Building secure multi-tenant applications with Microsoft Entra ID: A guide for ISVs
In today's rapidly evolving digital landscape, Independent Software Vendors (ISVs) face the significant challenge of developing secure, multi-tenant applications that seamlessly integrate with their customers' existing infrastructure. Microsoft Entra ID offers a robust solution for managing user identities, providing ISVs with tools to enhance security and streamline the user authentication process. In this blog post, we'll explore key security strategies for ISVs and provide additional resources to help you get started. Context As the demand for SaaS applications grows, ISVs must ensure their applications are not only functional but also secure. Multi-tenant applications, which serve multiple customers from a single instance, present unique security challenges. One of the primary concerns is managing user identities securely across different tenants. Microsoft Entra ID addresses these challenges by offering a comprehensive identity management platform that simplifies authentication and authorization while enhancing security. Figure 1 – Single Sign On for seamless user experience Key Security Strategies for ISVs Utilize Microsoft Entra ID for Identity Management Microsoft Entra ID provides a secure, scalable identity management solution that handles user authentication, authorization, and access management. By leveraging Entra ID, ISVs can avoid the complexities and risks associated with building their own identity systems. Adopt Standard Protocols A well-maintained library like MSAL should be the first choice instead of implementing a protocol. Microsoft Entra ID supports industry-standard protocols like OAuth 2.0, OpenID Connect, and SAML, which facilitate secure authentication and authorization. As the last and most expensive choice, ISVs can implement a protocol but must ensure they stay up to date with the protocol. Design for Data Separation In a multi-tenant environment, it is crucial to maintain data separation between tenants to prevent unauthorized access. ISVs should implement robust authorization models and leverage Entra ID's capabilities to ensure data integrity and confidentiality. Become a Verified App Publisher To build trust with customers, ISVs can become verified app publishers. This process involves joining the Microsoft AI Cloud Partner Program and undergoing a vetting process, assuring customers of the application's authenticity and security. Take action: Set up your multitenant identity today For ISVs looking to deepen their understanding of Microsoft Entra ID and its capabilities, here are some valuable resources: Microsoft Entra ID Documentation – Explore comprehensive guides and tutorials on implementing Entra ID in your applications. Microsoft Identity Platform Developer Guide – Learn how to integrate authentication and authorization into applications. aka.ms/UpcomingIDLOBDev - Curated content for Microsoft Identity platform training workshops By adopting these strategies and utilizing the resources provided, ISVs can build secure, scalable, and efficient multi-tenant applications that meet the growing demands of their customers. Embracing Microsoft Entra ID not only enhances security but also simplifies the development process, allowing ISVs to focus on delivering innovative solutions. Want to learn more: 📅 Join our ISV Security sessions to stay updated on the latest best practices 🔗 Subscribe to Azure Security Updates for continuous learning 📞 Connect with your Microsoft account representative for tailored security guidance Let’s work together to build a more secure digital future. 🚀
Empowering AI innovation with Azure AI Foundry
In a recent meeting at the Azure AI Foundry Partner Council, we delved deep into the capabilities and future of Azure AI Foundry, highlighting its unified AI platform, extensive model catalog, and the innovative services and tools it offers. With a rising trend in the use of multiple AI models and the evolving capabilities of AI agents, Azure AI Foundry is at the forefront of streamlining the AI development process. The highlight of the meeting was the announcement of the Foundry SDK, bringing with it a unified inferencing API and support for multiple languages. This SDK promises to revolutionize how developers approach AI projects, offering templates for quick starts and a host of upcoming features and improvements. Additionally, new tools and integrations with GitHub and Visual Studio Code were introduced, enhancing the developer experience and providing seamless transitions between different platforms. A particularly exciting development is the upcoming launch of Sora, a new visual experience within Azure Open AI services. This launch is set to redefine how users interact with AI models, making the process more intuitive and visually engaging. As probably some of the readers are also evaluating, participants were keen to understand the scalability of low-code solutions and the transition to pro-code. For more complex capabilities, Foundry provides a seamless integration experience, ensuring that developers can easily transition between different SDKs and platforms. It doesn’t matter which dev tools you are using we’ll provide you with what you need wherever you are. Looking ahead, future developments such as the Foundry Canvas, observability