Which Azure Cosmos DB Role Does My App Need?

Security boss thought MFA would be too much security

A security executive exempted themselves from MFA requirements they enforced on other employees, illustrating a classic 'one rule for workers, another for executives' double standard in corporate security policy. The story highlights how security leadership can undermine the very practices they mandate for others.

The AI agent identity problem nobody’s talking about

AI agent deployments frequently stall at security review due to undefined identity models and overly broad permissions. Four key identity decisions must be made for every agentic system: using workload identity over shared service accounts, preferring short-lived credentials over static API keys, implementing brokered session access instead of direct credential handoff, and capturing full identity lineage rather than fragmented logs. Shared accounts and long-lived keys create compounding blast radius risks — Nightfall AI data shows 350 secrets exposed per 100 employees annually, with 35% still active. The recommended approach is to standardize identity at the platform layer using centralized identity providers, policy engines, and credential brokers, rather than rebuilding auth for each agent.

Apex domain redirect for Azure Static Web Apps

A walkthrough for setting up an apex domain redirect to the www subdomain in Azure Static Web Apps. Covers DNS configuration using CNAME for www and A record for the apex domain, TXT-based domain validation, and using the default domain setting in Azure Portal to trigger the redirect from apex to www automatically.

Telcos agree plan to tighten Sim registration under Rica

South Africa's mobile operators, coordinated through the Association of Comms & Technology (ACT), have agreed a framework to strengthen SIM card registration and combat SIM fraud. The framework introduces enhanced identity verification, tighter registration controls, improved compliance monitoring, and closer cooperation with law enforcement. It serves as an interim industry-led measure while ACT simultaneously pushes for legislative reform of Rica's section 40, which governs SIM registration. Key issues addressed include the bulk pre-registration of SIMs by distributors ('pre-Rica'd' cards) and packaging that exposes SIM identifying numbers. Proposed solutions include biometric authentication at registration points and secure SIM packaging. The Competition Commission was consulted to ensure the inter-operator coordination does not raise competition concerns.

Identity Verification Has an Identity Crisis

Identity verification (IdV) has become conflated with document authentication, creating dangerous confusion about what level of assurance is actually being achieved. Document authentication, selfie matching, and liveness detection each answer different questions and are not equivalent to full identity proofing or contextual identity verification. Identity proofing establishes that an identity exists and belongs to a person; identity verification determines whether that identity should be trusted for a specific interaction. Point-in-time checks are insufficient because identity trust changes over time. Organizations should evaluate IdV solutions by the assurance level they provide relative to transaction risk, not by feature checklists. The post also covers NIST IALs, KYC vs. IdV distinctions, synthetic identity fraud, and the limitations of biometric matching against deepfakes.

How Businesses Can Prevent Credential Theft from Unverified Applications

Unverified applications pose a significant but often overlooked credential theft risk for businesses. Attackers exploit fake authentication requests, embedded malware, excessive permissions, and session/token hijacking through apps that appear legitimate. Key prevention strategies include establishing formal application approval processes, implementing MFA and role-based access controls, adopting a Zero Trust model, restricting third-party app permissions, monitoring authentication activity continuously, and educating employees about shadow IT risks. An incident response plan covering rapid credential revocation, access investigation, and post-incident improvement rounds out a comprehensive defense posture.

Long Story Short: I Found My Place Between Code and Community

Một chuyên viên mới tại Okta, hiện đảm nhiệm vai trò AI Builder Advocate, chia sẻ hành trình chuyển từ lập trình viên backend sang developer relations. Cô có nền tảng kỹ thuật vững chắc với Java, Spring Boot, Quarkus, Kubernetes và Docker, đồng thời tích cực tham gia cộng đồng với tư cách MongoDB Champion, đặc biệt hứng thú với lĩnh vực identity, security và AI tại Okta.

Những người có kinh nghiệm kỹ thuật như backend nhưng muốn chuyển hướng sang cộng đồng hoặc công tác phát triển cộng đồng nên tìm hiểu cách kết nối kiến thức kỹ thuật với chiến lược cộng đồng hiệu quả để mở rộng ảnh hưởng và đóng góp giá trị thực tế cho cộng đồng phát triển.