The Azure Security Podcast  

In this episode Michael, Sarah, Gladys and Mark talk with guest Carmichael Patton, a Senior Security Architect in the Digital Security and Resiliency group at Microsoft  ( ) about Microsoft's journey to Zero Trust and some of the lessons learned along the way.
We also discuss Azure Security news about: Azure Sentinel, Azure Automation, Azure SQL DB and Always Encrypted withe Secure Enclaves, App Insights, App Service and Functions, Azure Active Directory, Azure Firewall, Azure Kubernetes Service, Azure Security Center, Azure Bastion. Mark also talks about some Open Group activities and recent Microsoft security acquisitions.

Links

• Microsoft: Zero Trust security just hit the mainstream

In this episode Michael, Sarah, Gladys and Mark talk with guest Rin Ure  ( ) about the Azure Sentinel SOC Process Framework Workbook.
We also discuss Azure Security news about Azure Web Application Firewall, Azure Front Door, Azure SQL DB, Azure Sphere, Confidential Compute VMs and episode 2 of the Spanish Azure Security Podcast is now out.

Links

• Ransomware guidance
• Microsoft Cybersecurity Reference Architectures
• Security in the Microsoft Cloud Adoption Framework for Azure

In this episode Michael, Sarah, Gladys and Mark talk with guest Nicholas DiCola   ( ) about Security automation in Azure. Nicholas is the Director of Cloud Security in the Azure CXE team, and has a new book on Azure networking security.
We also discuss Azure Security news about Azure Monitor, Confidential Computing, Azure Key Vault, VS Code, Azure Defender for MySQL, MariaDB, PostgreSQL and IoT, and more!

Links

• Workspace Trust for VS Code
• Book: Microsoft Azure Network Security
• Book: Microsoft Azure Sentinel: Planning and implementing Microsoft's cloud-native SIEM solution

In this episode we interview Pete Bryan ( ) from the Microsoft Threat Intelligence Center - MSTIC - about lessons learned from the recent highly-public nation-state attacks on US infrastructure.

We also cover security news about GitHub, Azure Sentinel and Monitor, CosmosDB, Storage Accounts, Azure Functions, SimuLand, Gladys also announces that there is now a Spanish edition of the Azure Security Podcast.

Links

• The Spanish Azure Security Podcast
• My List of Security Announcements from Build 2021

In this episode Michael, Sarah, Gladys and Mark talk with Minni Walia  ( ) about , a fast and highly scalable big data analytics service for any types of logs and telemetry data.
We also discuss Azure Security news about Bicep, VPN Gateway, Azure Backup, Azure Security Center, AKS, Azure Sentinel, IoT Hub, API Management, SimuLand and Microsoft Cybersecurity Reference Architectures and Microsoft Cloud Adoption Framework.

Links

• Microsoft Cybersecurity Reference Architectures
• Security in the Microsoft Cloud Adoption Framework for Azure

In this episode Michael, Gladys and Mark talk with guests Gopal Shankar () and Arvind Chandaka () from the Azure Purview and Azure Information Protection team about a new governance product, Azure Purview.  
We also discuss Azure Security news for the following: Azure Monitor, Storage, cryptography, Zero Trust, Incident Response, Azure Information Protection, Ransomware and more.

Links

• Azure Monitor Private Link
• 'The Best Security Advice I Can Give…'
• 'Please be pedantic when talking about cryptography'
• Revisiting some thoughts from almost 20 years ago
• Zero Trust Core Principles

In this episode Michael, Sarah, Gladys and Mark talk with guest Sharon Xia ( ) about applied Artificial intelligence and Machine Learning in Cybersecurity. Sharon is a Principal PM Manager in the Azure Cloud Security - Data Science Team. This is one of those episodes where many of us learned a great deal about something we know little about!  
We also discuss Azure Security news for: Azure VMs, Azure Charts, Zero Trust and the Open Group, Azure Sentinel, Purview, App Gateway, Security Technical Content Library and a new Azure Networking Security book from Microsoft.

