How to Protect Your Power Platform Solutions

00:00:07 Mark Smith
Welcome to AI Unfiltered, the show that cuts through the hype and brings you the authentic side of artificial intelligence. I'm your host, Mark Smith, and in each episode, I sit down one-on-one with AI innovators and industry leaders from around the world. Together, we explore real-world AI applications, share practical insights, and discuss how businesses are implementing responsible, ethical, and trustworthy AI. Let's dive into the conversation and see how AI can transform your business today. Welcome back to the Microsoft Innovation Podcast. Today, we're dialing in from Germany to meet someone who's quietly reshaping how trust works in tech. Full links are in the show notes, as always. Welcome, Florian, to the show.

00:00:56 Florian Kronert
Thanks, Mark, and thanks for having me. I'm very glad to be here with you.

00:01:00 Mark Smith
When I saw your bio, I'm very interested in the area of tech you're working in, particularly around trust and security. and how that connects to things like the Microsoft Power Platform. But before we go there, tell me a bit about food, family, and fun.

00:01:18 Florian Kronert 
Okay. So first things first, it's, of course, family. I have a wife and a daughter, and we do a lot together, like family trips, amusement parks, everything. Just enjoy the time while your children want to do something with you. Once they get older, they want to do their own stuff, so use the time now. and food. I mean, I like to cook a lot, so really interested in cooking. And I also think that it's like a great touch point between international colleagues. Like when you have a colleague working from India or from Italy, it's always nice to exchange just some recipes and get to know the other's culture that way. So cooking Italian risotto or Indian dal, it's just a nice way of remotely exchanging culture. So that's also quite a nice thing for me. Well, and fun for me is riding my bike. So I ride my bicycle A lot. I have a cross-country mountain bike and it's really fun exploring the nature. I guess it's also quite popular among most of the IT guys. It's really many of us seem to like riding their bicycle and I'm one of them.

00:02:37 Mark Smith
So true. What part of Germany are you in?

00:02:40 Florian Kronert
I'm located in South Germany. It's near Lake Constance. I always say it's a little bit of a lie, but no one knows the region where I'm in. It's like, nowhere. But it's, yeah, but it's still a nice, a nice region here. It's the town. It's very rural, but it's a nice landscape and especially for riding your bike. It's always nice.

00:03:08 Mark Smith
Tell me about your journey into tech and what was that path for you?

00:03:12 Florian Kronert
Yeah, so I started in 2013, my journey into Power Platform, that time it was CM 2011 or 2013. And I started an apprenticeship at a CRM consulting agency. And I just started with a full development package. And got to know the platform, of course, back then. You had the tables, you had the columns, but it was just a lot less of everything. I mean, you were there even before me, so you know everything as well. It was just, I think the technical basis was very solid already back then, but when you take a look back, What was added now in the last years, it's mind-blowing, I think, how much the platform evolved and how much stuff there's now around everything, basically. Yeah, but that was the starting point, the apprenticeship then.

00:04:16 Mark Smith
So bringing me up to speed and how particularly things like open source have entered into your purview and how you look at things. a lot of people, when they consider Microsoft, they don't think open source, right? They think of the licensing contracts, et cetera. But tell me, what's your view on open source and what are you doing in that space?

00:04:40 Florian Kronert
So I have always been a fan of open source software. I have been playing around with Linux all my life, basically, right from my first PC on. I found it fascinating. And when I was a young adult, I had a very restless mind. So it had really the issue that my mind had to be occupied the whole day. I was thinking about stuff. And at that point of time, it was a burden at that point. And I thought, it does not have to be a burden. If I could focus all this mind power on something productive, it could be a superpower instead of the burden. And I thought, okay, what could I do? It would be really cool to be an open source developer myself. I thought, okay, why not do it in relation to Dynamics CRM? I mean, the platform is there. Even back then, I think Microsoft started really early that you could get free development organizations. If you did open source software, for example, and I thought, okay, I mean, everyone profits from it. I can speed up my learning process inside the platform. and people can use it and can profit from it that way as well. So I thought, okay, let's start, why not? And back in the days, there was just so little default functionality inside Dataverse. I remember when we did client-side scripting and we had to fetch stuff, and we always had this boilerplate code, like 100 lines of code for fetching any value for a record in the form. And I thought when Web API arrived, That was really a neat technology, but still the boilerplate code was there. So I thought, okay, I could write a wrapper for that. And then I wrote my first library. It was XRM web API client. It's still in use today. And that was just my first tool for really trying to give something back to the community and participating in there. Well, that was the starting point for many other technologies that followed up, I think. The one I'm most proud of is XM Templating Language, which is like a custom programming language that I created, like from ground up. I did not know how to create a programming language before, so I searched the internet and I found like a really old tutorial. It was written by a physics professor. It was like 30 years old at that point already, so it was really old. It was a text file and or it was multiple text files and it was written in Turbo Pascal. It was really, it was an advance and so I locked myself up for a weekend and installed Turbo Pascal to follow the tutorial. And once I understood how this works, it was a recursive decent parser. I thought, okay, I can do that in C-sharp as well. And so I sat there and wrote my own templating language using this tutorial. And that is what is today's exam templating language. And I used it for e-mail templating, but we also had customers at my employee, which were in the communication area. And you would not believe what rules they have for generating salutations. It's really absurd what people like to be called sometimes, like especially if they are royals or something like that. And it turned out that there are so many templating done in Dataverse already, be it e-mail templating or salutations, there's so much to do. And I thought, well, if I really focus on just templating and do it really well, it can be like a good product basically forever. And shortly after, I mean, Power FX arrived. And of course, this is now the most prominent low-code platform. And of course, we can also use it for templating and so on, but I guess I still have my niece with templating regarding emails and so on with XM templating language. And I'm already thinking about new use cases for doing templating in Dynamics. So you can ever extend it, but I'm a little bit cursed with Microsoft delivering what I did like half a year later or something like that. It's always the same.

