security

Learn how to authenticate local Model Context Protocol servers with Entra ID using Windows Web Account Manager (WAM). This practical guide shows how to implement interactive user authentication in local MCP servers without complex OAuth flows.

The Model Context Protocol introduces familiar security challenges we’ve seen before. Let’s not ignore them and step on the same rakes millions stepped on before.

Learn how to configure Azure Functions with Easy Auth to acquire tokens for Azure Resource Manager instead of Microsoft Graph, allowing secure API access with proper audience and scopes.

Learn how to implement secure authentication for MCP servers using Microsoft Entra ID with session-based tokens. This improved approach uses confidential clients and JWT session tokens for better security than public client methods.

Learn how to integrate Microsoft Entra ID authentication with Model Context Protocol (MCP) servers. This step-by-step guide explores the challenges and solutions for implementing OAuth-based flows between AI tools and MCP servers, with practical code examples.

Learn how Microsoft Entra ID’s flexible Federated Identity Credentials eliminate the need for secrets when connecting services across platforms. This practical guide shows you how to securely authenticate GitHub Actions workflows to Azure resources without storing credentials.

Experian, the multinational consumer credit reporting and data aggregator company, is planning to sell off more of your data to third-parties starting February 5, 2025.

I discovered that you can get anyone’s true email address (Google Account) if they are hosting their email on Google Workspaces from their alias, even if the alias is not on the same domain.

The other day one of my friend shared an interesting letter they received, that I thought I’d cover on this blog. It all started with them peeking at their USPS Informed Delivery digest to see that there was a letter headed to them postmarked with an automated Canada Post label.

A short overview of how modern app stores can lead you or your relatives to install authenticator apps that are not really authenticator apps.