Build 2020: Fostering a secure and trustworthy app ecosystem for all users
Published May 19 2020 08:00 AM 33.4K Views

Howdy folks,


Build 2020 is this week and we have a great lineup of free, virtual sessions for developers to hear of all the work we are doing on the Microsoft identity platform. With organizations rapidly adjusting to remote work, we’ve seen accelerated pace of application rollout and deployment, and a heightened interest in solutions like single sign-on, multi-factor authentication (MFA) and Conditional Access. We’ve also seen an increase in the data these applications need access to, and the heightened need for strong security, not only for people but for applications themselves. To foster a secure and trustworthy app ecosystem for developers, organizations, and end-users, we’re making several enhancements this year to the Microsoft identity platform.


Fostering a trustworthy app ecosystem


To increase customer confidence that the applications employees and partners use are secure and come from authentic sources, we’re adding new capabilities that help foster a trustworthy app ecosystem.


Since last Build, we’ve made Microsoft Authentication Libraries (MSAL) generally available on several platforms including .NET, Java, JavaScript, Python, iOS, Android and more. MSAL makes it easy to implement the right authentication patterns, security features, and integration points that support any Microsoft identity—from Azure Active Directory (Azure AD) accounts to Microsoft accounts. Because developers build on a variety platforms, we’re announcing the availability of additional MSAL libraries—MSAL Angular is generally available and our web library Microsoft.identity.web for ASP.NET Core is now in public preview.


To help developers build high-quality and secure integrations, we’re also announcing public preview of the Integration Assistant in Azure AD app registrations. The Integration Assistant analyzes your app registration and benchmarks it against a set of recommended security best practices. The Integration Assistant highlights best practices that are relevant during each phase of your integration’s lifecycle—from development all the way to monitoring—and ensures every stage is properly configured. It’s designed to make your job easier, whether you’re integrating your first app or you’re an expert looking to improve your skills.



Integration Assistant.png



We are also excited to announce Publisher Verification (in public preview). Publisher Verification allows developers to demonstrate to customers that the application they’re using comes from a trusted and authentic source. When an application is marked as publisher verified, it means that the publisher has verified their identity through the verification process with the Microsoft Partner Network (MPN) and has associated their MPN account with their application registration. Applications with verified publishers will receive a “verified” blue badge on the Azure AD consent prompt and other screens.


Publisher Verification.png






Publisher Verification gives IT administrators increased transparency into which apps being used by their organization are verified and unverified, and they can now configure consent policies based on verification status. With Consent policies now in public preview, IT admins can create polices that determine which applications users can consent to. For example, admins can allow end users to consent to applications that have been publisher verified and require admin consent to apps that have not been publisher verified.


Consent Policies.png




Build flexible applications for any external identity


Organizations are collaborating and connecting with more external users than ever before, especially as they adapt to remote business environments. At the same time, IT departments are being asked to streamline costs while scaling to serve a growing external user base of consumers, citizens, distributors, suppliers, and other business partners.


It’s essential for business continuity to have a single, flexible identity solution to secure and manage these dynamic relationships while still protecting their data and digital assets.


With Azure AD External Identities in public preview, developers can build flexible, user-centric experiences that enable self-service sign-up and sign-in with social IDs like Facebook and Google, and allow continuous customization without duplicating coding effort.


External Identities.png


Manage all your Identity and Access needs at scale with Microsoft Graph


Microsoft Graph is the API to manage all your Azure AD needs programmatically at scale. We’ve continued to add new Azure AD APIs in Microsoft Graph and have now improved query capabilities (search, count, sort, filter) for directory resources and relationships making it easier to manage and understand resources. New APIs that we’ll be adding soon to the /beta and /v1.0 endpoints include:




Moving forward all Azure AD features and innovations will only be available on Microsoft Graph. With Microsoft Graph, developers can not only access Azure AD APIs, but APIs from Office 365, Microsoft Intune, and more—all through a single endpoint. We encourage developers to start building new apps on Microsoft Graph and migrate existing apps from Azure AD Graph to Microsoft Graph. To make it easier to migrate your existing applications, be sure to follow our
app migration checklist. 


Join us virtually, live or on-demand


No matter where you are in the world, you can join us this week. There are plenty of live and pre-recorded sessions. To register, attend, and interact with us during these sessions, see below:


Live sessions



Community connections



On demand sessions



Best regards,

Alex Simons (@Alex_A_Simons)

Corporate VP of Program Management

Microsoft Identity Division

1 Comment
Version history
Last update:
‎May 19 2020 08:00 AM
Updated by: