Although Microsoft had a lot of developer-oriented announcements at its Build conference this year, another important aspect was security and identity, especially on the cloud. To that end, the company has revealed several new technologies and enhancements that simplify these processes.
First up is Azure Confidential Ledger (ACL) which is a new managed service currently in preview. Apart from it being tamper-proof, Microsoft claims that it is the only ledger on the market which is powered by confidential computing through a Trusted Execution Environment (TEE) to protect data in use. The company recommends it for collaborative low-trust environments where ACL guarantees tamper-proofing, write once, ready many (WORM) capabilities, and logs to validate that no tampering has occurred.
MS Identity Sync is a command line tool in Visual Studio 2019 16.10 and is currently in preview. It enables simplified registration and configuration of of ASP.NET Core apps.
On the Azure AD side of the fence, the solution"s Continuous Access Evaluation (CAE) feature is now in preview for Microsoft Graph. As the name suggests, this capability validates user access in real time, and can immediately revoke access to resources on certain triggers such as a device loss or a password change.
Lastly, Microsoft has highlighted that you can make use of Azure AD access reviews and Privileged Identity Management (PIM) to monitor privileged roles assigned to your service principals. Service principals are essentially used by code and apps to access protected resources on Azure.