suite, and management center were discussed, along with new products like Catalog NextGen and Foundry Copilot. These innovations promise to further enhance the capabilities of Azure AI Foundry, making it an indispensable tool for AI developers. Learn more about Azure AI Foundry: Azure AI Foundry | Microsoft Learn Join upcoming Azure AI Foundry Partner Council sessions to continue learning about the Azure AI Platform. February 13: Hello to the AI agentic world February 19: Build your first agent with Azure OpenAI Agent Service workshop February 20: GenAIOps lifecycle and best practices February 27: Managing and optimizing GenAI costs- updated FinOps approach For more information, please contact aipartnerteam@microsoft.com. Links and Resources: Evaluation of generative AI applications with Azure AI Foundry - Azure AI Foundry - Microsoft Learn Microsoft’s Agentic AI Frameworks: AutoGen and Semantic Kernel - Semantic KernelThe future of CIAM: How Transmit Security and Microsoft are reshaping passkey adoption and security
In this guest blog post, Ravit Aviv, Director of Technology Alliances at Transmit Security, discusses the layers of customer identity and access management (CIAM) protection that are essential for optimizing passkey security and customer experience and how you can reap the rewards with Mosaic by Transmit Security and Azure AD B2C or Entra External ID.Exploring Azure AI Content Understanding: Insights from the Partner Council Session
Azure AI Content Understanding is a powerful AI service designed to process and analyze various types of content, including documents, audio, images, videos, and text files. Here are some of its key features and capabilities: Multimodal Data Ingestion: This feature allows the ingestion of diverse types of data, such as documents, images, audio, and video. It uses a range of AI models available in Azure AI to convert the input data into a structured format that can be easily processed and analyzed by downstream services or applications Information Extraction Using Schemas: Azure AI Content Understanding helps define schemas of the extracted results to fit specific needs. This can be done by generating task-specific representations of the output, such as insights, features, or summaries from a pre-configured set of schemas or customized ones. For example, it can generate captions, transcripts, or summaries from video or audio files, and thumbnails, previews, or highlights from images or video files Grounding and Confidence Scores: This feature ensures that the extracted results are accurately, grounded to the input content, and provide confidence scores for the extracted data, making automation and validation more reliable and efficient The platform leverages generative AI models to unify these processes, effectively addressing challenges such as prompt engineering complexities, model selection dilemmas, and lifecycle management hurdles. By offering a structured approach to processing unstructured data, Azure Content AI Understanding accelerates time-to-value, making it an essential tool for businesses aiming to derive actionable insights efficiently. Live Demonstrations The session featured three key demos, illustrating the real-world application of Azure AI Content Understanding: Post-Call Analytics Demonstrated the creation of a content understanding project in AI Foundry. Showcased schema definition for extracting information from multilingual audio files. Highlighted structured outputs, including call summaries, sentiment analysis, and key topic extraction. Document Processing Focused on schema definition for extracting key fields (e.g., title, date, scope of work) from PDF documents. Demonstrated data labeling, correction of extractions, and confidence score enhancement through additional training samples. Video Processing Explained the breakdown of video content into structured elements such as key frames, descriptions, and sentiment analysis. Real-World Applications and Common Use Cases Highlighted several compelling use cases illustrating Azure AI Content Understanding in action: Insurance Claim Processing: Integrating written statements, call recordings, police reports, and video footage to expedite claims decisions. Contact Center Analytics: Enhancing customer service through insights derived from call recordings and chat logs. Social media Trend Analysis: Extracting valuable insights from social media videos to identify emerging trends and relevant product mentions. For those seeking additional insights, we encourage viewing the session recording HERE or you can read more about it here: Announcing Azure AI Content Understanding: Transforming Multimodal Data into Insights | Microsoft Community Hub For specific questions you can reach out to the Azure AI Partner Team at aipartnerteam@microsoft.com or continue the conversation below in the comments.Designing secure and resilient ISV applications
