Browse Security Videos (52)

John Savill rounds up a week of Azure platform changes and retirements, spanning compute/storage updates, database and identity improvements, monitoring changes, and several developer-facing AI items including GitHub Copilot Agent Mode in SSMS and Azure AI Foundry agent licensing and model availability.

John Savill gives a fast-paced rundown of key announcements from Microsoft Build 2026, highlighting notable platform updates across Azure, AI, and identity/security topics such as Entra and passkeys.

John Savill explains how Microsoft Entra ID’s passkey registration campaign works, why passkeys are useful, and how the campaign “nudges” users to register. He also covers the policy prerequisites and the key behaviors that determine when users see registration prompts.

John Savill's Technical Training gives a quick overview of a passkey registration campaign in Microsoft Entra ID, focusing on driving user enrollment for passwordless, phishing-resistant authentication.

Authorised Territory demonstrates how to build a .NET Model Context Protocol (MCP) server over HTTP that scans for unsafe tools on startup, using the Microsoft.AgentGovernance.Extensions.ModelContextProtocol NuGet package, and pairs it with a simple .NET console client that connects to the server.

John Savill runs through a Build-special weekly Azure update, covering a wide set of platform announcements across compute, containers, integration, monitoring, databases, Fabric/Databricks, and Azure AI Foundry—plus security-focused items like confidential computing and Purview agent integrations.

Jeff Hollan and Lee Stott explain how hosted agents in Microsoft Foundry help teams move from local agent prototypes to production-grade AI systems, with a focus on identity, isolation, evaluation, and lifecycle management so developers can deploy secure, scalable agents with clearer operational boundaries.

Amanda Silver and Marco Casalaina explain how to build context-aware AI agents by connecting them to enterprise knowledge, business data, and work signals using Foundry IQ, Fabric IQ, and Work IQ, with an emphasis on orchestration, governance, and operating within trusted boundaries.

Mark Russinovich and Ion Stoica discuss how AI platforms need to evolve for agentic, multimodal, globally distributed workloads, covering infrastructure fundamentals, training and real-time serving architectures, and why open source, security, and governance are becoming core platform requirements.

Mark Russinovich tours recent Azure infrastructure and architecture innovations, covering high-performance networking, serverless building blocks, and security capabilities aimed at running modern AI workloads across cloud, on-premises, and edge environments.

swyx (Shawn Wang) argues that as AI agents start shipping code, “agent supervision” becomes a core senior engineering skill: scoping agent work, setting constraints, designing checkpoints, and reviewing outputs for correctness and security.

Pablo Castro presents a Microsoft Build 2026 deep dive into Foundry IQ, Microsoft’s context engineering platform for building agents that can retrieve enterprise knowledge using agentic RAG. The session covers Foundry IQ’s architecture, connecting new knowledge sources, ingestion pipeline customization, retrieval APIs, and performance/evaluation improvements.

Neta Haiby explains how to take AI agents to production with security, governance, and observability using the Agent 365 SDK and Microsoft Purview SDK, including practical examples for runtime visibility, identity-aware access control, and policy-based lifecycle governance.

Sarah Young introduces MDASH from Microsoft Build 2026 and focuses on how developers can build security into their code from the start, framing secure-by-design practices and developer-centric security workflows.

Microsoft Developer introduces Project Lobster and the early Microsoft Scout desktop experience, focusing on always-on AI agents that can coordinate work, surface risks earlier, and keep tasks moving with less prompting. The video also outlines how Frontier customers can access the experimental release and what enrollment and policy prerequisites are required.

Tina Schuchman and Jeff Hollan walk through the end-to-end lifecycle for building production-grade AI agents using Foundry Agent Service and Microsoft Agent Framework, covering local prototyping through hosted deployment, with identity, secure networking, evaluations, and operational lifecycle management, plus how GitHub Copilot fits into the workflow.

Erika Heidi shares a practical checklist for hardening GitHub Actions workflows against software supply chain attacks, focusing on secrets exposure, token scope, protected branches/tags, dependency risk reduction, and concrete steps like pinning by digest and avoiding long-lived credentials.

Arpitha Dhanapathi explains how to build data security and compliance into AI app and agent development from day one, using Microsoft Purview as a unified policy and governance layer. The session covers common data leakage paths, practical guardrails, and how teams can move from prototype to production without reinventing controls.

James Brotsos shows how to keep developer velocity while improving security by integrating GitHub Advanced Security and Microsoft Defender for Cloud across the workflow—from local CLI scanning and pull requests in VS Code through to cloud risk visibility and attack-path analysis.

Jeremiah Follis explains how the Agent 365 SDK helps enterprises make custom and third-party AI agents visible, governable, and secure at scale, with a focus on identity, observability, compliance, and risk controls for real business workflows.

Jason Fisher explains how Windows is tightening its security foundations and what developers should expect as legacy authentication is reduced, code trust requirements get stricter, and post-quantum cryptography is introduced into the platform.

