The Azure Security Podcast  

In this episode Michael talks with guests Sharath Unni  ( ) and Raul Garcia  ( ) about securing Azure SQL DB, SQL MI and SQL Server through the eyes of an attacker.

Links

• Transcript
• Tutorial: Signing Stored Procedures with a Certificate
• CodeQL Rule for C#: SQL query built from user-controlled sources
• An overview of Azure SQL Database and SQL Managed Instance security capabilities
• Overview of Microsoft Defender for Azure SQL
• Protect your databases with Defender for Databases
• Azure security baseline for Azure SQL
• The Protection of Information in Computer Systems

In this episode Michael talk with colleagues Pieter Vanhove  ( ) and Mirek Sztajno about recent updates to Always Encrypted and Transparent Data Encryption (TDE) in SQL Server 2022 and Azure SQL DB.

Links

• SGX Enclaves
• VBS Enclaves
• Always Encrypted with secure enclaves
• TDE with database-level CMK now generally available for Azure SQL Database
• Transparent data encryption (TDE) with customer-managed keys at the database level
• Identity and key management for TDE with database level customer-managed keys
• Cross-tenant customer-managed keys with transparent data encryption
• Configure geo replication and backup restore for transparent data encryption with database level customer-managed keys

In this episode Michael talks with guest Nikhil Kumar  ( ) and our own Mark Simos about a new book they have co-authored named "Zero Trust Playbook Series Zero Trust Overview and Playbook Introduction: Actionable Guidance for Business, Security, and Technology Leaders and Practitioners."

Links

• Transcript
• Zero Trust Playbook Series Zero Trust Overview and Playbook Introduction: Actionable Guidance for Business, Security, and Technology Leaders and Practitioners
• [Save 20%]
• Zero Trust Reference Model
• Zero Trust Commandments

In this episode Michael and Sarah talk with guest Madeline Eckert  ( ) about Security Bug Bounties.
We also discuss Azure Security news about SQL Server 2022, Azure certificate changes, TLS 1.0 and 1.1 deprecation, GitHub security scanning, Ransomeware defenses, Zero Trust and more; and by 'more' we mean lock-picking!

Links

• Transcript
• Azure Defenses for Ransomware Attack
• Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report
• SQL Server 2022 Common Criteria
• General Availability: GitHub Advanced Security for Azure DevOps
• Upcoming Certificate Changes Impacting Direct Routing Users
• TLS 1.0 and TLS 1.1 soon to be disabled in Windows
• Hack The Box
• NahamSec
• MIT Guide To Lock Picking

In this episode Michael, Sarah, Gladys and Mark talk with guest Roberto Rodriguez  ( ) about attack simulation, Cloud Katana and AI.
We also discuss Azure Security news about Azure SQL DB, Azure Key Vault, Cosmos DB, Trusted Launch VMs, Azure Artifacts, Zero Trust, Windows and TLS and Entra ID.

Links

• Transcript
• Use Azure Key Vault to securely store and retrieve access key when mounting Azure Storage as a local share in App Service
• Configure customer-managed keys on existing Cosmos DB accounts
• Trusted launch as default for VMs deployed through the Azure portal
• Azure Container Apps supports environment level mTLS encryption
• Delegating permission management using Roles vs WITH GRANT OPTION
• Introducing Azure Artifacts support for Rust Crates
• What is Block T-SQL CRUD feature?
• What are protected actions in Azure AD?
• TLS 1.0 and TLS 1.1 soon to be disabled in Windows
• The Open Group Summit
• Zero Trust Commandments
• Cloud-Katana (GitHub)
• Cloud Katana (Jupyter Notebook and other Docs)
• SimuLand: Understand adversary tradecraft and improve detection strategies
• Some abbreviations used: TI == Threat Intel, C2 == Command and Control

In this episode Michael and Sarah with guest Miriam Wiesner  ( ) about her new book, "PowerShell Automation and Scripting for Cybersecurity" which comes out soon.

We also discuss Azure Security news about: Azure SQL DB Always Encrypted improvements, Azure SQL Managed Instance, App Gateway for Containers and Bring your own Key for AKS Ephemeral Disks.

