The Azure Security Podcast

Amanda Minnich leads the Microsoft AI Red Team, focusing on the security of agentic AI systems. She dives into the evolution and capabilities of these advanced digital agents, emphasizing the expanded attack surface they create. The conversation highlights real vulnerabilities, like exploited chatbots, and stresses the importance of oversight. Best practices for securing AI agents are discussed, along with the unique challenges posed by large language models. Minnich also discusses the collaborative efforts needed to navigate the complexities of AI security.

Sharon Chahal, a Principal Program Manager at Microsoft focusing on Security Co-Pilot and Entra Identity Protection, dives into securing GenAI applications. She discusses vital enhancements in cloud security, including API management and updates on Azure Key Vault. The conversation also highlights the significance of controlled access and the tools available for auditing and monitoring. Additionally, Sharon emphasizes the transition to phishing-resistant authentication methods to safeguard sensitive data while fostering ethical practices and continuous learning in tech.

Bailey Bercik, a Senior Product Manager at Microsoft Entra, discusses the critical issue of overpermissioning in generative AI applications. He dives into how to leverage Microsoft Entra Permissions Management to tackle over-permissioned identities and enhance security in multi-cloud settings. The conversation touches on the implications of large models in automating scams and highlights the importance of managing permissions for data privacy. Bercik also shares insights on governance and the latest security developments related to Azure Confidential Ledger and AI red teaming.

Diana Vicezar, a Product Manager at Microsoft, shares her insights on securing Generative AI applications with Entra. She highlights the necessity of awareness around AI security in today's business landscape. The conversation also touches on the potential risks of AI, including unauthorized access to information. Diana emphasizes the importance of basic security practices that are often overlooked, setting the stage for a deeper exploration in future discussions about integrating security into AI applications.

Maxime Bombardier, a data security expert aiding clients in deploying Purview solutions, discusses essential topics. He delves into the significance of encryption and the critical need for user training. The conversation also covers the oversharing blueprint for Microsoft 365 Copilot, emphasizing a 'secure by default' strategy to protect sensitive information. Maxime highlights the integration challenges with Purview Blueprints and the importance of documentation for effective data governance, promoting best practices to enhance organizational security.

In this episode, Michael, Mark, and Sarah go over what they found interesting from Microsoft Ignite. Mark has a discount code for his Zero Trust Book, too.https://aka.ms/aszecpod

Merill Fernando, Principal Product Manager at Microsoft Entra, shares his expertise on open-source security tools designed to enhance Azure and Entra ID security. He discusses recent developments from the Microsoft Ignite event, including FIDO2 authentication and the retirement of older TLS versions. Insights on Zero Trust principles and the new security tool, Maester, highlight the importance of collaboration in tech solutions. Merill emphasizes the urgent need for Multi-Factor Authentication across organizations to bolster security awareness and frameworks.

In this episode, Michael talks to Nic Fillingham about the recent Microsoft Bluehat Security conference held at the Microsoft HQ in Redmond, WA. We also discuss how to tell the NZ and Australian accents apart. This alone is worth listening to :)This is a follow-on from episode 103 when we talked about what was coming up for Bluehat.No news, as this is a special, smaller episode. It's also the least edited; other than some ums and ers getting removed and a small retake, the result is as was recorded. Let us know what you think, this feels a little more 'chatty' and personable.https://aka.ms/azsecpod

In this episode we speak to Nic Fillingham who is a Senior Program Manager at Microsoft about security conferences and mainly about the Microsoft Bluehat conference he runs. We also discuss security about PostgreSQL, Cosmos DB, IP address management, containers and AI Studio. https://aka.ms/azsecpod

In this episode Michael and Sarah talk to Nestori Syynimaa about Entra ID security and his purple-team tool, AADInternals. We also cover the latest security news about Secure Future Initiative (SFI), MFA for Azure Portal, Playright, WordPress, NSG, Bastion, Azure Functions, MS Ignite, App Service, Defender for Cloud, Containers, Azure Monitor, AKS, Trustworthy AI and Azure AI Content Safety.https://aka.ms/azsecpod