Posts

Make life easier with Entra ID as Code TL;DR It is the end of 2024; daily, we use the following: CI/CD pipelines for infrastructure as code (IaC) deployment to create Services, Applications, Storages, etc, permissions (RBAC) from resources to resources (App Service WebApp1 should read Blob Storage WebApp1Storage), secrets, we hate them, but we found a solution to avoid secrets with Managed Identity and Workload Identity solutions, What is the plan for us? We will use Azure Portal and Entra ID blade to manage our applications, permissions, and secrets. Via browser, we can create and update our App Registrations. Can we improve our Entra ID and Entra External ID with IaC, as shown in the screenshot (Picture 1) below? ...

Blue-green deployment starter pack. TL;DR I want to share a simple way to start with blue-green deployment. From the diagram to the working solution. Please check my sample GitHub repository with the bicep sample for Azure FrondDoor and Azure App Service (two instances). Reason I want to start with the meme - but it is not - it is a real case! Do you want to check the newest .Net Framework with your (legacy) application? Or do you want to test a clean deployment process for your infrastructure? In the perfect scenario, 100% test coverage and integration and E2E tests for each service and delivery team will bring you 99.99% confidence in the deployment process. But in the real world, I’m not blaming, but the standard case is that a secret, password, or production endpoint can fail and disable the whole application for seconds, minutes, or hours. ...

Welcome to the Magic World Technical Details Magic Link - (link with the magic) - like the name is a URL - a link to the action (Internet page). Example : https://corp.io/sign-in?id_token_hint=bWFnaWMgbGluaw== (decode the token from Base64 to see what is inside). To make the public communication secured - a common implementation is JWT (Json Web Token) with JWKS (Json Web Key Sets). The payload is JSON - easy to interpret. ...

Tl;dr I will show you typical CIAM challenges, scenarios, diagrams, and links to the repositories with the implementation of the new Azure Service—Entra External ID for Customers (CIAM). Big Picture Link to bigger picture. Introduction Entra External ID for Customers is a new Azure Tenant type that allows you to create digital identities for your customers. It is a separate tenant type, not connected with your organisation’s tenant. I want to show you typical CIAM challenges with the diagram (big picture). We will go through the diagram step by step, and I will show you possible solutions. ...

TD;DR :megaphone: Announcement :megaphone: The Factorlabs Bank mobile :mobile_phone: application is now available. The primary purpose is to demonstrate the business cases for Verifiable Credentials. Visit the Factorlabs VC Bank on the Google Store at https://play.google.com/store/apps/details?id=eu.factorlabs.android.bank.wallet Details The Verified ID service was used to build a payment system. Big Picture Actors Bank Customer Uses Factorlabs VC Bank Application on the Android device. Can create a bank account. Can use bank account to pay via supported eCommerce websites. Bank System Can create a bank account for the customer. Can transfer money between accounts to support the payment process. Can return account balance. eCommerce Websites Can ask for the bank account number. Can receive the payment. Demo overview ...

TL;DR It is not easy for Entra ID Tenant administrators to choose the best authentication method for their employees, vendors, and partners. You must consider the scenario, the environment, and the passwordless technology. I’m focusing only the passwordless MFA authentication methods in the corresponding changes in the Entra ID - the MFA will be required. Side note: Microsoft announced that MFA will be required for a couple of services, like Azure Portal or CLI. The document mentions that Security defaults will force MFA or should be enabled by Conditional Access Policies for users accessing the defined services. We will see how the final implementation will look like (I promise to update the post with the final state). ...

TL;DR NoSQL is a database that can store data in a non-relational way. It is a totally different approach to data storage than SQL databases. You need some time to understant the concept, but it is worth it. Int the public cloud you can use Azure Cosmos DB, from AWS DynamoDB. The storage is fast and scalable, but remember it totally different from SQL databases. Check: Designing Data-Intensive Applications Alex DeBrie - DynamoDB Book NoSQL is amazing Check my favourite cases and build features like: ...

Tl;dr Security and privacy are paramount in today’s digital age, especially regarding personal information and interactions. One innovative approach to bolstering security in digital communications, such as phone calls, is using verifiable credentials for authentication. Details Here’s a simplified explanation of how phone call authentication via verifiable credentials works. Imagine you receive a phone call from a service provider, say your customer. Instead of going through the traditional and often tedious method of answering security questions (which could be guessed or obtained by someone else), the authentication process involves a digital handshake using verifiable credentials. ...

The underwater data centre was a proof of concept 🤖 to test a new possible way/place for servers. Please follow my story. 𝗙𝗼𝗿 𝗺𝗲, 𝘁𝗵𝗶𝘀 𝗶𝘀 𝗮𝗹𝘀𝗼 𝗮 𝗰𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝗹𝗲𝘀𝘀𝗼𝗻 𝗹𝗲𝗮𝗿𝗻𝗲𝗱: If technology is new to me, I play around with it and then build a proof of concept. The next phase for me is validation - I check the design and proof of concept with business stakeholders, architects and developers. It is easier to kill a demo or PoC than an entire project. It is easier to show the demo with limited features and small integration than only a document or a diagram. From a technical perspective, a proof of concept like this, with the physical deployment of bare metal servers underwater, is a real production deployment, like a demo. 𝗬𝗼𝘂 𝗰𝗮𝗻 𝗳𝗮𝗰𝗲 𝗮 𝗳𝘂𝗻𝗱𝗮𝗺𝗲𝗻𝘁𝗮𝗹 𝗽𝗿𝗼𝗯𝗹𝗲𝗺: ...

TL;DR You started your cloud journey with AWS and you need to authenticate your first customers, partners. You don’t want to build your own authentication service - you want to use a managed service. AWS Cognito is a great solution for you. It is easy to start with, cheap, and easy to integrate with the frontend and backend. You can start with a sample solution from AWS and workshop. ...