Renewed as Microsoft RD!

5 04 2017

I am very happy to announce that I was just renewed as a Microsoft Regional Director for the next two years.




The Regional Director Program provides Microsoft leaders with the customer insights and real-world voices it needs to continue empowering developers and IT professionals with the world’s most innovative and impactful tools, services, and solutions.
You will typically find Regional Directors keynoting at top industry events, leading community groups and local initiatives, running technology-focused companies, or consulting on and implementing the latest breakthrough within a multinational corporation.

Very happy to be part of this unique group of exceptional people!

Open-mouthed smile



Searching for identity – Azure B2C

30 03 2017

Building systems in the Cloud efficiently means to be smart and use the building blocks offered. One literally have everything, e.g. in Azure, to rebuild your on-premise data center. However it would not be a winner to do this….


rorc regatta

Instead, be a fast mover and leverage provided  building blocks to your advantage. Identity Management is a good example, you can roll your own in your solution or turn AAD B2C offering great value at limited costs ( And talking about speed, just grab it and use it, nothing can be developed faster.


.NET is back!

16 11 2016

After years of being not so in focus as a development platform and sometimes even put into the legacy drawer, .NET in its  appearance as .NET Core seems to have more than a bright future now!

Light bulb on green background

Microsoft just revealed at its Connect() event in New York that Samsung is going to support .NET Core on Tizen, the companies OS for electronic devices (watches, TVs, IOT, etc.) and Google also joins the party in the name of dotnet foundation (

This is huge, this is awesome, because all of a sudden .NET is back as true a cross-device development platform incorporating all the good stuff Xamarin brought into the company. Not only this, .NET Core is different than .NET, because it is Open Source and has a strong community backing, with over 60% of recent contributions made by 3rd party developers.

The “new Microsoft” does not stop surprising and innovating.


I am looking forward, to see more!
With sails set in this direction, this can be just the beginning.




How to start with Azure IOT

19 06 2016

If you are a newbie to Azure or Azure IOT, you are certainly questioning yourself how to get into this new environment most efficiently.
Well, I just had to do this myself and here are the learnings!

As a prerequisite it would be great to be familiar with writing code and doing architectures for enterprise solutions, because Azure solutions are not so different per se. They only leverage new building blocks and occasionally have specialties emerging of their new type of infrastructure.

For a start it is good to have a look at the Azure IOT templates Microsoft is offering (currently for remote monitoring and predictive maintenance). With the templates, one should especially focus on the architecture, which is something that provides great insight into how Azure IOT solutions work and should be created.
However, I have found the implementation to be state of the art from an enterprise perspective, which means it really is very generic, but the bad thing about this approach for newbies is that due to lack of documentation it makes it very time-consuming to understand, what really is  going on in the solution. This is especially true, if you want to hook in to extend it!
In addition, I experienced some nasty PowerShell versioning issues using the deployment scripts for the templates. Not really fun.


Football goalman on the stadium field

Due this, I recommend to approach Azure IOT with the normal Azure documentation having the template architectures in mind. If you are doing a first POC or similar based on this, you may not create the most clean and generic architecture, but you will end up with a first solution to your problem you fully comprehend and that was fun to create!

Why? Well, because the general Azure documentation on the services used for Azure IOT is easy to understand and has great samples, which are fun to reuse in your own code.

So – do not loose time. I really liked how Azure IOT Hub compensates schema changes in e.g. telemetry messages (which normally break classical solutions!) and the flexibility as well as the potential of Stream Jobs / Web Jobs, which could be a killer feature in any of your next solutions.

Winking smile


Yes sorry, it is European Soccer Championships over here currently! Therefore the soccer goalkeeper image, that has absolutely nothing to do with this entry’s content!


Azure Stack – The Game Changer

8 01 2016

While having a “Cloud First, Mobile First” strategy makes a lot of sense, especially in consumer related projects, this approach is problematic in quite a few industrial and professional embedded scenarios.


Well, as a company you might not have connectivity for all your devices everywhere due to infrastructure/cost reasons or security/high-availability considerations.
In these scenarios one currently is quite left alone today by large SW vendors, with what was considered legacy datacenter technology.
However, some smart people at Microsoft have thought about this and have found a great solution!


What, if You could use Cloud (Azure) technology on-premises just as in the Cloud and maybe even transparently roam between the two just as required? Sounds good?
If that raises some interest with you, have a look at Azure Stack. Jeffrey Snover, aka the father of PowerShell, introduces the newest version of this game changing technology in his current blog post.

I consider this great news for all solution architects that have to cope with real world scenarios, which never are Cloud-only or datacenter-only!

Great work Azure Stack team! Keep it up, I am eagerly waiting for more to come. 🙂




Windows Phone 8.1 VPN-Trigger for MDM managed devices

3 12 2015

Well, let us start with the bad news first:

do not work on WP 8.1!

Why? – Well, I do not know and I really tried hard! 😦


Computer problem


However, you should specify the DNS Suffix * as well as the corresponding IP-Range (e.g. in any case in your MDM VPN profile, to enable VPN split tunnels (this means: Intranet traffic goes through tunnel, all the other traffic through normal network connection), which does work!

To trigger a VPN connection, using an MDM deployed “automatic” VPN Profile, you can use PIDs, which e.g. can be found  here:, or Product Family Names (PFNs, e.g. from package manifest, if you have a LOB app).
Generally VPN triggers do only work on “automatic” profiles!

PIDs only work with older WP8.0 or built-in apps (well, except for triggering IE, which does not work at all and that seems to be a bug).
If you have newer apps (e.g. based on Universal Windows Platform – UWP), only PFNs will work as triggers. Therefore, PFNs are the way to go forward.


Another trigger approach are IP-Range based triggers. If you call an IP-address in the intranet range specified ( in our example) from an app,  a VPN Tunnel is launched. An interesting thing is that the phone does not care, if the address really exists. So calling any of the addresses within the range from an app, will open a VPN Tunnel.

I nearly forgot DNS shortnames, such as http://my . This way to trigger a connection  does work, but is not really often used, at least by my customers.


Happy Tunneling!



Windows Phone 8.1 Enterprise Services and Certificates

29 11 2015

Windows Phone 8.1 has some great enterprise features and is one of the most secure phones in the market.
However, there are some things to consider, if You want to use these devices in an MDM managed enterpise service (VPN/Wi-Fi) scenario.
One of these things are device certificates: Quite a few companies use several dedicated certificates to access enterprise services like VPN and Wi-Fi. This approach does not work with WP 8.1 phones, because they expect only a single device certificate per device and company root CA, not service specific ones.
Of course, you could roll-out a variety of different SCEP certificates via an MDM system, but the cert-picker on the phone will not automatically select the fitting certificate for a service, because it always chooses the first device cert from your company CA, it finds in the cert store!
This will naturally not always be the suiting one, which causes trouble accessing the service.

This behavior is by design and seems to be annoying at the first glance, but it is, if you think about it from an architectural perspective, much cleaner than the different certs for different services approach. A device certificate should only be used to authenticate the device and user against enterprise services, the related user / device rights should be stored in the directory services of your company.
Using this approach, rights management is much more transparent for administrators and not dependent on the possession of a certain service certificate. In addition, managing a single certificate is much less effort than multiple per device.