Browse Security Community (201)

Mahesh Sundaram announces a public preview in Azure Monitor that lets platform teams collect Azure resource platform logs at scale using Data Collection Rules (DCRs), replacing per-resource diagnostic settings with a centralized, policy-driven model that supports governance, cost control, and modern identity-based access.

Heather Poulsen outlines a governance-first blueprint for building scalable agentic AI systems, focusing on how to embed consistent controls and quality checks across user interactions, agent orchestration, integrations, data, and models so systems can scale without losing trust and oversight.

Heather Poulsen shares an event session overview on designing Azure AI Landing Zones as a production-ready foundation for deploying AI applications and AI agents at scale, with guardrails for networking, identity, security, governance, and cost control using Microsoft’s recommended architecture frameworks.

Rafia_Aqil outlines a reference architecture for ingesting both streaming and batch data through Microsoft Fabric into Azure Databricks, using OneLake/ADLS and a medallion (Bronze/Silver/Gold) layout. The post breaks down five Fabric-to-Databricks integration paths and calls out security, governance, and monitoring considerations.

brauerblogs announces a two-day “Path to Production for Agents” webinar series (July 27–28) focused on moving agentic AI from prototypes to production, covering governance, landing-zone architecture, AgentOps practices, security risks like prompt injection, and cost/performance optimization with Azure Monitor and Microsoft Foundry.

Mayunk Jain summarizes the Azure App Service announcements from Microsoft Build 2026, including a new “Easy AI experience” with built-in MCP, GA of Isolated v4 for App Service Environments, and Managed Instance improvements for modernizing legacy apps (including IIS) with better diagnostics and deployment workflows.

shashankamalladi announces General Availability of Network Security Perimeter (NSP) support for Azure Service Bus, including availability in Azure Government regions. The post explains how NSP provides a centralized security boundary with default-deny communication, explicit inbound/outbound rules, and diagnostic logging for audit and compliance.

jordanselig announces a public preview feature that lets Azure App Service expose an existing REST API as a Model Context Protocol (MCP) server using only an OpenAPI spec. The post covers how the platform generates MCP tools, how to configure it, and what to consider for authentication and safe exposure.

anandranjan explains a practical AKS pattern for keeping secret values out of YAML and CI/CD by using Azure Key Vault with the Secrets Store CSI Driver and AKS Workload Identity. It covers the identity flow, required AKS/Azure setup, workload onboarding YAML, and common troubleshooting points around federation, labels, mounts, and permissions.

amolravande explains how to run agent-generated Python safely by combining Agent Governance Toolkit (AGT) policy enforcement with Azure Container Apps Sandboxes, using per-session microVM isolation plus a fail-closed egress proxy to reduce the blast radius of untrusted code.

kinfey explains how to run LLM agents that write and execute code without giving them a host-sized blast radius, using a MicroVM sandbox. The post walks through a real pipeline (a daily Mandarin World Cup podcast) built with Microsoft Agent Framework, Azure AI Foundry, and Hyperlight snapshot/restore isolation.

Ram Kakani explains how Oracle Managed Database MCP (Model Context Protocol) remote servers can be used from Microsoft Foundry to build enterprise AI agents that query Oracle AI Database@Azure, including local VS Code workflows, self-hosted Azure deployments, and a fully managed OCI option with identity, networking, and governance controls.

LZhang lays out a practical DevOps loop for Microsoft Foundry Hosted Agents, covering how to move from Terraform-provisioned infrastructure to production delivery with immutable agent versions, evaluation as a release gate, manifest-driven promotion, traffic-split canaries, and per-version observability.

mmcrey announces Confidential Live Migration for Intel TDX Confidential VMs in Azure, explaining how Azure can move a running confidential VM to updated infrastructure with limited interruption while protecting VM memory and execution context through attestation, policy checks, and encrypted state transfer.

kinfey breaks down a cost- and security-aware blueprint for running a multi-agent SDLC “tower” on AKS, using AI Runway for in-cluster model serving, Kata MicroVM isolation for each agent pod, and MCP so GitHub Copilot Chat can orchestrate tools while keeping token spend predictable.

MattMc announces new Azure Monitor capabilities for observing AI agents, including faster telemetry ingestion, larger event payloads for prompts/responses, an Agents fleet view, deeper end-to-end transaction debugging, and evaluation workflows (including human-in-the-loop annotations) across different hosting environments and frameworks.

j_folberth walks through what it takes to deploy an Azure AI Foundry Hosted Agent using the Foundry Service REST API, including the required Azure resources, container build/push flow, and the RBAC and managed identity setup needed for the Foundry project to pull images and create agent versions.

Akash Singhal and co-authors explain how Azure Container Registry (ACR) Artifact Cache implements pull-through caching at ACR scale, including the control-plane resources customers configure and the data-plane request path that serves pulls immediately while hydrating content asynchronously for later local serving.

shobhitgarg announces a preview capability that lets you protect Azure Cosmos DB with Azure Backup vaulted backups, focusing on isolation from production, policy-driven scheduling and retention, and controls aimed at ransomware resilience and compliance needs.

bobmital introduces Anyscale on Azure, an Azure Native way to run the Ray distributed runtime on AKS so teams can unify data prep, training, tuning, and serving in one system. The post focuses on architecture (split control/data plane), GPU utilization and scheduling features, and Azure-native identity, networking, and governance.

budzynski outlines new AI gateway features in Azure API Management, including a Unified Model API (preview) that standardizes clients on OpenAI Chat Completions while APIM translates to different model providers. The post also covers GA support for Anthropic/Vertex AI, richer token metrics in Application Insights, and expanded content safety for MCP and A2A traffic.

poorvinarang announces the public preview of Azure Linux 4.0, Microsoft’s first-party Linux distribution built for Azure VMs, VM Scale Sets, AKS, and container images. The post outlines what’s new in 4.0 (kernel, dnf5, OpenSSL, systemd), how to deploy it, and the security baseline planned for GA.

