Security

ShirleyseHaley announces a new Microsoft Security Virtual Training Day designed to help professionals build expertise in cloud security using Microsoft Defender for Cloud, with practical sessions on DevOps integration and workload protection.

JulieSirrine shares a curated summary of activities from Microsoft Learning Rooms, spotlighting hands-on community events and technical discussions covering Azure, AI, Fabric, Power BI, cloud security, and coding topics for Microsoft professionals.

daisami presents a practical guide on securing pro-code custom engine agent endpoints for Microsoft 365 Copilot, detailing application-level controls, code samples, and Azure integration strategies.

John Savill presents the August 8, 2025 Azure Update, sharing key advancements in cloud infrastructure, security, AI, and data solutions for Microsoft Azure professionals.

tampasmix explores approaches for connecting Azure VPN P2S remote users to on-premises networks via ExpressRoute in a hub-and-spoke architecture, discussing routing, gateway setup, and practical options for solving connectivity challenges.

daisami guides developers through securing Azure Bot Service endpoints for Microsoft Teams, focusing on application-level protections, token validation, and tenant restrictions to safeguard accessible endpoints in ASP.NET Core bots.

Legitimate-School-59 shares a behind-the-scenes look at the technical and business realities for senior engineers earning over 150k, focusing on Azure migrations, large-scale codebase management, security enhancements, and more.

GelatinousCubeZantar details the process and obstacles in recovering access to an orphaned Azure subscription, including real-world escalation attempts and technical suggestions based on Microsoft’s documentation.

Mike Vizard examines how ArmorCode’s Anya AI now generates automated, environment-specific code fixes and brings software supply chain insight to application security, as announced at Black Hat USA 2025.

Michael Flanakin explores the major updates in FinOps Toolkit 12 for Azure, focusing on cost management, new data schemas, Power BI reporting, network and security improvements, and automation tools to streamline financial operations in the cloud.

Steve Sweetman announces the general availability of GPT-5 in Azure AI Foundry, detailing its rollout to developers via GitHub Copilot and VS Code, enhanced reasoning, orchestration features, and robust security and governance layers for enterprise AI adoption.

In this video, GitHub invites viewers to tackle AI security challenges in the Secure Code Game Season 3. Hosted by the GitHub team, it encourages ethical hacking against language models and secure code remediation.

Cristina Da Gama Henriquez announces the public preview of the Phishing Triage Agent in Microsoft Defender, highlighting its AI-powered, autonomous phishing detection capabilities for SOC teams.

Mike Vizard reports on Black Duck Software’s new integration of their AI security assistant into IDE plugins, enabling real-time vulnerability detection and support for natural language security queries as developers write code.

SmoothRunnings discusses Microsoft’s move toward passwordless sign-on and the potential changes for MFA in hybrid scenarios, featuring community input on Cloud Kerberos Trust and the continuity of the Authenticator app.

TheCitrixGuy and members of the Azure community explore the architectural and cost considerations of using Azure Application Gateway with WAF in front of APIM. They share alternative solutions including Azure Front Door and Cloudflare, offering deployment insights and practical recommendations.

Tom Howlett examines the enterprise-level implications of vibe coding and AI-assisted development, highlighting both the acceleration of innovation and the real risks in security and code maintainability.

vnamani delivers a comprehensive walkthrough on migrating on-premises ADC rules to Azure Application Gateway, breaking down feature mapping, Azure-native alternatives, and how to leverage infrastructure-as-code and cloud security best practices.

stclarke presents a comprehensive year-in-review of the Microsoft Bounty Program, showcasing $17 million in rewards, the impact of security research collaborations, and updates to Microsoft’s vulnerability reward initiatives.

In this post, stclarke introduces the Microsoft Secure Future Initiative (SFI) patterns and practices—a library of practical security solutions aimed at helping organizations enhance security at scale, informed by Microsoft’s operational experiences.

In this blog, Wendy Breiding presents five practical GitHub Copilot Chat prompts specifically designed to help .NET developers boost productivity, code quality, and security when working on Microsoft technologies.

John Savill’s Technical Training explains the new Web Application Firewall (WAF) capability for Azure App Gateway for Containers, guiding viewers through configuration, policy application, and key limitations.

Coryskimming delivers an in-depth look at Microsoft’s announcements from KubeCon India 2025, highlighting significant AKS improvements, AI integration, security advancements, and operational best practices for the Azure Kubernetes Service community.

Written by stclarke, this post presents Project Ire, Microsoft’s new autonomous AI agent built for large-scale malware detection by reverse engineering and classifying threats. The article addresses technical foundations, system accuracy, and its impact on cybersecurity operations.

