Category Archives: Azure Active Directory

My recipe to build secure applications hosted in Azure

Hi, Here are some tips that might help you building and hosting secure applications in Azure. Application Architecture: Clients and APIs Make sure to make a clear segregation between clients and APIs. I’m not a great fan of MVC where … Continue reading

Posted in Azure, Azure Active Directory, Azure Key Vault, Security | Tagged , , | 2 Comments

May Azure AD V1.0 endpoint be used for GDPR compliancy?

Hi, By now, everybody should have heard about GDPR. While not being a lawyer, I think I can summarize it this way: any identifiable personal information as well as sensitive personal information is subject to GDPR regulation.  This first and … Continue reading

Posted in Azure, Azure Active Directory | Tagged , , | Leave a comment

DevOps – Using Azure MSI with VSTS – step by step

Hi, [Update] In the meantime, I have created a free VSTS task that does all what’s explained below. Microsoft recently announced Azure Managed Service Identity (MSI) which in a nutshell, is a way to avoid storing credentials in code or in locations such … Continue reading

Posted in Azure, Azure Active Directory, Azure Key Vault | Tagged , , , | Leave a comment

DevOps trick – Provision Azure Active Directory Apps in a highly controlled way – step by step

Hi, [Update] In the meantime, I created a free VSTS marketplace extension that does all what’s explained below and even more. Recently, I wrote a short blog post on how to provision Azure Active Directory (AAD) Apps in a highly controlled way, so … Continue reading

Posted in Azure, Azure Active Directory | Tagged , , , | 3 Comments

DevOps trick – Provision Azure Active Directory Apps in a highly controlled way

Hi, [Update] In the meantime, I created a free VSTS marketplace extension that does all what’s explained below and even more Besides promoting a new collaboration mindset between development & operations, DevOps’ primary goal is to use tooling in order … Continue reading

Posted in Azure, Azure Active Directory | Tagged , , | 1 Comment

Implicit Grant flow and group membership within ID_TOKEN

Hi, I recently realized thanks to a colleague @MMeuree, that the ID_TOKEN that’s supposed to contain the group membership as shown below: does not list more than 4 groups (here I grabbed the token using another flow). So, if the user … Continue reading

Posted in Azure, Azure Active Directory | Tagged , , | 2 Comments

Transparent BOT authentication with Microsoft Teams

Hi, At the time of writing this blog post, the BOT framework is still in preview so things are subject to change! However, if you already played with it and tried to enable the Teams Channel for one of your BOTs, you’ll … Continue reading

Posted in Azure, Azure Active Directory | Tagged , , | 3 Comments

Microsoft BOT framework, transparent authentication with the webchat control

Hi, In this post, I will explain how you can transparently authenticate end users to a BOT whose the backend is hosted in Azure. I’m only covering the webchat channel and more particularly the webchat control that is available out … Continue reading

Posted in Azure, Azure Active Directory | Tagged | 26 Comments

Alternative to Azure AD Premium’s Azure AD Privileged Identity Management (PIM)

Hi, Azure AD Priviledged Identity Management aka PIM is a great set of features to control who can access what in an organization but this is part of Azure Active Directory Premium P2, which costs about 7 euros/month/user at the … Continue reading

Posted in Azure Active Directory | Tagged , | Leave a comment

Leveraging the Azure AD Proxy to consume on-prem APIs from an Azure Web Job using the Password Grant Type

Hi, When creating Azure AD Proxy Applications to expose on-prem WebAPIs, you have to do a few things such as: Installing the proxy connector on an on-prem server (that has access to the web api) Configuring KCD in order to … Continue reading

Posted in Azure Active Directory, Azure Active Directory Proxy | Tagged , | Leave a comment