Understanding the evolving security landscape Cyber threats have increased fivefold in the past year, with organizations facing: 340 million nation-state cyberattacks daily A rise in password attacks from 4,000 to 7,000 per second Over 1,500 tracked threat actors, up from 300 in 2023 With the growing sophistication of adversaries, prioritizing security is no longer optional—it’s a necessity. ISVs must take proactive measures to safeguard their applications and services. Figure 1- Cyber threats in the Era of AI Key security strategies for ISVs 1. Embed security into product design Security should be an integral part of the software development lifecycle (SDLC), not an afterthought. By incorporating secure design principles early, ISVs can reduce costs and risks associated with vulnerabilities. Perform threat modeling to identify risks before development Use secure coding frameworks and avoid custom-built security controls Implement the Zero Trust model, assuming no implicit trust for users, devices, or applications 📌 Explore: Microsoft Secure Development Lifecycle guide 2. Strengthen identity and access controls Identity remains the primary security perimeter. Implement strong authentication and authorization mechanisms to protect user accounts. Enforce Multi-Factor Authentication (MFA) to block 90% of cyberattacks Use conditional access policies to limit access based on risk signals Adopt least privilege principles to restrict access to necessary resources 📌 Start with: Identity and Access Management in Azure guide 3. Secure secrets and credentials One of the most common security mistakes is hardcoding credentials in source code. Instead: Store secrets securely using Azure Key Vault Implement automated secret scanning to detect exposed credentials Rotate secrets regularly and avoid long-lived access tokens 📌 Check: GitHub Advanced Security for automated secret scanning 4. Adopt a Zero Trust architecture Traditional perimeter-based security is no longer sufficient. The Zero Trust model ensures continuous verification across: Identities – Enforce strong authentication and least privilege access Devices – Assess compliance before granting access Applications & Data – Restrict access based on risk levels 📌 Learn more: Zero Trust Guidance Center 5. Ensure secure supply chain practices Many security breaches originate from compromised third-party dependencies. Strengthen your software supply chain security by: Using code signing and package verification for all dependencies Scanning for vulnerabilities in third-party libraries Implementing DevSecOps pipelines to automate security checks 📌 Read: Secure Supply Chain Consumption Framework 6. Protect against AI-specific threats AI-powered applications introduce new attack vectors, including prompt injection, model poisoning, and adversarial manipulation. Mitigate these risks by: Using responsible AI principles to minimize unintended biases and risks Applying AI safety measures, such as Azure AI Content Safety Restricting access to models and validating input/output integrity 📌 Discover: Microsoft Responsible AI Guidelines 7. Monitor and respond to security threats Effective threat detection and incident response are essential for minimizing damage from cyberattacks. Use Microsoft Sentinel for real-time security monitoring Automate threat detection with Defender for Cloud Establish an incident response plan to quickly contain and mitigate breaches 📌 Explore: Microsoft Defender for Cloud _________________________________________________________________________________________ Take action: strengthen your security posture today Security is an ongoing journey. By adopting proactive security strategies, ISVs can build resilient, trusted applications that safeguard customers and drive long-term success. 🔹 Want to learn more? 📅 Join our ISV Security sessions to stay updated on the latest best practices 🔗 Subscribe to Azure Security Updates for continuous learning 📞 Connect with your Microsoft account representative for tailored security guidance Let’s work together to build a more secure digital future. 🚀 __________________________________________________________________________________________ Additional resources To embed your security when you design your applications, explore these key resources: Security Development Lifecyle: https://www.microsoft.com/en-us/securityengineering/sdl Secure Supply Chain Consumption Framework: https://www.microsoft.com/en-us/securityengineering/sdl/s2c2f Cloud Adoption Framework: https://aka.ms/caf Zero Trust: https://aka.ms/Zero-Trust Adopt Security: https://aka.ms/trysecurity SaaS Workload: https://learn.microsoft.com/en-us/azure/well-architected/saas/ Join ISV Success: www.microsoft.com/isvTransforming cybersecurity with AI through transactable offers on the marketplace
The Partner Spotlight series showcases the success stories of innovative partners transforming the commercial marketplace. These industry leaders share their experiences in harnessing AI for application development, building cutting-edge solutions across the Microsoft Cloud, launching transactable offerings, and maximizing marketplace sales. In this installment, I had the opportunity to chat with Stephanie Goodman, Global Head of Alliances at Abnormal Security, about their motivation for publishing transactable offers and success they have seen on the Azure marketplace. About Stephanie: Stephanie Goodman has over 15 years of security experience and a passion for building strategic alliance partnerships. Stephanie joined Abnormal most recently from Google, where she served as the Global Lead of Strategic Alliances & OEMs. While there, she launched a global OEM program that grew over 200% in its first year and helped her team to grow GSI revenue by 250% over the