Browse All Security Content (561)

davidwright, Arnaud Lheureux, and Suzanne Daniels explain why architecture and governance frameworks only help when they actively change delivery decisions. Using Git-Ape as the example, they show how to turn Azure Well-Architected, Azure Policy (including NIST mappings), and CAF guidance into repeatable repo-driven assessments with prioritized findings tied to code and policy.

Microsoft AI Red Team updates its agentic AI failure-mode taxonomy based on a year of red team engagements, adding seven new categories and translating real-world attack patterns into practical mitigations teams can apply to deployed agentic systems.

WillT announces the general availability of Microsoft Fabric Operations agent, describing how it uses LLM-driven rule generation plus Real-Time Intelligence monitoring to detect issues, ask clarifying questions, and (with approval) run remediation actions like pipelines, notebooks, UDFs, and Power Automate workflows, with tracing and governance built in.

Allison announces the general availability of Enterprise Teams on GitHub Enterprise Cloud, explaining how enterprise admins can define teams once and reuse them across all organizations for consistent reviewer routing, ruleset bypass configuration, IdP-driven membership via SCIM, and API-based automation with auditing.

Mark Russinovich and Ion Stoica discuss how distributed-systems principles are shaping next-generation AI platforms, covering what changes as workloads become agentic, multimodal, and globally distributed, and why open source, security, and governance are now core requirements from training through real-time serving.

kinfey explains how to run LLM agents that write and execute code without giving them a host-sized blast radius, using a MicroVM sandbox. The post walks through a real pipeline (a daily Mandarin World Cup podcast) built with Microsoft Agent Framework, Azure AI Foundry, and Hyperlight snapshot/restore isolation.

Mark Russinovich tours recent Azure platform innovations, focusing on performance, networking resilience, container live migration, and confidential computing. The session highlights how these building blocks support modern applications across cloud, on‑premises, and edge environments, with demos of Azure Container Instances and Azure Integrated HSM.

swyx (Shawn Wang) argues that as AI agents start shipping code, “agent supervision” becomes a core senior engineering skill: scoping agent work, setting constraints, designing checkpoints, and reviewing outputs for correctness and security.

Pablo Castro presents a Microsoft Build 2026 deep dive into Foundry IQ, Microsoft’s context engineering platform for building agents that can retrieve enterprise knowledge using agentic RAG. The session covers Foundry IQ’s architecture, connecting new knowledge sources, ingestion pipeline customization, retrieval APIs, and performance/evaluation improvements.

Neta Haiby, Kendra Springer, and Lei Zhong explain how to take AI agents to production with security, governance, and runtime visibility using the Agent 365 SDK and Microsoft Purview SDK, focusing on identity-aware access, data protection, and compliance controls across the agent lifecycle.

Sarah Young introduces MDASH from Microsoft Build 2026 and focuses on how developers can build security into their code from the start, framing secure-by-design practices and developer-centric security workflows.

Ram Kakani explains how Oracle Managed Database MCP (Model Context Protocol) remote servers can be used from Microsoft Foundry to build enterprise AI agents that query Oracle AI Database@Azure, including local VS Code workflows, self-hosted Azure deployments, and a fully managed OCI option with identity, networking, and governance controls.

LZhang lays out a practical DevOps loop for Microsoft Foundry Hosted Agents, covering how to move from Terraform-provisioned infrastructure to production delivery with immutable agent versions, evaluation as a release gate, manifest-driven promotion, traffic-split canaries, and per-version observability.

IgalAmster announces the general availability of Graph in Microsoft Fabric, a relationship-first graph capability that runs natively on OneLake. The post explains how explicit graph modeling and GQL queries support enterprise-scale reasoning for analytics, ontologies, and Fabric IQ scenarios, including security and impact analysis use cases.

mmcrey announces Confidential Live Migration for Intel TDX Confidential VMs in Azure, explaining how Azure can move a running confidential VM to updated infrastructure with limited interruption while protecting VM memory and execution context through attestation, policy checks, and encrypted state transfer.

Microsoft Developer introduces Project Lobster and the early Microsoft Scout desktop experience, focusing on always-on AI agents that can coordinate work, surface risks earlier, and keep tasks moving with less prompting. The video also outlines how Frontier customers can access the experimental release and what enrollment and policy prerequisites are required.

Manoj Bableshwar introduces Foundry Managed Compute, a new Microsoft Foundry capability for deploying open-source and custom AI models on elastic GPU capacity with Foundry-managed runtimes, unified endpoints/SDKs, built-in routing for cache efficiency, and Azure-native governance, networking, and observability.

Linda Li and Maria Naggaga announce new preview capabilities in Azure AI Foundry for scaling production agents: Toolboxes features like Tool Search, Skills, Work IQ/Fabric IQ, Browser Automation, and managed MCP servers, plus Routines in Foundry Agent Service for trigger-based agent runs with governance via Guardrails.

Amanda Foster announces new Microsoft Foundry capabilities for getting AI agents into production across an enterprise: publishing Foundry agents into Microsoft 365 Copilot and Teams, a new “autopilot agent” model with its own identity, and incoming Agent-to-Agent (A2A) endpoints for cross-agent interoperability.

Tina Schuchman and Jeff Hollan walk through the end-to-end lifecycle for building production-grade AI agents using Foundry Agent Service and Microsoft Agent Framework, covering local prototyping through hosted deployment, with identity, secure networking, evaluations, and operational lifecycle management, plus how GitHub Copilot fits into the workflow.

