The Azure Security Podcast

Den Delimarksy, a principal product engineer at Microsoft and member of the Model Context Protocol steering committee, shares key insights on enhancing security in AI. He discusses the significance of the Model Context Protocol's ability to provide essential context for large language models. Delimarksy also addresses security challenges like tool poisoning and the importance of threat modeling. Listeners will learn about how MCP's integration of control and data can boost operational efficiency while necessitating strong security measures.

Join Pieter Vanhove, a Product Manager at Microsoft specializing in data security, as he delves into the exciting security advancements in SQL Server 2025. The discussion covers enhanced user authentication and a shift away from traditional passwords towards managed identities. Pieter highlights significant improvements in the Tabular Data Stream protocol, making TLS upgrades smoother. He also shares insights on cache invalidation enhancements that elevate server performance without compromising user experience, showcasing the latest trends in data security.

Craig Nelson, VP of Microsoft's Red Team, dives into the fascinating world of cybersecurity, focusing on the team's role in simulating real-world attacks to uncover vulnerabilities. He discusses the critical skills needed for effective red teaming and the ethical implications of their work. The guests also tackle emerging threats, particularly the influence of AI on cybersecurity strategies. From measuring red team effectiveness to addressing common vulnerabilities, this conversation is packed with insights essential for anyone interested in protecting digital landscapes.

In this episode Michael talks with guest Ran Munsch, Principal Product Manager at Microsoft about Security Copilot and Security Copilot Agents. We also discuss Azure Security news about System.Data.SqlClient, April 2025 Secue Future Initiative progress report, Azure Database for PosrgreSQL, Azure DevTest Labs, VNets, Front Door WAF CAPTCHA, API management and more.https://aka.ms/azsecpod

Amanda Minnich leads the Microsoft AI Red Team, focusing on the security of agentic AI systems. She dives into the evolution and capabilities of these advanced digital agents, emphasizing the expanded attack surface they create. The conversation highlights real vulnerabilities, like exploited chatbots, and stresses the importance of oversight. Best practices for securing AI agents are discussed, along with the unique challenges posed by large language models. Minnich also discusses the collaborative efforts needed to navigate the complexities of AI security.

Sharon Chahal, a Principal Program Manager at Microsoft focusing on Security Co-Pilot and Entra Identity Protection, dives into securing GenAI applications. She discusses vital enhancements in cloud security, including API management and updates on Azure Key Vault. The conversation also highlights the significance of controlled access and the tools available for auditing and monitoring. Additionally, Sharon emphasizes the transition to phishing-resistant authentication methods to safeguard sensitive data while fostering ethical practices and continuous learning in tech.

Bailey Bercik, a Senior Product Manager at Microsoft Entra, discusses the critical issue of overpermissioning in generative AI applications. He dives into how to leverage Microsoft Entra Permissions Management to tackle over-permissioned identities and enhance security in multi-cloud settings. The conversation touches on the implications of large models in automating scams and highlights the importance of managing permissions for data privacy. Bercik also shares insights on governance and the latest security developments related to Azure Confidential Ledger and AI red teaming.

Diana Vicezar, a Product Manager at Microsoft, shares her insights on securing Generative AI applications with Entra. She highlights the necessity of awareness around AI security in today's business landscape. The conversation also touches on the potential risks of AI, including unauthorized access to information. Diana emphasizes the importance of basic security practices that are often overlooked, setting the stage for a deeper exploration in future discussions about integrating security into AI applications.

Maxime Bombardier, a data security expert aiding clients in deploying Purview solutions, discusses essential topics. He delves into the significance of encryption and the critical need for user training. The conversation also covers the oversharing blueprint for Microsoft 365 Copilot, emphasizing a 'secure by default' strategy to protect sensitive information. Maxime highlights the integration challenges with Purview Blueprints and the importance of documentation for effective data governance, promoting best practices to enhance organizational security.

In this episode, Michael, Mark, and Sarah go over what they found interesting from Microsoft Ignite. Mark has a discount code for his Zero Trust Book, too.https://aka.ms/aszecpod