course of 2023. Previously, Stephanie was the Director of Global Strategic Alliances at ForeScout Technologies, where the alliance team created an integration monetization plan that now represents 25% of overall company revenue. Previous to that, Stephanie held a number of channel leadership roles during her almost 7 years at McAfee. _________________________________________________________________________________________ [JR]: Tell us about your organization. What inspired the founding? What products/services do you offer? [SG]: Abnormal Security is the leading AI-native human behavior security platform, leveraging machine learning to stop sophisticated inbound attacks and detect compromised accounts across email and connected applications. With Abnormal, customers can protect against today’s most advanced attacks that exploit human behavior, including phishing, social engineering, and account takeovers. Traditional security tools are limited in their ability to combat these evolving threats and today's enterprises are increasingly susceptible. In particular, the rise of generative AI has enabled cybercriminals to create highly evasive social engineering attacks at scale, and the interconnected nature of the cloud ecosystem means that compromising one account can provide unconstrained access to all connected accounts. To prevent these threats, Abnormal Security uses a unique behavioral AI approach. The platform connects seamlessly with Microsoft 365 via API to analyze thousands of signals from multiple data sets and precisely baselines known behavior. Autonomous AI models then enable Abnormal to precisely detect anomalous activity and stop never-seen-before attacks with superhuman speed and accuracy – understanding human behavior better than humans to protect humans better than humans. In addition to providing email security for Microsoft 365, Abnormal also delivers multi-platform defense for more than a dozen cloud infrastructure and SaaS applications including Workday, Salesforce, ServiceNow, Slack, and Amazon Web Services. [JR]: Can you tell us about the application(s) you have available on the marketplace? How does it work? [SG]: Abnormal Security offers a SaaS platform on the Azure Marketplace, Abnormal - Cloud Email Security, built to integrate directly with Microsoft 365. The Abnormal Human Behavior AI platform enhances Microsoft Defender for Office 365 by leveraging behavioral AI. The anomaly detection engine leverage's identity and context to understand and baseline human behavior, then analyzes the risk of every cloud event to identify deviations indicative of malicious activity. This enables customers to detect and stop sophisticated, socially engineered attacks that target human vulnerability. Our platform provides real-time threat intelligence, automated response, and actionable threat intelligence. Additionally, it provides in-depth reporting and insights to help organizations strengthen their overall security posture. [JR]: What motivated you to publish a transactable offer on the marketplace? [SG]: Publishing a transactable offer on the Azure Marketplace was driven by our commitment to making it as easy as possible for customers to access and deploy our solution. The marketplace provides a trusted platform for customers to discover and purchase Abnormal Security. By offering this through Azure Marketplace, it streamlines the purchasing process for organizations. [JR]: What business outcomes have you experienced as a result of having a transactable offer on the marketplace? [SG]: Since publishing our transactable offer on the Azure Marketplace, we’ve seen significant improvements in customer acquisition and retention. The simplified purchasing process has resulted in faster deployment times and a reduction in the sales cycle, helping us close deals more quickly. Customers leveraging their Microsoft Azure Consumption Commitment (MACC) benefits to purchase our solution increased by 40%, driven by the convenience of purchasing directly from the Marketplace while seamlessly involving their trusted channel reseller in the process, fostering mutual value and deeper ties with Microsoft’s ecosystem. Additionally, being on a platform like Azure Marketplace has expanded our visibility, helping us attract new customers and gain access to enterprise customers who are already leveraging Microsoft Azure Marketplace. This increased visibility has led to about a 30% increase in customer inquiries and interest, providing more opportunities for engagement within the Microsoft ecosystem. __________________________________________________________________________________ Join the marketplace community today! Just click "join" on the upper right corner of our marketplace community page. You can also subscribe to the community to stay updated on the latest stories of how these inspiring leaders carved their career paths, what lessons they learned along the way, and more. Resources: Join ISV Success Join the marketplace community Learn more about Marketplace RewardsStrengthening ISVs in the Era of AI: Introducing the ISV Security Series
The ISV Security Series aims to help Independent Software Vendors (ISVs) and Software as a Service (SaaS) companies navigate the complexities of cybersecurity in the AI era, providing tools and insights to enhance their security posture.Ignite Recap - What's new in ISV Success - AI benefits and more
