Everything GitHub Copilot AI ML DevOps Azure .NET Security Contact About

News Blogs Videos Community

News Blogs Videos Community Features Visual Studio Code Updates Levels of Enlightenment The GitHub Copilot Handbook

News Blogs Videos Community GenAI Basics GenAI Advanced GenAI Applied AI SDLC

News Blogs Videos Community

News Blogs Videos Community DX, SPACE & DORA

News Blogs Videos Community

News Blogs Videos Community

News Blogs Videos Community

Security

Navigate Microsoft's comprehensive security landscape. From identity management to threat protection, discover the tools and practices that keep your organization secure.

News Latest Microsoft security news and product updates.

Blogs Curated blogs about Microsoft security solutions and best practices.

Videos Educational videos covering Microsoft security services and tutorials.

Community Community discussions about Microsoft security.

Latest of everything

CodeQL 2.23.9 Release: Deprecation Notice and Update DetailsAllison reports on the release of CodeQL 2.23.9, highlighting essential information for GitHub code scanning users, including a deprecation notice for certain Kotlin versions.

The GitHub Blog 2026-01-20

Automating Security Vulnerability Triage with GitHub Security Lab Taskflow AgentMan Yue Mo demonstrates how the GitHub Security Lab Taskflow Agent, leveraging LLMs and open source taskflows, streamlines security vulnerability triage for GitHub Actions and JavaScript projects, making the process...

The GitHub Blog 2026-01-20

4 Priorities for AI-Powered Identity and Network Access Security in 2026stclarke highlights the 2026 priorities for security teams, sharing actionable guidance on AI-powered identity protection, agent management, and unified access strategies using Microsoft Entra and Defender.

Microsoft News 2026-01-20

Strengthen Your Supply Chain with GitHub Artifact Traceability and SLSA Build Level 3Allison details new ways developers can use GitHub’s artifact metadata APIs to link and analyze build artifacts, improving supply chain security and enabling production-aware alerting—with built-in integrations for Microsoft Defender...

The GitHub Blog 2026-01-20

Manage OneLake Security for Mirrored Databases in Microsoft FabricMicrosoft Fabric Blog explains how OneLake now allows fine-grained data access roles for Mirrored Databases. This upgrade helps organizations define roles at the table or folder level, enabling secure, efficient...

Microsoft Fabric Blog 2026-01-20

Migrating Application Credentials to Azure Key Vault with GitHub Copilot App Modernizationayangupta presents a comprehensive walkthrough on using GitHub Copilot app modernization to migrate application secrets and credentials to Azure Key Vault, automating secure code changes and improving cloud security.

Microsoft Tech Community 2026-01-20

Modernizing Applications by Migrating Code to Managed Identity with GitHub Copilot App ModernizationAuthored by ayangupta, this guide demonstrates how GitHub Copilot App Modernization assists developers in migrating applications to use Azure Managed Identity, automating code and configuration changes while improving security and...

Microsoft Tech Community 2026-01-20

Proactive Cloud Ops with SRE Agent: Scheduled Checks for Azure Optimizationdchelupati walks through setting up the Azure SRE Agent for proactive cloud operations, demonstrating how to automate cloud optimization across cost, security, and performance using continuous checks and integrations with...

Microsoft Tech Community 2026-01-19

Implementing Microsoft Entra On-Behalf-Of (OBO) Flow in Python MCP Servers with FastMCPPamela Fox provides an in-depth walkthrough on enabling delegated access in Python MCP servers using Microsoft Entra with the on-behalf-of flow. This technical article guides developers through secure integration steps...

Microsoft Tech Community 2026-01-19

Managing External Sharing in Microsoft 365 Without ChaosJohn Edward presents a clear and practical walkthrough for IT administrators and technical leads on managing external sharing in Microsoft 365, with a strong emphasis on balancing collaboration and security....

Dellenny's Blog 2026-01-18

Inside Octoverse 2025: Vibe Coding, Agentic AI, and Shifting Developer TrendsGitHub hosts Andrea and Kedasha chat with Jeff Luszcz in this insightful episode, unraveling the core findings from the Octoverse 2025 report. Learn how AI, Copilot, and new coding trends...

