Reading time 3 min

Robin Janssens

On December 7 and 8, 2023, several ACA members participated in CloudBrew 2023 , an inspiring two-day conference about Microsoft Azure. In the scenery of the former Lamot brewery, visitors had the opportunity to delve into the latest cloud developments and expand their network. With various tracks and fascinating speakers, CloudBrew offered a wealth of information. The intimate setting allowed participants to make direct contact with both local and international experts. In this article we would like to highlight some of the most inspiring talks from this two-day cloud gathering: Azure Architecture: Choosing wisely Rik Hepworth , Chief Consulting Officer at Black Marble and Microsoft Azure MVP/RD, used a customer example in which .NET developers were responsible for managing the Azure infrastructure. He engaged the audience in an interactive discussion to choose the best technologies. He further emphasized the importance of a balanced approach, combining new knowledge with existing solutions for effective management and development of the architecture. From closed platform to Landing Zone with Azure Policy David de Hoop , Special Agent at Team Rockstars IT, talked about the Azure Enterprise Scale Architecture, a template provided by Microsoft that supports companies in setting up a scalable, secure and manageable cloud infrastructure. The template provides guidance for designing a cloud infrastructure that is customizable to a business's needs. A critical aspect of this architecture is the landing zone, an environment that adheres to design principles and supports all application portfolios. It uses subscriptions to isolate and scale application and platform resources. Azure Policy provides a set of guidelines to open up Azure infrastructure to an enterprise without sacrificing security or management. This gives engineers more freedom in their Azure environment, while security features are automatically enforced at the tenant level and even application-specific settings. This provides a balanced approach to ensure both flexibility and security, without the need for separate tools or technologies. Belgium's biggest Azure mistakes I want you to learn from! During this session, Toon Vanhoutte , Azure Solution Architect and Microsoft Azure MVP, presented the most common errors and human mistakes, based on the experiences of more than 100 Azure engineers. Using valuable practical examples, he not only illustrated the errors themselves, but also offered clear solutions and preventive measures to avoid similar incidents in the future. His valuable insights helped both novice and experienced Azure engineers sharpen their knowledge and optimize their implementations. Protecting critical ICS SCADA infrastructure with Microsoft Defender This presentation by Microsoft MVP/RD, Maarten Goet , focused on the use of Microsoft Defender for ICS SCADA infrastructure in the energy sector. The speaker shared insights on the importance of cybersecurity in this critical sector, and illustrated this with a demo demonstrating the vulnerabilities of such systems. He emphasized the need for proactive security measures and highlighted Microsoft Defender as a powerful tool for protecting ICS SCADA systems. Using Azure Digital Twin in Manufacturing Steven De Lausnay , Specialist Lead Data Architecture and IoT Architect, introduced Azure Digital Twin as an advanced technology to create digital replicas of physical environments. By providing insight into the process behind Azure Digital Twin, he showed how organizations in production environments can leverage this technology. He emphasized the value of Azure Digital Twin for modeling, monitoring and optimizing complex systems. This technology can play a crucial role in improving operational efficiency and making data-driven decisions in various industrial applications. Turning Azure Platform recommendations into gold Magnus Mårtensson , CEO of Loftysoft and Microsoft Azure MVP/RD, had the honor of closing CloudBrew 2023 with a compelling summary of the highlights. With his entertaining presentation he offered valuable reflection on the various themes discussed during the event. It was a perfect ending to an extremely successful conference and gave every participant the desire to immediately put the insights gained into practice. We are already looking forward to CloudBrew 2024! 🚀

