Review@amazon: Microsoft Power Platform Enterprise Architecture

 This weekend i read the book "Microsoft Power Platform Enterprise Architecture"

https://www.packtpub.com/product/microsoft-power-platform-enterprise-architecture/9781800204577

Packt.com says about the book:

For forward-looking architects and decision makers who want to craft complex solutions to serve growing business needs, Microsoft Power Platform Enterprise Architecture offers an array of architectural best practices and techniques. With this book, you’ll learn how to design robust software using the tools available in the Power Platform suite and be able to integrate them seamlessly with various Microsoft 365 and Azure components. Unlike most other resources that are overwhelmingly long and unstructured, this book covers essential concepts using concise yet practical examples to help you save time.[...]

This is something i fully agree with. 

For more details please read my review at amazon :).

Postman: Scratchpad is end of life - Only cloud based workspaces possible --> How to keep the passwords/secrets secure?

Postman is the swiss army knife tool for dealing with HTTP(S) requests. You want to test anything with an GET, PUT, POST, OPTION call? Postman is the way to go.

https://postman.com

But some months ago postman announced the following:

Scratchpad was the option to work locally on your PC with postman and nothing was synced to the cloud. That was really cool, because most of the HTTPS requests have to be authenticated in some way (basic auth, secrets for oauth, api-keys, etc...)

From my perspective cloud is a very cool thing, but moving all the sensitive parameters into the postman cloud is not really an option.

So what to do? 

1. Check alternatives....
   But there is nothing like postman. e.g. the possibility to render the request to a curl, powershell, NodeJS axios, ... call and use this anywhere else....
2. Remove all sensitive data from your request
   A good step (and just to note: it is bad design, if you ever stored secrets inside the calls :) )
3. Now the calls do not work anymore....
   :(

But this problem was addressed really a long time ago (more than 4 years ago):

Prevent sync of passwords, api keys, and sensitive variables · Issue #6796 · postmanlabs/postman-app-support (github.com)

So here the link to the solution:

https://learning.postman.com/docs/sending-requests/variables/

It is just this easy:use variables and do not fill the initial value!

Here the tests: 

First the local postman:

Second the browser postman:

As you can see: the current values are empty inside the cloud for all entries, which have the inital value not filled...

(By the way: the current value is always a copy of the inital value. If you put there something like test11 and test22, only test1 and test2 will show up in the cloud version).

LinkedIn: Microsoft 365 Backup for Dummies sponsored by Veeam

 This week Veeam published this booklet on linkedin.com for download:

The booklet contains 6 chapter - the last one is a summary "Six takeaways" like always in such "for dummies" books.

From my point of view chapter 1 & 2 can be skipped - this you should really know, if running M365 (motivation for M365 backup). 

Chapter 3 is about how the loss of files can be prevented with M365 mechanisms. This is about compliance center, retention policies and labels. But only the keywords are mentioned and no deeper insights are provided.

In chapter 4 many scenarios are described, how you can loose your data on M365. Here a quote:

I think this chapter can be skipped like chapter 1 & 2. 

Chapter 5 opens with a nice term which was new to me: BaaS - Backup as a Service. Never thought about this acronym. Completely clear, that some backups in cloud are done without having purchased storage or servers on premises. Nice thing inside this chapter: a checklist about data source, data properties and some others. Really nice.

Chapter 6 comes up with the takeaways. These are really worth reading.

LinkedIn: A Guide to Data Governance - Building a roadmap for trusted data

On linkedin from "The Cyber Security Hub" shared a nice booklet about data governance:

An like always: It is only a booklet with about 25 pages - so this is not really a deep dive into this topic, but it gives you a good overview and of course a good motivation:

These include the need to governdata to maintain its quality as well as the need to protect it. This entails the prerequisite need to discover data in your organization with cataloguing, scanning, and classifying your data to support this protection.

and if this is to abstract, you should consider the following use case (and i think this use case has to be considered):

However, for AI to become effective, the data it is using must be trusted. Otherwise decision accuracy may be compromised, decisions may be delayed, or actions missed which impacts on the bottom line. Companies do not want ‘garbage in, garbage out’.

The booklet contains the sections "Requirements for governing data in a modern enterprise", "components needed for data governance", "technology needed for end-to-end data governance" and "managing master data". All sections do not provide a walk through for achieving a good data governance, but there are many questions listed, which you should answer for your company and then move forward. 

If you already have a data governance in place: This book is a good challenge for your solution. And for sure you will find some points, which are missing :)