Mateusz Jendza

GitHub - mjendza/workshop-entra-as-code-interactive Contribute to mjendza/workshop-entra-as-code-interactive development by creating an account on GitHub.

Announcing: Entra as Code Interactive Workshop - Now Public!

I'm excited to share that I've just released my Entra as Code Interactive Workshop as a public GitHub repository.

github.com/mjendza/work...

𝐇𝐨𝐰 𝐝𝐨 𝐲𝐨𝐮 𝐞𝐧𝐬𝐮𝐫𝐞 𝐜𝐨𝐦𝐩𝐥𝐢𝐚𝐧𝐜𝐞 𝐚𝐧𝐝 𝐚𝐮𝐝𝐢𝐭𝐚𝐛𝐢𝐥𝐢𝐭𝐲 𝐰𝐡𝐞𝐧 𝐦𝐚𝐧𝐚𝐠𝐢𝐧𝐠 𝐒𝐞𝐫𝐯𝐢𝐜𝐞 𝐏𝐫𝐢𝐧𝐜𝐢𝐩𝐚𝐥𝐬 𝐚𝐧𝐝 𝐒𝐒𝐎 𝐚𝐩𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬 𝐢𝐧 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐄𝐧𝐭𝐫𝐚 𝐈𝐃?

My proposal with Backstage & Maester
#EntraID #IAM #DigitalIdentity

Google Pixel 10 phones natively support C2PA Content Credentials, providing verifiable, offline-capable provenance and hardware-backed security for photos and media.

𝐏𝐚𝐫𝐭𝐧𝐞𝐫 𝐯𝐬 𝐂𝐮𝐬𝐭𝐨𝐦𝐞𝐫:
👉 Social Federation (Apple ID) vs Workforce Federation (Okta).
👉 Different levels of compliance and security.
👉 Different business owners and processes - but maybe the same tools and applications.
👉 Different SLA.

👉 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐢𝐬𝐧'𝐭 𝐣𝐮𝐬𝐭 𝐚𝐛𝐨𝐮𝐭 𝐡𝐚𝐯𝐢𝐧𝐠 𝐬𝐭𝐫𝐨𝐧𝐠 𝐩𝐚𝐬𝐬𝐰𝐨𝐫𝐝𝐬...

It's about understanding your users, risk profile, and regulatory requirements to implement the RIGHT security measures for each context.
And you? Do you use similar authentication/authorization methods like on the screen?

What is the best tool to review public Entra ID Tenant data?

For me: AADInternals OSINT (site & PowerShell module)

We can get complete details about the tenant, including:
👉 Tenant ID
👉 Tenant Name (onmicrosoft domain)
👉 Domains (all domains connected with tenant)
👉 Brand name

#EntraID

Do you need to meet complicated password requirements?
Feel free to use a 60-character password.

PS> To improve security, I pasted it as a picture!

💥 Blog Post Alert 💥
𝐀 𝐂𝐨𝐦𝐩𝐫𝐞𝐡𝐞𝐧𝐬𝐢𝐯𝐞 𝐎𝐯𝐞𝐫𝐯𝐢𝐞𝐰 𝐨𝐟 𝐎𝐮𝐫 𝐒𝐒𝐎 𝐈𝐦𝐩𝐥𝐞𝐦𝐞𝐧𝐭𝐚𝐭𝐢𝐨𝐧
Do you move from the SQL table with username & password?
Do you own more than one application?
Are you facing a sign-in screen all the time?

Check my blog post on how Sing Sign In works 🚀
mjendza.net/post/sso/

#EntraID #SSO

💡 𝐌𝐲 𝐄𝐧𝐭𝐫𝐚 𝐄𝐱𝐭𝐞𝐫𝐧𝐚𝐥 𝐈𝐃 𝐀𝐫𝐜𝐡𝐢𝐭𝐞𝐜𝐭𝐮𝐫𝐞 💡

I recommend a couple of components:
👉 Management API.
👉 User Flows & Customization.
👉 Entra ID as Code.
👉 Profile as a central place to manage user details.
👉 My demo application: Portal.

🏷️ Extra: Verified ID for External ID tenant
#EntraID #CIAM

A friendly reminder ;)
👉 Use Fido2 keys
👉 Use software passkey with your password managers
👉 Verifiable Credentials can also be used as a passwordless method
🚀 Passwordless is easier to use than complex long password

I checked my bank account history three times. The wire was not provided to me ;)

Link: www.ft.com/content/9921...

mjendza.net/post/entra-e...

