Azure DevOps (ADO) teams keep asking for a repeatable way to land on GitHub Enterprise Cloud without babysitting manual Git mirrors. The good news: GitHub’s import surface now covers one-off REST-based imports, the GitHub Enterprise Importer (GEI) GraphQL APIs, and automation-friendly tooling such as the gh ado2gh extension. Below is a field-tested playbook that blends those APIs,… Continue reading Migrating Azure DevOps repositories to GitHub Enterprise with the GitHub import APIs
Category: Entra
Backstage on Azure Container Apps with Microsoft Entra ID (Azure AD) Authentication
End-to-end guide: containerizing Backstage, provisioning Azure resources (with Bicep & CLI), enabling Microsoft Entra (formerly Azure AD) sign-in, managing secrets, scaling, observing, troubleshooting, and cleaning up — all aligned with current Azure best practices (managed identities, least privilege, and no hard‑coded secrets). Why Backstage + Azure Container Apps Backstage centralizes your internal developer portal (catalog,… Continue reading Backstage on Azure Container Apps with Microsoft Entra ID (Azure AD) Authentication
Multi-Tenant Identity Federation: Accessing Multiple Entra ID Tenants with Managed Identity
Introduction Recently, I had the opportunity to help a customer solve a complex challenge involving multi-tenant identity federation. They needed to securely access resources across different Azure Active Directory (now Entra ID) tenants without managing secrets or certificates. The solution involved using managed identity with federated credentials to perform token exchange between tenants—a powerful but… Continue reading Multi-Tenant Identity Federation: Accessing Multiple Entra ID Tenants with Managed Identity
Azure Bot Service & Microsoft Teams – Architecture and Message Flow
Some time ago, I shared my experience building a secure bot using the Azure Bot Service and Bot Framework. Since then, I’ve frequently received questions about how the underlying system works. In this post, I’ll walk through the internal architecture of the Azure Bot Service—covering the key components, message flow, and supporting services—to provide a… Continue reading Azure Bot Service & Microsoft Teams – Architecture and Message Flow
Building a Secure Azure Bot for Microsoft Teams
Integrating bots with Microsoft Teams is a powerful way to improve collaboration and automate workflows. However, ensuring secure access, network isolation, and controlled data flows is crucial, especially in sensitive environments like financial or healthcare applications. In this blog post, I'll walk through a secure setup I recently implemented, showcasing how to create an Azure… Continue reading Building a Secure Azure Bot for Microsoft Teams
AKS Workload identity – A Deeper look
Background Recently, I found myself delving into the intricacies of Workload Identity Federation within Azure Kubernetes Service (AKS) while explaining it to some friends. As I delved deeper into the topic, I realized the importance of documenting and summarizing this information for anyone else navigating the same waters - including my future self. So, let's… Continue reading AKS Workload identity – A Deeper look
Reverse Engineering 