The Azure Security Podcast

In this episode Michael and Mark talk with guest Mark Russinovich, Technical Fellow, Deputy CISO and Chief Technology Officer of Microsoft Azure about quantum cryptography and quantum computing and its implications for security and the future. NOTE: There's a portion where Mark and Michael talk about a quote made by Richard Feynman about understanding technical topics, but this is actually attributed to Albert Einstein. However, there is no definitive record of Einstein writing or saying this exact phrase in his published works or speeches.We decided to not cover any Azure Security news in this episode.

Russ Rogers, a member of the Xbox team with a background as an old school hacker, dives into the intriguing world of gaming security. He discusses the unique vulnerabilities in online gaming, including the risks of leaderboard manipulation and the protection of legacy games. The conversation also highlights the challenges of DDoS attacks and the industry's holistic strategies to combat them. Additionally, they explore the critical need for safeguarding minors in online spaces, underscoring the importance of both technology and parental guidance.

In this episode Michael, Sarah and Mark talk to Mark Kendrick about Microsoft Sentinel Data Lake. We also cover news about The Open Group - Roles and Glossary standards, Security Adoption Module 5 - Data Security, Microsoft Azure Cloud HSM, WAF and Containers, PostgreSQL and PowerBI, Azure Managed Lustre, and more. Also, Sarah mentions some Developer Security YouTube videos coming out from MS Build!https://aka.ms/azsecpod

Den Delimarksy, a principal product engineer at Microsoft and member of the Model Context Protocol steering committee, shares key insights on enhancing security in AI. He discusses the significance of the Model Context Protocol's ability to provide essential context for large language models. Delimarksy also addresses security challenges like tool poisoning and the importance of threat modeling. Listeners will learn about how MCP's integration of control and data can boost operational efficiency while necessitating strong security measures.

Join Pieter Vanhove, a Product Manager at Microsoft specializing in data security, as he delves into the exciting security advancements in SQL Server 2025. The discussion covers enhanced user authentication and a shift away from traditional passwords towards managed identities. Pieter highlights significant improvements in the Tabular Data Stream protocol, making TLS upgrades smoother. He also shares insights on cache invalidation enhancements that elevate server performance without compromising user experience, showcasing the latest trends in data security.

Craig Nelson, VP of Microsoft's Red Team, dives into the fascinating world of cybersecurity, focusing on the team's role in simulating real-world attacks to uncover vulnerabilities. He discusses the critical skills needed for effective red teaming and the ethical implications of their work. The guests also tackle emerging threats, particularly the influence of AI on cybersecurity strategies. From measuring red team effectiveness to addressing common vulnerabilities, this conversation is packed with insights essential for anyone interested in protecting digital landscapes.

In this episode Michael talks with guest Ran Munsch, Principal Product Manager at Microsoft about Security Copilot and Security Copilot Agents. We also discuss Azure Security news about System.Data.SqlClient, April 2025 Secue Future Initiative progress report, Azure Database for PosrgreSQL, Azure DevTest Labs, VNets, Front Door WAF CAPTCHA, API management and more.https://aka.ms/azsecpod

Amanda Minnich leads the Microsoft AI Red Team, focusing on the security of agentic AI systems. She dives into the evolution and capabilities of these advanced digital agents, emphasizing the expanded attack surface they create. The conversation highlights real vulnerabilities, like exploited chatbots, and stresses the importance of oversight. Best practices for securing AI agents are discussed, along with the unique challenges posed by large language models. Minnich also discusses the collaborative efforts needed to navigate the complexities of AI security.

Sharon Chahal, a Principal Program Manager at Microsoft focusing on Security Co-Pilot and Entra Identity Protection, dives into securing GenAI applications. She discusses vital enhancements in cloud security, including API management and updates on Azure Key Vault. The conversation also highlights the significance of controlled access and the tools available for auditing and monitoring. Additionally, Sharon emphasizes the transition to phishing-resistant authentication methods to safeguard sensitive data while fostering ethical practices and continuous learning in tech.

Bailey Bercik, a Senior Product Manager at Microsoft Entra, discusses the critical issue of overpermissioning in generative AI applications. He dives into how to leverage Microsoft Entra Permissions Management to tackle over-permissioned identities and enhance security in multi-cloud settings. The conversation touches on the implications of large models in automating scams and highlights the importance of managing permissions for data privacy. Bercik also shares insights on governance and the latest security developments related to Azure Confidential Ledger and AI red teaming.