diff --git a/callautomation-live-transcription/src/app.ts b/callautomation-live-transcription/src/app.ts
index 9e2e55c4..95b5d7c6 100644
--- a/callautomation-live-transcription/src/app.ts
+++ b/callautomation-live-transcription/src/app.ts
@@ -1,6 +1,7 @@
 import { config } from 'dotenv';
 import express, { Application } from 'express';
 import http from 'http';
+import helmet from 'helmet'; // Import helmet for security headers
 import { PhoneNumberIdentifier, createIdentifierFromRawId } from "@azure/communication-common";
 import {
 	CallAutomationClient, CallConnection, AnswerCallOptions, CallMedia,
@@ -21,6 +22,7 @@ config();
 const PORT = process.env.PORT;
 const app: Application = express();
 app.use(express.json());
+app.use(helmet()); // Use helmet to secure Express app by setting various HTTP headers
 
 // Create common server for app and websocket
 const server = http.createServer(app);
diff --git a/manage-teams-identity-mobile-and-desktop/issue-communication-access-token.js b/manage-teams-identity-mobile-and-desktop/issue-communication-access-token.js
index fd7ab0ab..739e233f 100644
--- a/manage-teams-identity-mobile-and-desktop/issue-communication-access-token.js
+++ b/manage-teams-identity-mobile-and-desktop/issue-communication-access-token.js
@@ -1,4 +1,3 @@
-
 require('dotenv').config({path: __dirname + '/.env' })
 const { CommunicationIdentityClient } = require('@azure/communication-identity');    
 const { PublicClientApplication, CryptoProvider } = require('@azure/msal-node');
@@ -80,8 +79,8 @@ app.get('/redirect', async (req, res) => {
         res.sendStatus(200);
     }).catch((error) => {
         console.log(error);
-        res.status(500).send(error);
+        res.status(500).send('An error occurred while processing your request.');
     });
 });
 
-app.listen(SERVER_PORT, () => console.log(`Communication access token application started on ${SERVER_PORT}!`))
+app.listen(SERVER_PORT, () => console.log(`Communication access token application started on ${SERVER_PORT}!`))
\ No newline at end of file
diff --git a/tpe-token-and-access-management/server/server.js b/tpe-token-and-access-management/server/server.js
index 5c08817a..21d58817 100644
--- a/tpe-token-and-access-management/server/server.js
+++ b/tpe-token-and-access-management/server/server.js
@@ -8,15 +8,25 @@ const cors = require('cors');
 const path = require('path');
 const config = require('./config');
 const TeamsExtensionAccessManager = require('./teams-extension-access-manager');
+const helmet = require('helmet'); // Added Helmet for security headers
+const rateLimit = require('express-rate-limit'); // Added rate limiting
 
 const app = express();
 const PORT = config.server.port;
 
 // Middleware
+app.use(helmet()); // Use Helmet to secure the app by setting various HTTP headers
 app.use(cors());
 app.use(express.json());
 app.use(express.static(path.join(__dirname, '..', 'dist')));
 
+// Rate limiting middleware
+const limiter = rateLimit({
+    windowMs: 15 * 60 * 1000, // 15 minutes
+    max: 100 // Limit each IP to 100 requests per windowMs
+});
+app.use(limiter); // Apply rate limiting to all requests
+
 // Initialize manager
 const accessManager = new TeamsExtensionAccessManager();