Reading time 4 min

Robin Janssens

With the growing need for seamless user experiences and robust security measures, integrating advanced identity management solutions like Azure AD B2C with platforms such as Liferay has become essential. This article explores how ACA Group helped a company successfully implement Azure B2C to enhance their customer portal, ensuring a streamlined and secure experience for their users. From understanding the fundamentals of Azure B2C to tackling the challenges of integration, this case study provides valuable insights into the process and benefits of modern identity management solutions. What is Azure AD B2C? Azure AD B2C is a cloud-based identity provider designed for businesses to manage user identities securely and easily. It focuses on external users like customers, partners, and vendors, offering a scalable solution for login credentials and identity verification. Azure B2C aims to simplify user sign-up and registration processes while providing extensive customization options to tailor the user experience and integrate seamlessly with existing applications. Key features of Azure B2C Supports various identity providers, including Facebook, X, and LinkedIn. Provides a secure framework for managing personal data and ensures compliance with regulations. Manages access to multiple applications with a single account, enhancing security. Improves the overall user experience by recognizing the importance of digital identity in online interactions. Customer case: customer portal authentication Context This case involves a company managing air traffic within Belgian airspace, ensuring the safety, efficiency, and punctuality of flights. They oversee flight management, navigation, communication systems, and meteorological services, working closely with airlines, airports, and international air traffic control centers. Their customer portal serves as a centralized platform for clients to access vital information about operations and services, ensuring transparency and efficient communication. With hundreds of daily users, the portal plays a crucial role in maintaining efficient communication and customer satisfaction. Solution Approach We approached this case methodically and collaboratively. We started with a test design to outline our solution, making sure it matched the customer's needs. We then discussed it with the customer to gather their feedback. After considering their input, we went back to refine our approach. Realizing a tailored solution was necessary, we decided to implement custom policies. This iterative process allowed us to adapt and fine-tune our solution, ensuring it perfectly met the customer's expectations. Challenges Developed custom policies to fully integrate with Liferay, required detailed customization using XML files. The login process was tailored for SAML 2.0 authentication, customizing everything from personal details like names to preferences like language and business phone. Meeting the client's requirements was crucial, so certain fields were mandatory and others had specific formatting needs. Every step, from creating profiles to sending data to Liferay, was meticulously customized to match the project's goals. Although complex, this project was an exciting challenge that showcased our team's problem-solving skills and creativity. Lessons Learned Testing by non-technical users was a game-changer, helping us spot issues early on. Regular updates with the client kept everyone in the loop and allowed us to make timely modifications. By involving non-technical stakeholders and keeping communication open, we quickly addressed concerns and delivered a top-notch solution. This collaborative approach built trust and ensured everyone was on the same page, leading to a successful project outcome. Our Contributions to Azure B2C Working with Azure B2C showed us just how crucial custom policies are for a smooth system. These policies are the backbone of our SAML 2.0 integration, making identity management secure and efficient. We developed a custom B2C login portal to enhance user experience, tailored to fit the organization's needs. This portal simplifies registration and acts as a bridge, transferring user info to Liferay. After registration, user data flows into Liferay, automatically creating a user profile. This integration makes onboarding easy, allowing our customer affairs team to quickly assign account privileges. Creating profiles in both Azure B2C and Liferay keeps data consistent across platforms. Once profiles are created, we verify the accuracy and legitimacy of user information. After verification, users gain access to a secure and personalized customer portal on Liferay, providing a centralized and streamlined experience for all interactions. Optimizing User Journeys By integrating custom policies, SAML 2.0, Azure B2C, and Liferay, we created a smoother, more efficient user experience. This seamless connection automates tasks like user creation and verification, making registration hassle-free. The result? A faster process that saves time, reduces frustration, and boosts user engagement and satisfaction. Conclusion Integrating custom policies, SAML 2.0, Azure B2C, and Liferay creates a solid foundation for secure user sign-up and access management. These tools help organizations deliver personalized, trusted user experiences. Ready to optimize your user journeys? Reach out to our team at hello@acagroup.be . We’d love to help you get started!

