Browse All Security Content (456)
Max Uritsky announces general availability of a new Azure Boost hardware platform underpinning Esv7, Dsv7, and Dlsv7 VMs, detailing the PCIe card architecture (ASIC/FPGA, MANA NIC, Arm SoC), the performance gains for networking and storage, and the security model built around hardware root of trust and continuous attestation.
Satya Nadella shares an update on Microsoft’s multi-model agentic security system, which uses 100+ specialized agents across frontier and custom models to find exploitable bugs, topped the CyberGym benchmark, and helped identify and fix 16 vulnerabilities ahead of Patch Tuesday, with a private preview now available.
Taesoo Kim introduces MDASH, Microsoft’s multi-model agentic scanning harness, and explains how it’s being used to find and validate real Windows vulnerabilities end-to-end. The post breaks down the pipeline stages (prepare/scan/validate/dedup/prove), shares benchmark results, and details 16 Patch Tuesday CVEs plus two technical deep dives.
Taesoo Kim announces MDASH, Microsoft Security’s multi-model agentic scanning harness, and explains how it uses specialized AI agents to find, validate, and prove vulnerabilities end-to-end. The post shares benchmark results, details 16 Patch Tuesday CVEs found in Windows networking/auth components, and includes two technical deep dives.
stclarke summarizes Microsoft and Red Hat’s Red Hat Summit 2026 updates for Azure Red Hat OpenShift, focusing on running modern apps and production AI with enterprise governance. It highlights OpenShift Virtualization for VM-to-Kubernetes migration, identity and confidential computing features, GPU-backed AI workloads, and expanded regional availability.
Rahul Bhandari (MSFT) and Tara Overfield recap the May 2026 servicing releases for .NET and .NET Framework, including security and non-security fixes, the CVEs addressed, and where to find release notes, installers, container images, Linux packages, and known issues.
Allison summarizes what’s new in CodeQL 2.25.4 for GitHub code scanning, including Swift 6.3.1 support, improved C# and ASP.NET taint-flow modeling, expanded Java/Kotlin query sanitizers to reduce false positives, and new data-flow barrier extensions to tune results across many languages.
Sandra Ahlgrimm explains how to customize GitHub Copilot’s modernization task lists so teams can modernize legacy Java apps safely: set constraints, split risky upgrades into smaller reviewable steps, validate the current state first, and ensure Copilot surfaces CVEs without making silent changes.
Allison announces the deprecation of GitHub’s synchronous SBOM REST endpoint and explains how to migrate scripts and integrations to the newer asynchronous SBOM report generation flow ahead of the November 13, 2026 removal date.
Kumar Srinivasamurthy outlines how modern DDoS campaigns have shifted toward multi-vector and application-layer abuse, and shares a defense-in-depth approach for keeping consumer-facing services usable under sustained attack, including edge filtering, resilient architecture, and planned graceful degradation.
kinfey explains why AI agents running model-generated code need stronger isolation than standard containers, then walks through deploying a GitHub Copilot SDK agent on AKS using Kata Containers (kata-vm-isolation) plus layered hardening like seccomp, NetworkPolicy egress allowlists, and deny-by-default tool permissions.
vikas_gautam introduces PII Shield, a privacy proxy that sits in front of LLM calls to detect and anonymize PII (with optional reversal) so raw identifiers don’t leak through prompts, gateways, logs, or observability pipelines.
vyomnagrani explains why Microsoft built Azure AI Foundry Agent Service on Azure Container Apps, focusing on what changes when AI agents move from prototypes to production: bursty execution, long-running workflows, secure tool execution, isolation, state persistence, and the operational requirements for running agent fleets reliably at scale.
FaizaanMerchant explains a Zero Trust network design for Azure Databricks that avoids public workspace exposure by fronting external access with Azure Application Gateway WAF and routing traffic to the workspace through Private Endpoints, while keeping internal access on private connectivity (VPN/ExpressRoute).
stclarke summarizes the April 2026 Copilot Studio updates, focusing on scaling AI agents with stronger governance, clearer analytics visibility, and more capable workflows. It also covers new integration options like apps-in-agents, MCP-enabled tools (preview), evaluation automation APIs, and multi-agent collaboration features.
grace_kim explains a Windows Kerberos hardening change rolling out from April–July 2026 that can break Kerberos-based SMB access to Azure Files when AD DS objects are still using (or defaulting to) RC4. The post shows how to detect impacted configurations and migrate to AES-256 before rollback is removed after July 2026.
Alex-wdy explains why Azure CLI on macOS is moving away from Homebrew Core and introducing new Preview installation options in Azure CLI 2.86.0, including a Homebrew Cask package and an offline tarball for restricted environments, with a focus on signed, notarized binaries and future enterprise authentication needs.
osmancokakoglu announces the winners of the AI Dev Days Hackathon and summarizes the projects and the Microsoft stack they used, including Azure AI Foundry, Azure OpenAI models, and the Microsoft Agent Framework, plus common Azure services and DevOps practices used to ship production-grade agentic apps.
EldertGrootenboer announces the general availability of confidential computing for Azure Service Bus Premium, explaining how TEEs protect message data while it’s being processed and how it complements existing encryption and network controls. The post also covers regional availability and how to enable the feature in the portal or via templates.
Shireesh Thota summarizes the main architecture trends from Cosmos DB Conf 2026, focusing on how teams are building AI-native apps on Azure Cosmos DB with flexible data models, serverless scale, and first-class semantic/vector search, plus practical patterns for agent memory, cost visibility, and multi-user security.