FloraTaagen announces the GA release of Azure Container Linux (ACL), an immutable, image-based Linux host for AKS node pools focused on consistency and a stronger default security posture. The post explains how ACL is built downstream of Flatcar, uses Azure Linux binaries, and what changes for AKS users migrating from Flatcar preview.

nzthiago summarizes the Build 2026 wave of Azure Functions updates, covering a new serverless agents runtime, first-class managed connectors, MCP improvements, refreshed local tooling (Functions CLI v5 and VS Code templates), Go support on Flex Consumption, Durable Task Scheduler enhancements, and new operational/security features like built-in Grafana dashboards and TLS certificates.

DivSwa introduces Azure Logic Apps Automation (public preview), a new SaaS-style SKU for building and running workflow automations on Azure with built-in governance and production controls. The post highlights AI-assisted authoring, agent integration options (including Foundry agents and GitHub Copilot harnesses), and enterprise features like VNet/private endpoints, RBAC, and audit logging.

DivSwa announces the public preview of Knowledge as a Service (KBaaS) in Azure Logic Apps, a managed knowledge layer that turns documents into a ready-to-use knowledge base for agentic workflows, removing the need to build and operate a custom RAG pipeline, vector store, and retrieval logic.

lily-ma introduces Hosted MCP Servers in Azure Logic Apps Connector Namespace (public preview), a managed way to deploy remote MCP endpoints from a catalog so AI agents can discover and call tools without you owning the underlying infrastructure, scaling, authentication, or monitoring setup.

vyomnagrani summarizes the Build’26 updates for Azure Container Apps, focusing on new serverless primitives for agentic workloads: Sandboxes for fast, hardware-isolated ephemeral compute, Express for near-instant app provisioning, plus portal, security, and observability improvements for running production container apps.

lily-ma summarizes what’s new in the Azure Functions MCP extension at Build 2026, covering the full MCP primitive set (tools, resources, prompts), MCP Apps for interactive UI, built-in MCP authentication with Entra ID, and .NET-focused improvements like fluent configuration APIs and explicit input/output schemas.

coryskimming summarizes the Azure Kubernetes Service (AKS) announcements from Microsoft Build 2026, focusing on running AI training and inference at scale. It covers new options for cluster operations, bare-metal performance, fleet management across Arc-enabled clusters, and Kubernetes-native model serving with tools like KAITO and AI Runway.

WSilveira introduces Azure Connector Namespace (preview), a managed Azure integration layer that lets apps running on Functions, Container Apps, App Service, or self-hosted compute call connector actions and subscribe to triggers without owning auth, retries, polling, or webhook plumbing. The post also explains MCP servers for exposing connector operations as tools to Copilot and other agents.

vyomnagrani announces the public preview of Azure Container Apps Sandboxes, a new Azure resource for fast, hardware-isolated, scale-to-zero compute that can suspend/resume via full-state snapshots. The post explains the resource model, lifecycle states, egress controls, managed volumes, identities, MCP connectors, and how to get started with the portal, aca CLI, and Python SDK.

beenamore summarizes the Microsoft Build 2026 updates for Azure API Management and Azure API Center, focusing on governing AI-era API ecosystems: registering and assessing agents, MCP-based discovery, agent-to-agent APIs, a unified model API for multi-model apps, expanded AI gateway controls, and deeper token observability.

Brendan Burns announces the public preview of Anyscale on Azure, a managed Ray platform that runs on Azure Kubernetes Service (AKS). The post focuses on scaling distributed AI training and inference across regions, simplifying operations via Azure-native provisioning and billing, and using Microsoft Entra workload identity for governance.

Vincent Liu announces general availability of a new Azure Files management experience for premium SSD NFS file shares, enabling each share to be created, secured, scaled, and billed independently. The post highlights higher scale limits, IaC support with Bicep/ARM, share-level networking and security boundaries, and snapshot-based data protection.

grace_kim announces a public preview that lets macOS users access Azure Files using Microsoft Entra ID authentication, replacing storage account keys with identity-based access. The post explains how Kerberos, Azure RBAC, and NTFS ACLs work together, and how Platform SSO plus the Microsoft Enterprise SSO plug-in enable single sign-in on managed Macs.

dchelupati summarizes the Microsoft Build 2026 updates to Azure SRE Agent aimed at making agentic operations workable in real enterprise production environments, including private networking, governed connectors, a granular permissions model, native GitHub Enterprise support, and a private plugins marketplace for approved MCP tools and workflows.

Dalibor Kovacevic explains the new governance controls for Azure SRE Agent, focusing on how to restrict and audit what the agent can do in production using managed identity + Azure RBAC, tool-level allow/ask/deny policies, and pre-tool-use hooks that can block or rewrite calls.

dchelupati explains how Azure SRE Agent can connect to GitHub Enterprise Cloud repositories using a Bring Your Own GitHub App model, so the agent accesses code and operational artifacts via a governed service identity instead of personal tokens. The post focuses on the auth flow, permissions, and Key Vault-backed key handling.

ebencarek explains how Azure SRE Agent can now install plugins from private GitHub repositories (including GitHub Enterprise), enabling platform teams to distribute runbooks, compliance checks, and operational playbooks across multiple agents with explicit version pinning and per-marketplace authentication.