Welcome to the Azure Security Podcast, where we discuss topics relating to security, privacy, reliability and compliance on the Microsoft Cloud Platform. Hey everybody, welcome to episode 106. This week it's myself, Michael, with Sarah and Mark. We don't have any guests this week because we're going to talk about Microsoft Ignite from a security perspective. But before we get into Microsoft Ignite, I know Mark has just one little piece of news and then we'll get stuck into Ignite.
Mark, why don't you go? So a couple quick pieces here. One is the Zero Trust Playbook. There is a discount. This is the same link that was on the slides for those of you that attended my Ignite session. And for those of you that haven't, the video and the link to it is also there. So we got both those links there.
And then another thing that came out around the time of Ignite, although it wasn't a specific way, at Ignite, was the update to the CAF, the Cloud Adoption Framework, secure methodology. And so one of the big pieces I contributed there was kind of a role by role security guidance on who does what. And we treated cloud providers as a role. We treated the infrastructure and server and container and whatnot teams as a role.
And then we went through each of the different security roles and said, this is what you all need to do to secure the cloud. And so a nice piece of work there, I think. Just that's really all I had. All right, so let's get on to Microsoft Ignite, which was in Chicago this year. So Mark and Sarah, you were both there. So why don't you give us the lowdown on sort of what you saw, what your roles were, what you were doing. And then let's get stuck into some of the news that interested each of us.
Yeah, well, I'll go first. So well, if you were watching the live stream, you probably saw me. I was one of the co-hosts this year, which I did last year as well, which is a very interesting thing to do because it's very different to just doing a presentation because it's all live and there's a TV crew and you have someone in your ear talking to you, but it is very fun and very different. So I was sort of kept up on my stage most of the time.
So I didn't get as much time to walk the floor as I would have liked. Mark probably will have done more of that and can comment more, but it was really big. I know it's not as big as Ignite sort of in years gone by before 2020, but it's definitely getting to be a pretty big event.
And I think my main takeaway was I got to do a mixture of Microsoft leadership interviews and also partners is that even if it wasn't a security interview that I did, that everyone has a security story to tell now because of renewed focus on security more generally across the org with Secure Futures initiative. So I thought that that's probably one of my main takeaways from the event.
And I thought that was really good that everybody could talk about, hey, this is what we're doing with our product and this is our initiative to do the security bit of our product, even if it wasn't a defender for blah. So that's probably the thing that I like the most. Oh, and one more thing. I did run the pre days for those of you that don't know Ignite has pre days the day before the real and inverted commas conference starts. They're usually training.
They can be labs or it might be lecture based with specialists. We did an AI Red Team lab with the AI Red Team folks who are amazing who have been on the podcast in previous episodes. And we also did one that's we'll talk about more next episode about oversharing for how to control oversharing for a co-pilot deployment. And that was very popular for obvious reasons that a lot of people are using co-pilot. So yeah, I think that was they were the main things I was involved with.
And yeah, it was a good time. Very busy, but good time. And I didn't get to do all the celebrity stuff that Sarah got to do. But I did get to walk the floor a little bit. I got to spend a little time answering questions at the booth. I got to spend some time asking questions at the booth and just meet up with a partner and customers and a whole bunch of different folks. And I'm just always amazed at just how many different points on the security journey people are on.
Like some of them are just starting it. Some of them have a really small organization. Sometimes they're the one person that does security on the side. And sometimes they're part of a huge set of teams and they're one role in one team of many in the security org. So I just really enjoy sort of kind of going out there connecting and refreshing with that because always trying to make sure the guidance works for as many of those folks as possible. So yeah.
And then I did, like I said earlier, presented the session, which went really well. Got a chance to collaborate with some awesome folks from NIST. Maruja Supaya, who is just a fantastic person. I think he goes by researcher as a title, but he's just sort of really smart at all sorts of things in security. And so just does some great work at NIST. And then Ulf Larsson, I got to meet and work with to talk about what they have learned about their Zero Trust journey.