00:09:09 Mark Smith
How was that journey? and the influence from the templating language, the open source, et cetera. What are you doing now from an AI perspective and how does that inform what you're doing in the AI space?

00:09:24 Florian Kronert
So when ChatGPT first arrived, I found it a really interesting technology and I wanted to start right ahead. And well, at first you could prompt ChatGPT, of course, but If you wanted to do stuff that we used to do with machine learning first, then you had to train your own models. And I took a look on the documentation on how you train your own models. And basically, it's this few-shot learning. So you provide GPT with a given set of inputs and a given set of derived outputs that you would want for these inputs. And I took a look at it. And usually when I inspect problems or just circumstances, I like to apply divide and conquer. So I thought, okay, what are we dealing with here? Basically, it's templating. I mean, you have an input and a transformation and you have an output and a transformation. So basically, for me, it was a templating problem. So I said, okay, I can apply XM templating language for that. And I created a first product or what I thought might become my first professional product. And I called it AI tune. And basically, you could just collect records with a filter condition and define a transformation in the exam templating language for the input and one for the output. All your records inside your filter were applied to this transformation. And basically, then you had this JSON lines file, which I fed to ChatGPT to train the model. And afterwards, you had a model which you could feed, of course, with the same input. or with the same input format as the training data. And then it gave you the same output. So it worked really great from start. But as we know history, Microsoft was really fast with their own AI game inside Power Platform. So this product was never really released. But one thing is to start from it. So as I said, it was designed as my first professional product. And I had the license protection written for that already. So just a small proof of concept and it worked really well. And I showed it to my colleagues at work. And when I said, okay, iTune will never happen. Microsoft is too fast. I cannot compete with them. A few months later, my colleagues came up and said, yeah, we know iTune died, but what about the license protection? We need something like that. Can you continue at least that? And I thought, okay, where is this use? Why not? And that's when I started working on license protection in Dataverse.

00:12:09 Mark Smith
So it's interesting you say that, because I started in the predecessor to the Power Platform, which was Dynamics CRM, back in 2003. And all through that time, I've been involved in companies who have produced add-ons to the Power Platform and all Dynamics. And one of the biggest bugbears any company has had in this space has been licensing protection. How do I protect the IP that I created because of the way the Power Platform, Dataverse, et cetera, runs? It's kind of open. And so ultimately, it can be reverse engineered, right? It can be copied, it can be extracted away. So I'm very interested in, so how did your, you know, this login-based licensing model that you've created, how do you think about it? What's the common use cases that you're seeing your customers use it for? And what problem does it solve?