Links

• Zero Trust Core Principles
• NSA: Top 5 vulnerabilities actively abused by Russian govt hackers
• Microsoft, MITRE Release Adversarial Machine Learning Threat Matrix
• Azure Charts
• Why Microsoft's 'Tay' AI bot went wrong
• Researchers trick Tesla into massively breaking the speed limit by sticking a 2-inch piece of electrical tape on a sign

In this episode Michael, Sarah, Gladys and Mark talk with guest Tanu Balla   ( ) about Azure Bastion. Tanu is a Program Manager in the Azure Bastion team based in Redmond, WA.
We also discuss Azure Security news for the following services: Azure Sentinel, DataBricks, PowerBI, App Service, Power Fx, TypeScript, Azure Active Directory, a new Azure Security Technical Implementation Guide (STIG) and Azure App Proxy.

Links

In this episode Michael, Sarah, Gladys and Mark talk with guest Chuck Enstall   ( ) about common security questions he's hearing from Azure customers and we delve into some practices around Azure Active Directory, Tenant and subscription level management and isolation. We also discuss Azure Security news for the following services: GitHub, Code QL, Storage, Iot Hub, SQL Server and Synapse, Event Grid, Media Services, Azure Communications Server, Redis, Key Vault, Azure Active Directory, App Service and Express Route as well as an update on PCI DSS certification and a beta of the SC-200 exam, "Microsoft Security Operations Analyst (beta)".

Links

• GitHub Advanced Security: Introducing security overview beta and general availability of secret scanning for private repositories

This episode is a little different, Sarah and Michael discuss the security news and updates from the Microsoft Ignite conference. Lots of security updates covering SQL Server, CosmosDB, Azure Security Center, Azure Kubernetes Service, Windows Server 2022, VM updates, Azure Sphere, Azure Backup, TypeScript, Azure Sentinel and Azure Purview.

Links

• Azure Monitoring Demo Logs

In this episode Michael, Sarah, Gladys and Mark talk with guest Anthony Roman  ( ) who is a Senior Program Manager in the Azure Networking Security team. We cover topics such as low-level Azure networking security building blocks (VNets, subnets, NSGs, user-defined routes, hub-and-spoke etc.), Azure Firewall, Azure Frontdoor and more.
Mark has a public service announcement regarding Exchange on-prem - PLEASE PATCH. We also discuss Azure Security news for the following Azure topics: Azure Sentinel, Data Encryption SDK, Tables and Queues, TypeScript, Service Principals, Authentication and DataBricks.

Anthony's bio Anthony manages a team of Program Managers responsible for Azure Network Security deployment and product improvement. As part of Microsoft Cloud + AI Security Engineering, the Customer Experience (CxE) team works between customers and product groups to help build comprehensive NetSec solutions that integrate across the Azure Security stack

Links

• Exchange security details (webcast)
• Exchange security details (PowerPoint)
• TypeScript for Jupyter Notebooks
• Azure Network Security Github repo
• Azure Network Security Blog

In this episode Michael, Sarah, Gladys and Mark talk with guests Craig Nelson ( ) and Leron Gray ( ) about Redteam security on Microsoft Azure. If you're new to red teams, blue teams and purple teams and want to learn more about how we test Azure for security issues, then this is the episode for you!

We also discuss Azure Security news for the following services: Azure Bicep, Storage accounts, API Management, Azure Firewall and Azure Sentinel. Gladys also discusses machine learning and Azure Synapse, Mark mentions his concerns about human-operated ransomware and Michael explains why he prefers TypeScript to JavaScript and we add a new phrase to your lexicon: Homomorphic Encryption. You're welcome!

Finally, there's a new exam in beta, SC-900 "Microsoft Security, Compliance, and Identity Fundamentals."

Links

• The Top 10 Things Wrong with JavaScript (ie; Some reasons why Michael does not like JavaScript)

In this episode Michael, Sarah, Gladys and Mark talk with guest Ofer Shezaf  ( ) about Azure Sentinel. Ofer is a Principal Product Manage in the Azure Sentinel team and has years of experience building Security Information and Events Management (SIEM) systems. Ofer also discusses the history of Azure Sentinel and shares some of his insightful philosophies about SIEMs. Make sure you stick around for his fascinating Final Thoughts.
We also discuss Azure Security news for the following services: Azure Security Center, HDInsight, Azure Attestation and IaaS SQL Server using Secure Enclaves. Gladys covers some of the material she learned this week about Privileged Access Workstations (PAWs), especially in light of Solorigate. PAWs are not just for tier-0 admins, but also for developers. Mark covers Azure Security Benchmarks, extending threat and vulnerability management to macOS and shares details about Cybersecurity Maturity Model Certification (CMMC) Workbook.