And at the SEB, it's a Swedish bank. And I don't remember what SEB stands for, so I'll have to look that up later. But they've done a fantastic job adopting Zero Trust concepts and principles and technologies and have seen a lot of success with it, shared some really good lessons learned in our session. In fact, it was a session so nice that we had to present it twice. We ended up doing a repeat session because apparently we didn't expect about a thousand people to sign up for it.
And so we had to split it up into like a 600 and something room and a 300 and something room. So we ended up doing it twice in a row on Friday. So good times. Hey, just a stupid question. So who is the target audience for Ignite? I mean, I'll take a stab at it. And then Sarah, you tell me what your thoughts are. Ignite is sort of an interesting, I think it's fairly unique in the industry or really in any industry is that we have, I think it's primarily an IT audience.
I think it's like 80, 90% folks that do IT in some form or fashion as a living. But we also do have developers that come there. It's not our developer focus conference, of course, but it does have folks there. And then this time there's a respectable amount of security folks in person. I mean, I think it was somewhere in the order of, I want to say in the neighborhood of like 800 or a thousand or something like that.
I don't remember exactly, but it's actually a significant percentage of folks there. And so it was, you know, it's always an interesting mix of folks that, you know, have so many different angles on technology because of how broad our technology at Microsoft portfolio at large is. Yeah, everything I reviewed was developer focused. All right, so let's get stuck into the guts of this.
So every year, one thing that Microsoft Ignite produces at the end of the event is a thing called the Book of News. So what we're going to do is we're going to pick out some of the things that were of interest to us. We're going to sort of round robbing this thing. It's not going to cover absolutely everything. In fact, the Book of News doesn't cover absolutely everything.
And it really just gives you just the background and, you know, and rather than being the whole sort of press announcement for things or technical documentation, you can always jump off and look at other information to find out about some of the things in greater depth. So we're going to touch on some of the items that sort of piqued each of our interests. And once we're sort of done, we'll just bring it to an end. So I'll kick things off a lot. Actually, fun fact, fun fact.
So the Book of News has 298 references to the word secure or security, which is I think that may be a record now. I'm not 100% sure, but that's a lot of references. And in fact, the opening couple of chapters, sorry, paragraphs talk about the Secure Future Initiative and how a big driving influence for this particular Microsoft Ignite was exactly that was SFI and the things we're doing to our various products to help bolster secure by design, secure by default and secure operations.
So this is really good to see. And as sort of Sarah mentioned, the fact that, you know, everyone you talk to, even if they weren't in, as she put it, defender for blah, even they weren't in a security feature, they still had security work they were doing that mapped onto secure by design, secure by default or secure operations. So it's really good to see all that work that's going on. So anyway, I'll kick things off.
The first thing that piqued my interest and I really, really piqued my interest and Sarah even noted it when it was released, when it was announced, was the Azure Integrated Hardware Security Module. Think of this and it's not a one hunt, not a one to one map. So please don't go quoting me on this. Think of it as similar functionality to say Azure Key Vault, but actually in the hardware, like actually on the motherboard of the particular device.
There's nowhere near as complete or as rich or provide, you know, sort of the same sort of scalability as Azure Key Vault, but it does provide some really interesting functionality and there's a lot of benefits that come from this. So things like storing keys, signing, sealing, encryption, decryption and so on is all done in the HSM.
And it has a couple of really interesting properties because it's on the motherboard and the main one being performance because you sort of, you don't have to worry about network, network latency because it's all done locally on the host. And I'm not 100% sure how this will be exposed to applications, but this is fantastic. It's a great thing to see. And it will adhere to FIPS 140-3 level 3 security requirements.
So it'll be FIPS 140-3 level 3 validated hardware, which is, I'm just, you know, when I saw this, you know, to be honest with you, that just made my night. That was the first thing I saw. So that's the first thing that took my interest. Sarah, what was the first thing that took your interest? Oh, okay. So for me, I think my favorite top, I'm not sure, announcement, there were a lot, but I think the one that I liked the most, that I'm excited about the most is Zero Day Quest.
So if you missed it, it was in Sati's keynote and we basically announced that we're going to give an extra, I believe it's $4 million in our pot of money for bug bounties. And we have, of course, we already have bug bounty programs.
