Agdersec September 2025

Agdersec starter opp igjen etter en god og lang sommer! Jarand Jansen disker opp med et veldig interessant og lærerikt foredrag i september. Vi gleder oss til å samles igjen på Apotekergaarden i Grimstad!

Agdersec is back at it after a lovely summer! Jarand Jansen will hold a interesting talk in september. We look forward to meet you all again at Apotekergaarden in Grimstad!

### My Application, Your Risk: Securing Multi-Tenant Applications in Entra ID

"Do we have the expertise to audit whether the developers have implemented appropriate security controls in the applications we allow into our environments? And what if our organization takes on the role of the developer and provider? Do we have the knowledge to guide our teams in securing multi-tenant applications—ensuring they don’t introduce unnecessary risks to our customers?

In this talk, we provide the audience with practical guidance on securing their multi-tenant applications. We present multiple security measures we consider to be of importance in such scenarios based on misconfigurations and weaknesses we have encountered during real-world assessments. A security feature recently made available by Microsoft is given some extra attention: User-assigned managed identities can now be leveraged in multi-tenant apps to access resources across tenants. This security feature enables the removal of credentials in code, significantly reducing your application's attack surface."