External Identity

Some of you may have noticed that Microsoft can't bring themselves to make an anouncement these days without injecting a large amount of AI (CoPilot in their case). Microsoft's efforts to integrate Copilot across all of its identity and security products seem promising, with potential benefits and drawbacks to consider: Possible Benefits: Enhanced User Experience: Copilot can streamline tasks and automate repetitive actions within various Microsoft products. This could make them more user-friendly and efficient, especially for non-technical users. Increased Productivity: By automating tasks and offering helpful suggestions, Copilot can potentially save users time and effort, allowing them to focus on more complex aspects of their work. Improved Creativity: Copilot's ability to answer questions based on web searches can spark new ideas and help users explore different creative directions/ Accessibility: Copilot's features like summarizing PDFs and answering questions dir

  BT, a renowned telecommunications giant serving 25 million customers with its four key brands and an extensive array of services including broadband, mobile, streaming, and infrastructure, embarked on a significant transformation journey. The goal was to replace its aging authentication platform, not just for one brand, but to create a unified authentication platform for all of BT's customer authentication needs. This ambitious project led to the birth of the Single Authentication Framework (SAF), a decision that marked a turning point in BT's approach to customer authentication. The Mission: Building the Single Authentication Framework The SAF project had clear, ambitious goals: Universal Application: Replace all customer authentication journeys across all four of BT’s brands. Modern Principles: Bring modern authentication principles and “security first” thinking to the forefront. Best Practices: Enforce best practices for developers, testers, and adopting services. Cutting-

  As I write I'm still suffering from a small amount of jetlag, having flown back from Seattle, USA at the weekend.  I was there to take part in a partner conference hosted by Microsoft.  The conference was dubbed the Microsoft Security Engineering Partner Airlift, the aim to bring top partners to Seattle from every part of the world. I am pictured above with Kocho colleagues, and with Rohit Gulati, Verified ID guru and Principal Product Manager for Microsoft Entra, and Ankur Arora, Principal Group Manager in the CX Engineering Team and our host last week for the conference. Much of the content discussed was under NDA and geared at partner preparedness, but there were 4 main takeaways I'd like to discuss: Microsoft's commitment to security is strong : It's evident that Microsoft's dedication to security isn't just a talking point – it's a fundamental ethos. From their robust infrastructure to their proactive approach to threat intelligence, Microsoft's u

  On Thursday last week I met with the Microsoft VP of Product responsible for AAD B2C and Entra External ID, Levent Besik. We discussed the future of the product and the likely upgrade paths from AAD B2C to Entra External ID (CIAM). This is an exciting time for the product as it becomes more accessible to developers.  There may be less  niche development work to do as the product becomes easier to program, but there is still plenty of  opportunity for consulting firms who are helping their customers to stay safe with single sign on deployments. Keep tuned for announcements about migration planning and about likely GA date for CIAM.

As The Register reports today , Microsoft briefly exposed a plethora of passwords and other secrets due to a bulk upload of data to GitHub recently. The data was a set of AI training data - data used to teach AI models how to understand the world around them. It makes no sense having the best locks on your front door if you leave the back door open... so what can we learn from this episode? Protecting passwords and other sensitive information from exposure to the wider world is essential for maintaining your online security. Here are some measures you can take: Use Strong, Unique Passwords: Create strong, complex passwords that are difficult to guess. Use a combination of uppercase and lowercase letters, numbers, and special characters. Avoid common dictionary words or phrases. Ensure your passwords are at least 12-16 characters long. Use a passphrase, which is a sequence of random words or a sentence that's easy to remember but hard to crack. Use a Password Manager: A password man

 Before I say anything on this, I want to be clear: I didn't get ChatGPT to write this blog article...   AI in general (and ChatGPT specifically) have revolutionised content creation by seeming to understand complex topics and express them in perfect English (or Spanish, or Lithuanian, or whatever language you want...).   What does this do for us? The topics ChatGPT understands are things that have already been written about on the internet.  The beauty of ChatGPT is that it acts like a super intelligent search engine, giving you the answer to a question instead of sending you loads of hyperlinks to research. A great use in the tech industry is to ask it to compare two products using various criteria. However, it soon becomes unstuck if you ask very specific questions, like "will X work with Y".  It can produce misleading content or stay very generalised when you want a specific answer.  So how should we treat it? My view is that any content ChatGPT creates should be view