Thursday, December 30, 2021

Microsoft Identity Platform community call – December 2021



Call Summary:


This month’s in-depth topic:  A Zero Trust primer for developers.  In this session, we begin by introducing developers quickly to the core Zero Trust principles: Verify explicitly, Use least privilege access, and Assume breach.  We then expand why developer’s participation is critical in supporting Zero Trust policy rollouts by the IT team. We then proceed to lay down a few steps that developers can take to begin their journey towards building a good Zero trust ready app. We start with learning how to effectively use claims provided in tokens to verify a user/subject explicitly, and then continue to discuss recommended practices for mobile apps. The Continuous Access Evaluation (CAE) feature is discussed in detail for developers, and we hope it will help jumpstart a developer’s journey to this absolutely critical piece of security that is becoming a must for all cloud apps. We then proceed to discuss a few steps to enable least privilege, like how to best publish and consume permissions for an API and then we finally move to discuss topics that help apps recover swiftly from breaches, like practicing solid credential hygiene, and logging rich information.


Bottom line – developers play a critical role in building trustworthy applications as transition from a culture of implicit trust to that of explicit verification.  The full developer guide of practices to build a Zero trust app is available at


This session was delivered by Kalyan Krishna - Sr Program Manager, Microsoft.  Recorded December 16, 2021. Q&A in chat and at end of call.




Referenced in this session:



  • Download and go through the developer guide available at
  • Let us know how we’re doing and suggest topics for future calls, please complete this survey
  • Join us for the next Microsoft Identity Platform community call on January 20th at 9:00am PT


Stay connected: 


Posted at