The Power of Blue Books for Platform Impact


Why invest in prescriptive guidance or “Blue Books” for Microsoft platform impact?  While the answer is obvious to many, it’s not as obvious to others, so I’ll attempt to paint the picture here.

Building Secure ASP.NET Applications was the first “blue book” at Microsoft, but it was Improving Web Application Security that really made people take notice (it was downloaded more than 800,000 times in its first six months and it changed how many people in the industry thought about security and it changed their approach.  It’s also the guide that helped many customers switch from Java to .NET.)  An interesting note about Building Secure is that the Forms Authentication approach was baked into the Whidbey platform (ASP.NET 2.0.)

**Blue Books Shape Platform Success
**Blue Books have played a strategic role in both shaping the platform and driving exponential customer success on the platform.   They’ve helped us find and share platform best practices, create mental models and conceptual frameworks, and create systems and approaches that scale success and create powerful ecosystems.  They’ve also helped us spring up offerings for our field, reduce support costs, and win competitive assessments.

Ultimately, Blue Books give us a strategic look at platform pain points as well as competitive analysis, and a consolidated set of success patterns to run with.

From patents to methodologies to better ways for better days, “Blue Books” have been the definitive way for improving platform success in a sustainable way – a durable backdrop that provides continuity of the platform over time.

Benefits at a Glance
Here is a quick rundown of some of the key ways that Blue Books have helped Microsoft and customers win time and again:

  • Platform Playbooks - Serve as platform playbooks for Microsoft, field, support, customers, and partners
  • Shaping the Platform and Tools – Shape the platform and tools by testing out patterns and practices as well as methodologies and methods with the broad community before baking into the platform and tools.
  • Scaling Success Patterns - Broadly scale proven practices and success patterns for predictable results
  • Roadmaps for Platform Adoption - Lay out roadmaps for technology adoption as well as success patterns
  • Competitive Wins - Win competitive assessments (the Blue Books have played a critical role in influencing industry analysts and in winning competitive assessments time and again)
  • Innovation for Exponential Success - Innovate in methodologies and methods for exponentially improving customer success on the platform
  • Frame and Name the Problem Domains – Frame out and name the problem spaces and domains (when you frame out and name a space, whether through patterns or pattern languages, you create a shared vocabulary and model that empowers people to make forward progress at a faster pace and more deliberate way.)

The list goes on, but the essence is that these playbooks help customers make the most of the platform by sharing the know-how through prescriptive architectural guidance.


**Example Blue Books
**I won’t speak for all the Blue Books at Microsoft, but since I created the bulk of the Blue Books, it’s easy for me to speak from the ones I created.   Here is a summary of the impact that can help you better understand the value of Blue Books from a broader perspective.


Blue BookResults
Application Architecture Guide, Second Edition
  • The platform playbook for Microsoft’s application platform
  • Canonical application types for Web app, RIA, Rich Client, Mobile, and Web Services
  • Baseline best practices for application architecture and design
  • Templates baked into Visual Studio
  • Praise from Ray Ozzie
  • Praise from Grady Booch
  • Conceptual Framework for Application Architecture
Building Secure ASP.NET Applications
(aka The first official Microsoft “Blue Book”)
  • End-to-End Application Scenarios for Web Apps
  • Created a highly reusable set of Application Patterns
  • Baseline architectures and success patterns shared broadly inside and outside Microsoft
Improving .NET Application Performance and Scalability
(aka “Perf and Scale”)
  • Repeatable performance model
  • Created a highly-effective method for performance modeling
  • Performance Engineering approach baked into Visual Studio
  • 4 patents filed for performance engineering
  • Performance Engineering approach widely adopted inside and outside Microsoft
  • Used for offerings in Microsoft Consulting Services
  • Rules baked into Microsoft Best Practices Analyzer Wizard (MBPA)
Improving Web Application Security
(aka “Threats and Countermeasures”)
  • Repeatable security model for Web applications
  • Created a highly-effective method for threat modeling
  • Created a knowledge base of threats, attacks, vulnerabilities, and countermeasures
  • Security model for network, host, and application security
  • Security Engineering approach baked into Visual Studio
  • 4 patents filed for application security
  • Used for offering in Microsoft Consulting Services
  • Rules baked into Microsoft Best Practices Analyzer Wizard (MBPA)
Improving Web Services Security
  • Security model for Web Services
  • End-to-End Application Scenarios for Web Services
  • Created a highly reusable set of Application Patterns
  • Baseline architectures and common success patterns shared broadly inside and outside Microsoft
Performance Testing Guidance for Web Applications
  • Created a highly-effective method for performance testing Web applications
  • Performance Testing approach widely adopted inside and outside Microsoft
  • Used for offerings in Microsoft Consulting Services
Security Engineering Explained
  • Created a model for baking security into the life cycle
  • Helped shift thinking from security "reviews" to "inspections"
  • Overlays security-specific activities on product development life cycles
Team Development and Visual Studio Team Foundation Server
  • Created a glide-path for TFS adoption (source control, build, task tracking / reporting, process)


**End-to-End Application Scenarios and Solutions
**Here’s an example of an application scenario.  We use application scenarios to show how to solve end-to-end problems.  It’s effectively a baseline architecture based on successful solutions.   Here is an example from our WCF Security Guide:








We share them as sketches like on a whiteboard so they are easy to follow.

Methodologies and Methods
Methodologies, frameworks and approaches are nice ways to wrap up and package a set of related activities that you can use a baseline for your process or to overlay on what you already do.  Methods are step-by-step techniques for producing effective results and they are a powerful way to share expertise.   Methodologies and methods are how we create exponential results and amplify our impact.

Example Methodology – Agile Security Engineering


Example Method – Threat Modeling Technique



Conceptual Frameworks and Mental Models
We use mental models, conceptual frameworks, and information models to learn and share the problem space.

Example Conceptual Framework for Web Security


Example Mental Model for Application Architecture



Hot Spots
Hot Spots are basically heat maps of pain points and opportunities.  We use them as a lens to help us see customer pain points and opportunities, and to prioritize our investments.  They also help us identify, organize, and share scenarios.  Hot Spots also help us organize and share principles, patterns, practices, and anti-patterns for key engineering decisions.   Hot Spots are a powerful tool for product planning and for building prescriptive guidance, platform, and tools.

Example of Security Hot Spots


Example of Architecture Hot Spots


Scenarios Organized by Architecture Hot Spots


Competitive Wins
Our Blue Books have consistently been used for winning competitive assessments or at least making significant impact in key areas.  Whether there’s a gap in the tools or a gap in the platform, prescriptive guidance can smooth it out by creating a success path for customers.

Example of beating IBM in Every Category Around Guidance


You can find a deeper rundown on the competitive assessments in my previous posts. 

The Bottom Line on Blue Books
The bottom line for me is that Blue Books have helped shape platforms and tools and to create glide-paths for customers through mental models, methodologies, and methods.  They’ve been a powerful way to share success patterns, help paint the bigger picture, and connect the dots across platform, tools, and guidance. 

The adoption and usage has accelerated over the years to the point where just about any customer in the application development space that works with the Microsoft platform is familiar with either patterns & practices for the Microsoft Blue Books.

Blue Books have been the freemium offering from Microsoft that have paved the way for premium experiences.