We've had folks on the podcast come and talk to us about bug bounties, but it's an initiative to work even closer with the security research community and at some point next year in 2025, where there's going to be, I think they haven't announced quite all the details yet, but they're going to have an initial competition for people to submit bugs. And then there's going to be a live hacking event, I think in Redmond at some point next year as like the culmination of Zero Day Quest.
So I think it's super early days because of course it's just been announced, but I'm really excited to see how that one pans out. Plus I want to go to the final, of course, because I like to be involved with all the things. Mark, how about you? So my favorite was the announcement of the GA, General Availability of Exposure Management.
This is one of my favorite tools because when you think about what XDR, Extended Detection Response, did for sort of right of bang, sort of like, hey, this incident happened, we now need to manage it. I'm excited what exposure management is going to do for the left of bang. The incident hasn't happened yet, but we need to make sure we're blocking the potential for it.
It's a tool that brings together all sorts of different things that folks would be familiar with through Secure Score, through external attack surface management, all the various different types of Defender for Cloud stuff around Identity, Endpoint Cloud, etc. All those different things and what can the attackers do and what do I need to patch or reconfigure or fix or whatever. Really we're in the journey of bringing that all together in one place and then enriching it and connecting it.
And so it's really giving you that operational visibility on the prevention side. I'm really excited about this technology because it's very much a game changer. I think about the way organizations often do this. They usually call it vulnerability management. Say that three times fast. And then they kind of do a scan and shame approach. I've seen this way too many times where it's like, here's your patch report, go fix it. We also see this in the AppSec world with the scan and shame thing.
It could be a bunch of false positives. It's not usually prioritized. It's not usually actionable, etc. So it's very painful in the traditional practices of security. And this tool really goes after fixing that. So essentially treating an attack path like an incident or any other cases in a queue type of thing. And then you can prioritize it and work it and burn down that list.
So we've got all this great stuff that our researchers have done to figure out how the attackers chain these things together and which one's the most severe, etc. And then put those into the tool and then the tool finds those in your environment. As things change, as people reconfigure stuff, as you have configuration drift and all those things that happen, boom, they pop up and then you can work them. So it's just a really, really powerful thing. And of course, that can be overwhelming.
So they have these things called security initiatives, including a catalog of pre-made ones. You can make your own that help focus on, hey, I want to specifically work on zero trust. I want to work on OT devices. I want to work on IoT devices. I want to work on endpoints. I want to work on cloud resources or containers or whatever it happens to be.
And then you can essentially enable all these engineering and operations team and IT and OT and what have you to go work their lists and then you get to watch the risk tick down at a big picture perspective. So obviously lots of collaboration there is ideal. But I love it. And the other thing I really like is how accessible it is. So this isn't like some super premium E5 thing that folks have to pay for extra, etc. It's in a lot of different licenses, including E3.
And so whatever tools you implement and put in place, it'll include those in its analysis and in reports. So it's very much one of those kind of grow with you types of tools. So very, very excited about Microsoft security exposure management. All right. Next one's totally different. Certainly not cryptography. And that is the fact that port 3389 is being shut down by default on various VMs that are rolled out in Azure.
If you look at the secure by design, secure by default mantra or mantras in SFI and the future initiative, this is an example of secure by default. In other words, it's all about if you're not using 3389, then why is the port open? Because all you're going to do is expose some potential code to, well, potentially, depending on all your network policies, to untrusted users.
But if you're not listening on that port by default, that port is closed by default, then if there is a vulnerability, for example, in the code behind 3389, which is the remote sort of desktop services server, then you can't exploit it. If there's a vulnerability in the code, but you're not listening on 3389, then I'm sure you should still apply the patch at some point, but at least it's not something you need to apply immediately.
So I'm a big fan of attack service reduction, shutting down those unnecessary ports, shutting down unnecessary services. And then again, if people want to opt in to use it, fantastic. Off you go and knock yourself out. So for those that don't need it, they're not exposed by default. Again, so I'm a big, big, big fan of that. Sarah, what else you got?