Allison announces an update to Dependabot that lets enterprises grant it access to internal repositories across organizations, enabling dependency update pull requests even when dependencies live in a different org within the same enterprise.
Paulams732 describes a reusable Azure DevOps YAML pipeline template for scaling GitHub Advanced Security across many repositories by detecting repo contents, running CodeQL only when relevant, and adding IaC scanning with centralized reporting and SARIF artifacts.
This roundup tracks a clear shift from agent capability to agent governance: more context, more observability, and more policy controls across Copilot, VS Code, and the CLI. On the platform side, Microsoft tightened the path from prototype to production with .NET agent building blocks, Azure AI Foundry deployment patterns, and data governance improvements that make RAG and operations easier to standardize. We also cover the less flashy work that keeps systems dependable at scale, including Fabric and Databricks operational updates, GitHub migration and ruleset changes, and security research that keeps token theft, privilege escalation, and supply chain risk in focus.
mkachare explains how Azure NetApp Files depends on DNS when using Active Directory-backed SMB, dual-protocol, and NFSv4.1 Kerberos volumes, and why hub-spoke or Virtual WAN designs with an external DNS forwarder often fail. The post focuses on the two separate DNS paths ANF uses, plus the forward and reverse rulesets required to avoid hard-to-diagnose errors.
kunyanliu explains how CHERIoT-Ibex uses CHERI capability extensions on a RISC-V Ibex core to provide hardware-enforced memory safety and fine-grained compartmentalization for embedded systems, aiming to reduce common exploit classes like buffer overflows and use-after-free vulnerabilities.
Brian Benz summarizes the first independent security audit of Inspektor Gadget, an eBPF-based Kubernetes observability and Linux host inspection tool, including the vulnerabilities found, the fixes shipped in recent releases, and practical hardening recommendations for teams running it in production.
The Microsoft Defender Security Research Team reports on “Dirty Frag,” an actively exploited Linux local privilege escalation technique targeting kernel networking components, and shares practical interim mitigations plus Microsoft Defender detection coverage to help teams reduce post-compromise risk.
mscagliola shows how to use GitHub Copilot skills for spec-driven development, turning a Medallion Architecture blog post into a repeatable repo that generates Terraform for Azure platform setup and Databricks bundle files for workloads, while enforcing strict placeholder/TODO rules to avoid invented environment values.
Allison announces CodeQL 2.25.3, highlighting new Swift 6.3 analysis support plus a set of query and extractor improvements across C/C++, C#, Java/Kotlin, JavaScript/TypeScript, Python, and GitHub Actions to improve code scanning accuracy and reduce false positives.
John Edward outlines an architecture for a “Daily Stand-Up Agent”: a custom AI copilot that pulls sprint activity from Jira and Azure DevOps, detects blockers, and generates consistent stand-up summaries. The post focuses on connectors, grounding ticket data, conversational reporting, and practical considerations like security and data quality.
hcamposu announces Microsoft Host Integration Server (HIS) 2028 preview, outlining the move to .NET 10 (including Linux support for non-SNA features), new REST-based connectivity for DB2 and CICS/IMS workloads, and a set of deprecations aimed at removing legacy dependencies and improving security and hybrid operations.
Landon Cox explains how GitHub instrumented GitHub Agentic Workflows to track LLM token usage in CI, then used automated “auditor” and “optimizer” workflows to reduce costs. The post covers token-usage logging, MCP tool pruning, replacing MCP calls with GitHub CLI steps, and an “Effective Tokens” metric to compare savings across models.
Kristen Womack introduces an Azure Developer CLI (azd) template from Curity and Microsoft that deploys an AI agent app to Azure with least-privilege authorization. It focuses on using short-lived OAuth 2.0 tokens (JWTs) and token exchange so APIs can enforce data boundaries even when agent behavior is nondeterministic.
Andrea Griffiths shares a practical checklist for reviewing agent-generated pull requests, focusing on where AI-written changes tend to hide risk: weakened CI, duplicated utilities, subtle logic bugs that still pass tests, and unsafe LLM-powered workflows that can turn untrusted input into executed commands.
Steven Bucher announces the public preview of the Azure Resource Manager MCP Server, a remote MCP server that lets AI agents query and operate on Azure resources via Azure Resource Manager and Azure Resource Graph, including generating KQL queries from natural language and deploying ARM templates from within VS Code.
stclarke outlines Microsoft’s latest progress on passkey adoption and phishing-resistant authentication, including updates across Microsoft Entra ID, Windows Hello, and consumer sign-in experiences, plus changes to account recovery and plans to remove weaker fallback methods.
divyanshi_varshney lays out a production-oriented reference architecture for running Azure OpenAI in regulated banking environments, focusing on private networking, identity-first access, RAG guardrails, and audit-ready observability. It also calls out common failure modes like AKS-to-Private Endpoint DNS issues and gaps in telemetry privacy.
tanyabaranwal outlines an event-driven Azure pipeline for extracting structured data from contract PDFs/ZIPs using Azure AI Document Intelligence, transforming results into a canonical JSON schema, and persisting them in Cosmos DB, with practical notes on observability and security.
KimVaddi lays out a reference architecture for governing “agent sprawl” with a multi-region AI agent landing zone on Azure, using layered control planes to enforce policy, safety, evaluation, and observability across agents, models, and tools.
lapadman lays out a practical phased-parallel cutover approach for enterprise Azure PaaS migrations, with a focus on keeping downtime near zero while avoiding message loss and split-brain scenarios. It covers traffic shifting with Azure Front Door, Service Bus relay patterns, HA/DR design, observability, and rollback criteria.