Browse Security Blogs (24)

Rick Strahl walks through an edge-case but practical .NET Framework/WPF tool that packages a static documentation website into a single Windows EXE, then unpacks and renders it offline using WebView2. He covers the packaging approach, ILRepack-based single-file builds, embedding native dependencies, and the SmartScreen/code-signing trade-offs.

Thomas Maurer explains how LAPS for Azure Arc extends Windows LAPS so teams can centrally audit and enforce local admin password rotation across Azure VMs and Arc-enabled servers, with Azure Policy-based compliance reporting that works in hybrid and regulated environments.

John Edward outlines practical ALM and environment strategy guidance for Microsoft Copilot Studio, focusing on how to run copilots like enterprise applications with multi-environment setups, solution-based development, source control, CI/CD pipelines, configuration management, governance, and ongoing monitoring.

Rick Strahl explains why ASP.NET Core cookie-auth logins can “disappear” after IIS app pool recycles: the Data Protection key ring isn’t persisting, so previously issued auth cookies can’t be decrypted/validated. He shows how to fix it by enabling Load User Profile or by explicitly persisting keys to a known location.

Jesse Houwing shows how to automate GitHub Copilot AI Credits budgeting by assigning per-user budgets based on Microsoft Entra ID group membership, using a GitHub Actions workflow and a PowerShell script that calls the GitHub enterprise billing API via the GitHub CLI.

John Edward outlines common enterprise AI agent architecture patterns you can implement with Microsoft Copilot Studio, including single-agent designs, multi-agent orchestration, RAG, human-in-the-loop workflows, and event-driven automation, with notes on integrations, governance, and compliance considerations.

DevClass reports on GitHub’s investigation into a poisoned VS Code extension that led to exfiltration of internal repositories, and the downstream risks for credentials, private code exposure, and follow-on access if stolen secrets were present.

DevClass reports on a Shai-Hulud supply-chain attack where a compromised npm account published malware into 314 packages, then hid reports by closing GitHub issues. The piece summarizes the payload’s credential-stealing behavior and practical cleanup steps like rotating secrets and checking for unauthorized repos and services.

DevClass reports on TanStack’s incident follow-up after a supply-chain attack that abused a GitHub Actions workflow to run untrusted code and poison shared caches, and on the project’s proposed hardening steps—including potentially moving to invitation-only pull requests.

Emanuele Bartolesi shares a quick fix for the Windows error “Your organization has deleted this device” (error code 700003) on Microsoft Entra-joined devices, avoiding a full disconnect/reconnect of the work account.

Harald Binkle demonstrates a practical BMAD workflow using GitHub Copilot to turn fuzzy requirements into reviewable artifacts: a PRD, project context, epics/stories, architecture decisions, risk-based test design, and traceability. The example focuses on enterprise authentication concerns like MFA, tenant isolation, RBAC, and auditability.

Rob Bos introduces the GitHub Copilot App technical preview and shares a practical first look at using it for repository maintenance, including parallel agent sessions, session modes (Interactive/Plan/Autopilot), and the Agent Merge workflow for handling CI failures, merge conflicts, and security-related alerts.

John Edward explains how GitHub Copilot changes team workflows around pull requests, code review expectations, and knowledge sharing. The article focuses on the trade-offs of faster AI-assisted coding, why review discipline matters more, and how teams can add guardrails like testing and security scanning without losing collaboration.

Rick Strahl shows where to read the client IP address in ASP.NET Core, and how to handle reverse proxies by parsing common forwarding headers or enabling the built-in Forwarded Headers Middleware.

John Edward outlines an architecture for a “Daily Stand-Up Agent”: a custom AI copilot that pulls sprint activity from Jira and Azure DevOps, detects blockers, and generates consistent stand-up summaries. The post focuses on connectors, grounding ticket data, conversational reporting, and practical considerations like security and data quality.

Rob Bos shares an overview of his open source projects spanning GitHub and CI/CD tooling, Azure-backed services, security reporting, and local-first AI utilities, with links to each repo and a clear description of what each tool does.

Rob Bos breaks down five GitHub Copilot and agent extensibility surfaces that create supply-chain and governance gaps in large enterprises, and explains what controls exist today (and where they don’t) across Copilot CLI plugins, APM, gh skill, MCP servers, and VS Code extension registries.

John Edward outlines a practical security checklist for running Microsoft AI agents in production, covering Entra ID identity controls, least-privilege access, data boundaries and DLP, audit logging with Azure Monitor/SIEM, and concrete defenses against prompt injection and unsafe agent behavior.

Jesse Houwing clarifies GitHub Copilot’s April 24 interaction-data policy change, explaining which subscription tiers may have interactions used for training, what is and isn’t included (like private repos), and practical ways enterprises can enforce license tiers and lock down developer environments.

Zure summarizes recent Microsoft Fabric and Purview capabilities for metadata management and governance, covering OneLake catalog search, workspace tagging, bulk definition APIs, and how AI agents/copilots intersect with lineage, compliance, and risk controls.

Jesse Houwing explains why he rebuilt the Azure DevOps Marketplace publishing tasks from v5 to v6, focusing on faster builds, stronger testing, GitHub Actions support, and more secure authentication (OIDC/workload identity) while using GitHub Copilot’s Coding Agent to accelerate the rewrite.

Thomas Maurer summarizes Commvault’s expanded integration with Microsoft Security, bringing Commvault recovery-layer signals into Microsoft Sentinel and adding an Investigation Agent for Microsoft Security Copilot to speed up investigation and clean recovery during ransomware incidents.

Thomas Maurer shares a conversation with Microsoft Senior Product Manager Pal Lakatos‑Toth about Azure’s built-in CIS Benchmarks and how they’re evolving from static checklists into platform-integrated, flexible security baselines for hybrid, sovereign, and regulated environments.

Heidi Hämäläinen explains why Microsoft Purview Data Governance can feel heavy at first, and why governed metadata (glossary, catalog, data products, and security foundations) matters for scalable analytics, ML, and GenAI work—especially when you need discoverability, compliance, and trust in production.