For instance, we are a B2B software vendor in the banking space, and we have to survive all kinds of audits regarding the nature of our code & vendors. By keeping nearly all of our 3rd party items under the Microsoft umbrella, we can automagically skip over vast chunks of our due diligence process (according to the mutual trust equation).
None of our customers is F500 (so far), but we have yet to encounter one who didn't already have AAD, or a willingness to set this up. From a product development perspective, we really prefer having a few known-good ways to do things. Authentication & authorization is one area that I strongly dislike having a large variety of flavors on. Especially considering the nature of our business and ever-increasing demands for complex MFA flows (e.g. SAML). There's been so many fly-by-night operations in this space, and our customers do not have patience for trying new things.
No comments yet.
