In today’s IT world, we are surrounded by AI talk. Whether you are a developer, a project manager, or a IT translator, understanding these concepts is no longer optional—it is essential. However, the technical jargon can be overwhelming. Let’s break down the most important AI terms into simple, real-world ideas.

The Big Picture: AI, ML, and Deep Learning

To understand how AI is built, imagine a set of Russian Dolls (Matryoshka) where one sits inside the other. (Read more about the AI hierarchy).

The largest, outermost doll is Artificial Intelligence (AI). This is the broad goal of creating machines that can mimic human intelligence. In the early days, this was done using fixed rules. Think of a chess-playing robot from the 90s; it didn't "learn" anything, it just followed a long list of "If-Then" instructions written by a human.

Inside that is the middle doll: Machine Learning (ML). This is a smarter way to reach the goal of AI. Instead of writing every rule, we give the machine a massive amount of data and let it find patterns on its own. A classic example is a Spam Filter. You show the system 10,000 "Spam" emails and 10,000 "Real" emails. The machine eventually notices that spam often contains words like "FREE" or "WINNER" and starts blocking them automatically without being told exactly what to look for.

Finally, the smallest doll at the center is Deep Learning (DL). This is the most advanced type of ML, using "Neural Networks" that act like a human brain to handle very messy data. This technology is what powers the Face-Unlock feature on your phone. To recognize your face—even if you grow a beard, wear glasses, or get older—the AI needs the deep, brain-like power of DL to analyze thousands of tiny details in your features.

Moving to language, we often hear about Large Language Models (LLMs). These are specific types of AI, like ChatGPT or Gemini, that are trained on almost everything written on the internet. You can think of an LLM as a super-advanced "Auto-complete." If you type "The capital of France is...", it predicts the next word is "Paris" simply because it has seen that pattern millions of times before.

How AI Goes to School

Before an AI can work, it must undergo a rigorous learning process. This starts with Annotation (or Data Labeling), which we can think of as the "Teacher Phase." AI doesn't inherently understand the world; it needs to be told exactly what it’s looking at. Humans, known as Annotators, must look at thousands of data points and "tag" them.

For example, for a Self-Driving Car to function, humans must manually draw boxes around objects in street photos, labeling them as "Tree," "Stop Sign," or "Pedestrian." This provides the AI with "Ground Truth"—the factual foundation it needs to perceive reality. Without this meticulous human help, the AI is essentially blind.

Once an AI has gained general intelligence, we can give it "extra lessons" through a process called Fine-tuning. Instead of building a new model from scratch, we take a pre-trained general AI and show it a specific dataset—like 5,000 legal contracts. Through this specialization, it stops being a general chatbot and evolves into a Legal AI Specialist that masters the complex nuances of law. This approach is highly efficient, saving both time and massive computing costs.

However, the biggest challenge in AI is a problem called Overfitting. This happens when an AI learns the training data too perfectly—it memorizes the specific examples instead of learning the logic.

To understand this, let’s look at a simple example: Teaching an AI to recognize a "Bird."

Imagine you give the AI thousands of photos of birds to study. However, there is a small problem: every bird in your photos is red.

• Balanced Learning (Correct): The AI looks at the wings, the beak, and the feathers. It understands that a bird is a creature with these specific features.
• Overfitting (The Trap): The AI looks at the color and concludes: "Anything that is red is a bird."

When you test the AI with a photo of a blue bird, the AI will say: "This is NOT a bird" because it isn't red. The AI failed because it didn't learn the "logic" of what a bird is; it only memorized the "color" from your specific photos.

In the IT world, we want our AI to have Generalization—the ability to handle new, unseen situations correctly, rather than just memorizing old data.

Tokens, Memory, and the Art of "Confident Lying"

Once we understand how AI learns, we need to look at how it actually "reads" our instructions. While we see words and sentences, the AI sees the world through Tokens. Think of tokens as the "atoms" of language—small fragments that the AI uses to turn our text into numbers it can calculate. A common word like "apple" might be just one token, but a complex one like "terminology" gets chopped into pieces: termin, olo, and gy.

This isn't just a technical detail; it’s the "currency" of AI. Most AI companies charge you based on how many tokens you send in and how many the AI spits out. Interestingly, for us in the IT world, this means language matters. Because of how AI is built, languages like Vietnamese often require more tokens than English to say the same thing, making the "cost" of a conversation slightly different depending on the language you use.

But these tokens don't just cost money; they also take up space. Every AI model works at what I like to call a Context Window—or its short-term memory. Imagine the AI is a brilliant employee sitting at a very small desk. Every PDF you upload, every old message in the chat, and every instruction you give must fit on that desk for the AI to "see" it.

If your conversation gets too long and exceeds the "desk space," the AI has to start throwing the oldest papers into the trash to make room for new ones. This is exactly why, after a long brainstorming session, the AI might suddenly forget your name or the very first rule you set—it simply ran out of room on its desk.

Nowadays, tech giants are racing to build "giant desks," expanding these context windows so AI can "read" an entire book series in one go. But even with a massive memory, AI has a famous flaw: it loves to tell "confident lies," a phenomenon we call Hallucination.

You see, at its heart, an AI is a high-speed probability engine. It doesn't actually check a "truth database" to see if a fact is real. Instead, it asks itself: "Given the words I've seen so far, what is the most likely next word?" If it doesn't have the exact answer, it won't simply say "I don't know" (unless we tell it to). Instead, it will keep predicting the next word to finish the sentence.

This is how you get professional-sounding answers about non-existent coding functions that look perfect but return an undefined error the moment you run them. The AI prioritizes sounding logical and grammatically perfect over being factually true. For those of us working as Developers or PMs, this is the ultimate reminder: never trust numbers or specific names 100%. Always cross-reference and fact-check.

