Browse Security Community (106)

mosiddi explains how Microsoft’s open-source Agent Governance Toolkit implements production-grade security and reliability controls for autonomous AI agents, covering its package architecture, policy enforcement (Agent OS), zero-trust identity (Agent Mesh), privilege rings (Agent Hypervisor), and SRE/observability integrations, including Azure deployment patterns.

wesback breaks down what “sovereignty” can mean in Azure Belgium Central by mapping it to three practical technical layers: data residency/locality, encryption (including CMK with Key Vault or Managed HSM), and confidential computing with attestation for in-use protection.

AmitManchanda28 explains how reusing a User Assigned Managed Identity (UAMI) across Azure environments can unintentionally widen trust boundaries and increase blast radius, and proposes an environment-isolated identity model with tighter RBAC scoping.

theringe walks through deploying to Azure App Service from Azure DevOps using a user-assigned managed identity (UAMI), including the Azure DevOps service connection setup, required RBAC permissions, and how to validate the deployment identity via AppServiceAuditLogs.

jordanselig walks through building an MCP App (a tool plus a UI resource) with ASP.NET Core, rendering an interactive weather widget inside chat clients like VS Code Copilot, and deploying the MCP server to Azure App Service using azd and Bicep.

Shamir_AbdulAziz describes how Microsoft built Azure SRE Agent—an AI-powered ops agent—using “agentic workflows” across the SDLC, with human-in-the-loop governance, RBAC guardrails, and deep integration into telemetry and incident systems to reduce on-call toil and speed up incident mitigation.

alinetran explains how to automate Azure Arc server onboarding at scale using Ansible with a new purpose-built onboarding role, focusing on least-privilege permissions and removing manual steps that don’t scale.

joclemen breaks down what Azure Key Vault’s paired-region replication really guarantees during a regional outage, why it becomes read-only after Microsoft-managed failover, and how to build true multi-region continuity with two Terraform reference architectures (private and public endpoint designs).

Meagan McCrory announces a public preview “Essential Machine Management” experience in Azure’s Compute Infrastructure Hub, aimed at onboarding Azure VMs and Azure Arc-enabled servers at subscription scope for monitoring, updates, inventory, configuration, and security baselines.

MelanieKraintz007 announces GA support for managed identities and workload identity in Azure Red Hat OpenShift, explaining how ARO operators and Kubernetes workloads can use short-lived tokens with Azure RBAC to reduce reliance on long-lived service principals.

deepthihr walks through a real production incident running a private, enterprise AI platform on Azure, showing how DNS and private networking gaps (custom DNS, Private Endpoints, and Azure Container Apps internal ingress) caused intermittent failures—and the concrete fixes that stabilized the environment.

Pamela_Fox walks through implementing Model Context Protocol (MCP) server authentication with Microsoft Entra ID using the pre-registered (pre-authorized client) path, including Entra app registration setup, token validation in FastMCP, and an optional on-behalf-of flow to call Microsoft Graph securely.

EldertGrootenboer announces the general availability of Network Security Perimeter (NSP) support for Azure Service Bus, explaining how it complements existing network controls and how to roll it out safely using transition and enforced modes.

In this community post, lakshaymalik lays out a practical AKS DevSecOps model that prevents common Kubernetes misconfigurations by enforcing governance at admission time with Azure Policy/Gatekeeper, then backing it up with runtime detection (Defender for Containers) and continuous compliance to catch drift.

ShivaniThadiyan explains how Azure SQL Managed Instance is evolving from a SQL Server-compatible PaaS into an AI-enabled platform, covering built-in operational intelligence, vector search, in-database Python/R machine learning, and Copilot-assisted diagnostics with security and governance considerations.

ShivaniThadiyan outlines a shift-left approach to Azure infrastructure validation, using GitHub Copilot as an assistive layer to summarize Terraform plans, interpret drift signals, and help prioritize Azure Policy and Azure Resource Graph findings—without removing human approvals or governance.

Vaibhav Pandey shares a production-oriented “Bring Your Own Model” (BYOM) pattern for Azure AI applications, showing how to package, register, and deploy a custom model on Azure Machine Learning with secure identity, networking, and scalable managed endpoints.

lily-ma explains how to connect an MCP server hosted on Azure Functions to an Azure AI Foundry agent, covering why you’d do it, the main authentication options (keys, Entra ID/managed identity, OAuth passthrough), and the high-level steps to register the MCP endpoint as a tool and test tool-calling in the agent playground.

SundarBalajiA explains how to embed GitHub Copilot custom agents in a repo (via `.github/agents/`) to run Terraform-based Azure infrastructure security checks inside VS Code, including recommended agent metadata, tool permissions, and a structured finding format mapped to CIS, Azure Security Benchmark, and NIST controls.

dmalbrough outlines how Komprise and Microsoft Azure can help organizations migrate and tier unstructured data, curate it for AI workloads, and apply governance and security controls (like immutability and object locking) to reduce risk and cost at scale.