At this year’s Ignite, we announced new benefits in ISV Success designed to support software companies as they build new AI powered apps and publish to the commercial marketplace. During this session, we also spoke with Mike Mason, Global Alliance Director from Varonis, as he shared how they have leaned into the commercial marketplace to grow their business. For additional details on eligibility for the new and expanded benefits, check out our previous post. Technical guidance to help you get started The team highlighted new opportunities for technical guidance focused on building AI powered solutions, including new AI Envisioning events. AI Envisioning Days offer sessions for both business and technical teams that help participants identify generative AI use cases and then build with a proven development framework. These events kicked off in November and are held monthly across 3 time zones. To take advantage of these sessions, you can register here. In addition to these events, ISV Success now offers software companies 1:1 AI consults tailored to their specific app development needs. Developer tools & resources to get to market faster ISV Success participants can now use Azure credits towards GitHub Copilot to accelerate development. GitHub Copilot is the most widely adopted AI development tool built by GitHub and OpenAI and offers code completion and automatic programming to help with repetitive tasks. Additionally, ISVs with certified software designations are now able to access financial incentives through ISV Success and Marketplace Rewards. These incentives are available through the new Advanced Package and offer up to $150K for AI and analytics projects and up to $50K to migrate end-customers to an ISV’s Azure-based solution. Richer benefits and accelerated rewards for AI projects ISVs currently building AI apps and intending to publish a transactable offer on the marketplace now qualify for the ISV Success expanded package. This package provides $25K in Azure to offset development costs and 50 hours of 1:1 technical consults. Once published, these ISVs will have the ability to unlock GTM benefits through Marketplace Rewards earlier, which include customer propensity scoring and Azure sponsorship. Best practices from Varonis’ Mike Mason During an interview on stage, Mike shared his advice for other software companies looking to grow their business on the Microsoft commercial marketplace. Meet customers where they are Varonis first moved to transact on marketplace over two years ago for a customer that wanted to use their Microsoft Azure Consumption Commitment (MACC) to purchase Varonis’ solution. Customers continue to indicate that they prefer the seamless procurement process and single invoice offered through marketplace transactions. Bring channel partners along Varonis is a channel first business and has participated in the marketplace MPO launches across the US and UK. For ISVs looking to sell alongside their partners in marketplace, Microsoft maintains an MPO list of eligible partners. If an ISV finds that their partner is not yet listed, they can email channelready@microsoft.com to get that partner added. Internal alignment and enablement is key Varonis has strategically brought along teams across the business – including Finance, Operations, Marketing and Sales – for a unified approach to marketplace that has contributed to their success. As the Global Alliance Director, Mike travels to each region and shares marketplace results and success stories. To watch the full “What’s new in ISV Success – AI benefits for software companies and more” session from Ignite 2024 click here. To learn more about the benefits of ISV Success, check out the ISV Hub. Ready to enroll in ISV Success? Visit the sign-up form.Sharing the value of marketplace with your customers: Reflections from Microsoft Ignite
Cloud marketplaces are the future of B2B commerce, making it easier for organizations to get the solutions they need. At Microsoft Ignite 2024 in Chicago, the Microsoft commercial marketplace team shared with customers how to unlock the value of the marketplace in the era of AI and updates on the latest marketplace capabilities that help them spend smarter and move faster. Here’s a recap of the customer breakout session, “More than a storefront: unlocking value through the marketplace,” now available on the Ignite website and YouTube, to help you share with your customers why they should purchase your solution through the marketplace. Why cloud marketplaces now? Cloud marketplaces are growing at an unprecedented rate as more organizations than ever are reliant on the cloud. SaaS spending is expected to reach $232B 1 , which is coupled with the increasing investment in AI. McKinsey estimates that 67% of organizations will invest more in AI over the next three years 2 . It’s critical that organizations have a seamless and centralized way to procure and manage these solutions so they can scale and achieve meaningful business value. Yet far too many investments are suboptimized. Zylo reported that license waste was the top challenge for IT professionals 3 . The Microsoft commercial marketplace is one catalog of partner solutions published by software companies and vetted by Microsoft. It’s discoverable through our storefronts (Azure