Links

In this episode Michael, Sarah, Gladys and Mark talk with guest Alex DeDonker  ( ) about his team's role in helping secure the Microsoft Azure cloud platform.
We also discuss the latest Azure Security news for the following services: Azure Sphere, Azure Backup, Managed Disks, Azure Security Center, Azure Policy, Azure Defender for SQL, Azure Health Bot and Azure Automation.
Mark also discusses some updated Solorigate resources, human operated ransomware and more.

Alex's bio Alex DeDonker is a Program Manager within Cloud and AI Security. Alex drives security awareness and education initiatives within the engineering communities at Microsoft. Specifically, as a part of a program called STRIKE; focused on Azure Security. Prior to joining Azure Security’s STRIKE Team, Alex was a technical recruiter at Microsoft in University Recruiting. Beyond that, he helps organize Microsoft BlueHat and can be spotted as a volunteer at many security conferences.

Links

• Simone Curzi's Threat Manager Studio
• MITRE ATT&CK

Michael Howard, Gladys Rodriguez and Mark Simos with guest Suren Jamiyanaa  ( ) who is a Program Manager (PM) in the Azure Firewall team.
In this episode we cover recent security news including the latest on the SolarWinds attack and updates for Security Center, Azure Stream Analytics, Google's Web Signin, Power BI and BGP improvements.

Links

• Solorigate Resources

In this episode we chat to Miriam Wiesner ( ) who is a Program Manager in the Microsoft 365 team, about security, compliance and management using Microsoft 365. If you're confused about Azure Defender, Microsoft Defender or Microsoft 365 Defender, then this is the podcast for you!
Miriam also discusses her pet subject: Event Lists.
We also discuss current Azure security news, including US Government Cloud data classifications, IoT Hub and private link updates, Latest Azure Security Center news, Azure Databricks, Azure Policy and Unified Connection Monitor. Also, Gladys introduces a new product Azure Purview and announces her new role in Azure Engineering.

When talking about Microsoft 365, it might be useful to keep the following diagram handy! The second is when Miriam and Gladys discuss killchains.

  
Miriam's bio Miriam Wiesner works as a Security Program Manager for Microsoft Defender ATP with a focus on Secure Infrastructure and Threat Protection. In her spare time, she enjoys writing articles for her private blog as well as developing tools to support the community and speaks on international conferences and events like Black Hat, hack.lu, BSides, and many more. She's a life-long learner, always excited about new technologies and empowering others.

Links

• Episode 18 Recording  
• The Lockheed Martin Cyber Kill Chain

In this episode Michael and Sarah talk to Gary Buckmaster ( ) a Senior Architect in the Microsoft Technology Center in Sydney, Australia, about Azure Datacenter security, compliance and reliability. If you'd like to get a better understanding of the security-related lifecycle of a humble hard-drive, then this is the episode for you! We also cover security news about Azure Attestation, Confidential Computing, Storage and Virtual Machines.  

Links

•    and transcript (raw)  
• Azure Firewall Policy using Terraform

Michael Howard, Sarah Young and Mark Simos with guest Nick Fadziewicz who is a Principal Consultant at Microsoft working in the Azure and AI team.
In this episode we cover security news about Azure Datalake Storage Gen 2 ACLs, HDInsight and Azure Batch now support Private Link in preview, TLS protocol version support on Storage accounts, Azure Security Center vulnerability assessments and improved Kubernetes support, Azure Firewall DNS updates and more.
Of note is a free e-book "Azure for Architects 3rd Ed" is now available.

Links

•    and transcript (raw)  
• Episode 352 of the Azure Podcast - Michael interviewed
• AzureCrazy - Sarah Young Interview
• Azure Policy – A Love Story
• Azure Policy Exemptions
• Visual Studio Code Policy extension

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos with guest Tom Quinn   ( ) who is a Principal Technical Specialist in Azure to about the Azure Top 10 Security Practices.
In this episode we cover exciting news about new preview features in IoT, Zero Trust, Azure Key Vault and Log Analytics, and Mark opines about VPN technology.

