This post shows how to add an AI assistant plugin to Backstage that lets internal developers chat with their own domain data using Azure AI Foundry Agents. We cover agent concepts, minimal API usage, plugin structure (frontend + lightweight backend proxy), security (secrets & identity), and deployment guidance. 1. Why an AI Chat Plugin in… Continue reading Building Backstage AI Chat Plugin with Azure AI Foundry Agents
Category: managed-identity
Securely Trigger GitHub Workflows from Azure Logic Apps Using GitHub App Authentication
In this tutorial, we'll explore how to trigger GitHub Actions workflows from Azure Logic Apps without relying on Personal Access Tokens (PATs). Instead, we'll utilize GitHub App authentication, which offers enhanced security and scalability for automated workflows. 🧩 Prerequisites Before we begin, ensure you have the following: An Azure Logic App (Standard). A GitHub App… Continue reading Securely Trigger GitHub Workflows from Azure Logic Apps Using GitHub App Authentication
Multi-Tenant Identity Federation: Accessing Multiple Entra ID Tenants with Managed Identity
Introduction Recently, I had the opportunity to help a customer solve a complex challenge involving multi-tenant identity federation. They needed to securely access resources across different Azure Active Directory (now Entra ID) tenants without managing secrets or certificates. The solution involved using managed identity with federated credentials to perform token exchange between tenants—a powerful but… Continue reading Multi-Tenant Identity Federation: Accessing Multiple Entra ID Tenants with Managed Identity
Building a Secure Azure Bot for Microsoft Teams
Integrating bots with Microsoft Teams is a powerful way to improve collaboration and automate workflows. However, ensuring secure access, network isolation, and controlled data flows is crucial, especially in sensitive environments like financial or healthcare applications. In this blog post, I'll walk through a secure setup I recently implemented, showcasing how to create an Azure… Continue reading Building a Secure Azure Bot for Microsoft Teams
Streamline Azure Lifecycle Management with AI Solutions
Introduction A while ago, I created a proof-of-concept application. It helps LCM (Life Cycle Management for Azure Resources) for a friend of mine. The POC was using all Azure Open AI, Storage Account etc. But the resources where exposed to the internet. Recently, I wanted to update them. I aimed to protect all traffic staying… Continue reading Streamline Azure Lifecycle Management with AI Solutions
AKS Workload identity – A Deeper look
Background Recently, I found myself delving into the intricacies of Workload Identity Federation within Azure Kubernetes Service (AKS) while explaining it to some friends. As I delved deeper into the topic, I realized the importance of documenting and summarizing this information for anyone else navigating the same waters - including my future self. So, let's… Continue reading AKS Workload identity – A Deeper look
End-to-End Security: Function, Azure SQL, and API Management
Introduction In the dynamic realm of today's digital environment, safeguarding your applications and data holds utmost importance. This blog post is designed to lead you through the steps of establishing comprehensive security measures for an Azure Function App, Azure SQL database, and API Management. Our approach involves leveraging Azure Virtual Network (VNet) for robust network… Continue reading End-to-End Security: Function, Azure SQL, and API Management
Orion-Guardian: Azure DevOps Security Management at Scale
Introduction In the ever-evolving landscape of software development, ensuring the security and autonomy of your projects is paramount. Azure DevOps has become a cornerstone for many development teams, providing a robust set of tools for collaboration and project management. However, managing security at scale can be a daunting task. Enter Orion Guardian – a game-changing… Continue reading Orion-Guardian: Azure DevOps Security Management at Scale
Azure Communication Service with Managed Identity
Background A few months ago, I have written a Demo application that shows how to send email and SMS via Azure Communication Service. The code was written in Spring Boot (Java) and hosted on Azure Container Apps. During the demo, I have used Connection strings of Azure Communication Service which is not ideal for production… Continue reading Azure Communication Service with Managed Identity
Secure API with API Management, network integrated Container Apps
Introduction In today's digital landscape, APIs play a crucial role in connecting applications and enabling seamless interactions. However, with the increasing importance of APIs, ensuring their security becomes paramount. In this blog post, we'll explore how to create a secure API using .net and hosted on Azure Container Apps, expose them via Azure API Management… Continue reading Secure API with API Management, network integrated Container Apps
Reverse Engineering 