Browse All Security Content (269)

pbeegala summarizes lessons learned from Azure Front Door incidents in October 2025 and lays out practical resiliency patterns—DNS failover, multi-CDN, and alternate ingress paths—aimed at keeping mission-critical internet-facing workloads available when global routing services have an outage.

In this NVIDIA GTC update, stclarke outlines Microsoft’s announcements across Microsoft Foundry and Azure: Foundry Agent Service GA with control-plane observability, voice agent preview capabilities, expanded model access (including NVIDIA Nemotron), and new Azure AI infrastructure plus “Physical AI” tooling that connects simulation, data, and real-world operations.

Bala Venkataraman, jeffhollan, and Nick Brady announce the GA release of Foundry Agent Service, highlighting enterprise features like private networking, expanded MCP authentication options, Voice Live speech-to-speech integration, and built-in evaluations with continuous monitoring via Azure Monitor.

meenagowdar explains how Azure Local can support “sovereign AI” by running advanced model workloads inside customer-controlled environments, from current NVIDIA RTX PRO 6000 Blackwell support (Azure Local 2603) to planned NVIDIA Rubin support, with Foundry Local services, AKS on Azure Local, and Azure Arc for management and governance.

Darren Portillo outlines Microsoft Purview updates for Microsoft Fabric focused on preventing data oversharing and improving governance and data quality, with new DLP, Insider Risk Management, DSPM, and Unified Catalog capabilities aimed at supporting safer AI adoption.

Microsoft Incident Response (DART) investigates a Microsoft Teams voice-phishing incident where an attacker impersonated IT support, used Quick Assist for remote access, and stole credentials via a spoofed site—then shares concrete defensive steps to reduce this kind of identity-led compromise.

Welcome to this week’s roundup. The common thread is agents moving beyond “helpful chat” into real execution across IDEs, terminals, CI, and cloud operations. Copilot’s latest changes focus on autonomy and repeatable behavior through repo-visible instruction files, lifecycle hooks, clearer model routing, and faster PR review workflows, while modernization tooling ties assessments and plans directly to issues and pull requests. In parallel, the rest of the stack is catching up to the day-to-day requirements of running agents like software: traces and debugging loops, structured outputs and schema enforcement, and clearer guardrails around approvals, secrets, and identity-based access.

aayodeji covers the major upgrades in Azure Managed Grafana 12, highlighting new Entra authentication, faster Azure Monitor log query workflows, Prometheus metric improvements, and streamlined database monitoring for Azure environments.

Microsoft Developer introduces computer use agents, outlining what they are, how they function, their types, and related security risks. This video provides foundational knowledge for those interested in AI agents and security.

JeevanManoj presents an in-depth guide to the public preview of Entra ID-based access for Azure Blob Storage SFTP, highlighting enhanced enterprise identity management and security.

FeynmanZhou highlights Azure Container Registry's new proactive health monitoring and auto-communication features, empowering teams to integrate ACR outage alerts and diagnostics seamlessly into their DevOps and incident workflows.

stclarke summarizes Microsoft's latest email security benchmark, revealing detailed statistics on threat detection and the benefits of integrating Defender with partner solutions for layered protection.

Microsoft Threat Intelligence and Microsoft Defender Experts detail how Storm-2561 uses SEO poisoning to distribute fake, signed VPN clients, stealing user credentials through technical deception and advanced evasion techniques.

Allison reports on a significant update to GitHub Actions OIDC token functionality: repository custom properties can now be added as claims, supporting stronger and more flexible policy controls across major cloud providers.

Microsoft Incident Response presents a comprehensive analysis of prompt abuse in AI tools, offering practical mitigation strategies and demonstrating how to leverage Microsoft’s security stack to detect, investigate, and respond to such incidents.

Laura Jiang details a temporary rollback in Azure DevOps allowing build identities to access Advanced Security APIs again. The post outlines the required actions for teams before the restrictions return in April 2026.

Microsoft Defender Experts and the Microsoft Defender Security Research Team expose the Contagious Interview campaign, detailing how fake technical interviews target developers with malware. Their research highlights attack methods, malware payloads, and practical protection strategies.

DevClass.com reports on how Microsoft Azure CTO Mark Russinovich used Anthropic’s Claude Opus 4.6 AI model to scan 1986 Apple II machine code, finding security vulnerabilities and raising important points about AI’s expanding role in legacy code security.

Allison summarizes the March 2026 updates to GitHub's secret scanning, focusing on new detectors—including Azure and major third-party tokens—expanded push protection, and added validation for various providers.

Rahul Bhandari (MSFT) and Tara Overfield summarize important security fixes and servicing information for .NET and .NET Framework with the March 2026 update, including CVE resolutions and detailed changelogs.