External Identity

As The Register reports today , Microsoft briefly exposed a plethora of passwords and other secrets due to a bulk upload of data to GitHub recently. The data was a set of AI training data - data used to teach AI models how to understand the world around them. It makes no sense having the best locks on your front door if you leave the back door open... so what can we learn from this episode? Protecting passwords and other sensitive information from exposure to the wider world is essential for maintaining your online security. Here are some measures you can take: Use Strong, Unique Passwords: Create strong, complex passwords that are difficult to guess. Use a combination of uppercase and lowercase letters, numbers, and special characters. Avoid common dictionary words or phrases. Ensure your passwords are at least 12-16 characters long. Use a passphrase, which is a sequence of random words or a sentence that's easy to remember but hard to crack. Use a Password Manager: A password man

 Before I say anything on this, I want to be clear: I didn't get ChatGPT to write this blog article...   AI in general (and ChatGPT specifically) have revolutionised content creation by seeming to understand complex topics and express them in perfect English (or Spanish, or Lithuanian, or whatever language you want...).   What does this do for us? The topics ChatGPT understands are things that have already been written about on the internet.  The beauty of ChatGPT is that it acts like a super intelligent search engine, giving you the answer to a question instead of sending you loads of hyperlinks to research. A great use in the tech industry is to ask it to compare two products using various criteria. However, it soon becomes unstuck if you ask very specific questions, like "will X work with Y".  It can produce misleading content or stay very generalised when you want a specific answer.  So how should we treat it? My view is that any content ChatGPT creates should be view

We all know that Microsoft are on a mission to secure the world's data through identity security.. Three main areas of focus are: Trustworthy Identity Microsoft aims to establish a trusted identity framework that safeguards user data. By employing robust authentication measures, such as multi-factor authentication and biometrics, they ensure that only authorised individuals can access sensitive information. Intelligent Threat Detection Microsoft utilises advanced machine learning and artificial intelligence capabilities to detect and respond to potential security threats. By analysing user behaviour patterns and applying proactive security measures, they can identify anomalies and take prompt action to protect data. Comprehensive Protection Microsoft offers a comprehensive suite of security solutions to safeguard data at every level. They provide features such as data encryption, access controls, and data loss prevention mechanisms across their services and products, empowering org

For a long time we've been aware of Microsoft's efforts towards converging Azure Active Directory B2C and Azure Active Directory. They are making this change in order to provide a single stable product for the back end portal and other aspects of these identity services.  New developments will see a 'CIAM' product sitting on top of AAD - this replaces (or will eventually replace) B2C.   CIAM will also provide better experiences for developers hoping to build user journeys (sign in, sign up, etc.). Microsoft continues to support AAD B2C.  At time of writing it provides a fuller feature set.  However, B2C as-is will eventually retire, and migration paths will be important. The CIAM solution will offer more back-end management features, and an event-driven programming paradigm for user journeys. I will make more information available as and when!

  Microsoft Verified ID is a digital identity verification solution that enables individuals to obtain digital "credentials" from organisations that know them, or more accurately, that know some aspect of their identity.  For example, their name, their educational qualifications, or in this case, their employment status.  These credentials can then be shared with third-party organizations, such as employers or educational institutions, in a secure and trusted manner.  LinkedIn, which is owned by Microsoft, has integrated with Microsoft Verified ID to allow LinkedIn members to verify their employment status. Using this new integration, employers can create a custom process for verifying employees, and employees, once they have done this, can present the credential to LinkedIn in order to obtain the new green "check mark" on their LinkedIn profile. Currently this requires the LinkedIn app - at time of writing there is no announcement yet about migrating this feature t

Blockchain is a distributed ledger technology that allows for secure, transparent, and tamper-proof transactions. In a traditional database system, a central authority (such as a bank or government) controls and updates the ledger. In contrast, blockchain is decentralized, meaning that every participant in the network has a copy of the ledger and can view and verify transactions. The ledger is secured through cryptography and consensus mechanisms, ensuring that it cannot be altered or tampered with without the agreement of the majority of participants. One of the main reasons for blockchain's versatility is its ability to eliminate intermediaries and reduce the risk of fraud and errors. In industries such as finance, supply chain management, and healthcare, where trust is paramount, blockchain can increase transparency and accountability. For example, in the finance industry, blockchain can be used to create a more efficient and secure system for transactions and money transfers. I