Links

• Transcript
• Always Encrypted Wizard now supports secure enclaves and in-place encryption
• Always Encrypted with secure enclaves – DC-series databases with up to 40 vCores
• Azure Private Link for Azure SQL Managed Instance
• Public preview: Azure Application Gateway for Containers
• Public preview: Bring your own key on Ephemeral OS disk for AKS
• PowerShell Automation and Scripting for Cybersecurity: Hacking and defense for red and blue teamers (Use 20MIRIAM at checkout)
• Packt Publishing
• Packt SecPro

In this episode Michael and Mark talk with Microsoft Security MVP Truls Dahlsveen  ( ) about modern security strategy. Actually, Mark and Truls mainly do the talking :)
We also discuss Azure Security news about Application Gateway TLS policy, Defender for IoT and the Zero Trust Commandments.

Links

• Transcript
• Zero Trust Commandments
• Updated default TLS policy for Azure Application Gateway
• Public Preview: Firmware analysis in Defender for IoT
• Preview: Azure Boost
• Truls' Security Automation Blog
• Field notes on security strategy
• Microsoft Security Insights
• Microsoft EMS Community

In this special episode Michael talks to prior podcast guest and Azure SQL DB colleague Sravani Saluru  ( ) about how to configure, monitor and manage audit logging in Azure SQL Database. She also shares some inside hints and tips!

Links

• Transcript
• Configure Auditing for Azure SQL Database series - Part1
• Configure Auditing for Azure SQL Database series - Part2
• Auditing for Azure SQL Database and Azure Synapse Analytics
• View a SQL Server Audit Log
• sys.fn_get_audit_file

In this episode Michael and Sarah talk with guest Matt Zorich  ( ) about Microsoft's Incident Reponse process and services.
We also discuss Azure Security news about Azure Monitor RBAC and some Web Application Firewall (WAF) updates.

Links

• Transcript
• Public Preview: Azure Monitor Logs improved table-level RBAC
• Public preview: Sensitive Data Protection for Application Gateway Web Application Firewall logs
• Public Preview: Default Rule Set 2.1 for Regional WAF with Application Gateway
• Microsoft Incident Response
• Why the cyber resilience bell curve matters
• Microsoft Digital Defense Report 2022

In this episode Michael and Sarah talk with guest Thomas Roccia  ( ) about threat intelligence and MSTICPy and more.
We also discuss Azure Security news about Azure Files SMB shares, Private Link support for Application Gateway, Managed Identities support for Capture in Event Hubs and more.

Links

• Transcript
• Public Preview: Azure AD Support for Azure Files SMB shares REST API
• Generally available: Private Link support for Application Gateway
• Generally available: Managed Identities support for Capture in Event Hubs
• Introducing the Azure Linux container host for AKS
• NDC Conferences
• UNPROTECT [PROJECT]: Unprotect Malware for the Mass
• The Unprotect Project: Search Evasion Techniques
• Visual Threat Intelligence
• Using Python to unearth a goldmine of threat intelligence from leaked chat logs
• MSTIC Jupyter and Python Security Tools

In this episode Michael and Gladys talk with guests Marcelo di lorio  ( ) and Neil Walker  ( ) about all the latest news in Microsoft Entra Permissions Management.
We also discuss Azure Security news about Microsoft Build, Confidential Computing, Key Vault, SQL MI, and Azure Content Safety.

Links

• Transcript
• Microsoft Build 2023: Announcing new identity, compliance, and security features from Microsoft Security
• Introducing Microsoft Security Copilot: Empowering defenders at the speed of AI
• Preview: Red Hat Enterprise Linux (RHEL) 9.2 support for AMD confidential VMs
• Public Preview: AMD confidential VM option for Azure Data Explorer (ADX)
• Azure Key Vault Access Configuration Update
• General availability: Confidential containers on Azure Container Instances (ACI)
• Ledger now in preview in Azure SQL Managed Instance
• Announcing Azure Content Safety
• Trial user guide: Microsoft Entra Permissions Management
• Looking at Entra Permissions Management to Manage Permissions Across AWS, GCP and Azure
• 2023 State of Cloud Permissions Risks report now published
• Microsoft Entra Permissions Management