00:13:08 Florian Kronert 
Yes, sure. So as I said, license protection has been a topic for a very long time. And I guess most commonly it was just ignored because it was just so difficult to get it working in there. But our tools that we can use inside Dataverse have evolved drastically. And now there's a lot more that we can do for protecting our services. I think one point has to be very clear. No matter what you do for license protection inside Dataverse, Dataverse is just designed that the personal power is always the administrator of the environment. So you cannot rule over them. No matter which licensing service you choose, whether it be an online license protection service or my solution or one you fit me yourself, if you have an administrator who decides to mess with your logic to override your assemblies, there's nothing to do against that. They are just in power of their environment, and I think that's also good that they are in power of it. But I question myself a lot. regarding how big is this problem really. And I have come to the conclusion, in reality, it's not big. Because if someone tries to mess with your licensing logic or with any other part of your product or software, they always risk operations of their own system. I mean, everything can break, and no one wants that for this production environment that breaks because you try to tamper with your product, with your license protection or your software in general. So I think in practice, this is really not. a big problem. So with that basis, it allowed me to use all the native components that the platform offers for designing the license protection system. And what was the most important topic for me was not limiting your software in any way. So everything that you would try to do without license protection should be available as well. And the first thing that comes to your mind then is offline. availability, because especially in mobile apps, everything is now designed like offline first. So I had to think of a way to protect this environment without having to call any third-party applications. And at the time where I wrote this, I was heavily involved with writing Azure applications with OAuth and so on. And I thought, okay, we're basically a license It's just a very long-lived login, if you're honest. So it's just like a login for a customer to your software for his environment. And I thought, okay, why not? I mean, there's this JSON Web Token standard, which just defines like a claim set. So you can define inside the JSON properties for your license, like who issued it, for whom, for which product, for how long. and then you can sign it digitally so that okay, this was issued by me. And this was just the base then for me to implement the license handling. So licenses are JSON web tokens which are signed by you digitally so that they can be stored offline, validated offline, and will work as seamlessly as possible in the customer environment. So that was my goal from the beginning on. And everything turned out really nice, gladly. But I have to say, especially Canvas apps were at some points really a beast to tame because there's so many limitations in various places. But luckily, all were resolved.

00:17:03 Mark Smith  
Excellent. Excellent. So where do people, if they need that solution as part of their IP, how do they access that from you?

00:17:12 Florian Kronert 
Well, I have a repository where all the code that I wrote for the open source clients is available. So that was important to me.I wanted to have a trust relationship with everyone who incorporates my solution.So usually everything that is licensing-based or security-based is like really a black box and no one wants you to see the code inside. And I wanted to do it drastically different. So I wanted to be as open as possible because in the end, the ISVs that incorporate this license check have the right to know what happens inside. And I think they also need to know what happens inside just to understand what happens behind the scenes. And maybe at some point they want to contribute. You never know. So there's this GitHub repository that I set up where you can get a managed solution which contains all the components that you can use for enforcing licenses inside the customer environment. And of course, there's also the source code available for everything that is code that is shipped with the solution. And it's really easy to embed it into your product. So let's take an example. You have a PCF that you created and you ship it as a standalone solution and now you want to have license protection for it. I have an NPM package right now, especially for React and Fluent UI, but it's extensible. And you just install the NPM package. You insert some data that you can generate on the Yanis Guard portal. So Yanis Guard is what I call this license protection product. And well, then you're already good to go. So it's basically done in 10 minutes. You just put it at the root of your PCF, for example. And then this toolkit that was installed can automatically detect in which environment it is running, whether there's a license available for your product. And if everything is fine, then your PCF in that case is rendered. And if not, then users are prompted for a valid license and your product or PCF is not being shown. And that is the same principle, more or less, for Canvas apps, for flows, and for plugins. And you could even use it for forms if you want to.

00:19:30 Mark Smith
Wow, that's amazing. That's amazing that it's that flexible. What's the risk and the opportunity for developers do you see? and really looking at yourself as an example, in that AI is becoming so much more prevalent in the development life cycle. Microsoft claiming recently, I think, that 30% of their code is now AI-written. First of all, what do you see the risks for developers? And then the converse to that, what do you see as the opportunity for developers now that AI tooling from a developer perspective is becoming much more prevalent?

00:20:09 Florian Kronert 
Yes, sure. So I think probably every developer today uses AI in some way for assisting and writing the code. So I have done various experiments on trying to find out how I myself can work best with AI. And I tried letting AI write code for me. And of course, most of the time, especially for easy tasks, it works well. But I also had encounters where I threw like a very big function at AI and said, okay, please make or change this or that. And it did so. But on the way out, it changed completely unrelated paths of my code, which I did not expect to change. And sometimes functions were being thrown out and just a comment was replaced instead. And saying, implementation would be here. And it's not okay. that's not really what I wanted. I think for some people it may work better, for some people it may work worse, but what turned out the best for me personally was to use AI like as a partner programming peer, so to say. So I like it a lot for telling it ideas that I want to implement and how I want to implement it. And I mean, AI, especially ChatGPT, has this tendency to praise you all the time, like you're so great and it's so good what you're doing. And I don't need that. I want it to be brutally honest and I want it to make me reconsider everything that I'm doing. And I guess only then you can really unlock the full potential of AI. So that's how I use it. Most of the time I give it snippets that I have already written and say, okay, now tell me where did I mess up? And of course, if it's something simple like boilerplate code, I still let AI write the code for me. And afterwards, I check it thoroughly. And what is important to me is I really want to understand every single line that is written by AI. I don't want to copy and paste it and say, okay, it's working. I'm glad. I really want to understand it. I mean, back then when we didn't have AI and IntelliSense was the coolest tool everywhere, after two or three years, I said, I have the feeling I'm becoming too dependent on IntelliSense. Like, if you have the feeling, okay, now when the IntelliSense server crashes, I'm not able to work anymore. That doesn't feel good. So for me, that was an exercise to just shut down IntelliSense for a while, just for me to know that I'm able to work without IntelliSense as well. And