GitHub YouTube 2026-01-17

Azure File Sync: Azure Arc Integration, Additional Regions, and Secure Syncinggrace_kim details new Azure File Sync capabilities, focusing on Azure Arc integration, regional expansion, and secure onboarding with managed identities—key for IT and DevOps teams modernizing enterprise file services.

Microsoft Tech Community 2026-01-16

Public Preview: User Delegation SAS for Azure Tables, Files, and Queuesellievail announces the public preview of user delegation SAS for Azure Tables, Files, and Queues, highlighting new security features for delegated access via Entra ID and Azure RBAC.

Microsoft Tech Community 2026-01-16

GitHub Secret Scanning: Automatic Extended Metadata Checks for SecurityAllison reports on GitHub’s upcoming automatic enablement of extended metadata checks in secret scanning, bringing improved context to security alerts for more effective remediation.

The GitHub Blog 2026-01-15

When Protections Outlive Their Purpose: Managing Defense Systems at Scale on GitHubThomas Kjær Aabo shares lessons from GitHub’s experience with long-lived emergency defense rules, highlighting the importance of continuous lifecycle management and observability in large-scale platform security.

GitHub Engineering Blog 2026-01-15

Vibe Coded Applications Full of Security BlundersTim Anderson reports on Tenzai’s research led by Ori David, highlighting how applications built with ‘vibe coding’ using AI agents like Claude and Codex tend to be insecure due to...

DevClass 2026-01-15

Community-powered Security with AI: Launching the GitHub Security Lab Taskflow AgentKevin Backhouse presents the GitHub Security Lab Taskflow Agent—an open source AI-powered framework enabling collaborative, automated security research on GitHub.

The GitHub Blog 2026-01-14

Microsoft Named a Leader in IDC MarketScape for Unified AI Governance PlatformsHerain Oberoi and Don Scott share Microsoft’s recognition as a Leader in the IDC MarketScape for Unified AI Governance Platforms, highlighting practical governance, security, and responsible AI strategies for enterprises....

Microsoft Security Blog 2026-01-14

Microsoft Disrupts Global RedVDS Cybercrime-as-a-Service Platform Enabling Massive Fraudstclarke’s article covers Microsoft’s disruption of RedVDS, a cybercrime subscription service fueling large-scale fraud with disposable virtual machines and AI tools. It discusses technical methods, real-world impact, and efforts by...

Microsoft News 2026-01-14

Code Signing Windows Apps Easier and More Secure with Azure Artifact SigningTim Anderson delivers a detailed analysis of Azure Artifact Signing, Microsoft’s new service to streamline and secure code signing for Windows applications, addressing modern security requirements and developer workflows.

DevClass 2026-01-14

Encrypting Properties with System.Text.Json and a TypeInfoResolver Modifier (Part 1)Steve Gordon explains how to use System.Text.Json’s TypeInfoResolver modifier for property-level encryption in C#, outlining a practical approach to securing sensitive data that paves the way for future integration with...

Steve Gordon's Blog 2026-01-14

Inside RedVDS: Investigating How a Criminal VDS Provider Empowered Global CyberattacksMicrosoft Threat Intelligence, led by its Digital Crimes Unit, exposes the RedVDS criminal infrastructure that enabled widespread cyberattacks. The report by Microsoft Threat Intelligence offers technical insights, tracked malware tools,...

Microsoft Security Blog 2026-01-14

Cross-Region Zero Trust: Secure Power Platform Connectivity to Azure PaaS Without Public ExposureIdit_Bnaya presents a hands-on walkthrough for connecting Power Platform to Azure PaaS services across regions with strict Zero Trust principles, focusing on private network links, managed identity, custom orchestration, and...

Microsoft Tech Community 2026-01-13

Protect Sensitive Data with Azure AI Language PII RedactionMicrosoft Developer explains how Azure AI Language PII Redaction helps protect sensitive data by detecting and redacting personally identifiable information in text, documents, and transcripts.