In this episode Michael, Gladys and Mark talk with guest Anthony Shaw  ( ) about what he looks for when reviewing Infrastructure as Code files, and some of the best practices he has learned over the years. He also made a fantastic comment:
    "Security pops up a lot when you stick things on the Internet"
Sarah is away in Singapore, presenting at Blackhat Asia 2023!
We also discuss Azure Security news about DDoS, Cosmos DB, Microsoft Defender for APIs, Load Balancer, Zero Trust and discovering Internet-facing devices.

Links

• Transcript
• Public Preview: Azure API Management and Microsoft Defender for APIs integration
• General availability: Inbound ICMPv4 pings are now supported on Azure Load Balancer
• Public Preview : Azure Cosmos DB for PostgreSQL Data Encryption with Customer Managed Keys
• SecOps Tools Strategy in 2023, Part 1
• Discovering internet-facing devices using Microsoft Defender for Endpoint
• Defend against DDoS attacks with Azure DDoS IP Protection
• What is the Azure Developer CLI (preview)?
• Discover misconfigurations in Infrastructure as Code (IaC)
• CPython Internals

In this episode Michael, Sarah, and Mark talk with guest Negar Shabab  ( ) about her work in Microsoft's Security Research group.
We also discuss Azure Security news about new Confidential Computing VMs, SQL Server, T-SQL Parsing, Auditing in Azure SQL DB, Sentinel and more.

Links

• Transcript
• Mark ordered pizza during the podcast!
• Preview: Introducing DCesv5 and ECesv5-series Confidential VMs with Intel TDX
• The Importance of TLS with SQL Server
• ScriptDOM .NET library for T-SQL parsing is now open source
• Auditing for Azure SQL Database and Azure Synapse Analytics
• The Cybdersecurity Alignment Paradox
• Microsoft Cybersecurity Reference Architectures
• MCRA Intro
• Announcing Public Preview of Microsoft Sentinel in Azure China 21Vianet
• Meet Twins Noushin And Negar Shabab Who Are Making Their Mark In Cybersecurity

In this episode Michael, Sarah, Gladys and Mark talk with a good friend of the Podcast, Yuri Diogenes  ( ) about the latest Microsoft Defender for Cloud news.
We also discuss Azure Security news about Trusted VM Launch, Chaos Studio, Azure SQL DB, DDoS protection, Confidential Containers, Firewall and more.

Links

• Transcript
• Private Preview: Enable Trusted launch on your existing Azure Gen2 VMs
• Public Preview: Azure Chaos Studio is now available in Sweden Central region
• General availability: IP Protection SKU for Azure DDoS Protection
• Transparent data encryption (TDE) with customer-managed keys at the database level
• Public preview: Confidential containers on ACI
• What's new in Microsoft Sentinel
• SecOps Tools Strategy in 2023, Part 1
• Announcing Azure Firewall enhancements for troubleshooting network performance and traffic visibility
• How to use number matching in multifactor authentication (MFA) notifications - Authentication methods policy
• Configure a user-assigned managed identity to trust an external identity provider
• Exam Ref SC-100 Microsoft Cybersecurity Architect 1st Edition (Amazon)
• Exam Ref SC-100 Microsoft Cybersecurity Architect (Microsoft Press Store)
• Building a Career in Cybersecurity: The Strategy and Skills You Need to Succeed 1st Edition
• Microsoft Defender for DevOps Preview
• Identify and remediate attack paths
• Build queries with cloud security explorer
• What's new in Microsoft Defender for Cloud?
• Microsoft Defender for Cloud Blog
• Microsoft-Defender-for-Cloud/Labs/
• MDC monthly newsletter

In this episode Michael and Mark talk with guest Kemley Nieva  ( ) about the latest news in Azure Policy.
We also discuss Azure Security news about Microsoft Security Copilot, Azure Cache for Redis, Azure SQL Database, Azure SQL Managed Instance, Azure Monitor, API Management, Azure Maps, Azure Functions, Azure Backup and VMs.