Tom's bio Tom Quinn currently works as an Azure Security and Compliance technology specialist for the Americas. He leads Azure security and compliance discussions and designs with Microsoft's major enterprise customers across various industries including G-SIFI banks and financial services institutions, healthcare, pharma, manufacturing, and government contractors.

Links

•   

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos with guest Amrita Satapathy  ( ) who works in the Azure Security team.
In this episode we discuss Azure security news, including a new member to the Azure Key Vault family, immutable storage, PowerBI and private endpoints, Azure Security Center updates and Azure Top 10 Security practices. Finally, the team chats with Amrita about the Azure Security Benchmark project.

Amrita's bio Amrita is a Principal Program Manager in the Azure Security team with 15+ years of experience in successfully delivering ambitious, innovative services at cloud scale such as Azure Security, Azure Active Directory, Office 365, and Information Protection services. Amrita deeply enjoys diving into technical challenges and building solutions that improve the lives of customers and enterprises. Her latest such endeavor is Azure Security Benchmark which is helping Azure customers to accelerate their cloud adoption journey.

Links

•   
• NIST Special Publication 800-53
• CIS Controls

In this special episode we cover the Azure security, compliance and governance news that came out of Microsoft Ignite 2020.
Michael Howard and Mark Simos sit down with guest Cyril Voisin  ( ) who is the Chief Security Advisor for Europe, Middle East and Africa, based in Paris, France.
The topics covered include updated news on the Microsoft Defender suite, Key Vault, SQL Server, Kubernetes, Data Loss Prevention, Azure Security Center, Zero Trust, Microsoft Information Governance and much more.

Cyril's bio Cyril advises C-level executives and security leaders from leading public and private sector organizations in France, Italy, Middle East, and Africa, on strategic security, risk, and business change issues and opportunities with digital transformation.

Links

•   
• PowerPoint summary

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos with guest Aeva Black   ( ) who is an Open Source Program Manager in the Confidential Computing group at Microsoft.
In this episode we discuss current Azure security news for VMs, IoT, Azure Arc, Sentinel and more. Mark gives his analysis of the latest Microsoft Digital Defense Report and then Sarah and Michael talk to Aeva about the technology, benefits and future of Confidential Computing on Azure at various levels of the hardware and software stack. To be honest, Michael geeks out in this one... :)

If you're new to Confidential Computing on Azure, then you should listen to this episode because Aeva does a magnificent job laying out the why of Confidential Computing.

Aeva's bio Aeva Black is a radically queer geek and lifelong student of the dharma, a Linux user since the mid '90s, and has been an advocate for Open Source since 2003. They pioneered the creation of the OpenStack Bare Metal Cloud project while working at HPE, and have contributed to projects such as MySQL, Ansible, and Kubernetes. Today, they are the Open Source Program Manager for the Azure Confidential Compute team, Azure’s representative to the Confidential Computing Consortium’s Outreach Committee, and a member of the Kubernetes Code of Conduct Committee.

Links

•   
• Open Enclave SDK
• Confidential Computing Consortium
• Microsoft Research on Confidential Computing
• Confidential Inferencing with ONNX Runtime
• BSides San Francisco 2020
• Trusted computing base

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos with guest Yina Arenas   ( ) who is a Principal Group Program Manager in the Microsoft Graph Team.
In this episode we discuss recent Azure security news including TLS in IoT (again!), Log Analytics REST APIs, Azure Information Protection, Azure Monitor and Confidential Computing. We then talk to Yina about the vision behind Microsoft Graph and how it can be used to help build security and IT management solutions.

Links

•   

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos with guest Tali Ash   ( ) who works in the Microsoft Threat Protection team in Israel.
In this episode we cover current Azure security news. Sarah talks about the recent New Zealand DDoS attacks. Michael talks about vulnerabilities in wolfSSL impacting Azure Sphere. Mark explains what he's been up to around Zero Trust and Gladys explains some Azure Bastion changes and Azure Sentinel Ninjas. We then talk to Tali about threat hunting with Microsoft Threat Protection.
On a side note, this podcast was recorded in two chunks owing to timezone issues and Michael used the wrong microphone during the intro and news. He thought he was using his flashy mic, but he accidentally used a webcam mic instead! He will be more attentive from now on!