Okay. So another one, and I know Michael, you will have a comment on this too, because you've also mentioned, you've also got this in the notes that we write up before we do this episode. But one of the other things that was really interesting for me is we had a lot of announcements around Windows security. So we had the Windows resiliency initiative. So we'll put links in the show notes. And I'm also going to put my list of like four videos from Ignite I think you should watch.
That's just my personal thing, because there was a lot of things that were announced at Windows. I know you want to talk about hot patch, Michael. So I'm going to let you do that. So I don't step on your toes. Hot patching allows you to basically apply patches without having to essentially shut down the service. Sometimes you have to reboot a service or whatever. This is an example. You don't have to do that.
Now for the developers out there, if you're familiar with Visual C++, there's actually a linker option slash hot patch. And essentially what it does is it pads certain calls with a little bit of extra space so that new addresses can be inserted in there on the fly. Very nice technology. It works really, really well. But the whole point here is the ability to be able to literally patch a system without having to essentially bring the service down, which everyone prefers that.
So yeah, hot patching. I'm just glad to see that it's really, really becoming a forefront technology. I think as well, well, some of the other... There's actually a couple of Windows things. There's the security stuff, the Resiliency Initiative and Quick Retachine Recovery. But I'll tell you what the other thing is that isn't so security, but I thought it was really cool, was the Microsoft link. That was so cool.
If you didn't see what that was, it's basically a teeny tiny little box that is... I mean, I didn't even know what to describe it as. It basically is a machine, an endpoint, but it's all running in the cloud. It's just something to hook up your keyboard, your screens to, but everything runs out of the cloud. It's tiny. I did get to see one up close when I was hosting. It really is very, very small. It's going to be out next year. I mean, it's probably...
Well, it's the modern version of what we would have called back in the day, a thin client, because it's got a little bit of hardware just so it can talk to your screens, everything, your peripherals that you need to plug in, but it's all run off the cloud. I think that is very cool. Well, I think it's important, right? Because it's going to be centrally managed. They're relatively inexpensive in the overall scheme of things. They're beautiful to look at as well.
I mean, I was actually really impressed. I've always been a fan of the mini PC form factor. I really like it, but the fact that it's being centrally managed and everything's being run out of our data, out of our data sensors, our Azure data sensors, I think is a very interesting story. I mean, it's the old adage, right? What is old is new again, but we have all the backend infrastructure to support this now, which in the past didn't really exist very well.
Yeah, and having been through thin client projects like 10, 15 years ago, it's going to be a lot easier with the cloud backing it than it was with having to put up these massive sands and this and that and all the other stuff. So it's just the same ideas keep coming back, but the technology is often much better than back in the days of Bainframes and whatnot. Yeah, I also did thin clients deployments back in the day.
And yeah, I think it's going to be better with cloud than when you used to have to go back into a local data center that could be very temperamental. And one of my favorite stories for this one, I obviously won't identify the customer on this was someone came in and there was two different buttons. One would get you out of the door because it was like a magnetic lock or whatever. And then the other one on the other side would be an emergency power shutoff.
And someone made the mistake of pushing the wrong one one time when they visited the data center. And the master VM image, someone said it was like one of those circus acts where the image itself was fine, but everything around it looked like it had bullet holes. So they got so lucky that they were able to bring it back fast. So sorry, just bring it back a little old story there. We should probably get back to ignite. So I have another one.
And that is that I get my old stomping ground as you data. So SQL Server 2025, which is my guess is in beta or some sort of pre-release and that I'm not 100% sure. But one thing that it supports is better use of entry ID managed identities. So a big part of the secure future initiative is getting rid of credentials. Any way you can get rid of credentials is always a good thing because that way if there's no credentials and they can't be compromised, right?
So if you get back to zero trust assume breach, if there's no credentials there, then there's no credentials there. And that means they can't be taken because they're just not there. So SQL Server will continue to make better use of managed identities. And this is really important when you've got SQL Server on prem accessing resources that are in the cloud. So for example, things like backup, you can use a managed identity on the database.