Links

• Transcript
• Introducing Microsoft Security Copilot
• Configure disk encryption for Azure Cache for Redis instances using customer managed keys (preview)
• User Managed Identity support for Auditing Azure SQL Database is in Public Preview Now
• Built-in policies for Azure Monitor
• Generally available: Azure Private Link support for Inbound traffic in Azure API Management
• Azure Private Link for Azure SQL Managed Instance (Preview)
• Azure Maps is now HIPAA (Health Insurance Portability and Accountability Act) compliant
• Generally available: Encryption scopes on hierarchical namespace enabled storage accounts
• Generally Available: Durable Functions support of managed identity for Azure Storage
• Generally available: Immutable vaults for Azure Backup
• General availability: Ephemeral OS disks supports encryption at host using customer managed keys
• Introducing Microsoft Security Copilot
• What is Azure Policy?
• Resource selectors (preview)

In this episode Michael and Gladys talk with guests Sean Wesonga  ( ) and Bojan Magusic  ( )  about using Infrastructure as Code (IaC) with Microsoft Defender for Cloud.
We also discuss Azure Security news about new Azure SQL Database migration abilities for authentication and Transparent Data Encryption (TDE).

Links

• Transcript
• Public preview: Login and TDE-enabled database migrations with Azure Database Migration Service
• Microsoft Defender for Cloud as Code (GitHub)

In this episode Michael, Sarah, Gladys and Mark interview each other!

The Podcast is almost three years old, and things have changed for each of us, so we thought we'd re-introduce ourselves, reflect, give career advice, and talk about what's top of mind for each of us!
We also discuss Azure Security news about SQL Server and Azure SQL DB, MFA and AAD, AAD and IPv6, new SC-100 study guide and more.

Links

• Transcript
• IPv6 Coming to Azure AD
• Repudiation Threats and ledger in Azure SQL Database/SQL Server
• How to use number matching in multifactor authentication (MFA) notifications - Authentication methods policy
• Workshop: SQL Server Security Ground to Cloud
• Exam Ref SC-100 Microsoft Cybersecurity Architect
• Security Operations Specializations
• Technical Teams

In this episode Michael talks with guest Pieter Vanhove  ( ) about a new addition to the Always Encrypted family: Always Encrypted with Virtualization-Based Security (VBS) Enclaves. This new feature is available today in Public Preview.

Links

• Transcript
• Preview: VBS Enclaves for Always Encrypted in Azure SQL Database
• Always Encrypted with secure enclaves documentation
• Tutorial: Getting started with Always Encrypted with secure enclaves in Azure SQL Database
• Always Encrypted
• Virtualization-based Security (VBS)
• Hyper-V Technology Overview
• (Michael mentioned this, nothing to do with VBS AE) Azure Confidential Computing on 4th Gen Intel Xeon Scalable Processors with Intel TDX

In this episode Michael and Sarah talk with guests Beau Faull  ( ) and Lou Mercuri  ( ) about Microsoft Purview. Beau and Lou are also co-hosts of the Coast2Coast Podcast.

We also discuss Azure Security news about Trusted Boot VMs, Sentinel and Defender for Cloud.

Links

• Transcript
• General availability: Trusted launch for Azure VMs in Azure for US Government regions
• What's new in Microsoft Sentinel
• Identify and remediate attack paths
• Cloud security explorer
• What's new in Microsoft Purview risk and compliance solutions
• Microsoft Purview compliance documentation
• Coast2Coast - MSFTAU
• Introducing Adaptive Protection in Microsoft Purview—People-centric data protection for a multiplatform world

In this episode Michael and Mark talk with guest Adrian Diglio  ( ) about Secure Software Supply Chain and Software Bill of Materials or SBOM.
We also discuss Azure Security news about SQL Server, Azure SQL DB, Azure Database for MySQL, Azure Database for PostgreSQL and Application Secure Groups in Private Endpoints. Mark goes over MCRA, Immutable Laws of Cybersecurity and Security Architecture Design.