Reading time 5 min

Robin Janssens

Anyone who has had to manage multiple Azure accounts in the past knows that it is often a hassle. For example, you have to log in to each Azure tenant separately with the correct login details. There is no question of a central management and setting up individual environments manually is very difficult. Implementing consistent access control and security policies is also nearly impossible. Fortunately, there is a solution: Azure Lighthouse. Find out all about it in this blog. DevOps or system engineers regularly have to work on different Azure tenants and that does not always run smoothly. Some customers want you to use a login from them, other customers prefer to invite you as a guest to manage their environment. The result is that you often have to switch manually between different Azure tenants. Moreover, it is sometimes necessary to search for the correct login details, which means that valuable time is lost. Fortunately, now there is Azure Lighthouse with which you can manage the resources within a subscription in an easy and clear way. What is Azure Lighthouse? Azure Lighthouse is a Microsoft Azure management service that provides a central platform for managing and monitoring multiple customer environments (tenants) and their resources. It enables service providers or companies with multiple Azure subscriptions to efficiently manage and control the Azure environments of their customers or subsidiaries. This allows them to streamline operational processes, improve security, and increase overall efficiency by providing a consistent management experience across all managed tenants. Benefits of Azure Lighthouse ✅ Management of multiple tenants As a service provider, you can view and manage multiple Azure subscriptions or tenants from a single Azure portal or API endpoint. You can also perform various management tasks, such as deploying and managing resources, applying policies, and monitoring performance, across all managed tenants. ✅ Delegates acces With Azure Lighthouse, you can grant delegated access to customers or subsidiaries so that they can manage their own Azure resources within defined boundaries. This delegation is based on Azure Role-Based Access Control (RBAC), which provides fine control over privileges and segregation of duties. ✅ Secure multi-tenant environment Built-in security controls keep each tenant's data and resources isolated and protected. It provides granular access controls, secure multi-factor authentication (MFA), and the ability to apply Azure Policy and Azure Security Center to all managed tenants. ✅ Branding for service providers Azure Lighthouse allows customizing the Azure portal experience for customers by applying custom branding elements such as logos and themes. This helps maintain a consistent brand identity and improves the overall customer experience. ✅ Integration with Azure Marketplace As a service provider, you can publish your managed services or solutions on the Azure Marketplace. This allows customers to easily discover and subscribe to these services, further simplifying the relationship between service provider and customer. How exactly does Azure Lighthouse work? The Azure accesses are set up per subscription. As a service provider, it is your job to publish an Azure Resource Manager (ARM) template. Templates published via the Azure store can be read by anyone. Would you rather manage just a few customers, or manage a specific customer base? Then there is the option to have the resource templates imported directly to the customer. This is how you do it: Search your tenant for Azure Lighthouse. Choose View Service Providers . Select View Service Provider Offers . Read in the new service offer from here. Such a resource template contains all kinds of information such as tenant ID of the customer and of the service provider, offer name, description and which role you want to give to the service provider. Why is Azure Lighthouse interesting for you? Thanks to Azure Lighthouse, you have less hassle with customer-specific accounts or external invites. Access management is done entirely through your own portal as a service provider. As a result, you no longer have to bother the customer's local IT for access or to send invitations. Everything is centrally arranged. When new colleagues arrive or leave, you can easily remove their accounts from the relevant Azure Active Directory groups, which automatically synchronizes their access to the customer environment. In addition, the customer retains full control over their subscriptions and can unlink the service provider of certain licenses at any time. All the extra hassle that used to be necessary is now gone thanks to Azure Lighthouse. The whole process runs smooth and efficient. Conclusion Azure Lighthouse simplifies the management and governance of multiple Azure environments, giving service providers central control, saving them significant management time. In addition, customers can efficiently manage their resources while benefiting from the expertise and services offered by their providers. The increased security is also an extra asset. For more information, visit the official Microsoft FAQ pages and the official Azure Lighthouse product page . Questions about Azure Lighthouse? {% module_block module "widget_3fabed10-ae39-4bfa-8d68-e13814ecdf36" %}{% module_attribute "buttons" is_json="true" %}{% raw %}[{"appearance":{"link_color":"light","primary_color":"primary","secondary_color":"primary","tertiary_color":"light","tertiary_icon_accent_color":"dark","tertiary_text_color":"dark","variant":"primary"},"content":{"arrow":"right","icon":{"alt":null,"height":null,"loading":"disabled","size_type":null,"src":"","width":null},"tertiary_icon":{"alt":null,"height":null,"loading":"disabled","size_type":null,"src":"","width":null},"text":"Contact our experts"},"target":{"link":{"no_follow":false,"open_in_new_tab":false,"rel":"","sponsored":false,"url":{"content_id":230950468795,"href":"https://25145356.hs-sites-eu1.com/en/contact","href_with_scheme":null,"type":"CONTENT"},"user_generated_content":false}},"type":"normal"}]{% endraw %}{% end_module_attribute %}{% module_attribute "child_css" is_json="true" %}{% raw %}{}{% endraw %}{% end_module_attribute %}{% module_attribute "css" is_json="true" %}{% raw %}{}{% endraw %}{% end_module_attribute %}{% module_attribute "definition_id" is_json="true" %}{% raw %}null{% endraw %}{% end_module_attribute %}{% module_attribute "field_types" is_json="true" %}{% raw %}{"buttons":"group","styles":"group"}{% endraw %}{% end_module_attribute %}{% module_attribute "isJsModule" is_json="true" %}{% raw %}true{% endraw %}{% end_module_attribute %}{% module_attribute "label" is_json="true" %}{% raw %}null{% endraw %}{% end_module_attribute %}{% module_attribute "module_id" is_json="true" %}{% raw %}201493994716{% endraw %}{% end_module_attribute %}{% module_attribute "path" is_json="true" %}{% raw %}"@projects/aca-group-project/aca-group-app/components/modules/ButtonGroup"{% endraw %}{% end_module_attribute %}{% module_attribute "schema_version" is_json="true" %}{% raw %}2{% endraw %}{% end_module_attribute %}{% module_attribute "smart_objects" is_json="true" %}{% raw %}null{% endraw %}{% end_module_attribute %}{% module_attribute "smart_type" is_json="true" %}{% raw %}"NOT_SMART"{% endraw %}{% end_module_attribute %}{% module_attribute "tag" is_json="true" %}{% raw %}"module"{% endraw %}{% end_module_attribute %}{% module_attribute "type" is_json="true" %}{% raw %}"module"{% endraw %}{% end_module_attribute %}{% module_attribute "wrap_field_tag" is_json="true" %}{% raw %}"div"{% endraw %}{% end_module_attribute %}{% end_module_block %}