The Azure Security Podcast

Craig Nelson, VP of Microsoft's Red Team, dives into the fascinating world of cybersecurity, focusing on the team's role in simulating real-world attacks to uncover vulnerabilities. He discusses the critical skills needed for effective red teaming and the ethical implications of their work. The guests also tackle emerging threats, particularly the influence of AI on cybersecurity strategies. From measuring red team effectiveness to addressing common vulnerabilities, this conversation is packed with insights essential for anyone interested in protecting digital landscapes.

In this episode Michael talks with guest Ran Munsch, Principal Product Manager at Microsoft about Security Copilot and Security Copilot Agents. We also discuss Azure Security news about System.Data.SqlClient, April 2025 Secue Future Initiative progress report, Azure Database for PosrgreSQL, Azure DevTest Labs, VNets, Front Door WAF CAPTCHA, API management and more.https://aka.ms/azsecpod

In this episode Michael and Sarah talk with guest Amanda Minnich about securing agentic AI systems, the security challenges they face, and how to secure them.We also discuss Azure Security news about Azure File Sync, Docker support in Azure and a new series of Secure Future Initiative videos with appearances from Michael, Sarah, and various guests.

In this episode Michael and Gladys talk to Sharon Chahal who is a Principal Program Manager in the Identity team at Microsoft about monitoring and auditing when building GenAI applications. We also cover other related topics.Michael and Gladys cover the latest security news about API Security Posture Management, Azure Key Vault in China, Azure Data Studio retirement, new least privilege permissions in Graph and more.https://aka.ms/azsecpod

In this episode, Michael, Gladys and Mark talk to guest Bailey Bercik about the problem of overpermissioning and how to use Microsoft Entra Permissions Management to identify and manage over-permissioned identities in multi-cloud environments to reduce security risks, especially for AI apps.We also cover the latest security news about AI red teaming, Azure SQL DB logging, Azure Confidential Ledger, Star Blizzard spear-phishing campaign and CISA Zero Trust Maturity Model.https://aka.ms/azsecpod

In this episode Michael, Gladys, Mark and Sarah talk to guest Diana Vicezar from the Microsoft Entra team about security Generative AI applications. Note, this is a short, simple intro episode to introduce three follow-on episodes. We also cover security news about TLS 1.3 and Azure Event Grid, big updates to Microsoft Defender for Cloud, Azure Database for MySQL, SQL Managed Instance and Confidential Ledger.

Maxime Bombardier, a data security expert aiding clients in deploying Purview solutions, discusses essential topics. He delves into the significance of encryption and the critical need for user training. The conversation also covers the oversharing blueprint for Microsoft 365 Copilot, emphasizing a 'secure by default' strategy to protect sensitive information. Maxime highlights the integration challenges with Purview Blueprints and the importance of documentation for effective data governance, promoting best practices to enhance organizational security.

In this episode, Michael, Mark, and Sarah go over what they found interesting from Microsoft Ignite. Mark has a discount code for his Zero Trust Book, too.https://aka.ms/aszecpod

Merill Fernando, Principal Product Manager at Microsoft Entra, shares his expertise on open-source security tools designed to enhance Azure and Entra ID security. He discusses recent developments from the Microsoft Ignite event, including FIDO2 authentication and the retirement of older TLS versions. Insights on Zero Trust principles and the new security tool, Maester, highlight the importance of collaboration in tech solutions. Merill emphasizes the urgent need for Multi-Factor Authentication across organizations to bolster security awareness and frameworks.

In this episode, Michael talks to Nic Fillingham about the recent Microsoft Bluehat Security conference held at the Microsoft HQ in Redmond, WA. We also discuss how to tell the NZ and Australian accents apart. This alone is worth listening to :)This is a follow-on from episode 103 when we talked about what was coming up for Bluehat.No news, as this is a special, smaller episode. It's also the least edited; other than some ums and ers getting removed and a small retake, the result is as was recorded. Let us know what you think, this feels a little more 'chatty' and personable.https://aka.ms/azsecpod