Links

• Transcript
• Summary of the 2022 Security Investments in Azure SQL and SQL Server 2022
• Generally available: Azure Active Directory authentication for SQL Server 2022
• Public Preview: Microsoft Purview access policies for SQL Server 2022
• General availability: Encryption using CMK for Azure Database for PostgreSQL - Flexible Server
• General availability: Azure AD authentication with Azure Database for MySQL - Flexible Server
• General availability: Azure Database for MySQL - Flexible Server data encryption with CMK
• General availability: Application security groups support for private endpoints
• The Chief Information Security Officer (CISO) Workshop Training
• Microsoft Cybersecurity Reference Architectures
• The immutable laws of security
• MCRA Intro
• Executive Order 14028: Improving the Nation's Cybersecurity
• Generating Software Bills of Materials (SBOMs) with SPDX at Microsoft
• Microsoft open sources its software bill of materials (SBOM) generation tool
• GitHub: sbom-tool
• GitHub: component-detection
• GitHub: Demo-for-Microsoft-SBOM-Tool

In this episode Michael sits down with Ajay Jagannathan  ( ) to talk about the recent release of SQL Server 2022 especially some of the new security features and hooks into Azure.
We also discuss other SQL database security news.

Links

• Transcript
• DISA releases the Microsoft Azure SQL Database Security Technical Implementation Guide
• Troubleshooting external data and access policies in Azure SQL and SQL Server
• SQL Server 2022 is now generally available
• Explore SQL Server 2022 capabilities
• What's new in SQL Server 2022
• What's new in SQL Server 2022: Security
• SQL Server 2022 demos
• Workshop: The SQL Server 2022 Workshop
• Introduction to SQL Server 2022

In this episode Michael and Sarah talk with guest Bronwyn Mercer  ( ) about Privilegd Access.
We also discuss Azure Security news about Defender for DevOps, ARM, Application Gateway, and Managed HSM.

'Designing and Developing Secure Azure Solutions' from Microsoft Press is now available!

Links

• Transcript
• Azure Resource Manager — Migrating to TLS 1.2 with Deprecation of Outdated Security Protocols
• Azure Managed HSM TLS Offload Library
• General availability: TLS 1.3 with Application Gateway
• Azure SQL New Updates @ PASS Summit, November 2022 | Data Exposed Live (Security)(
• Data Exposed with Anna Hoffman
• Privileged access: Strategy

In this episode Michael, Sarah and Mark talk with guest Joey Snow  ( ) about Workload Identities.
We also discuss Azure Security news about: Azure Front Door, Log Analytics, Web Application Firewall and AKS SSH keys.

Links

• Transcript
• Public preview: Azure Front Door integration with managed identities
• Public preview: Rotate SSH keys on existing AKS nodepools
• General availability: Manage your Log Analytics Tables in Azure Portal
• General availability: Default Rule Set 2.1 for Azure Web Application Firewall
• The immutable laws of security
• What are the top security Antipatterns you see?
• The Chief Information Security Officer (CISO) Workshop Training
• Microsoft Entra Workload Identities Preview
• Managing, governing, and securing identities for apps and services
• Introducing Microsoft Entra Workload Identities

In this episode Michael, Sarah, Gladys and Mark talk with guests Rijuta Kapoor  ( ) and Brandon Dixon ( ) about Microsoft Defender for Threat Intelligence.
We also discuss Azure Security news about Azure Service Bus, PostgreSQL, VMs, SQL Server and Confidential VMs, Azure SQL DB, Workload Identities, Microsoft Entra and other security news from Ignite.

