Browse All Security Content (563)

Microsoft Developer shares a 5-minute trailer previewing Livestream 4 of POSETTE 2026, highlighting 11 PostgreSQL talks including partitioning, SQL/PGQ property graphs, performance work, analytics with pg_duckdb on Azure Database for PostgreSQL, replication and logical decoding, security practices, PostgreSQL 18 vacuum improvements, Citus scaling, and LISTEN/NOTIFY pitfalls.

Taesoo Kim explains how Microsoft’s MDASH agentic scanning system moved from a benchmark win into real engineering workflows, feeding validated findings into Microsoft Defender, GitHub Advanced Security, and Azure DevOps. The post breaks down recent CVEs found across Windows and identity components, plus what pipeline changes improved results and what still fails.

Allison summarizes June 2026 improvements to GitHub secret scanning, including new detectors, expanded push protection defaults, added validity checks for more secret types, and richer metadata on detections to help teams prioritize remediation.

Rob Lefferts summarizes Microsoft’s positioning as a Leader in Forrester’s 2026 XDR Wave and explains the security platform themes Microsoft is emphasizing: cross-domain signal correlation, attack disruption, built-in threat intelligence, and SOC workflows powered by Microsoft Defender, Microsoft Sentinel, and Security Copilot.

Allison announces a new GitHub Copilot enterprise governance control that lets admins disable bypassing permission prompts (“yolo mode” / auto-approve) in Copilot clients. The update explains where to place the enterprise-managed settings file, how it’s applied to licensed users, and which VS Code versions respect the policy.

Sandeep Deo explains how AI is speeding up identity-based attacks and what Microsoft is changing across Entra and Defender to help teams prevent, detect, and respond faster. The post highlights unified identity risk scoring, improved Entra ID Protection views, least-privilege response roles, and agent-driven recommendations for Conditional Access.

John Savill walks through recent identity and authentication changes for Azure Files, focusing on Microsoft Entra ID–integrated authentication scenarios including managed identity access, cloud-only identity access, and macOS Platform SSO (PSSO) access.

Murat Tuncer walks through how PostgreSQL authentication evolved from early trust-based local setups to modern certificate and token-based approaches, explaining why each method exists, what trade-offs it made, and the common mistakes teams still run into when choosing auth for production deployments.

Adam Wolk explains how fuzzing can uncover edge-case bugs in PostgreSQL, focusing on the libpq client library and the networking protocol surface. He covers why fuzzing works, what makes a good target in Postgres, and practical steps for building harnesses and mutating protocol inputs.

Andrew Ruffin explains how to choose Azure infrastructure for PostgreSQL workloads, focusing on VM family selection, benchmarking results, and cost/performance trade-offs. The talk compares IaaS vs PaaS deployment choices and highlights hardware features and security options that can improve Postgres performance while controlling cloud spend.

Taiob Ali compares PostgreSQL and SQL Server security models, focusing on how each platform handles authentication vs. authorization, roles, and permissions, and what those differences mean for building secure, maintainable database access patterns.

Allison announces that GitHub Code Quality moves from public preview to general availability on July 20, 2026, including new org-level rollout and reporting features plus a new pricing model that combines per-committer licensing with metered AI usage and GitHub Actions minutes for CodeQL scans.

Allison announces an update to GitHub Code Quality that lets organization admins enable or disable Code Quality across all repositories with a single org-level toggle, making it easier to roll out consistent code quality checks at scale on supported GitHub plans.

Chris Welsch reports on İmeceMobil, an agriculture platform built on Microsoft Azure that helps Turkish farmers use AI-driven satellite imagery analysis, hyperlocal weather alerts, and expert guidance to improve crop decisions. The piece also highlights the Azure services and security tooling used to run the app at scale.

diptiborkar announces new Microsoft Fabric and Azure Databricks interoperability that lets teams use Microsoft OneLake as a shared, native storage layer, including GA read access and beta support for writing Unity Catalog managed tables. The post also frames OneLake as a governed data and context foundation for analytics and AI agent workloads.

Jamesdld23 explains how to avoid the 230-second HTTP timeout in Azure Functions by splitting long-running sync work into an HTTP “request” function that enqueues a message and a queue-triggered function that performs the job, with practical PowerShell and Azure CLI examples plus Entra ID-based auth hardening.

Microsoft Developer shares a 4-minute trailer previewing Livestream 1 of POSETTE 2026, highlighting 11 PostgreSQL-focused talks that include Microsoft’s Postgres roadmap, performance tuning, AI tooling, Azure infrastructure choices, and a comparison of PostgreSQL vs. SQL Server security models.

Jeff Pinkston summarizes a year of real-world email security benchmarking data comparing Microsoft Defender with SEG and ICES vendors, highlighting where layered defenses help most and where Defender’s detection and remediation have improved over four quarters.

This week in security, the focus shifted to tightening defaults and making controls easier to enforce across code, agents, and cloud boundaries. GitHub reduced credential sprawl and raised CI/CD gates with built-in tokens, bot PR workflow approvals, stronger validation for agent-generated PRs, and faster CodeQL scanning (including coverage for dormant repos). On the AI side, the story was operational guardrails: Foundry governance controls, ASSERT for turning specs into repeatable evals, and practical MCP patterns for exposing and scanning tools safely. Rounding out the week were concrete enterprise hardening moves like Azure Network Security Perimeter for Service Bus, IP allow lists for EMU namespaces, passkey adoption campaigns, centralized platform log collection, and LAPS policy enforcement for Azure Arc.