That way you've got no credential that's being stored by SQL Server to access some resource. For example, a storage account for backup, there's no credential. There's all the identity of the actual running process. Again, using managed identities, not Windows identities. So that's always a good thing to see. And again, you'll see more and more products over time will start to make much deeper use of managed identities because again, there's no credential there. It's all managed by entry ID.
So that's something else that really piqued my interest. And another one that I enjoyed was seeing some of the enhancements to the purview data loss prevention for M365 Copilot. I love the potential of the AI and the generative AI and the models and what they can do. But when you think about it from a security perspective, these models don't inherently know how to obey permissions. And so they're very hard to secure directly.
And so that's why we have to put these deterministic or traditional code wrappers around them and say the model doesn't get access to data. It shouldn't be processing for this request. Because if the user using the model or using the app that uses the model doesn't have access to the data, then the model shouldn't get access to the data because it might disclose a secret. And it almost kind of reminds me of this TV show that I enjoy watching with my kids called Young Sheldon.
Because it's this brilliant kid, but the kid doesn't really have context for the world and can't keep a secret. And so if you don't want the kid to tell a secret, you don't tell the secret to the kid in the first place. So it's that kind of model.
And so I love to see the continued development of how do you protect these models so that they're not giving access to things they don't need to, and allowing users to still leverage the full power of them using the data that they're actually access to and entitled to. So I'm really excited about the continued development in that space to make these things as safe as possible. I'm a big fan of plausible deniability. Seriously. Don't tell me. I don't want to know.
If I don't need to know, I don't need to know. It drives my wife nuts. She's like, oh, I need to tell you about blah, blah, blah. I'm like, do I need to know? And she's like, well, no, you don't need to know. And I'm like, well, don't tell me. So that way, you're having enough. It's the opposite of gossip. And it does it. She really obviously wants to get something off her chest, but I don't want to know. I mean, I know, perhaps it's just, I don't know. Anyway, it is what it is.
Sarah, you got another one? Mark stole my thing there. But you're right, there's a lot of activity and stuff around and motions around data security. So there's the purview side of things, but also SharePoint had quite a lot of announcements and tools that are integrated now to help control oversharing in M365 Copilot, which is important too, because as we know, generally when there's a customer problem, it usually straddles several products in reality.
And so SharePoint also announced some features. Some of them are already existing. It's in SAM that also help with that oversharing data loss piece before you let a Copilot run all over your data and possibly find stuff that it's not supposed to. And not because it wasn't already insecure, because we know that Copilot inherits the security posture that's already there. It's just that Copilot is better at finding stuff than a person, right?
So I'm glad to see we've got some more announcements around that and that we've got more tooling to help people control that because, let's face it, no one's done data security very well ever. And I think AI is going to give people a kick up the butt to probably sort out their data. I just want to go back to something that Mark talked about, which is the exposure management.
I want to just talk about two aspects of that, because actually a lot of the information came out of the team that I'm currently in. And it's attack surface management and attack path analysis. So I mentioned before about turning off port 3389 by default. And that's a good example of driving down attack surface. How much of your environment is exposed to untrusted users? And you really want to drive that down. Not to the point where you can't use the environment, obviously.
You've got to have some things running. But you really want to drive that down, at least to the unnecessary stuff. So one part of that exposure management is actually attack surface management. How exposed are you to the world? It doesn't mean that you've got vulnerabilities. It means that if you do have vulnerabilities, then perhaps the attacker can actually get in and get to the particularly vulnerable system, whatever it is.
Which leads me nicely into the next one, which is attack path analysis. This is basically a graph that shows if you're at this endpoint, then you can get all the way down to here by doing this, this, this, and this. Which is actually really, really cool because that can be a real eye-opener because you don't realize just how exposed you are. So I was very excited to see that in the exposure management.
Yeah. And the way I like to think about it, for those that speak the risk language, is the difference between potential risk and realized risk. Right? So you know, okay, we forgot to lock the door is a potential risk. Oh, an attacker went through the unlocked door. That's a realized risk. That's where the sock kicks in, right? A bang. And so that's how I kind of think about that. And the reality is there's just a lot to secure. There's a lot of things that are open that don't need to be open.
