Stephan van Rooij
Software architect at Smartersoft
's-Hertogenbosch, The Netherlands
Actions
A blogger, a speaker but mainly a software architect with a strong focus on security, identity and automation. My day job is all .NET core and single-sign-on. If I have some spare time, I'm mostly working on one off my home automation projects (with over half a million combined downloads)
I'm also an occasional contributor to @azure/msal, azure/microsoft docs and Azure pipeline tasks
Check my blog or github profile for more details
Awards
Area of Expertise
Topics
Become a Maester in Microsoft 365 Security
Is your Microsoft tenant secured correctly? Do you know all the right switches to turn and what checkboxes to tic?
What if there was a free tool you can setup to automatically scan your Microsoft tenant configuration and provide you with a beautiful actionable reports on a daily bases?
We will show you how to get started with Maester, and as the actual reports start rolling in, we will fix some of the (intentional) misconfigurations.
Measter is an open-source powershell module you can run on (free) Github Actions, and if you're not using it just yet, this will be the perfect session to get you started.
Building a PowerShell module in 2025
PowerShell has been around for ages, building a module for developers in 2025 can be a challenge. There is no concept of asynchronous code, CancellationTokens, ILoggers or dependency injection.
Together we will build a PowerShell module in C# using these modern development concepts, you can even press F5 to debug your module.
Why a PowerShell module you ask? It's a great way to allow system administrators to use your tool in a way they are already familiar with, instead of confronting them with yet another command line interface they have to learn. PowerShell gives you command completion out-of-the-box and has a nice way to expose your documentation.
- Documenting your module using code comments
- Testing your module with Pester
- Loading dependencies
- Dependency injection and ILogger
Bring all your questions and let's start exposing your libraries to a much wider audience.
Protect your API with Entra - from zero security to security hero
Security should be top priority in any application these days. In this interactive demonstration I'll show you how to go from an API without security to an API that is secured with Microsoft Entra ID.
Join this sessions so you never have to worry about the security of your API ever again.
- Protecting the API
- What are JWTs (Json Web Tokens)?
- Scopes vs Roles?
- Getting a token as application
- Getting a token as user
These principals are not Microsoft Entra specific and can be applied to other Identity Providers as well, the exact implementation might be slightly different.
You're using Azure Key Vault incorrect
We all seen the samples where you put your secret keys in Azure Key Vault and think you're now completely secure. I'll show you how to exfiltrate those certificates and what you should do about it.
- Exfiltrate certificates
- Protect multi tenant application
- Managed identity misuse
Packaging apps for Intune is hard
How hard can it be to package apps for Intune? We will take you on our journey where we explain how we developed an open-source application that packages any application for Intune. We will show you all the challenges and how this app can help you setup a full company portal in seconds.
We can even decrypt existing intunewin files.
Dutch Microsoft Security Meetup User group Sessionize Event Upcoming
Experts Live Netherlands 2024 Sessionize Event
WorkplaceDudes NL User group Sessionize Event
Microsoft Security User Group 2024 User group Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top