Links

• Transcript
• Generally available: Control the minimum TLS version used with Azure Service Bus
• Public preview: Infrastructure encryption using customer managed key for PostgreSQL – Flexible Server
• General availability: AMD confidential VM guest attestation
• General availability: Confidential VM option for SQL Server on Azure Virtual Machines
• Azure SQL DB: TDE Automatic key rotation
• Learn how to secure and monitor Workload Identities with a series of events
• Introducing Microsoft Entra Workload Identities
• Extend the reach of Azure AD Identity Protection into workload identities
• Managing, governing, and securing identities for apps and services
• Overview of Azure AD certificate-based authentication
• Computer Vision
• The immutable laws of security
• Microsoft Ignite Book of News

In this episode Michael talks with guest Andreas Wolter  ( ) about SQL Server and Azure SQL Database permissions. If you have never gotten your head around SQL Server permissions, you came to right place! Andreas and Michael are colleagues in the Azure Data Platform.

Links

• Transcript
• Security: The Principle of Least Privilege (POLP)
• Private Preview: controlling access to Azure SQL at scale with policies in Purview
• New granular permissions for SQL Server 2022 and Azure SQL to improve adherence with PoLP
• Revamped SQL Permission system for Principle of Least Privilege and external policies – internals
• Schema-design for SQL Server: recommendations for Schema design with security in mind
• Tutorial: Ownership Chains and Context Switching

In this episode Michael, Sarah, Gladys and Mark talk with guest Nick Wryter  ( ) about Entra Permissions Management.
We also discuss Azure Security news about

Links

• Transcript
• Public preview: Policy analytics for Azure Firewall
• Public preview: Azure AD authentication with Azure Database for MySQL – Flexible Server
• General availability: Azure Policy built-in definitions for Azure NetApp Files
• Public preview: Encryption scopes on hierarchical namespace enabled storage accounts
• Generally available: Immutable storage for Azure Data Lake Storage
• Public preview: API Server VNET Integration for AKS private cluster
• Configure authentication session management with Conditional Access
• Create a multi-stage access review
• Investigate alerts in Microsoft 365 Defender
• Workload identity federation
• Microsoft Entra Permissions Management
• What's Permissions Management?
• John Savill: Looking at Entra Permissions Management to Manage Permissions Across AWS, GCP and Azure

In this episode Michael, Sarah, Gladys and Mark talk with guest Josh Bregman  ( ) who is a Principal Product Manager at Microsoft about Microsoft Defender for Endpoint and a feature that makes it harder for bad actors to change sensitive security-related settings that could disable security software.
We also cover the latest security news about Synapse SQL, Service Bus, Storage, Redis, Azure SQL, MySQL, AKS, Managed Disks and Microsoft Defender.

Links

• Transcript
• General availability: Managed private endpoint support to Synapse SQL output
• General availability: Authenticate to Service Bus using managed identity
• Public preview: Encrypt storage account with cross-tenant customer-managed keys
• General availability: Managed identity to connect Azure Cache for Redis to storage
• User-assigned managed identity in Azure AD for Azure SQL
• Automated key rotation for TDE BYOK now available in preview for Azure SQL
• General availability: Azure Database for MySQL - Flexible Server data encryption with CMK
• Public preview: Encrypt managed disks with cross-tenant customer-managed keys
• Public preview: Operation abort (AKS)
• Microsoft Defender Experts for Hunting
• Microsoft Defender Experts for Hunting - Explainer
• Choose between guided and advanced modes to hunt in Microsoft 365 Defender
• The most dangerous myth in IT is that technology systems don't ever need to be maintained
• Patching antipatterns
• Tamper protection will be turned on for all enterprise customers
• Built-in protection helps guard against ransomware
• Cyber Signals: Defend against the new ransomware landscape

In this episode Michael, Sarah and Mark talk with guest Elizabeth Stephens  ( ) about securing operational technology - OT. This is the first episode to use the phrase, "things that are not supposed to blow up!"
We also discuss Azure Security news about Windows authentication and AAD for SQL Managed Instance, Private Endpoints, Load Testing, TLS 1.3 support, Confidential VM support for AKS pools, Azure Firewall and AKS Key Management.