And that's what I love about that tool. So another thing that was discussed in the book of news, and we can also put a direct blog link in for it, is a really cool technology called Zero Trust DNS. And this one's, it took me a little while to wrap my head around, quite frankly. But I think the simplest way to think about it is, you know, it's really hard to keep up if, say, you want to make sure that your Windows devices aren't going out to a bunch of unknown sites, right?
Because adversaries, you know, change IPs, like, you know, you would, I don't know, what do you change a lot? People say, they change IPs a lot, right? And they know that. And the reality is this legitimate service has changed IPs a lot. So it's really hard to keep track of that. And so the Zero Trust DNS, what it does is it allows you to build essentially firewall rules that you can't talk to this, and the apps on this site can't talk to this, unless they can look it up in DNS, right?
And that all of a sudden takes this uncontrolled, you know, I can talk to anything on the internet as long as I have an IP address, you know, which is, you know, a very dangerous thing and allows you to talk to command and control servers if it's compromised and, you know, and download exploits, you know, etc. on that box if someone's able to convince you to click on a phishing link, etc. And it switches it into the attacker now has to expose the IPs they want at endpoint to talk to via DNS.
So they have to publish that IP as a DNS record somewhere or take over somebody else's one, but it puts them in a much more logged in track space other than just some random anonymous IP connection. And so it's a really, really interesting technology that starts, you know, I thought it was a really great creative solution that starts changing, quite frankly, the cost of attack for the attackers and forcing them to be a lot more into the light.
Basically the equivalent of showing you have to show a legitimate ID, not just say your name is is is James Bond and will accept your word for it kind of thing. So really interesting technology there that made its way into the book of news as well. Okay, so I've got one more. Also we've got in purview, we've got data security posture management for AI. So this is building on what I was talking about before.
It's actually a way that you can use purview to actually have an overall look at your data security posture, which is now specific, more specifically for AI, but also more generally, because you need to know this, of course, because people have historically not done their data security super well. So I know there is the odd organization out there that has so kudos to you if you have, but the fact is, is that a lot of folks data security hasn't been high up their priority.
And so the posture management now allows in purview is allowing people to have a look and have an overall view of actually what the heck is my data estate looking like, because I know when I've talked to customers, they know they want to do their data security well, but some they have no idea where to start, because, you know, often they don't even they don't know what they don't know, they know it's not great, but they have no idea what sort of state it's in.
So this posture management will help that by it'll actively discover things, you know, as lots of posture management tools do, go and have a look where things are labeled, looking at where things might have been overshared, and giving you a nice overview. So then you can make a plan to fix it with all the tools that I talked about before. So that's definitely one to go and have a look at and have a play around with if you're well, I think if you've got data, so that would be everybody.
Another one that took my interest was a thing called the security service edge and part of that was Microsoft Entra private access, which is a way kind of simplifying migrating from traditional VPNs. This kind of took my took my interest or repeat my interest, just because I didn't actually even know we were working on this kind of stuff. So it's good to see essentially a VPN like technology being built into the product as well.
And the thing that I love about it is it's very, because I've been following that product for a little while, is it's bringing together the two access control disciplines, which are often oil and water in terms of the cultures within the organization, you know, identity folks and network folks, they're both access control disciplines, they're both stuck with this strange dual requirement to both enable the business and organization and connectivity and access to things.
But also they're the frontline of security in terms of, you know, filtering the bad stuff out as well to make sure that the attackers aren't following the same, you know, paths and bad readers and the electronic equivalence thereof to get to the stuff. And so I love the fact that this is now bringing it all together and it's using that same conditional policy access engine, and it's enforcing it over identity as well as network means. So love that technology.
Another one that piqued my interest was some updates to Defender for cloud around containers especially. So the ability to scan container images from their creation in a CICD pipeline all the way through to the various cloud platforms, third party and private registries and in Kubernetes clusters. It's in preview right now, but the fact that we have something like this in place now is really good to see. Anything to add to that, Sarah? I know containers are sort of your thing. I love containers.