Marketplace and AppSource), within our products like Teams and Azure Portal, and through our group of 35K+ Microsoft sellers worldwide. At the core, the marketplace helps customers simplify B2B commerce by streamlining their entire procurement process. It also enables them to buy how they want to buy – whether that’s directly online, through their preferred channel partner, or with their Microsoft account team. With 95% of the Fortune 500 running on Azure 4 , many of these organizations already use the marketplace. But it’s not just the enterprise that’s finding value. We see customers of every size and from every industry finding success. What’s new in the marketplace? The marketplace helps customers buy with confidence by trying solutions before they buy and knowing solutions are pre-configured to seamlessly deploy and run on Microsoft technology. It helps them increase efficiency by simplifying their vendor onboarding and having partner solutions billed directly to their Azure invoice. It also helps them spend smarter by maximizing cloud investments because the marketplace counts 100% of Azure benefit eligible purchases towards a customer’s consumption commitment. Here are three new features to look for in the marketplace: Multiparty private offer (MPO) expansion- MPO is now available in the US, UK, and Canada. This allows customers to bring their preferred channel partner to the marketplace to procure solutions on their behalf. This capability will expand soon to customers in additional geographies. Professional services- Customers can now transact professional services alongside software solutions in the US, UK, and Canada. Professional services could be vendor assistance with implementation, employee training, or consulting support. Now, these purchases can be included in a customer’s single Azure invoice, further simplifying invoicing. Flexible billing- Soon the marketplace will support flexible billing, or the ability to align charges with a budget cycle or consumption needs. This helps to ensure uninterrupted invoicing cycles with adaptable contract terms or automatic transitions. Look for this capability in early 2025. The power of marketplace for AI transformation Microsoft is the number one provider of AI services in the world, and the marketplace is part of how we extend AI innovation by connecting customers to the solutions they need. AI solutions are the most purchased category by net new customers 4 . We’ve seen a 163% increase in AI offers listed by our software partners and a 7X increase in customers visiting AI and machine learning offer pages on our storefronts 4 . This has translated to a 387% increase in customers purchasing AI offers 4 . This momentum is driven by the benefits customers get by going through the marketplace, including free trials and proof-of-concept options to ensure that solutions align with their needs before committing. Customers also save time by deploying directly from Azure in a secure environment. With the marketplace, customers can get cutting edge AI technologies that help them build with generative AI and models-as-a-service. They can also extend copilot capabilities through connectors and agents or build their own copilots. In addition to Microsoft’s own AI tools for developers, organizations can find a breadth of offerings from leading AI companies like Aisera, Cohere, LangChain, and Pinecone. There are also many SaaS applications powered by AI that are helping customers experience AI transformation in any number of scenarios from marketing and human resources to operations and supply chain. To see how a customer would leverage the marketplace to build a custom copilot for business users at a manufacturing company, check out this demo from the Ignite stage. AI has also been built into the marketplace to improve the customer experience. Our new AI-powered solution discovery is now available in Azure Portal, helping customers intuitively find solutions with natural language. The search result not only returns solutions but also suggests relevant Microsoft technical documentation to help customers make informed decisions. Customer success story We love showcasing how our customers are finding success through the marketplace. TP (Teleperformance) is a multinational company which offers business services for organizations in 100 countries around the world. Watch the video to see how TP has simplified their cloud portfolio management, unlocked discounts on their Azure infrastructure, and increased time-to-market by streamlining procurement processes. The Ignite session includes an interview with Jatin Suri, Global SVP, Cloud Center of Excellence, who goes into more detail about why the marketplace is key to TP’s procurement strategy. Resources for your customers Learn more: Azure.com/Marketplace Download the eBook: aka.ms/MarketplaceQuickGuide Talk to experts: aka.ms/MarketplaceCustomerOfficeHours Check out the video collection: aka.ms/MPCustomerVideos Get documentation: aka.ms/MarketplaceCustomerDocs 1 Custify , The Future of SaaS: Top Trends and Predictions in 2024 and Beyond, July 12, 2024 . 2 McKinsey Global Survey, The state of AI in early 2024: Gen AI adoption spikes and starts to generate value, May 30, 2024 . 3 Zylo , Unchecked SaaS Sprawl Leads to an Average of $18M in License Waste Annually 4 Microsoft internal data