Microsoft Developer YouTube 2026-01-13

How Microsoft Unifies Privacy and Security to Build TrustTerrell Cox, Vice President for Microsoft Security and Deputy CISO for Privacy and Policy, details Microsoft’s integrated strategy for privacy and security, offering insights into global regulatory compliance and technical...

Microsoft Security Blog 2026-01-13

GitHub Introduces Fine-Grained artifact_metadata Permission for Enhanced API Access ControlAllison presents GitHub’s new artifact_metadata permission, which enhances security and refines API access control for artifact metadata. Developers and DevOps teams must transition workflows by February 2026.

The GitHub Blog 2026-01-13

Static Egress Gateway in AKS: The Native Way to Control Multiple Outbound IPspjlewis demonstrates how to manage multiple outbound egress IPs natively in Azure Kubernetes Service using the Static Egress Gateway feature, providing clear, actionable implementation steps and security-focused considerations.

Microsoft Tech Community 2026-01-13

Granular Controls for App Access Requests in GitHub Organizations Now AvailableAllison explains new options for controlling who can request apps in GitHub organizations, enhancing security and governance for administrators managing enterprise workflows.

The GitHub Blog 2026-01-12

Secure Unique Default Hostnames Now GA for Functions and Logic AppsYutangLin outlines the GA release of Secure Unique Default Hostnames for Azure Functions and Logic Apps, highlighting key security enhancements and practical guidance for Azure cloud developers.

Microsoft Tech Community 2026-01-12

What Quantum Safe Is and Why We Need It to Stay SecureJohn Savill’s Technical Training walks through the urgent need for quantum-safe cryptography, examining how classical and quantum computing impact security and highlighting actionable steps for organizations and individuals.

John Savill's Technical Training 2026-01-12

Gain Even More Trust and Compliance with OneLake Diagnostics ImmutabilityMicrosoft Fabric Blog highlights new immutable diagnostic logs for OneLake diagnostics, enabling organizations to achieve stronger compliance and security. Authored by the Microsoft Fabric team, this post outlines technical implementation...

Microsoft Fabric Blog 2026-01-12

Identity Bindings: Simplifying Multi-Cluster Managed Identity in AKSsamcogan explains the new Identity Bindings feature in AKS, showing how it resolves the scaling and automation issues found in older Managed Identity models by using RBAC-driven authorization within Kubernetes...

Microsoft Tech Community 2026-01-12

Oracle Database@Azure Expands to West Europe and Brazil SoutheastSparshAgrawat announces the expansion of Oracle Database@Azure into the West Europe (Netherlands) and Brazil Southeast Azure regions, detailing new opportunities for AI-driven workloads, migration, compliance, and technical integration between Oracle...

Microsoft Tech Community 2026-01-08

Major Innovations in Microsoft Fabric Data Warehousing: 2025 OverviewMicrosoft Developer presents an in-depth 2025 roundup on Microsoft Fabric Data Warehousing innovations. Discover insights on clustering, security, migration, and administration enhancements from leading experts.

Microsoft Developer YouTube 2026-01-07

Introducing New Proactive Services from Microsoft Incident Response to Boost Cyber ResilienceAndrew Rapp explores how Microsoft’s new proactive Incident Response services help organizations strengthen their cyber defenses, prevent threats, and increase resilience before incidents occur.

Microsoft Security Blog 2026-01-07

Azure CycleCloud Workspace for Slurm 2025.12.01: Monitoring, Security, and HPC Enhancementsxpillons introduces key improvements in the Azure CycleCloud Workspace for Slurm 2025.12.01 release, highlighting new monitoring capabilities, security enhancements via Entra ID SSO, and expanded platform support for HPC deployments....

Microsoft Tech Community 2026-01-07

Building scalable, cost-effective real-time multiplayer games with Azure Web PubSubkevinguo shares how a game studio leveraged Azure Web PubSub to reimagine real-time multiplayer architectures, focusing on scalability, reliability, and cost-effective delivery at global scale.

Microsoft Tech Community 2026-01-07

Spoofed Phishing Emails Exploiting Routing and Protection MisconfigurationsMicrosoft Threat Intelligence investigates an uptick in phishing campaigns abusing complex mail routing and misconfigured spoof protections, detailing detection, real-world attack methods, and robust mitigation guidance.

