Just published learn.microsoft.com/en-us/en… Over the last 7 years I have worked with a lot of ISVs integrating their solutions for customers using Microsoft Entra ID. This guide covers the most common conversations I have with ISVs about building on Entra ID

Great to see Domino’s Pizza Enterprises complete migrating their apps to Microsoft Entra ID customers.microsoft.com/en-u… @andrescanello

Lots of interesting sessions on Consumer Identity (CIAM) with Microsoft Entra at Microsoft Build next week. devblogs.microsoft.com/ident…

I've recently noticed that Azure AD admins are being asked to create multi-tenant apps in their corporate tenant. In some instances, it was the devs in the org asking for this, in other instances it was the application vendor. Here are some things to watch out for 👇 Multi-tenant apps are meant for ISVs and SaaS vendors to create an instance of an app in 'their own tenant'. Examples of such apps are ServiceNow and SalesForce. When an app is created as a multi-tenant app, ANY user from ANY Azure AD tenant can visit the app's url and sign in. If you create a multi-tenant app in your corporate tenant and apply a conditional access policy. The policy only applies to users in your tenant. ⚠️ I'll repeat ➟ your CA policies do not apply to users signing into your multi-tenant app in their own tenant. So, what is the general rule of thumb that Azure AD admins and cybersecurity teams should follow? If the app is from a vendor/SaaS provider: ✅ Add the app to your tenant from the Azure AD Application Gallery ✅ If the app is not in the gallery, you as the customer can request the vendor to get their app listed on the Azure AD app gallery ✅ If app gallery is not an option, request the vendor to create the app in their own tenant. Use the admin consent model to add the app to your tenant. ✅ If the only option provided by the vendor is to create the app in your tenant, push for the vendor to allow you to create a single tenant app. If the app is developed by devs in your org and is only meant for users in your own org. ✅ Ask why the dev needs this to be a multi-tenant app? ✅ Ask if the devs have implemented appropriate checks to prevent sign-ins from other tenants. There are many valid scenarios for creating multi-tenant apps in your tenant, including ✅ You are a SaaS vendor or ISV and you create and publish apps that Azure AD customers can consume ✅ You manage multiple Azure AD tenants in your org and you need a single service principle (workload identity) to access the other tenants (e.g. automate DevOps tasks across your tenants) Here are some further reading on the topic of multi-tenancy. These are meant for devs however its good reading for admins to appreciate what it takes to build a least-privilege multitenant app. 👉 learn.microsoft.com/en-us/az… 👉 learn.microsoft.com/en-us/az… Liked this post? Please retweet this to share with your network. 🚀 Feel free to follow me. I try to post at least one weekly tip related to Microsoft Identity, Azure Active Directory or Microsoft Graph. 🙏

If you want to learn about migrating apps from ADFS to Azure AD, check out the 425 Show Tuesday, March 14th at 8AM PST (15:00 UTC) aka.ms/425show

Nothing like mixing on a Friday with all the new music releases and todays no exception 🎧🤘🔥

Lose My Self v.3 by Stan Marsh on #SoundCloud #dj on.soundcloud.com/QwszoZxeRt… New mix out now! Kinda messy in a few spots but is the first of many getting back in the mix 🎧😎

Recorded a new set to post 🎧🔥👽 it’s not perfect but am working hard at it and posting more mixes and originals. Randy was chilling next me while I did which always helps lol

Being productive, While losing my train of thought.. This is a haiku :P

Probably spent too long playing with the new themes lol FL 21 is great so far excited to work with it 🎧🔥 #FLStudio21

Just got a copy of @michael_howard’s newest book! @kylemar, @markmorow, and I were happy to help out where we could to make this as good as it could be. Looking forward to reading the whole thing amazon.com/Designing-Develop…

📅 Agenda for the #MicrosoftIdentity Monthly Community Call on 16th June 9 AM PT ✅ Topic - Authentication in collaborative apps with Microsoft Teams and Microsoft Identity 👋 Join the call → msft.it/6012bi99M #Microsoft365dev

We have the October Dev and IT Pro workshops coming up and the November workshops scheduled: aka.ms/UpcomingIDLOBDev aka.ms/UpcomingIDLOBITPRO Come learn about building apps on Azure AD.

Reminder about this valuable guidance to detect degradations in sign ins to your apps

I am super happy to see @lumapps integration with our new @azuread Conditional Access Auth Context! Thanks, @sebastienlevert, @fabianwilliams, and @kalyankrishna1, @Caleb_B, and LumApps team! FYI @_nitika_gupta @Alex_T_Weinert @Alex_A_Simons @kalyankrishna1 @kylemar

⁦Thank you @WIRED⁩ for the write up! ⁦⁦@azuread⁩ DID team as been hard at work and really glad to see our work landing. Herculean effort by the ⁦@DecentralizedID⁩ community. #ownyouridentity #ittakesavillage #decentralizedid wired.com/story/microsoft-de…

We have announced today the public preview of Temporary Access Pass, which allows users to setup a new #passowrdless account without a password! So much work from an amazing team and I'm so proud to be part of it! Check it out here: aka.ms/TAPpreview

completed 3-week Azure AD dev training with @kylemar :) Very excited to do it online as first time in Japan!! see you soon in next training again!

Check out our preview! It’s been a LONG time coming, but we made a lot of improvements to help you find your app registrations. You can now search more effectively (hello ‘contains’ search!) and sort/filter by a bunch of fields ✨ #AzureAD #MicrosoftGraph