Containers are great. And we need to use more. Well, I think nowadays, to be honest with you, I think most stuff is containerized in some way, shape or form. And so the more that we can do to monitor them because they are still trickier because of their ephemeral nature, the better, to be honest with you, because I think nowadays most folks are not building anything that's not containerized, which is a good thing. Hey, so I actually have a question for you.
So one of the things that this update to Defender for Cloud has added is binary drift detection. I'll read verbatim from the book of news. It says, identifies and responds to unauthorized changes in container configurations at runtime and helps users ensure container images remain unmodified after deployment. Binary drift detection is now generally available. So here's a question for you, Sarah. Don't we already have that problem kind of solved with signatures on containers?
Does that imply that people are not using signatures? No, it doesn't. So when you have a signature, it's a container image signed before you deploy it. So when you go to grab a container image from like a container registry or whatever, it will have been signed and you can check there. But when it's been deployed, there's not ongoing signature checking of the image. So that binary drift is to address a running container and a change there. That's interesting.
Actually, it's kind of sad, but interesting. I mean, the whole point of signatures is you. Yeah, I see what you're getting at. I mean, once the thing's running, yeah. Okay. All right. That makes sense. Actually, in which case that's really exciting to see. Because actually, it has been a challenge. In fact, the signing a container image before you deploy it and store it, that's kind of relatively straightforward because we can lean on technologies that we've had for a while to sign things.
But when the container is running and we've done the signature checking, that is a trickier thing to monitor. So it's cool to see we have some stuff to be able to do that now. Nice. While we're on the topic of Defender for cloud, there is now, I believe this is coming, is API security posture management using Defender cloud security posture management. So basically, it's going to be able to keep track of your API security posture, which is super nice as well.
Because when you look at so many environments are compromised through APIs, through REST endpoints, it's good to see that we're expanding the Defender arm as it will, as it were, to cover API security as well. Isn't there a Defender for API security or is that just part of cloud security posture management? I actually don't know. We need to get Yori back on. Yeah, I think it's part of the Defender for cloud family. I don't know if they use that standalone term anymore.
I think that might be how the evolution works. I can't keep up with this. Yeah, I think you're right, Mark, that it's still there, the functionality. But I think we've stopped explicitly calling it Defender for APIs, but it's just been integrated more and doesn't have a separate name. It's not that it's gone away. That's what I think Mark is correct. But yeah, we need a friend of the podcast Yori to confirm. Yeah, we do.
Okay, now I have a silly way of transitioning to my next one, so I've got to do it. So if you drop the P, there's also AI security posture management. API to AI, nevermind. Okay. That's just, I like that. You can tell you're a father. That's just a bad joke. I was just about to say, come on dad jokes. I had enough dad jokes when I was at Ignite because Seth, one of the co-hosts, is the king of dad jokes. So yeah.
Nice. So I'll list off like a three or four that also caught my attention, but I do really genuinely, and I wasn't joking, it does exist. The AI security posture management to really, much like you would look at all your different SaaS apps, it's essentially a very similar approach to look at all of those different AI applications and apply controls and inventory and all those kinds of things to it.
A couple of things that it was really nice to see is a lot of enhancements to essentially USX, that converged platform of Defender XDR and Sentinel coming together into a single sort of soft console. So a lot of good stuff there.
There's also the addition of insider risk management alerts and events into there so that you can bring those in and whether your sock handles that and handles those, or you've got your HR folks or somebody else that works on those, it's all in the same tool set and benefits from all that cross correlation.
And then two things on the sort of more sort of like personal windows sort of side is the personal data encryption where stuff is encrypted with an additional layer of security and you cannot access it without going through the Windows Hello thing. So really kind of keeping those extra secure so like an app can't sort of sneak a copy of the data off in the background, which is really cool. And then there was also a lot of progress on the Microsoft virus initiative.
If y'all remember, there was some significant downtime a few months back from a vendor, which we won't name. And so there's a whole lot of good things that were being done to sort of make sure that everyone's doing their part to make sure it doesn't happen again, including, hey, how do we enhance the platform to help avoid those kinds of mistakes from happening in the future and engineer it so it's the right thing to do is the easy thing to do.
