.:

Teams
SharePoint

But there doesn’t seem to be any supported way to do so! 

I assume it is a bad idea to inject HTML via a custom SPFX solution or some nasty CSS… It is better to stay within the framework and have easy upgrade.

In summary I am saying that emojis do not do the job every time (BTW I do love emojis). This is one example where emojis are not as good as images.

SharePoint is important to us. It is the intranet of almost all SSW’s clients. I am suggesting that SharePoint should not be making the job of putting images in a menu, hard. It should be simple. 

The goal should be to make it the same as other webparts. I’m thinking of the ‘Quick Links’ Web Part.  Please allow us to add a custom image or an icon to all of our menu items.

✅ Figure: Good example – Add a custom image in the Quick Links web part is easy

Help me to allow SSO from Azure

Being able to sign in using Azure to almost everything has been around for a few years now. Why is this still not available to use in 1Password? This means that staff just require a single password to login to almost all the services that they use. They can make that a nice long password or even be password-less and sign into everything.

If SSO with Azure was enabled then we would also be able to use Conditional Access Policies. We already have Conditional Access policies that not only check where a user is signing in from (which can also be done in 1Password) but we are also able to restrict which devices can login and for users of Azure AD Premium P2 we can use Microsoft’s AI and stop ‘Risky Users’ from signing into our 1Password. This would also allow us to use our existing MFA solution (instead of needing a new one for 1Password).

Help me to add folders and subfolders

1Password has decided to use a solution to sort passwords using free text tags. This works well in small teams but in large teams this won’t work. Can you imagine how many possible spellings there are for Service-Account? The only other solution is to have multiple vaults, but that isn’t ideal either as then we would need a vault for SysAdmin-SVC-Accounts, Designer-SVC-Accounts and Dev-SVC-Accounts. This presents problems because then we would need to set permissions on each of those. There is also a possibility that we might need to put the same login in more than 1 of those vaults. This would not be a problem if we had folders and subfolders.

It would even work better if Tags could be specified by Admin users and passwords could be set to require at least 1 tag. But as it stands, if we want our users to add and update details then they are able to create free text tags or even worse not put a tag at all.

Figure: Note that tags are entered in free text and not required

Help me have consistent short URLs

I think URLs matter and I prefer neat ones.

I’m experiencing a weird bug on our Intranet and cannot figure out why this is happening.

Everytime I click on one of the menu items the URL shows slightly differently.

We have several portals (Team Sites) linked from our Hub Navigation:

Figure: Each item links to a different portal, i.e. https://sswcom.sharepoint.com/sites/XXX

Every single link is setup using the short URL form – i.e. not linking directly to the aspx page.

However, sometimes/often/randomly, when clicking one of the menu items, the URL is somehow rewritten to https://sswcom.sharepoint.com/sites/XXX/SitePages/Home.aspx

Figure: URL being randomly rewritten to the “full” form (i.e. full page’s path)

Moreover, clicking the Site’s “home” tile (i.e. Site Logo) will almost always toggle – yes toggle – between the two URLs… 

I have noticed that, before it flicks to the “long” form, there is a weird querystring parameter being added for a split second, and then the rewrite happens:

Figure: Weird “sw=auth” querystring parameter
  1. Can you please explain what is causing the issue?
  1. How do we fix it? 
    We want to be using the “short” form as much as possible