00:23:01 Florian Kronert
I guess I took over this learning to AI as well. So I myself, I just don't want to become too dependent of everything because it's so easy, right? So you give a prompt to ChatGPT and you get your function and you take a look at it and you say, okay, I understand everything that it wrote, it's fine for me. But when you take a different route and say, okay, would I have come up with the same solution without ChatGPT providing me all the code? Most of the cases when I tried it first to recreate it in the next instance, I was not able to fulfill what I wanted to do without AI. So I said, okay, if I'm not able to really reliably reproduce what AI wrote for me, then I better not use it as much as I did before, just so that I don't get stuck in my personal evolution.

00:23:52 Mark Smith
 Yeah, it's an interesting perspective and very grounding. The last question I have for you is around, I know you've worked with a lot of Microsoft partners and you now work on the customer side. Can you give me a contrast of the difference between working for Microsoft partners as opposed to working direct customers?

00:24:12 Florian Kronert
Yes, sure. So when you work for a consultancy or consultant agency, like always so much stress and different escalations going on. Like at times you have 3 or 4 or 5 escalations in parallel and it's exciting and it's cool to be the hero and save the day. And it's also really, really great for speed running, just gathering all that knowledge. So it's stressful and it's busy. But If you want to grind your way up fast, I can only recommend doing so. Like, you can never learn as much in so little time as when doing it in that big companies that have so many customers in parallel where you can bring in just your skill set, basically. And when I've always taught in modules and in generic solutions, so most of the time when you had a customer that wanted to have something implemented and I thought we could do it generically. I mean, other customers could have the same issues and therefore also the same solutions. So I was eager to create generic solutions all the time. There's a lot of modules that I created and it was very, very fun. And after a few years, I mean, when you sit at a customer site and they have something they want to solve, you can just bring in all the modules that you have in hand and solve most of the issues right away. And everyone is glad because you don't have to write the same code over and over again. And the customer is happy because it's just way cheaper than writing everything from scratch again. So it's really a fun time. But yeah, as it is, of course, once you want to do your own thing, as I wanted to do, you become a competitor of your own company. And this is

00:26:16 Florian Kronert
Never were regarded. So I had issues regarding that. And I thought, okay, how could I resolve that? And the solution was just to pick my most interesting customer that I had at the time and said, okay, why not switch sides and work directly for the customer? And gladly it worked out. And at the beginning, I thought, I hope it does not get boring. I hope that it will still be challenging sometimes. And I have to say, it is really challenging. It's just different challenging. I mean, when you're working for a consultant agency, you are not as bound to the customer process as you are when you are working for the customer directly. So I have the feeling, before I had to pay attention to not lose progress with the Dataverse platform, but that was mostly it. And afterwards, we had like processes inside my current employee that are so complex that you have to learn the processes like for months already to really understand them by heart. So now you have the Dataverse platform that you have to keep up with and also the internal processes. But the benefit is you just have this one customer, right? So you don't have to to keep in touch with five customers, you can just focus on this one customer, at least I think of it like that. And you have way more time, so you can really focus on your tasks for this one customer. And usually, at least in my employee, you also get time off for keeping up with the platform. So reading release wave notes and so on, you can prepare everything. So it was really drastically different, but in a refreshing way, I would say. So I can still do everything that I want with generic modules and so on, but I don't have to keep up with so many customers in parallel. And also what is a nice benefit that I did not think of first is you are very nearer to your end users. Like the feedback is very direct and you really see where the pain points are for the end users of your product and your platform. And that was also very important to me because I wanted to still be very near to the platform and to never lose track of what's happening everywhere. And gladly that turned out very well. And I think I know what pain our users have even more than before because the communication and integration is just very much closer.

00:29:03 Mark Smith
I like it. Floren. My takeaway there from you was that closeness to the customer. You can get back, you get your feedback loop so much better in that scenario. I like it. Thank you so much for coming on the show. It's been really interesting hearing your story.

00:29:18 Florian Kronert
Thanks for having me. It was really great.

00:29:22 Mark Smith
You've been listening to AI Unfiltered with me, Mark Smith. If you enjoyed this episode and want to share a little kindness, please leave a review. To learn more or connect with today's guest, check out the show notes. Thank you for tuning in. I'll see you next time, where we'll continue to uncover AI's true potential, one conversation at a time.