Links

•    and transcript (raw)  
• New Zealand’s stock exchange halts trading for third day in a row
• Microsoft Security Community

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos with guest Maryam Rahmani   ( ) who works with the Microsoft Security Partner Development Team, helping partners secure public sector customers. 
In this episode we cover the latest Azure security news and Mark chats about the role of threat models and shared responsibility in Azure. Maryam then discusses the Cybersecurity Maturity Model Certification (CMMC) and the role it plays in protecting Dept. of Defense (DoD) contractors from cyber attacks.

Links

•    and transcript (raw)  
• Mark's Top Cloud Security Challenges
• What is CMMC?
• Azure Government Blog
• SP 800-171B - Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations: Enhanced Security Requirements for Critical Programs and High Value Assets

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos with guest Randy Campbell  () a Principal Consultant at Microsoft with a long history working in networking on Azure.
In this episode we cover the latest Azure security news. Gladys discusses some IT training available from Microsoft to help people looking for IT positions in the wake of COVID-19 job-related issues. Michael then talks to Randy about the history of network isolation in Azure, as well as some DNS gotchas when using private endpoints.

If your job has been affected by COVID-19, or you know someone who has been affected, please go to the Microsoft JobSeeker link below.

Links

•    and transcript (draft)  
• Jobseeker: Microsoft's "Learn Skill for In-Demand Jobs"

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos with guest Ryen Macababbad  () a Senior Security Architect Manager at Microsoft.
In this episode we cover the latest Azure security news, Gladys discusses some security research findings about weak security caused by companies rushing to deploy solutions for their remote workers and finally, Sarah interviews Ryen about topics relating to identity, multi-factor authentication, the human element of security, why running many security agents on a computer is bad, password-less authentication and much more.

Links

•   
• BLOOPER: Not Michael's proudest moment!
• Data breach reports down by one‑third in first half of 2020
• One Million Online Student Records Exposed by E-Learning Sites
• More Private Link support , ,

Michael Howard, Sarah Young and Gladys Rodriguez with guest Jay Yuzwenko () who focuses on cybersecurity in the Asia-Pacific region for Microsoft.
In this episode we cover the latest Azure security news and then Sarah dives right in and discusses incident response and compromise recovery with respect to Azure, hybrid and on-prem scenarios.

Links

•   
• BLOOPER: Sarah has a new microphone with a mute button!
• Migrate your Azure WebApp to a new MySQL Database to use built-in threat detection

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos with guest David Sanchez  ()
In this episode we speak to David Sanchez, an Azure Global Black Belt, about recent security issues raised by customers. Topics includes DDoS, scaling, network isolation, bots and crypto-miners.

Links

•   
• Azure Sentinel Hackathon (Now Closed)
• Palo Alto Networks Integration with Azure Security Center

Michael Howard, Sarah Young and Mark Simos with guests Thomas Weiss  ( ) and Tony Voellm ( )  from the CosmosDB Security team.
In this episode we speak to Thomas and Tony about CosmosDB security; we cover the basics of CosmosDB, encryption of data at rest, authentication, authorization, network isolation and monitoring. We also cover some near-term updates for client-side encryption and data-plane RBAC.

Links

•   
• TLS 1.2 Minimum in , , ,
• The Curious Case of the “Un-Enforced” Azure Key Vault RBAC Policy

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos and guest Yuri Diogenese.  ( )
In this episode Michael and Sarah chat about their experiences clearing the AZ-500 Azure Security Exam. Gladys talks more about Zero Trust, and Mark discusses his work on the Cloud Adoption Framework. Finally, Michael interviews Yuri Diogenes about some new Azure Security Center features announced at Microsoft Build.

Links

•   
• Azure Security Center book
• Azure Security Center Training
• Thoughts on Passing AZ-500

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos and guest Michael Withrow.
In this episode Sarah chats to Michael Withrow about in-depth container security on Azure.

Links

•   
• Youth Code Jam

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos.
In this episode, we introduce the hosts and discuss Azure Security Center's ability to scan containers for malware as well as new Confidential Computing VMs that support Intel's SGX enclave technology.

Links

•   
• Open Enclave SDK