And so there was a bunch of announcements around that and around the way that we're thinking about the rules of integrating within Windows and whatnot. So very, very happy to see those. All right. Another one I have is secure password deployment in Edge. This allows IT admins to deploy encrypted shared passwords to a specific set of users if it's needed.
This is really, really cool because that way you're not just sending passwords in plain text or something and telling people to type them in or something. This is all being managed centrally and in a secure and encrypted manner. So good to see Edge getting some more sort of IT administration love. All right. So look, we haven't even, I don't even think we grazed the surface of everything that's in the book of news. The document is absolutely immense just from a security standpoint.
But with that said, we had to bring this episode to an end at some point. So as many of you know, whenever we have an episode, we always ask our guests if they had one, just that one final thought to leave our listeners with and we're going to do the same. So Mark, why don't you kick things off? If you had just like one thought to leave our listeners with, what would it be? Continuous learning. I mean, just keeping up with security and this is just the Microsoft news, right?
I mean, there's always more. There's always the attack evolution, the threat intelligence stuff. There's things that other platform providers are doing. There's things the government's doing. It's just really critical to always be in that continuous learning mode and definitely be confident in the stuff that you know, but also be willing to question it and learn something new at any time because that is just the nature of our industry is it's constantly in motion.
Yeah. So my final thought is reading through the book of news and watching a lot of the announcements, a lot of the presentations that came out of Ignite, it's impossible to walk away without seeing the impact Secure Future Initiative is already having across Microsoft products. You're seeing really important technology changes like the use of managed identities, protection of credentials if we have to have credentials being pushed all the way down into the hardware.
There's lots of things we're seeing around attack surface analysis and attack surface reduction. Again, this is all secure by default, which is one of the pillars of SFI. So it's really heartwarming to see all the work that is still ongoing in SFI, but already seeing, already sort of manifesting itself with some pretty serious changes across the whole spectrum of Microsoft products from Azure to Windows to Office to everything in between. So it's fantastic to see.
So I guess my final thought is, I can tell you for a fact, it does seem like there's an overwhelming amount of information at Ignite and I think there is. We've got loads of cool teams who work on loads of things. And so there's a lot to digest. And of course, only a tiny fraction of the Microsoft customer base gets to go to Ignite in person. So if you were there and you didn't catch everything you wanted to see, or if you weren't there, remember we do upload everything to YouTube.
And if you registered as an online attendee, you can also go on demand and watch the sessions in the Microsoft website as well. So make sure that you actually do that and catch up on things. I can tell you as somebody who actually attended Ignite, but didn't get to see any sessions because I was in my little celebrity studio, I have had to catch up on quite a few of them.
So yeah, my main final thought for this time is, even if you didn't get to go to Ignite, because we're recording this about two weeks-ish after Ignite, remember we put everything online so you can digest at your own pace and go through and find what's relevant. So I think it's great that folks, even if you weren't able to attend or you did attend and didn't see everything, you can still catch up on stuff later. So definitely go do that. Yeah, it definitely is a fire hose.
I mean, even the book of news itself is a fire hose. And you've got to realize that's just like the high level. It's not the full sort of bit of information for whatever that particular thing is. Like I'm looking right now at delegated managed service accounts in Windows 24H2 or Windows Server 2025. And it's like one paragraph, it's like three sentences. But you know full well, there's like five pages of documentation behind that one particular feature. So yeah, it's a real fire hose.
And to Sarah's point, make sure you take a look at not just the book of news, but also all the online classes or online sessions. All right, Mark, Sarah, let's bring this to an end. And to all our listeners out there, we hope you found this episode of use of interest. Again, go look at the book of news and springboard off into lots of other categories and topics related to security. Stay safe and we'll see you in the next one. Thanks for listening to the Azure Security Podcast.
You can find show notes and other resources at our website azsecuritypodcast.net. If you have any questions, please find us on Twitter at Azure Setpod. Background music is from ccmixtor.com and licensed under the Creative Commons license.