Rick Strahl walks through an edge-case but practical .NET Framework/WPF tool that packages a static documentation website into a single Windows EXE, then unpacks and renders it offline using WebView2. He covers the packaging approach, ILRepack-based single-file builds, embedding native dependencies, and the SmartScreen/code-signing trade-offs.

John Savill rounds up a week of Azure platform changes and retirements, spanning compute/storage updates, database and identity improvements, monitoring changes, and several developer-facing AI items including GitHub Copilot Agent Mode in SSMS and Azure AI Foundry agent licensing and model availability.

John Savill gives a fast-paced rundown of key announcements from Microsoft Build 2026, highlighting notable platform updates across Azure, AI, and identity/security topics such as Entra and passkeys.

Allison announces GitHub Enterprise Server (GHES) 3.21 general availability, highlighting updates for enterprise admins including organization custom properties for targeting rulesets, GitHub Projects hierarchy view, a new REST API version with breaking changes, GitHub Actions workflow page performance improvements, secret scanning governance updates, and multi-disk storage configuration.

Allison announces an update to GitHub Actions where pull requests opened by github-actions[bot] can run CI/CD workflows after a user with write access approves them, reducing the risk of merging untested bot changes while keeping a security gate for workflows that can access sensitive data.

Natalie Guevara explains how GitHub improved secret scanning alert quality by adding LLM-based contextual verification, reducing false positives while keeping detection coverage. The post breaks down where verification fits in the pipeline, what “better context” means in practice, and the measured impact on customer-confirmed false positive alerts.

Allison announces that GitHub Agentic Workflows can now authenticate using GitHub Actions’ built-in GITHUB_TOKEN instead of a personal access token, reducing the risk of long-lived credentials and enabling organization-level billing for Copilot CLI usage in agentic workflows.

Laura Jiang announces Copilot Autofix in limited private preview for GitHub Advanced Security for Azure DevOps, which generates suggested fixes for supported CodeQL alerts and turns them into pull requests. The post explains what’s covered in preview, how the workflow fits into existing review gates, and how usage is billed via Azure.

analyticanna introduces Rayfin (Preview), an open-source SDK and CLI for turning content like markdown into shareable, hosted sites deployed as first-class items in Microsoft Fabric, with stable URLs, workspace-based access control, and data captured into a SQL database in Fabric for use across OneLake workloads.

Mahesh Sundaram announces a public preview in Azure Monitor that lets platform teams collect Azure resource platform logs at scale using Data Collection Rules (DCRs), replacing per-resource diagnostic settings with a centralized, policy-driven model that supports governance, cost control, and modern identity-based access.

Aaron Merrill announces a preview feature in Microsoft Fabric’s OneLake catalog that lets admins assign, edit, and remove workspace role memberships across multiple workspaces from the Secure tab, helping teams standardize access controls and reduce drift as Fabric estates scale.

Mehrnoosh Sameki, Sandeep Atluri, Minsoo Thigpen and Abby Palia introduce ASSERT, an open-source framework that turns natural-language behavior requirements into executable evaluation pipelines for AI models and agents, generating taxonomies, stratified test cases, traces, and scored results that teams can inspect and iterate on.

Heather Poulsen outlines a governance-first blueprint for building scalable agentic AI systems, focusing on how to embed consistent controls and quality checks across user interactions, agent orchestration, integrations, data, and models so systems can scale without losing trust and oversight.

Heather Poulsen shares an event session overview on designing Azure AI Landing Zones as a production-ready foundation for deploying AI applications and AI agents at scale, with guardrails for networking, identity, security, governance, and cost control using Microsoft’s recommended architecture frameworks.

Thomas Maurer explains how LAPS for Azure Arc extends Windows LAPS so teams can centrally audit and enforce local admin password rotation across Azure VMs and Arc-enabled servers, with Azure Policy-based compliance reporting that works in hybrid and regulated environments.

Allison announces incremental CodeQL analysis for Go and C/C++ pull request scans, plus incremental support in the CodeQL CLI, with measured speedups across thousands of repositories and details on when the feature is enabled by default.

Allison announces an experimental public preview feature in GitHub Copilot CLI: a /security-review command that reviews local code changes for common vulnerability classes and returns severity- and confidence-scored findings plus actionable fixes directly in the terminal.

.NET Team announces .NET 11 Preview 5 and highlights what’s new across the runtime, SDK, libraries, C#, ASP.NET Core, .NET MAUI, and Entity Framework Core, with links to detailed release notes and guidance on installing the preview SDK and tooling.

Rahul Bhandari and Tara Overfield recap the June 2026 servicing releases for .NET and .NET Framework, including the CVEs addressed in .NET 10.0.9, 9.0.17, and 8.0.28, plus links to release notes, installers, container images, Linux packages, and known issues.

The Microsoft Foundry Team announces Claude Fable 5 (Anthropic) is now available in Microsoft Foundry, and explains how it’s used to power autonomous agents in Foundry Agent Service and GitHub Copilot, with an emphasis on enterprise guardrails, governance controls, and token-based pricing.

Natalie Guevara explains how to define and run custom agents in GitHub Copilot CLI so repeated terminal tasks become consistent, reviewable workflows. The article shows how agent profiles live in your repo, and includes practical examples for security audits, IaC compliance checks, release notes drafting, and incident response.