Browse Security Community (137)

despindola announces general availability of prefix-scoped access for User Delegation SAS in Azure Blob Storage, letting you scope SAS tokens to a virtual directory (prefix) within a container. The post explains why this helps least-privilege access and includes REST API and .NET SDK examples plus required parameters like sr=d and sdd.

Pooja Pradhan outlines an Azure-focused approach to move from drift detection to diagnosis by combining IaC signals (Terraform/Bicep), Azure Resource Graph, and Activity Logs, then using an AI model to generate a human-readable root cause analysis with impact and recommended remediation steps.

Valini Sunthwal describes a multi-repo Azure platform that uses Terraform, versioned releases, and daily reconciliation to detect and recover from infrastructure drift across many subscriptions. The post breaks down repo boundaries, pipeline design, drift detection tiers, and security practices like OIDC, Key Vault, and private endpoints.

PrabalDeb lays out a practical reference architecture for running diffusion model workloads on Azure Kubernetes Service (AKS), focusing on GPU/CPU lane separation, dispatch and autoscaling options (Kubernetes-native vs Service Bus + KEDA), secure ingress and identity, durable storage for outputs and model caches, and end-to-end observability for both apps and GPU hardware.

prabhattomar explains how to build a Kubernetes-native DBaaS-style SQL platform using Crossplane to provision Azure Database for PostgreSQL Flexible Server, including private networking, DNS-based read/write endpoints, and an active-passive multi-region HA/DR approach with replica promotion and Traffic Manager routing.

skundapura outlines a phased approach to migrate file-based application logging from Splunk to Azure Application Insights on VMs, using Azure Monitor Agent and Log Analytics, then mapping alerts and optionally adding SDK instrumentation for deeper traces and metrics with security and PHI considerations.

VaidhyaP introduces AG-UI (Agent–User Interface), a protocol for connecting AI agents to rich frontends with streaming events, declarative UI proposals, shared state updates, and human-in-the-loop approvals, plus practical security guidance like Azure AD protection and Key Vault-backed secrets.

Samarpitaa explains where Azure AI Foundry IQ fits (and doesn’t) for enterprise agent knowledge access, then shows a reference approach for querying Foundry IQ knowledge bases directly via the Azure AI Search Python SDK with permission-aware retrieval and citations.

Shah_Viral explains how to build an enterprise “knowledge copilot” on Azure using Foundry IQ knowledge bases and Azure AI Search agentic retrieval, including C#/.NET setup, MCP-based agent connection, and key trade-offs around preview maturity, cost, latency, and security controls like ACLs and Purview labels.

singhshub shows how to integrate HashiCorp Vault with Terraform so secrets (like Azure VM admin credentials) are fetched at runtime instead of being stored in .tf files, variable files, or pipeline variables, including KV v2 policy paths, auth options, and state protection guidance.

JennyF explains how Microsoft’s 1ES team uses agentic AI (including GitHub Copilot CLI) plus “skills” and “agent signals” to speed up CVE remediation and compliance work across many repositories, while keeping humans in the loop for review, validation, and deployment.

LuisFilipe explains how Azure Blob Storage SFTP users should handle Microsoft’s host key change, including when it impacts SSH key-based authentication, how to pre-update trusted host keys, and how to identify SFTP usage via Azure Resource Graph and Log Analytics queries.

vsriramdas explains how to use Microsoft PyRIT to red-team agentic AI systems, then shows how to wrap PyRIT with a YAML-driven CLI so you can run repeatable scans in CI/CD and gate releases based on OWASP LLM Top 10-aligned findings.

lexinadolski recaps Microsoft’s presence in the CNCF Project Pavilion at KubeCon EU 2026, summarizing the technical conversations and themes across Kubernetes projects—migration to Gateway API, confidential computing, image signing, observability tooling, and requests for deeper Azure/AKS and AI-workload support.

YogeshwaranKannaiyan walks through a real-world troubleshooting case where Azure SQL Managed Instance Failover Group creation failed in a hub–spoke network with a centralized firewall, and explains the specific port, routing, DNS zone, and firewall behaviors that commonly block replication from initializing.

vsakash shares a production-tested Terraform pattern for deploying Azure Redis Enterprise across regions with geo-replication, focusing on primary/replica design, per-region isolation (networking and Key Vault), and a parameterization approach that scales cleanly from dev to prod.

jtracey93msft explains two updates to Azure Landing Zones: a new “Local” management group for Azure Local and exit planning to disconnected operations, plus refreshed SLZ sovereign policy initiatives aligned to control levels for data residency and encryption.

troettinger announces Azure Local 2604, focusing on sovereign-scale and edge deployments: disaggregated compute/storage with SAN support (now GA), plus a new “Local Identity with Azure Key Vault” option that removes Microsoft Active Directory dependencies for disconnected and regulated environments.

aloormahesh explains how to move Azure API Management (APIM) from manual portal edits to an APIOps/GitOps workflow, using source control and pipelines to validate, deploy, and promote API configuration safely across environments with better traceability and security.

Parvathy_R_Pillai compares traditional ML pipelines with Azure AI Foundry, focusing on the shift from model-centric delivery to operating end-to-end AI applications (including agents) with built-in governance, evaluation, and observability for production use.