Image for post
Image for post

Since the newest Blazor WebAssembly version we have to possibility to use MSAL to authenticate with Azure AD and other OpenID Connect providers. In this post I will focus on authentication with Azure AD. For this I created a repository on github. This solution will allow you to authenticate and make calls to an Azure function with Blazor WebAssembly.The Azure function and Blazor app will be Azure Active Directory protected.

Prerequisites

Use the latest Blazor preview installed 3.2.0-preview3.20168.3. See https://devblogs.microsoft.com/aspnet/blazor-webassembly-3-2-0-preview-3-release-now-available/ for more info.

Getting Started

First, we need to create an app registration in your Azure Active Directory. You can do this by going to https://portal.azure.com for the Tenant you want to deploy your app in. Create an application like below. …


Image for post
Image for post

In many Azure Active Directories, there are registered applications. These applications all have security permissions. Do you know which one has which permissions and can access what data and resources? Do you know who has the secrets that give access to this data? Let’s take a look at how we can achieve this.

In this blog, I will show you how to generate a list of applications and the permissions they have by using the beta version of the Microsoft Graph API. This will allow you to act on them. It is fine if some applications have a high permission level. At least after reading this blog you have the change to retrieve them and to make sure the owners of the applications guard the secrets the best they can. …


Image for post
Image for post

In many Azure Active Directories (AAD) there are registered applications. These applications could all have security permissions and maybe even admin consents to access data across your organization. Let’s take a look at a non-technical approach to AAD Application Registrations.

The application registration in your tenant enables you and others to authenticate against your Azure Active Directory. Another option is to authentication through an application secret. A default application registration on its own cannot do much more than validating that the user has valid login credentials. This can be your Active Directory or in case of a multi-tenant application the directory where the user is originated from. It is also possible to let users log in with their @outlook.com and @live.com …


Image for post
Image for post

How and why should you send your threat indicators to Azure Sentinel or add them manually to the Microsoft Defender Advanced Threat Protection (MDATP) solution? What is an indicator, also known as an Indicator of Compromise (IoC)? Why should you care? How can you do this? Let’s go through this and add indicators manually and by using a Logic App and the Microsoft Graph Security API.

First, we will take a look into what an Indicator is and how it works in MDATP to get a better understanding of what we are dealing with. …


Image for post
Image for post

Would it not be great if you can access all the data from the new Microsoft Defender Advanced Threat Protection (MDATP)? It would be great if you can just access all that data through an API. But I really do not want to develop another polling mechanism to pull in all the data. That is where the new MDATP Streaming API comes in which just got enabled for public preview.

In this post, you will see how easy it is to configure the new Streaming API and how you can get access to the data. …


Image for post
Image for post

All the new features of the Microsoft Graph API are first available in the beta version. By using the beta version you can get early access to new features. Microsoft often adds new features as can be seen on their GitHub changelog here.

In this post we will do three things:

  • Create an Azure Active Directory application registration
  • Get the access token through the registered application
  • Call the Graph API on the beta version

This is all done by using the Azure portal and implementing the code to call the Graph API in C#.

Adding an Application to your Azure Active Directory

To get access to the Graph API we need to register an application in the Azure Active Directory (AAD). This application can be used to add permissions. An administrator of that AAD can then consent to the permissions selected by you. Let’s go through this step by step. …

About

Mark Foppen

Developer | .NET | Azure | Security minded | Loving all things related to CyberSecurity

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store