In this episode, Michael, Gladys and Mark talk to guest Bailey Bercik about the problem of overpermissioning and how to use Microsoft Entra Permissions Management to identify and manage over-permissioned identities in multi-cloud environments to reduce security risks, especially for AI apps. We also cover the latest security news about AI red teaming, Azure SQL DB logging, Azure Confidential Ledger, Star Blizzard spear-phishing campaign and CISA Zero Trust Maturity Model. https://aka.ms/azsecpod...
Feb 19, 2025•38 min•Season 1Ep. 109
In this episode Michael, Gladys, Mark and Sarah talk to guest Diana Vicezar from the Microsoft Entra team about security Generative AI applications. Note, this is a short, simple intro episode to introduce three follow-on episodes. We also cover security news about TLS 1.3 and Azure Event Grid, big updates to Microsoft Defender for Cloud, Azure Database for MySQL, SQL Managed Instance and Confidential Ledger.
Jan 20, 2025•22 min•Season 1Ep. 108
Happy New Year! In this episode Michael, Sarah and Mark talk to Maxime Bombardier and Emily Blundo about the Secure by default and Copilot overshare blueprints. We also cover news about Always Encrypted Assessment in SQL Server Management Studio, MVP Summit, mapping Entra to the Open Group standard for Adaptive Access, and various CISO Workshop topics! https://aka.ms/azsecpod
Jan 06, 2025•37 min•Season 1Ep. 107
In this episode, Michael, Mark, and Sarah go over what they found interesting from Microsoft Ignite. Mark has a discount code for his Zero Trust Book, too. https://aka.ms/aszecpod
Dec 10, 2024•44 min•Season 1Ep. 106
In this episode, Michael, Sarah, and Mark talk to Merill Fernando about a set of open source tools he and his team have developed to help people understand their Azure and Entra ID security postures. We also cover news about Fabric, TLS 1.o and 1,1 retirement, Microsoft Ignite, FIDO2, Confidential Containers and Red Hat OpenShift and various Zero Trust news. https://aka.ms/azsecpod
Nov 22, 2024•37 min•Season 1Ep. 105
In this episode, Michael talks to Nic Fillingham about the recent Microsoft Bluehat Security conference held at the Microsoft HQ in Redmond, WA. We also discuss how to tell the NZ and Australian accents apart. This alone is worth listening to :) This is a follow-on from episode 103 when we talked about what was coming up for Bluehat. No news, as this is a special, smaller episode. It's also the least edited; other than some ums and ers getting removed and a small retake, the result is as was rec...
Nov 08, 2024•37 min•Season 1Ep. 104
In this episode we speak to Nic Fillingham who is a Senior Program Manager at Microsoft about security conferences and mainly about the Microsoft Bluehat conference he runs. We also discuss security about PostgreSQL, Cosmos DB, IP address management, containers and AI Studio. https://aka.ms/azsecpod
Oct 17, 2024•48 min•Season 1Ep. 103
In this episode Michael and Sarah talk to Nestori Syynimaa about Entra ID security and his purple-team tool, AADInternals. We also cover the latest security news about Secure Future Initiative (SFI), MFA for Azure Portal, Playright, WordPress, NSG, Bastion, Azure Functions, MS Ignite, App Service, Defender for Cloud, Containers, Azure Monitor, AKS, Trustworthy AI and Azure AI Content Safety. https://aka.ms/azsecpod
Oct 07, 2024•37 min•Season 1Ep. 102
In this episode Michael, Mark and Sarah talk to Matt Zorich and Waymon Ho of the Microsoft GHOST team. We discuss the role GHOST plays in protecting both Microsoft and our customers from nation-state threat actors. We also cover the latest security news about Event Grid, NetApp Files, Chaos Studio and AKS. https://aka.ms/azsecpod
Sep 20, 2024•23 min•Season 1Ep. 101
In this episode Michael, Sarah, Gladys and Mark talk about our careers so far, explain some funny stories and our wishes for a more secure future. Our stories Mark at the start Sarah 4m 5s Gladys 6m 50s Michael 12m 22s Funny Stories Mark 19m 31s Sarah 20m 33s Gladys 22m 46s Michael 24m 39s Career Advice Mark 26m 58s Sarah 29m 18s Gladys 31m 48s Michael 34m 40s Future Mark 36m 27s Sarah 38m 33s Gladys 40m 34s Michael 42m 24s Behind the Scenes Mark 43m 36s...
