Configure CORS for APIs secured with Azure AD hosted on Azure

Configure CORS for APIs secured with Azure AD hosted on Azure

If you host your APIs on Azure, secure them with Azure AD and want to use them in the SharePoint Framework, you need to setup CORS correctly.
The risk of easily testing SharePoint Framework web parts in your tenant

The risk of easily testing SharePoint Framework web parts in your tenant

SharePoint Framework allows you to easily test the web parts you're building in your production tenant without having to deploy them first. But are you okay with the risk it exposes your data to?
Consider this before granting API permissions in your Office 365 tenant

Consider this before granting API permissions in your Office 365 tenant

Recently, Microsoft released a preview of the ability to grant access to APIs secured with Azure AD in Office 365 tenants. Allowing developers to access these APIs is not without risks, here is why.
Inconvenient no-script sites and SharePoint Framework

Inconvenient no-script sites and SharePoint Framework

By disabling custom script on their sites, organizations using Office 365 can increase the security of their data and improve the governance of their portal. But how reliable is it actually?
What external scripts is your SharePoint Framework solution using?

What external scripts is your SharePoint Framework solution using?

When installing SharePoint Framework solutions, SharePoint shows you the URLs of external scripts used by the solution. But it doesn't show all of them, so be careful what solutions you allow to run unrestricted in your tenant.