👉Blog Post Alert

Discover how token enrichment can streamline your customer authentication processes and enhance security.
Explore how the Identity Platform can support your business needs and unlock new possibilities.

🚀I stopped using Visio, and other tools for:

👉 Big Picture diagrams
👉 Sequence Diagrams

And moved to PlantUML, creating all diagrams as code.

And you?

GitHub - microsoft/documentdb: DocumentDB offers a native implementation of document-oriented NoSQL database, enabling seamless CRUD operations on BSON data types within a PostgreSQL framework. DocumentDB offers a native implementation of document-oriented NoSQL database, enabling seamless CRUD operations on BSON data types within a PostgreSQL framework. - microsoft/documentdb

🎉 pg_documentdb is open source

I created the initial version with Vinod Sridharan (an absolutely brilliant engineer) at Microsoft a few years ago and it's come a long way since.

It reimplements Mongo API with exact semantics in PostgreSQL. Already used by FerretDB!

github.com/microsoft/do...

Simple & Amazing tool to stress your HTTP
github.com/codesenberg/...

PS> Are you ready to return 429 status code 🤔

Next place where you can check the technical details for Verifiable Credentials: sandbox to play around with different business types and Data Model 1.1 and 2.0

#verifiablecdedentials #sandbox

vcplayground.org

Entra ID vs Entra External ID

👉Do you know that there are two different tenant types?
👉Do you know that there is a dedicated tenant for your customers? Were you fully separated from your organization?
#IAM #CIAM #EntraID

💥 If you're looking to dive deep into the Verifiable Credentials flow, this is the first place you should visit!

lnkd.in/dak5xidM

The diagrams in the article are amazing and provide a clear visual representation of the process.

#VerifiableCredentials #Identity #DigitalIdentity

Hello token friends, do you use the content of the access token as part of your application. Then be aware that Microsoft will switch to encrypted access token and this might break stuff.

Switch to id token. #EntraID

https://devblogs.microsoft.com/identity/access-tokens-and-id-tokens/

Magic Link? Three facts about:
#authentication #authorization #digitalidentity

💡 With Verifiable Credentials

👉 a full authorization flow for payments (I created a Factorlabs Bank Demo to show you the Business Case 🪙

👉also authorize access (also physical access) as a security guard 🤵

Do you have any scenario with authentication and/or authorization scenarios?

GitHub - mivano/azure-cost-cli: CLI tool to perform cost analysis on your Azure subscription CLI tool to perform cost analysis on your Azure subscription - mivano/azure-cost-cli

I plan to test, maybe from the console it will be faster to get the same result
github.com/mivano/azure...

My favourite 'Cost analysis' view is Group by resource with the Daily Granuariry:
- My workloads are 'stable' I don't have picks so monthly prediction can be based on a daily consumption
- Based on the diagram I can decide and move to another resource type to limit the cost of the solution

Need a Morse Code Translator?
Check morsecodetranslator.com also there is a GitHub repository :)
github.com/ozdemirburak...

Build your own Morse Translator 🥸

#ItCanBeFun

Demo for authentication: demo.factorlabs.pl
VC for Europeans github.com/goeIDAS/test...
Enable Entra Verified ID for your workforce or customer tenant: www.microsoft.com/en-us/securi...
check my blog post: mjendza.net/post/07-07-2...

Verifiable Credentials (VC) facts and cases:
- passwordless for your Identity Provider (authentication)
- a framework used by EIDAS to authorize via National ID
- coupons, gift cards
- authorize physical access and person-people verification
- with national ID can be a captcha verification

1/2

Solving Fine-Grained Authorization by Turning the Problem on its Head Build a high-performance policy engine with only a few lines of SQL.

Look at the blog post if you are thinking about the solution to speed up token enrichment with authorization data.

In my opinion many cases for 80% of calls the response is static (Pareto principal) and with a key-value store, we can deliver the response fast!

www.feldera.com/blog/fine-gr...

DOOM® CAPTCHA Prove you're human by playing DOOM

DOOM as captcha 😍

One of the methods to protect your CIAM system from synthetic (for example fake accounts with 10 min mailbox) is the captcha system.

The best one is not involving you as a user to prove you are human.

But look this one is amazing ;)
doom-captcha.vercel.app

#CIAM #syntetic

GitHub - openwallet-foundation/credo-ts: Typescript framework for building decentralized identity and verifiable credential solutions Typescript framework for building decentralized identity and verifiable credential solutions - openwallet-foundation/credo-ts

🥸 VC Backend can based on Credo github.com/openwallet-f...
🥸 Wallet (Android and iOS) TrustBloc Wallet SDK github.com/trustbloc/wa...