Browse Security Blogs (25)

Jesse Houwing clarifies GitHub Copilot’s April 24 interaction-data policy change, explaining which subscription tiers may have interactions used for training, what is and isn’t included (like private repos), and practical ways enterprises can enforce license tiers and lock down developer environments.

Zure summarizes recent Microsoft Fabric and Purview capabilities for metadata management and governance, covering OneLake catalog search, workspace tagging, bulk definition APIs, and how AI agents/copilots intersect with lineage, compliance, and risk controls.

Jesse Houwing explains why he rebuilt the Azure DevOps Marketplace publishing tasks from v5 to v6, focusing on faster builds, stronger testing, GitHub Actions support, and more secure authentication (OIDC/workload identity) while using GitHub Copilot’s Coding Agent to accelerate the rewrite.

Thomas Maurer shares a conversation with Microsoft Senior Product Manager Pal Lakatos‑Toth about Azure’s built-in CIS Benchmarks and how they’re evolving from static checklists into platform-integrated, flexible security baselines for hybrid, sovereign, and regulated environments.

Heidi Hämäläinen explains why Microsoft Purview Data Governance can feel heavy at first, and why governed metadata (glossary, catalog, data products, and security foundations) matters for scalable analytics, ML, and GenAI work—especially when you need discoverability, compliance, and trust in production.

DevClass.com reports on how Microsoft Azure CTO Mark Russinovich used Anthropic’s Claude Opus 4.6 AI model to scan 1986 Apple II machine code, finding security vulnerabilities and raising important points about AI’s expanding role in legacy code security.

John Edward provides a comprehensive look at agentic AI in IT, showing how Microsoft Azure and related services create self-healing and intelligent operations through automation, monitoring, and AI-driven incident response.

John Edward outlines the core pitfalls of microservice architecture and offers actionable architectural patterns like API Gateway, Saga, and Circuit Breaker to help architects navigate complexity, deployment, and security concerns in distributed systems.

Thomas Maurer shares the public release of the Sovereign Cloud MicroHack, a Microsoft-led workshop focused on building practical skills in deploying and securing sovereign workloads on Azure and its hybrid services.

Rick Strahl explains how to simplify and automate code signing for Windows binaries using Azure Trusted Signing and the dotnet sign tool, sharing technical setup and scripting tips for secure development workflows.

Rick Strahl shares his experience with failures using the Microsoft timestamp server for code signing and recommends alternative, more reliable servers. The article provides practical advice and example code for secure code signing workflows.

DevClass.com summarizes Filippo Valsorda’s critique of GitHub Dependabot, highlighting the alert fatigue and security concerns faced by developers using automated dependency management tools.

In this workshop summary, DevClass.com reviews Martin Fowler’s event marking 25 years since the Agile Manifesto, highlighting the growing impact of AI on coding, the renewed importance of TDD, and security risks in software development.

John Edward details modern SharePoint architecture for scalable intranets in 2026, focusing on technical practices, security, integration, and governance for Microsoft 365 professionals.

Tim D'haeyer draws on both personal experience and technical depth to guide developers through safely handling special characters in user input, emphasizing SQL injection prevention and robust DevOps practices.

Emanuele Bartolesi shares the GitFlow setup he actually enforces on GitHub, including strict branch protection, PR habits, release/tag rules, and how he wires it to GitHub Actions, environments, and basic security checks so the workflow holds up under real release and hotfix pressure.

Tim Anderson outlines the Kubernetes committees' warnings and technical reasons for the urgent migration from Ingress NGINX, detailing project deprecation, security issues, and community response.

DevClass.com explores how attackers exploit VS Code's tasks.json files to deploy malicious code, emphasizing security risks, protections, and best practices for developers.

Tim Anderson highlights how attackers weaponize VS Code's tasks.json configuration to execute malicious code, detailing the risks for developers and the security implications.

John Edward presents a clear and practical walkthrough for IT administrators and technical leads on managing external sharing in Microsoft 365, with a strong emphasis on balancing collaboration and security.