Securing .Net Microservices Through Conditional Access and Zero Trust Principles using Azure AD and OAUTH2
Why this work is in the frame
A frame that forgets how it found something cannot be audited. These are the routes that admitted this work.
Bibliographic record
Abstract
The increasing adoption of distributed microservices in enterprise applications has amplified the need for robust, identity-centric security frameworks. This thesis presents a policy-driven Zero Trust architecture for securing .NET-based microservices using Azure Active Directory (Azure AD), OAuth 2.0, and Conditional Access. The proposed approach leverages Microsoft Entra ID for centralized identity governance and employs Conditional Access policies to enforce real-time, risk-based access decisions. Fine-grained authorization is achieved through integration with OAuth 2.0 token scopes and claims, ensuring contextual access based on user identity, device compliance, location, and session risk signals. The framework is implemented within a cloud-native .NET Core microservices environment, utilizing Azure API Management for secure exposure and traffic mediation. Telemetry from Microsoft Defender for Cloud and Azure Monitor is integrated to dynamically adapt authorization rules, aligning access decisions with real-time threat intelligence. The system is validated through a series of controlled simulations, demonstrating its effectiveness in minimizing unauthorized access, preventing lateral movement, and reducing the attack surface. This research provides a practical and scalable methodology for implementing Zero Trust principles across modern .NET applications using Microsoft’s identity and cloud security ecosystem..
Fetched live from OpenAlex and de-inverted. Abstracts are not stored in this database: the inverted indexes are 8.6 GB of the frame’s 9.3 GB of text, and the host has 13 GB free.
Full frame distilled prediction
Teacher imitationNot calibrated prevalence, not ground truth. Human validation pending. Learned from the 10,348 direct Codex labels and 10,348 direct Gemma labels. Candidate is the union of thresholded teacher heads; consensus is their intersection. These outputs are machine_predicted_unvalidated and are not human labels or direct frontier model labels.
Codex and Gemma teacher scores by category
| Category | Codex | Gemma |
|---|---|---|
| Metaresearch | 0.002 | 0.001 |
| Meta-epidemiology (narrow) | 0.000 | 0.000 |
| Meta-epidemiology (broad) | 0.000 | 0.000 |
| Bibliometrics | 0.002 | 0.002 |
| Science and technology studies | 0.000 | 0.002 |
| Scholarly communication | 0.000 | 0.003 |
| Open science | 0.003 | 0.004 |
| Research integrity | 0.000 | 0.001 |
| Insufficient payload (model declined to judge) | 0.000 | 0.000 |
Machine scores (provisional)
The two teacher heads of the student model, read on this work. A score orders the frame for review; it never asserts a category, and the validation status ships verbatim with every row.
Baseline scores from an immature model (maturity gate not passed, 7 training rounds). Scores rank; they never assert a category.
score_only:v0-immature-baseline · verbatim from the scoring run: score_only means the number may rank works, and no category label ships from it