Showing posts from Security category
Secretless cross-tenant dataverse access
Call Dataverse in Tenant B from Azure Functions in Tenant A without storing secrets or certificates; use a user-assigned managed identity and a federated identity credential. The app is multitenant …
How Azure CLI handles your tokens and what you might be ignoring
The Azure CLI feels like magic: One az login and you’re in forever. But behind that convenience sits a cache of refresh tokens, shared across tools and tied to your Windows account. This post breaks …
Rethinking identity beyond passwords
In this post, I challenge the outdated obsession with password policies and complexity rules that still dominate many security conversations. Despite their legacy role, passwords no longer stand up to …
Resource naming reloaded: Azure Policy and Bicep for the winner!
Let’s solidify naming conventions with Azure Policy In one of my last blog posts, How to use Azure Policy to enforce resource naming conventions in your DevOps pipelines I explained how one could …
How to rotate secrets with Azure Logic Apps, Key Vault and Managed Identity
Do we REALLY need to rotate secrets? Ever wonder why we’re always harping on about rotating secrets in Microsoft Entra App Registrations? Rotating secrets is kind of like changing the locks on your …
How to secure access to an Azure Container registry with a Managed Identity and RBAC
This post is part of a series How to deploy Azure LogAnalytics Workspace and link Application Insights to it How to use Azure Container Registry to standardize deployments using Bicep across your …
How to secure access to an Azure Container registry with RBAC
This post is part of a series How to deploy Azure LogAnalytics Workspace and link Application Insights to it How to use Azure Container Registry to standardize deployments using Bicep across your …
How to add Azure AD directory extensions
tl;dr If you want a a queryable extension experience for objects in Azure AD, you can achieve that by first creating the extension definition and then associate that new extension to an object. You …
Why your Power Platform service principal doesn't need a Dynamics user_impersonation scope
Auth is hard, for most developers. This is also true when building Power Platform solutions. As I see some blog posts explaining how to use a service principal in Power Platform that contain some …
How to query Azure Monitor Log Analytics in Logic Apps with a Managed Identity and output results in a SharePoint list
Azure Monitor Log Analytics is super powerful to collect data and give you insights on what’s going on with your apps and resources. There is even an Azure Monitor Logs connector for Logic Apps. …
Get rid of Key Vault! (Making good things even better)
I love open-source, because it is a fantastic way to learn and share. I recently saw this tweet by Peter Klapwijk, who built a Logic App to monitor licenses of your Microsoft 365 tenant. The solutions …
ProvisionGenie - an open-source provisioning engine for Microsoft Teams
Once upon a time I teamed up with my friend and partner in crime Carmen Ysewijn. We both work as Power Platform developers and Microsoft 365 consultants, and got both tired of doing the same things …
Putting some more FUN into Azure Functions, Managed Identity & Microsoft Graph
I want to show, how you can use a Managed Identity in Azure Functions to get an access token for Microsoft Graph API. I will later expand on that scenario and make the solution available to be …
With great power comes great responsibility: Ensure that Microsoft Teams Owners are digitally literate
Uncle Ben was right — and if we translate this famous quote into our Microsoft 365 universe we know: If we give users great tools with great power, we also need to make sure to properly skill them up. …