Links

• Transcript
• Complete Patch Management Strategy
• Common patching anti-patterns
• Windows Authentication for Azure AD principals for SQL Managed Instance is now Generally Available
• General availability: Network security groups support for private endpoints
• General availability: User-defined routes support for private endpoints
• Public preview: Microsoft Azure Load Testing supports private endpoints testing
• Confidential VM node pool with AMD SEV-SNP protection available on AKS in public preview
• Generally available: Key management system integration with AKS
• Azure Firewall Premium is now ICSA labs certified
• Public preview: TLS 1.3 support on Application Gateway
• Conscious cloud: our Aotearoa datacenter pledge Microsoft’s datacenter region powered by 100% carbon free energy from day one
• Microsoft Defender for IoT Ninja Training
• Microsoft Defender for IoT
• MCRA OT & IIoT Security

In this episode Michael, Gladys and Mark talk with guest Safeena Begum  ( ) about current Microsoft Defender for Cloud news as well as using it to monitor AWS and GCP.
We also discuss Azure Security news about changes to Certificate Authority root certificates in Azure, Microsoft Entra and threat intelligence.

Links

• Transcript
• Microsoft announces new solutions for threat intelligence and attack surface management
• New capabilities in Microsoft Entra Verified ID now available
• Microsoft Inspire Opening
• Azure TLS certificate changes

In this episode Michael and Sarah talk to Mark about the updated Chief Information Security Officer (CISO) Workshop.
We also discuss Azure Security news about Gateway Load Balancer, Azure Database for MySQL, Confidential Ledger and Trusted Launch.

Links

• Transcript
• Gateway Load Balancer now generally available in all regions
• Azure confidential ledger is now Generally Available!
• Public preview: Azure Database for MySQL - Flexible Server data encryption with CMK
• Generally available: Trusted Launch support for DCsv3 and DCdsv3 series Virtual Machines
• The Chief Information Security Officer (CISO) Workshop Training

In this episode Michael geeks out with guests Vikas Bhatia () and Run Cai () about some of the recent announcements about Azure Confidential Computing. Most importantly, the recent release of Azure Confidential Computing VMs from AMD.

Links

• Transcript
• Latest innovations in Azure confidential computing
• Confidential Computing (Microsoft Research Cambridge)
• Azure confidential computing
• Confidential Computing Customer Stories
• Azure Confidential VM options on AMD
• Quickstart: Create confidential VM on AMD in the Azure portal
• DCasv5 and ECasv5 series confidential VMs

In this episode Michael, Sarah, Gladys and Mark talk with guest Roey Ben Chaim  ( ) about the plethor of material available as part of the Microsoft Sentinel Content Hub.
We also discuss Azure Security news about: Microsoft Entra Permissions Management, MSTICPy 2.0, Microsoft Purview, Azure Monitor Agent, Azure Backup, App Insights and the table of contents from Designing and Developing Secure Azure Solutions :)

Links

• Transcript
• Announcing OAuth 2.0 Client Credentials Flow support for POP and IMAP protocols in Exchange Online
• Microsoft Entra Permissions Management is now generally available!
• MSTICPy Version 2.0
• Microsoft Purview Data Loss Prevention (DLP) integration in Microsoft Sentinel (Preview)
• Migrate to Azure Monitor agent from Log Analytics agent
• Multi-user authorization using Resource Guard
• General availability: Azure Active Directory authentication for Application Insights
• Designing and Developing Secure Azure Solutions Table of Contents
• Microsoft Sentinel and Microsoft 365 Defender - Contributing

In this episode Michael talks with guest Michael Melone  ( ) a Principal Product Manager in the Microsoft 365 Defender team about tips tricks and tools available to help hunt adversaries using Microsoft 365 Defender.
We also discuss Azure Security news about MySQL, AKS, Comsos DB, and API Management.

Links

• Transcript
• Azure Advisor for MySQL
• Custom certificate authority (CA) in Azure Kubernetes Service (AKS) (preview)
• Configure Azure Application Gateway Private Link (preview)
• Public preview: Continuous backup enhancements in Azure Cosmos DB
• Generally available: API Management Content Security Policy and CORS configuration support
• Join Our Security Community
• Designing Secure Systems
• Hunting Queries
• On-demand webcast series: “Tracking the adversary”
• Microsoft-365-Defender-Hunting-Queries
• KQL quick reference
• Understand the advanced hunting schema