The Azure Security Podcast

Episode 110: Securing GenAI Applications with Entra (3 of 4): Monitoring and More

9 snips
Apr 1, 2025
Sharon Chahal, a Principal Program Manager at Microsoft focusing on Security Co-Pilot and Entra Identity Protection, dives into securing GenAI applications. She discusses vital enhancements in cloud security, including API management and updates on Azure Key Vault. The conversation also highlights the significance of controlled access and the tools available for auditing and monitoring. Additionally, Sharon emphasizes the transition to phishing-resistant authentication methods to safeguard sensitive data while fostering ethical practices and continuous learning in tech.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
ADVICE

Enforce Regular Access Reviews

  • Regularly perform access reviews to audit and remove unnecessary permissions.
  • Automate workflows to ensure timely deprovisioning when employees leave or projects end.
ADVICE

Implement Least Privilege RBAC

  • Apply role-based access control (RBAC) with least privilege for AI module access.
  • Restrict roles to prevent privilege creep and enforce compliance policies.
ADVICE

Leverage Audit and Sign-in Logs

  • Use Entra sign-in and audit logs to monitor user activity and provisioning actions.
  • Connect logs to SIEM tools like Microsoft Sentinel for in-depth investigation.
Get the Snipd Podcast app to discover more snips from this episode
Get the app