Microsoft Security Blog 2026-01-06

Identifying Missed Alerts in Azure Kubernetes Deployments with SRE Agentdchelupati describes how gaps in Azure Monitor alert coverage became apparent during a Redis credential rotation in an AKS application, and how Azure SRE Agent and GitHub MCP integration accelerated...

Microsoft Tech Community 2026-01-06

Introducing the Microsoft Defender Experts Suite: Expert-Led Integrated Security ServicesAarti Borkar and Andrew Conway present the Microsoft Defender Experts Suite, detailing how these expert-led services empower security teams to defend against sophisticated cyberthreats and enhance operational resilience.

Microsoft Security Blog 2026-01-06

Armchair Architects: Patterns and Best Practices for Multi-Agent AI OrchestrationMicrosoft Developer brings together Uli, Eric, and David—Armchair Architects—to explore multi-agent orchestration in enterprise environments, covering patterns, frameworks, and security practices for building secure and scalable AI agent solutions.

Microsoft Developer YouTube 2026-01-06

Immersive Developer Learning with Visual Studio, .NET, Azure, and GitHub Copilot: VS Live! 2026 PreviewJim Harrer discusses the major focus areas of developer growth in 2026, emphasizing immersive events like VS Live! that feature Visual Studio 2026, .NET, Azure, and GitHub Copilot. The post...

Microsoft VisualStudio Blog 2026-01-05

Enhanced Security Governance in Microsoft Fabric: Admin Report Now in OneLake Catalog Govern TabThe Microsoft Fabric Blog explains how Fabric admins can now access enhanced security and compliance insights directly in the OneLake Catalog’s Govern tab. This update, authored by the Microsoft Fabric...

Microsoft Fabric Blog 2026-01-05

Troubleshooting gMSA Configuration Errors During Microsoft Cloud Sync InstallationCheesePizza details repeated gMSA-related errors hindering Cloud Sync setup for group writeback, sharing extensive troubleshooting and seeking advice for resolving Active Directory permission issues.

Microsoft Tech Community 2026-01-02

How SRE Agent Closes the Developer Loop: Debugging and Fixing Azure Cloud App Failures with AIdchelupati demonstrates how Azure SRE Agent, in combination with Copilot and GitHub Coding Agent, enables developers to debug, document, and automatically fix complex infrastructure bugs in Azure app deployments using...

Microsoft Tech Community 2025-12-30

Why Bugs Survive Continuous Fuzzing: Lessons from OSS-Fuzz ResearchAntonio Morales of the GitHub Security Lab delves into why bugs can persist in projects that undergo continuous fuzzing, highlighting case studies and offering a five-step workflow for better vulnerability...

The GitHub Blog 2025-12-29

Account Recovery in Microsoft Entra ID Using Government IDs and Third-Party Identity VerificationJohn Savill’s Technical Training examines Microsoft’s new Entra ID account recovery process using government-issued IDs and third-party verification, providing practical guidance and an architectural overview for Azure security practitioners.

John Savill's Technical Training 2025-12-29

Improved Dependency Submission for GitHub ActionsJesse Houwing addresses a visibility gap in GitHub Actions security when actions are pinned by SHA. The post details a workflow extension ensuring vulnerabilities are properly surfaced in the Dependency...

Jesse Houwing's Blog 2025-12-27

Securely Managing Database Connection Strings in Azure Databricks with Key Vaultbhramesh demonstrates how to use Azure Key Vault to securely retrieve database connection strings in Databricks notebooks, focusing on reducing vulnerabilities and improving workflow security.

Microsoft Tech Community 2025-12-24

Strengthening Supply Chain Security for Developers and MaintainersMadison Oliver shares practical security strategies for developers and maintainers to defend against supply chain attacks, with a focus on securing GitHub and npm workflows.

The GitHub Blog 2025-12-24

Granular Controls for GitHub App Requests Now in Public PreviewAllison details new organizational controls for GitHub and OAuth app requests, giving admins more flexibility and security through graduated policy options for managing third-party app access.

The GitHub Blog 2025-12-22

Created with ❤️ by Reinier van Maanen

Subscribe via RSS