We believe that Secure DevOps encompasses both a set of practices and a mindset shift to help customer adopt security principles and practices aligned with the culture shift and integrated with the practices, of DevOps. Secure DevOps practices include and build on those practices that are part of the Microsoft Security Development Lifecycle.
Building applications operating in the internet environment requires understanding of options available for performing authentication and authorization. These options include, both a variety of protocols such as OAuth2 and WS-Federation, as well as tools and toolkits such as Azure AD, AD FS and ADAL.
Beyond Lean, another important contributor to DevOps is the safety science movement. In this blog, Ron discusses this subject and show how important this is and how it changes the ways we think of the systems we build.
Premier Dev Consultant Marius Rochon explores OAuth2 questions you need to ask and how the answers lead to the selection of the grant.
The OAuth2 specifications define six different grant types (https://tools.ietf.org/html/rfc6749 and https://tools.ietf.org/html/draft-ietf-oauth-device-flow-15). Each provides the most optimal (from the security point of view) way of obtaining access or (for OIDC) id_tokens given the circumstances of the client application.
It is extremely difficult to find individuals with Security+ accreditation. Achieving this accreditation not only helps you but also helps defense contracting companies and the DoD community to fill in those national security related positions with those specialized needs.
When it comes to data, there is never a thing as too much security. With identify theft and breaches becoming a daily occurrence, ensuring sensitive information is protected is essential to business. Microsoft Azure has been designed from the ground-up to be one of the most secure places to store your information. Let me prove it!
Accessing Groups claims in Azure AD B2C requires adding some custom code through custom (IEF) policies. This post shows how to configure AD B2C IEF policies to access Groups in JWT Tokens.
Learn how DoD leverages Azure DevOps to promote code from higher information level (IL) environment from a lower IL environment using Microsoft-Hosted and Self-Hosted Agents.
Secure your applications with Microsoft Identity Platform couldn't be any easier. In this blog, we’ll walk through very quick steps to help you start experimenting with authentication capabilities using Azure AD identities.
MSRD is a self-service, AI-powered Dynamic Application Security Testing service that optimizes your web development cycle to identify and remediate bugs and security risks as they’re introduced into the codebase – not after they are already in production.