If you want to do authentication for your multi-tenant application, you can use a secret (which you shouldn’t!) or a certificate. In almost all the samples I’ve seen, the certificate is stored in the Key Vault “to keep it safe”. But how does the authentication work? And are you sure this is the most secure way? Process The short version of the process is: Get the certificate from the Key Vault Create an unsigned JWT (header and payload) Sign the JWT with the certificate Ask Entra ID f...