Kim Manis explains how Microsoft Fabric supports a secure and scalable data estate, covering governance with OneLake Catalog, compliance integration with Microsoft Purview, capacity controls, and developer workflows like Terraform and the Fabric CLI, plus how these foundations enable grounded AI agents with Foundry and OneLake.

Anish Tallapureddy and Mike Budzynski explain how Azure API Management’s AI Gateway can act as a governance layer for AI workloads, covering endpoint exposure, request routing, policy-based guardrails, cost controls, and production telemetry for models, tools, and agents across providers.

Poorvi Narang and Flora Taagen present an Azure-focused session on running Linux workloads using Azure Linux across VMs and AKS, highlighting the Azure Linux 4.0 preview, Azure Container Linux, and what “secure by default” looks like in practice from development through production.

Microsoft Developer demonstrates the Aikido extension for VS Code, showing how to run security scanning directly in the IDE to catch vulnerabilities, prevent secrets from being committed, and block malware before it reaches your machine, with workflows that tie into PRs and developer feedback loops.

Klorida Miraj and Nazmus Sakib explain how Windows can provide OS-level security and governance for AI agent and agent-augmented coding workflows, using examples like sandboxing in GitHub CLI. The session focuses on containment, detection/response, and identity models to move agents from experiments to production safely.

Mario Rodriguez and Evan Boyle demonstrate how AI agents—centered around GitHub Copilot—can work across planning, coding, CI/CD, and production operations to help teams ship AI-assisted code safely. The session focuses on practical workflows, guardrails, and review patterns that keep autonomous changes controlled while still moving fast.

Kirupa Chinnathambi, Stuart Schaefer, and Patrick Nikoletich explain how Windows is evolving to support AI agents that can take real actions (run commands, modify files, move data) while staying within clear safety boundaries, including identity, containment, and ongoing supervision.

Sarah Bird, Sandeep Atluri, and Mehrnoosh Sameki explain how to govern AI agents end to end in production, focusing on safety, reliability, and human oversight across Microsoft Agent Framework and open-source stacks. The session outlines evaluation-driven development, adversarial stress testing, and a cross-framework control approach for enterprise-scale agent deployments.

Roop Kiran Chevuri and Phil Gerity explain how Windows 365 Cloud PCs can be used as a secure, flexible development platform, including developer-ready images, cross-device workflows, and enterprise controls like Intune provisioning and Conditional Access. They also introduce Windows 365 for Agents and show how MCP-based tools can run against agent-owned Cloud PCs.

Andrea Griffiths and Nick Taylor introduce Pomerium on Open Source Friday, covering how the open source identity-aware proxy secures access to internal apps and services with authentication, authorization, and zero trust access patterns.

GitHub walks through new Visual Studio Code capabilities for remote session management, permissions, and secure AI adoption, including bring-your-own-key and bring-your-own-model options. The video also introduces an agents experience aimed at managing multiple sessions across workspaces, clients, and cloud-connected development environments.

Microsoft Developer introduces Wassette, a security-focused MCP server that uses WebAssembly Components to run untrusted agent tools in a sandboxed runtime, aiming to make extending AI agents safer and more reusable.

Priyanka Vergadia hosts Krystal Folkes for an end-to-end walkthrough of modernizing a real-world legacy ASP.NET Web Forms app using GitHub Copilot. They cover planning with Copilot plan mode and agents, security baselining and findings review, SQL Server-to-PostgreSQL migration, architecture visualization, and deployment planning to containers and Kubernetes.

John Savill runs through the key concepts and Microsoft services covered by the AI-901 Azure AI Fundamentals exam, including responsible AI, Azure AI Foundry, models, agents, embeddings, and the main Azure AI service areas (language, speech, vision, and document extraction), plus core authentication options with keys and Entra ID.

Sandra Ahlgrimm explains how to customize GitHub Copilot’s modernization task lists so teams can modernize legacy Java apps safely: set constraints, split risky upgrades into smaller reviewable steps, validate the current state first, and ensure Copilot surfaces CVEs without making silent changes.

Ayan Gupta introduces a hands-on video series on modernizing legacy Java applications using GitHub Copilot, outlining a four-phase loop (Assess, Upgrade, Migrate, Test & Deploy) and how AI-assisted workflows can reduce manual effort across dependencies, security fixes, and deployment steps.

John Savill runs through the 1st May 2026 Azure update, covering new and preview features across AKS networking and troubleshooting, Azure Front Door WAF protections, Elastic SAN improvements, PostgreSQL read replica scaling, and major AI platform changes like Microsoft Agent Framework GA and Prompt flow retirement.

John Savill's Technical Training gives a practical overview of post-quantum cryptography (PQC), why quantum computing changes the risk profile for today’s encryption, and what to start doing now—especially around inventorying crypto usage and planning for “harvest now, decrypt later” threats.

GitHub shares Jeff Luszcz’s overview of what open source maintainers should know about licensing and SBOMs, and how these practices affect software supply chain security and user expectations heading into 2026.