Erika Heidi shares a practical checklist for hardening GitHub Actions workflows against software supply chain attacks, focusing on secrets exposure, token scope, protected branches/tags, dependency risk reduction, and concrete steps like pinning by digest and avoiding long-lived credentials.

Arpitha Dhanapathi explains how to build data security and compliance into AI app and agent development from day one, using Microsoft Purview as a unified policy and governance layer. The session covers common data leakage paths, practical guardrails, and how teams can move from prototype to production without reinventing controls.

James Brotsos shows how to keep developer velocity while improving security by integrating GitHub Advanced Security and Microsoft Defender for Cloud across the workflow—from local CLI scanning and pull requests in VS Code through to cloud risk visibility and attack-path analysis.

Jeremiah Follis explains how the Agent 365 SDK helps enterprises make custom and third-party AI agents visible, governable, and secure at scale, with a focus on identity, observability, compliance, and risk controls for real business workflows.

Jason Fisher explains how Windows is tightening its security foundations and what developers should expect as legacy authentication is reduced, code trust requirements get stricter, and post-quantum cryptography is introduced into the platform.

Kim Manis explains how Microsoft Fabric supports a secure and scalable data estate, covering governance with OneLake Catalog, compliance integration with Microsoft Purview, capacity controls, and developer workflows like Terraform and the Fabric CLI, plus how these foundations enable grounded AI agents with Foundry and OneLake.

Anish Tallapureddy and Mike Budzynski explain how Azure API Management’s AI Gateway can act as a governance layer for AI workloads, covering endpoint exposure, request routing, policy-based guardrails, cost controls, and production telemetry for models, tools, and agents across providers.

Poorvi Narang and Flora Taagen present an Azure-focused session on running Linux workloads using Azure Linux across VMs and AKS, highlighting the Azure Linux 4.0 preview, Azure Container Linux, and what “secure by default” looks like in practice from development through production.

Microsoft Developer demonstrates the Aikido extension for VS Code, showing how to run security scanning directly in the IDE to catch vulnerabilities, prevent secrets from being committed, and block malware before it reaches your machine, with workflows that tie into PRs and developer feedback loops.

Klorida Miraj and Nazmus Sakib explain how Windows can provide OS-level security and governance for AI agent and agent-augmented coding workflows, using examples like sandboxing in GitHub CLI. The session focuses on containment, detection/response, and identity models to move agents from experiments to production safely.

Mario Rodriguez and Evan Boyle demonstrate how AI agents—centered around GitHub Copilot—can work across planning, coding, CI/CD, and production operations to help teams ship AI-assisted code safely. The session focuses on practical workflows, guardrails, and review patterns that keep autonomous changes controlled while still moving fast.

Kirupa Chinnathambi, Stuart Schaefer, and Patrick Nikoletich explain how Windows is evolving to support AI agents that can take real actions (run commands, modify files, move data) while staying within clear safety boundaries, including identity, containment, and ongoing supervision.

Sarah Bird, Sandeep Atluri, and Mehrnoosh Sameki explain how to govern AI agents end to end in production, focusing on safety, reliability, and human oversight across Microsoft Agent Framework and open-source stacks. The session outlines evaluation-driven development, adversarial stress testing, and a cross-framework control approach for enterprise-scale agent deployments.

Roop Kiran Chevuri and Phil Gerity explain how Windows 365 Cloud PCs can be used as a secure, flexible development platform, including developer-ready images, cross-device workflows, and enterprise controls like Intune provisioning and Conditional Access. They also introduce Windows 365 for Agents and show how MCP-based tools can run against agent-owned Cloud PCs.

kinfey breaks down a cost- and security-aware blueprint for running a multi-agent SDLC “tower” on AKS, using AI Runway for in-cluster model serving, Kata MicroVM isolation for each agent pod, and MCP so GitHub Copilot Chat can orchestrate tools while keeping token spend predictable.

MattMc announces new Azure Monitor capabilities for observing AI agents, including faster telemetry ingestion, larger event payloads for prompts/responses, an Agents fleet view, deeper end-to-end transaction debugging, and evaluation workflows (including human-in-the-loop annotations) across different hosting environments and frameworks.

Microsoft Defender Security Research Team breaks down “Miasma,” a large-scale npm supply-chain compromise that abused a GitHub Actions OIDC publishing workflow to ship trojanized @redhat-cloud-services packages. It explains the multi-stage obfuscation, credential theft targets (including Azure tokens), worm-like propagation, and concrete hunting and mitigation steps.

j_folberth walks through what it takes to deploy an Azure AI Foundry Hosted Agent using the Foundry Service REST API, including the required Azure resources, container build/push flow, and the RBAC and managed identity setup needed for the Foundry project to pull images and create agent versions.

Akash Singhal and co-authors explain how Azure Container Registry (ACR) Artifact Cache implements pull-through caching at ACR scale, including the control-plane resources customers configure and the data-plane request path that serves pulls immediately while hydrating content asynchronously for later local serving.

shobhitgarg announces a preview capability that lets you protect Azure Cosmos DB with Azure Backup vaulted backups, focusing on isolation from production, policy-driven scheduling and retention, and controls aimed at ransomware resilience and compliance needs.