How do we fix this?

To stop these lies, we use RAG (Retrieval-Augmented Generation). AWS provides a great deep dive into this architecture. Think of this as an "Open Book Exam." Instead of letting the AI guess, a RAG system first searches a reliable source—like your company's handbook—and tells the AI: "Only answer based on this text." We also use Prompt Engineering (giving clear, detailed instructions) and Guardrails (safety fences that block dangerous or wrong answers) to keep the AI on the right track.

Quick Advice for IT Professionals

• Don't trust, verify: Always fact-check names, dates, and code. AI is a master of sounding professional even when it’s wrong.
• Be specific: Treat AI like a smart intern. The more context you give in your prompt, the better the result.
• Watch the tokens: Keep your inputs clean to save costs and avoid hitting the memory limit.

Join the AI Revolution with ISB Vietnam

At ISB Vietnam, we are not just watching the AI revolution—we are leading it. We believe that AI is most powerful when handled by experts who understand its strengths and its "hallucinations." That’s why we are constantly training our developers to master AI tools, ensuring that our software solutions are not just fast, but smart and secure.

Whether you need scalable software solutions, expert IT outsourcing, or a long-term development partner, ISB Vietnam is here to deliver.

Are you a tech talent looking to work in an environment that embraces AI? We are always looking for passionate people to join our team and push the boundaries of what's possible.

• Click here to explore ISB Vietnam's Case Studies
• Visit our Career Page to join our team

Let’s build something great together—reach out to us today!

Image source: Generated by Gemini

Identity is one of the most important security layers of modern systems. Modern apps must connect to numerous services, making a centralized and stable login system essential.

In this context, Microsoft 365 login is a logical choice for enterprise systems. Azure provides a standardized identity platform, eliminating the need to build authentication mechanisms from scratch.

Overall

At the high level, ExpressJS only acts as the client. Azure AD is the main entity, acting as the identity provider. The browser only handles redirects, while all sensitive processing, such as exchanging code for tokens, takes place in the backend.

The basic flow would be:

User → ExpressJS → Microsoft login → ExpressJS callback → session creation

Most importantly, the token never appears on the frontend. This is extremely important from a security perspective.

Setting up Azure AD

First, create a new application in Azure Active Directory via the Azure Portal.

Then create a Client Secret. Simply put, this is the "password" for the backend.

Finally, we will have three values; these three are the backbone of the entire login process:

• Client ID – app identifier
• Tenant ID – organization identifier
• Client Secret – backend authentication

MSAL node configuration

Microsoft provides @azure/msal-node so developers don't have to manually code OAuth2. MSAL handles the headaches of code generation, token changes, token caching, and token refresh.

Installation:

npm install express @azure/msal-node express-session dotenv

Basic configuration:

// msalConfig.js

require("dotenv").config();

module.exports = {

    auth: {

        clientId: process.env.CLIENT_ID,

        authority: "https://login.microsoftonline.com/" + process.env.TENANT_ID,

        clientSecret: process.env.CLIENT_SECRET

}};

The Authority URL simply tells MSAL which tenant we are authenticating with.

After defining the config, we will create the other file to initialize the instance to use in the project

// msalClient.js

const { ConfidentialClientApplication } = require("@azure/msal-node");
const msalConfig = require("../config/msalConfig");

const cca = new ConfidentialClientApplication(msalConfig);

module.exports = cca;

Scope: Request only what we need

Scope refers to access permissions. It determines what the app can do on behalf of the user.

Here are some common scopes:

• user.read – read basic profiles
• mail.read – read email
• files.read – read OneDrive files

The first time a user logs in, they will see a consent screen. This is very good, as it helps them know what permissions the app is requesting.

Actual login flow

Here, we use the OAuth2 authorization code flow – almost the default standard for backends.

The token is not exposed to the frontend. There is a refresh token widely accepted by enterprises

Route /login

const cca = require("./services/msalClient"); 

app.get("/login", async (req, res) => {

   const url = await cca.getAuthCodeUrl({

     scopes: ["user.read"],

     redirectUri: "http://localhost:3000/redirect"

    });

   res.redirect(url);

 });

This route only serves to redirect the user to the Microsoft login page.

Note: The redirectUri in the code must match the Redirect URI declared in Azure AD.
If they don't match, the login will fail.

Route /redirect

const cca = require("./services/msalClient"); 

app.get("/redirect", async (req, res) => {

   const tokenResponse = await cca.acquireTokenByCode({

     code: req.query.code,

     scopes: ["user.read"],

     redirectUri: "http://localhost:3000/redirect"

   });

   req.session.user = tokenResponse.account;

   req.session.accessToken = tokenResponse.accessToken;

   res.redirect("/dashboard");

 });

This is the main processing point: the backend exchanges the code for a token and then saves the session.

Sessions and Middleware

After establishing the session, protecting the route with middleware is all we need to do.

 function requireAuth(req, res, next) {

   if (!req.session.user) {

     return res.redirect("/login");

   }

   next();

 }

Conclusion

Microsoft 365 login is becoming the standard for modern enterprise systems. Instead of managing users, passwords, and complex security rules ourselves, we can directly use Azure Active Directory as a trusted identity provider.

In practice, this offers better security, less maintenance, and a login system that can scale across the organization without significant changes.

Whether you need scalable software solutions, expert IT outsourcing, or a long-term development partner, ISB Vietnam is here to deliver. Let’s build something great together—reach out to us today. Or click here to explore more ISB Vietnam's case studies.

[References]

1. https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app
2. https://learn.microsoft.com/en-us/entra/identity-platform/tutorial-v2-nodejs-webapp-msal
3. https://www.freepik.com/free-photo/email-messages-network-circuit-board-link-connection-technology_1198384.htm (Image source)