Aug 29, 2024•49 min•Season 1Ep. 100
In this (late) episode, we chat to Andrew McMurray, a Principal Product Manager at Microsoft about securing Copilot data as well as how Purview can play a role in doing so. We also cover news about MFA access to the Azure Portal (Important), PostgreSQL, Entra ID and Windows authn metadata, Backup Vaults, Conditional Access Policy, ADFS, and Azure Container Apps.
Aug 16, 2024•37 min•Season 1Ep. 99
In this episode Michael and Gladys talk with guest Dave Weston about Secure Future Initiative and the growing use of the Rust programming language at Microsoft. On the topic of Rust, Michael and Dave nerd out, and we make no apologies! https://aka.ms/azsecpod
Jun 21, 2024•37 min•Season 1Ep. 98
In this episode Michael and Sarah talk with guest Richard Diver about securing solutions that use AI and LLMs. Richard also talks about his new book on AI Security, and Michael and Richard talk about what it takes to write a book. We also discuss Azure Security news about Chaos Studio, API Management, Azure Bastion, Front Door, AKS and Copilot for Security and lots more! Also note, we have changed the URL for the show notes web site, so please use this from now on: https://aka.ms/azsecpod....
Jun 06, 2024•40 min•Season 1Ep. 97
In this episode Michael, Sarah, and Mark talk with guest (and good friend of the podcast) Yuri Diogenes about CNAPP - Cloud Native Application Protection Platform and announce the release of a CNAPP e-book.
May 03, 2024•21 min•Season 1Ep. 96
In this episode Michael, Sarah and Mark talk with guest Sherrod DeGrippo, Director of Threat Intelligence Strategy at Microsoft about the current state of Threat Intelligence. We also discuss Azure Security news about Tampa BSides, Virtual Networks, Azure Database for MySQL and PostgreSQL, and SQL Server on Linux. The Microsoft Azure Security Podcast ( azsecuritypodcast.net )...
Apr 25, 2024•31 min•Season 1Ep. 95
In this episode Michael, Sarah and Mark talk with guest Ryan Munsch about the newly released Copilot for Security. We also discuss Azure Security news about Azure SQL DB, SSMS 20, Change Actor, Copilot for Azure SQL DB, Azure Container Apps, AI Prompt Shields, AI Groundedness Detection and BlueHat India and Israel. New tab ( azsecuritypodcast.net )...
Apr 01, 2024•36 min•Season 1Ep. 94
In this episode Michael, Sarah, and Mark talk with guests Tony Rice and David Ornstein about insights into the Continuous SDL (Security Development Lifecycle). We also discussed Azure Security news about Azure Key Vault, Cloud PKI, OAuth2, updated SQL Server password verifiers, Memory Safety and Azure SQL DB. The Microsoft Azure Security Podcast ( azsecuritypodcast.net )...
Mar 25, 2024•39 min•Season 1Ep. 93
In this episode Michael and Sarah talk to Martin Abbott about the Global Azure event that starts soon, https://globalazure.net/ . We talk about how to successfully fill out a Call for Papers (CFP) so YOU can present to a global audience about security topics that interest you. We also cover security news SQL Always Encrypted, SymCrypt and Rust, SQL Security Fundamentals, and free Security 101 material.
