Browse Security Community (109)

Vineela-Suri walks through an event-driven pipeline where Terraform drift alerts trigger Azure SRE Agent via an authenticated HTTP endpoint, so the agent can correlate drift with Azure telemetry, classify severity, recommend safe remediation, notify Microsoft Teams, and even open a GitHub PR.

Sreekanth_Thirthala announces a public preview feature for Azure API Center: a plugin marketplace endpoint that lets developers discover and install AI plugins (including MCP servers and skills) from tools like Claude Code and GitHub Copilot CLI, while keeping enterprise governance and auth intact.

NaufalPrawironegoro explains how to bring on-prem and multi-cloud SQL Server instances under Azure management with Azure Arc, covering onboarding (agent + PowerShell), unified Azure Portal visibility, best-practices assessments via Log Analytics, policy-based governance, monitoring, and common troubleshooting scenarios.

PrabhKaur (co-authored with Avneesh Kaushik) lays out an architecture-focused checklist for building AI agents in Microsoft Foundry with security, observability, least privilege, continuous validation, and human accountability built in from the start.

simonjj shares an Azure Developer CLI template that deploys Google’s Gemma 4 (via Ollama) onto Azure Container Apps serverless GPU with an OpenAI-compatible endpoint, protected by an Nginx basic-auth proxy, plus steps to verify the API and wire it into the OpenCode terminal coding agent for private, in-subscription prompting.

Marc de Droog demonstrates Azure Virtual Network TAP (VTAP) by mirroring full VM NIC traffic (including payload) to a destination VM and inspecting the VXLAN-encapsulated packets in Wireshark.

In this community post, nishantmv breaks down a production-grade Azure serverless architecture for an enterprise facility-management IoT platform, covering a multi-provider telemetry pipeline, template-driven device modeling, an event-driven rule engine, and the security/resilience hardening that made it ready for production.

ManishChopra outlines six practical integration patterns for building agents and copilots that query Oracle Database@Azure with sub-millisecond proximity to Microsoft’s AI stack, covering options from Copilot Studio connectors to ORDS/PL/SQL, Azure Functions, and Logic Apps, plus the identity/governance controls typically needed for production.

jordanselig shows how to add runtime governance to a multi-agent ASP.NET Core travel planner on Azure App Service using the Microsoft Agent Governance Toolkit, including YAML policy allowlists, audit logging into Application Insights, and SRE controls like SLOs and circuit breakers.

fenildoshi2510 explains how to sync Azure Key Vault secrets into an AKS namespace managed by Rancher using External Secrets Operator (ESO) and Workload Identity, so apps can consume Kubernetes Secrets without storing any client secrets.

mosiddi explains how Microsoft’s open-source Agent Governance Toolkit implements production-grade security and reliability controls for autonomous AI agents, covering its package architecture, policy enforcement (Agent OS), zero-trust identity (Agent Mesh), privilege rings (Agent Hypervisor), and SRE/observability integrations, including Azure deployment patterns.

wesback breaks down what “sovereignty” can mean in Azure Belgium Central by mapping it to three practical technical layers: data residency/locality, encryption (including CMK with Key Vault or Managed HSM), and confidential computing with attestation for in-use protection.

AmitManchanda28 explains how reusing a User Assigned Managed Identity (UAMI) across Azure environments can unintentionally widen trust boundaries and increase blast radius, and proposes an environment-isolated identity model with tighter RBAC scoping.

theringe walks through deploying to Azure App Service from Azure DevOps using a user-assigned managed identity (UAMI), including the Azure DevOps service connection setup, required RBAC permissions, and how to validate the deployment identity via AppServiceAuditLogs.

jordanselig walks through building an MCP App (a tool plus a UI resource) with ASP.NET Core, rendering an interactive weather widget inside chat clients like VS Code Copilot, and deploying the MCP server to Azure App Service using azd and Bicep.

Shamir_AbdulAziz describes how Microsoft built Azure SRE Agent—an AI-powered ops agent—using “agentic workflows” across the SDLC, with human-in-the-loop governance, RBAC guardrails, and deep integration into telemetry and incident systems to reduce on-call toil and speed up incident mitigation.

alinetran explains how to automate Azure Arc server onboarding at scale using Ansible with a new purpose-built onboarding role, focusing on least-privilege permissions and removing manual steps that don’t scale.

joclemen breaks down what Azure Key Vault’s paired-region replication really guarantees during a regional outage, why it becomes read-only after Microsoft-managed failover, and how to build true multi-region continuity with two Terraform reference architectures (private and public endpoint designs).

Meagan McCrory announces a public preview “Essential Machine Management” experience in Azure’s Compute Infrastructure Hub, aimed at onboarding Azure VMs and Azure Arc-enabled servers at subscription scope for monitoring, updates, inventory, configuration, and security baselines.

MelanieKraintz007 announces GA support for managed identities and workload identity in Azure Red Hat OpenShift, explaining how ARO operators and Kubernetes workloads can use short-lived tokens with Azure RBAC to reduce reliance on long-lived service principals.