Mahesh Sundaram announces the general availability of Network Security Perimeter for Azure Monitor, explaining its benefits for securing Azure monitoring data through enhanced network isolation and access controls.

anishta reports on key Azure API Management updates, including public preview MCP support in v2 SKUs and streamlined governance for external MCP-compliant servers, helping organizations connect APIs and AI agents securely.

Authored by Henry Yan and Sylvie Liu, this post introduces new 24/7, expert-driven protections from Microsoft Defender Experts for protecting cloud workloads, including support for multicloud environments.

In this comprehensive roundup, stclarke highlights major new capabilities added to Microsoft Copilot Studio in July 2025, focusing on AI-powered agent creation, secure data integration, and robust analytics and admin improvements for enterprise users.

AdiBiran outlines Azure Monitor Auxiliary Logs’ general availability, new features, and lower pricing, highlighting enhancements in querying, data transformations, and large-scale log management for Microsoft customers.

Authored by Mike Vizard, this article explores Cycode’s new AI agent for its application security platform. The tool is designed to evaluate and prioritize vulnerabilities, helping DevSecOps teams respond more effectively to emerging security challenges.

This comprehensive recap from the Microsoft Fabric Blog details July 2025’s new features and enhancements for Fabric Warehouse, including AI integration, security, performance improvements, and developer tools, making it relevant for data engineers and architects.

In this comprehensive post, Andrew Lock examines the new passkey support introduced in ASP.NET Core Identity and the Blazor Web App template as part of .NET 10 preview 6, explaining both user and implementation perspectives.

Author simdre79 explores the difficulties of enforcing password changes at first login for hybrid users on Entra joined laptops, especially after transitioning from hybrid to Entra join. This article offers insights and practical issues encountered during device enrollment and user onboarding.

Jamesdld23 explains how to monitor Azure Container Registry token expiration dates through Azure REST API, Azure Workbooks, and automation techniques.

In this community post, Unlikely-Ad4624 shares a Terraform module for provisioning Azure service principals with versatile authentication options and secure secret storage.

Authored by vicperdana, this article explores how Microsoft Purview streamlines AI data governance and compliance, mitigating GenAI risks for enterprises.

LordLoss01 seeks advice on creating a file share that allows Windows SYSTEM user access for PowerShell-automated data transfer across thousands of devices.

Laura Jiang explores automating open-source dependency scanning in Azure DevOps with GitHub Advanced Security, focusing on setup, integration, and how results are surfaced for developers.

In this article, Joseph Dadzie introduces new Microsoft Entra ID governance tools for hybrid environments, detailing features like Group SOA conversion and Face Check for secure, auditable access management.

Authored by henryyan, this article covers the latest enhancements to Microsoft Defender Experts, focusing on 24/7 protection, threat hunting, and enriched detection capabilities for hybrid and multicloud environments.

Authored by Nick Brady, this post highlights the July 2025 updates to Azure AI Foundry, including Deep Research Agent, GPT-image-1 model improvements, agent tools, and platform and security features for advanced AI development.

Jamie Magee and Brett Forsgren share how Dependabot’s revamped NuGet updater uses .NET’s own tooling to bring faster, more reliable, and more secure dependency updates to developers.

Irina Nechaeva reports on a Forrester study showing that organizations using Microsoft Entra Suite achieved a 131% ROI by improving identity and network access security.

Dellenny details how to implement the Secret Store Pattern in Azure, guiding developers to use Azure Key Vault for managing credentials and secrets securely in cloud-native applications.

In this community contribution, JohnSavill discusses group source of authority conversion from Active Directory to Entra ID, offering practical steps and critical considerations for a successful identity shift.

John Savill’s Technical Training presents an in-depth look at group source of authority conversions between Active Directory and Microsoft Entra ID, alongside updates to Microsoft Security Copilot.

In this post, Kralizek82 explores methods to test protected endpoints in C# applications using fake JWT tokens, providing practical guidance for .NET developers.

Authored by sayytoabhishekkumar, this post explores an ‘InvalidAuthenticationToken’ issue encountered during Azure REST API calls from a CI-CD pipeline—even though the equivalent request functions as expected in Postman.

Microsoft Fabric Blog announces the end of support for TLS 1.1 and earlier on the Fabric platform. Authors provide key migration steps and security implications for organizations relying on Fabric integrations.

wfgy_engine highlights persistent DevOps challenges in AI pipelines, describing how classic infrastructure issues led to subtle, production-breaking failures and how their team created a problem map and lightweight controls to address them.