Mar 15, 2024•42 min•Season 1Ep. 92
In this episode, Michael talks with Rigel Carlson from the Chaos Studio development team about Chaos Studio through a security lens. Michael also discusses news about Midnight Blizzard and \has some advice about using Azure's DefaultAzureCredential() The Microsoft Azure Security Podcast ( azsecuritypodcast.net )
Feb 13, 2024•33 min•Season 1Ep. 91
This is a MUST LISTEN episode for anyone involved in products using AI, or for people who want to learn some of the latest attacks against large language models. Make sure you peruse the exhaustive list of AI security links at The Microsoft Azure Security Podcast ( azsecuritypodcast.net ) , We cover news about Azure SQL DB, Trusted VMs, NetApp Files, Azure Load Testing and Front Door. Mark covers further details about Zero Trust and the CISO Workshop....
Jan 29, 2024•39 min•Season 1Ep. 90
In this episode we look back at what stood out for each of us and what we go up to. We also cover something not security-related, but of interest to all your geeks out there - EQ vs IQ. So make sure you stay until the end!
Dec 18, 2023•41 min•Season 1Ep. 89
In this episode Michael talks with colleagues in the Azure Data Platform Security Team, Sharath Unni and Raul Garcia about securing Azure SQL DB, SQL MI and SQL Server through the eyes of an attacker.
Dec 01, 2023•46 min•Season 1Ep. 88
In this episode, Michael talks with his colleagues Pieter Vanhove and Mirek Sztajno about updates to Always Encrypted and Transparent Data Encryption in SQL Server and Azure SQL DB.
Nov 15, 2023•21 min•Season 1Ep. 87
In this episode Michael talks with guest Nikhil Kumar and our own Mark Simos about a new book they have co-authored named "Zero Trust Playbook Series Zero Trust Overview and Playbook Introduction: Actionable Guidance for Business, Security, and Technology Leaders and Practitioners."
Oct 31, 2023•34 min•Season 1Ep. 86
In this episode Michael and Sarah talk with guest Madeline Eckert about Security Bug Bounties.We also discuss Azure Security news about SQL Server 2022, Azure certificate changes, TLS 1.0 and 1.1 deprecation, GitHub security scanning, Ransomeware defenses, Zero Trust and more.; and by 'more' we mean lock-picking!
Oct 11, 2023•25 min•Season 1Ep. 85
In this episode Michael, Sarah, Gladys, and Mark talk with guest Roberto Rodriguez about attack simulation, Cloud Katana, and AI.We also discuss Azure Security news about Azure SQL DB, Azure Key Vault, Cosmos DB, Trusted Launch VMs, Azure Artifacts, Zero Trust, Windows and TLS and Entra ID.
Sep 22, 2023•44 min•Season 1Ep. 84
In this episode Michael and Sarah with guest Miriam Wiesner about her new book, "PowerShell Automation and Scripting for Cybersecurity" which comes out soon. We also discussed Azure Security news about: Azure SQL DB Always Encrypted improvements, Azure SQL Managed Instance, App Gateway for Containers and Bring your own Key for AKS Ephemeral Disks.
Aug 14, 2023•37 min•Season 1Ep. 83
This week Michael and Mark talk to Microsoft Security MVP Truls Dahlsveen about his thoughts on Modern Security Strategy. It's a fascinating and practical discussion! We also cover security news about Application Gateway TLS policy, Defender for IoT and some new documentation from the OpenGroup about Zero Trust Commandments.
Aug 08, 2023•36 min•Season 1Ep. 82
In this special episode Michael talks to his colleague Sravani Saluru about how to configure, monitor and manage audit logging in Azure SQL Database. She also shares some inside hints and tips!
Jul 28, 2023•27 min•Season 1Ep. 81
In this episode Michael and Sarah talk with guest Matt Zorich from the Microsoft Incident Response team. We also cover the latest Azure security news about Azure's Web Application Firewall and Azure Monitor RBAC.
Jul 14, 2023•34 min•Season 1Ep. 80
