Browse All Security Content (420)

Jack Batzner shows how to add a governance layer to MCP-based AI agents in .NET using the Agent Governance Toolkit, including policy-driven tool-call authorization, security scanning of tool definitions, response sanitization to reduce prompt-injection risk, and built-in audit/telemetry via OpenTelemetry.

McKenna Barlow explains that starting in .NET 11 Preview 4 and Visual Studio 18.8, VSTest will stop shipping a transitive Newtonsoft.Json dependency, switching to System.Text.Json (and JSONite on .NET Framework). The post outlines who might break, what errors to expect, and the typical one-line fix.

prabhattomar explains how to build a Kubernetes-native DBaaS-style SQL platform using Crossplane to provision Azure Database for PostgreSQL Flexible Server, including private networking, DNS-based read/write endpoints, and an active-passive multi-region HA/DR approach with replica promotion and Traffic Manager routing.

skundapura outlines a phased approach to migrate file-based application logging from Splunk to Azure Application Insights on VMs, using Azure Monitor Agent and Log Analytics, then mapping alerts and optionally adding SDK instrumentation for deeper traces and metrics with security and PHI considerations.

VaidhyaP introduces AG-UI (Agent–User Interface), a protocol for connecting AI agents to rich frontends with streaming events, declarative UI proposals, shared state updates, and human-in-the-loop approvals, plus practical security guidance like Azure AD protection and Key Vault-backed secrets.

Samarpitaa explains where Azure AI Foundry IQ fits (and doesn’t) for enterprise agent knowledge access, then shows a reference approach for querying Foundry IQ knowledge bases directly via the Azure AI Search Python SDK with permission-aware retrieval and citations.

Shah_Viral explains how to build an enterprise “knowledge copilot” on Azure using Foundry IQ knowledge bases and Azure AI Search agentic retrieval, including C#/.NET setup, MCP-based agent connection, and key trade-offs around preview maturity, cost, latency, and security controls like ACLs and Purview labels.

Sergey Menshykh announces A2A Protocol v1.0 support in Microsoft Agent Framework for .NET, showing how to discover and call remote A2A agents, stream responses, and host your own agents as A2A endpoints in ASP.NET Core with updated v1 hosting APIs and migration notes from v0.3.

singhshub shows how to integrate HashiCorp Vault with Terraform so secrets (like Azure VM admin credentials) are fetched at runtime instead of being stored in .tf files, variable files, or pipeline variables, including KV v2 policy paths, auth options, and state protection guidance.

JennyF explains how Microsoft’s 1ES team uses agentic AI (including GitHub Copilot CLI) plus “skills” and “agent signals” to speed up CVE remediation and compliance work across many repositories, while keeping humans in the loop for review, validation, and deployment.

Alexis Wales explains how GitHub validated, fixed, and investigated a critical remote code execution issue in the git push pipeline, including what caused the injection, how GitHub confirmed no exploitation on github.com, and what GitHub Enterprise Server admins should patch and review.

LuisFilipe explains how Azure Blob Storage SFTP users should handle Microsoft’s host key change, including when it impacts SSH key-based authentication, how to pre-update trusted host keys, and how to identify SFTP usage via Azure Resource Graph and Log Analytics queries.

vsriramdas explains how to use Microsoft PyRIT to red-team agentic AI systems, then shows how to wrap PyRIT with a YAML-driven CLI so you can run repeatable scans in CI/CD and gate releases based on OWASP LLM Top 10-aligned findings.

Microsoft Defender Security Research Team explains how Microsoft Sentinel UEBA enriches AWS CloudTrail logs with simple true/false behavioral signals and built-in anomalies, helping detection engineers write simpler KQL, reduce false positives, and triage suspicious AWS activity faster.

lexinadolski recaps Microsoft’s presence in the CNCF Project Pavilion at KubeCon EU 2026, summarizing the technical conversations and themes across Kubernetes projects—migration to Gateway API, confidential computing, image signing, observability tooling, and requests for deeper Azure/AKS and AI-workload support.

YogeshwaranKannaiyan walks through a real-world troubleshooting case where Azure SQL Managed Instance Failover Group creation failed in a hub–spoke network with a centralized firewall, and explains the specific port, routing, DNS zone, and firewall behaviors that commonly block replication from initializing.

Vlad Fedorov shares what GitHub is changing after two recent availability incidents, including scaling work driven by rapid growth in pull requests and API usage, plus concrete reliability efforts like service isolation, caching improvements, and continued migration to Azure and a future multi-cloud posture.

vsakash shares a production-tested Terraform pattern for deploying Azure Redis Enterprise across regions with geo-replication, focusing on primary/replica design, per-region isolation (networking and Key Vault), and a parameterization approach that scales cleanly from dev to prod.

stclarke announces that Azure Local can now scale to thousands of servers in a single sovereign environment, aimed at regulated and mission-critical workloads. The post highlights disconnected operations, local policy/RBAC/auditing controls, and hardware options (validated compute/storage, GPUs) for running data-intensive workloads within a sovereign boundary.

jtracey93msft explains two updates to Azure Landing Zones: a new “Local” management group for Azure Local and exit planning to disconnected operations, plus refreshed SLZ sovereign policy initiatives aligned to control levels for data residency and encryption.