Episode 503 - Secure Future Initiative

by Sujit D'Mello August 21, 2024

In this episode of the Azure Podcast, Cale, Evan, and Sujit engage in a comprehensive discussion about the Secure Future Initiative at Microsoft. They explore how this initiative influences our use of Azure and why it's beneficial for customers to consider implementing similar strategies in their own Azure environments.

 

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode503.mp3

YouTube: https://youtu.be/TyvkKhdRR5k

Resources:

https://www.microsoft.com/en/microsoft-cloud/resources/secure-future-initiative#tabx6a6ce2c0327741938ac10b008d5cff64

https://learn.microsoft.com/en-us/azure/well-architected/security/design-patterns

SFI Updates

 

Other resources:

https://azure.microsoft.com/en-us/updates/v2/Volume-enhancements

https://azure.microsoft.com/en-us/updates/v2/Dedicated-log-analytics-tables-in-Application-Gateway

https://azure.microsoft.com/en-us/updates/v2/ANF-Double-Encryption-at-rest

https://azure.microsoft.com/en-us/updates/v2/FIPS-mutability-support-in-AKS

https://azure.microsoft.com/en-us/updates/v2/CNI-Powered-by-Cilium-Azure-CNI-Overlay-support-AKS

https://azure.microsoft.com/en-us/updates/v2/New-features-in-AKS-extension-for-Visual-Studio-Code

https://azure.microsoft.com/en-us/updates/v2/Enable-multifactor-authentication-for-your-tenant-by-15-October-2024  (also below)

https://azure.microsoft.com/en-us/updates/v2/generally-available-azure-chaos-studio-supports-a-new-network-isolation-fault-for-virtual-machines

https://azure.microsoft.com/en-us/updates/v2/High-Scale-mode-Container-Insights

Keywords:

Filed Under: Podcast

Episode 502 - Azure Open AI and Security

by Sujit D'Mello August 15, 2024

Azure Open AI is widely used in industry but there are number of security aspects that must be taken into account when using the technology. Luckily for us, Audrey Long, a Software Engineer at Microsoft, security expert and renowned conference speaker, gives us insights into securing LLMs and provides various tips, tricks and tools to help developers use these models safely in their applications.

 

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode502.mp3

YouTube: https://youtu.be/64Achcz97PI

Resources:

AI Tooling:

  1. Azure AI Tooling Announcing new tools in Azure AI to help you build more secure and trustworthy generative AI applications | Microsoft Azure Blog
    • Prompt Shields to detect and block prompt injection attacks, including a new model for identifying indirect prompt attacks before they impact your model, coming soon and now available in preview in Azure AI Content Safety. 
    • Groundedness detection to detect “hallucinations” in model outputs, coming soon. 
    • Safety system messagesto steer your model’s behavior toward safe, responsible outputs, coming soon.
    • Safety evaluations to assess an application’s vulnerability to jailbreak attacks and to generating content risks, now available in preview.  
    • Risk and safety monitoring to understand what model inputs, outputs, and end users are triggering content filters to inform mitigations, coming soon, and now available in preview in Azure OpenAI Service.
  2. AI Defender for Cloud
  3.  AI Red Teaming Tool

AI Development Considerations:

 

  1. AI Assessment from Microsoft
  2. Microsoft Responsible AI Processes
  3. Define Use Case and Model Architecture
  4. Content Filtering System
  5. Red Teaming the LLM
  6. Create a Threat Model with OWASP Top 10

 

Other updates:

Keywords: ,

Filed Under: Podcast

Episode 451 - Landing Zones

by Sujit D'Mello January 13, 2023

Jack Tracey, a Cloud Solutions Architect from the Customer Architecture and Engineering team talks to us about the work his team does to create the Landing Zones which can form the foundation for any well-designed Azure platform. He explains what they are and best practices to consume them in your cloud strategy.

 

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode451.mp3

YouTube: https://youtu.be/6Nfeaw9uELQ

Resources:

https://aka.ms/alz

https://aka.ms/alz/tailoring

https://aka.ms/alz/tf

https://aka.ms/alz/bicep

 

Other updates:

Private Preview: Featured Clothing | Azure updates | Microsoft Azure

Public Preview: IT Service Management Connector (ITSMC) is now certified with ServiceNow Tokyo version | Azure updates | Microsoft Azure

 

General availability: Apache log4J2 sink to Azure Data Explorer | Azure updates | Microsoft Azure

Keywords: ,

Filed Under: Podcast

Episode 426 - Defender for the Cloud

by Sujit D'Mello June 8, 2022

Audrey Long, a Senior Security Software Engineer in Commercial Software Engineering at Microsoft, discusses the Defender for the Cloud service. She explains how the service plays an important part in securing our assets and apps in Azure and other clouds as well. 

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode426.mp3

YouTube: https://youtu.be/w5wG6Bf2aQY

Resources: 

Overview: https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-cloud-introduction

 

Other updates:

General availability: Storage optimized Azure VMs deliver higher performance for data analytics. | Azure updates | Microsoft Azure

 

Generally available: Azure NC A100 v4 virtual machines for AI | Azure updates | Microsoft Azure

 

General availability: New portal experience for Microsoft Artifact Registry | Azure updates | Microsoft Azure

 

 

Start skilling on Azure with these helpful guides

 

https://azure.microsoft.com/en-us/blog/start-skilling-on-azure-with-these-helpful-guides/

 

 

 

Find out why your SQL Server data belongs on Azure

 

https://azure.microsoft.com/en-us/blog/find-out-why-your-sql-server-data-belongs-on-azure/

Keywords:

Filed Under: Podcast

Episode 422 - Open Service Mesh

by Kendall Roden April 28, 2022

Thomas Stringer is a Software Engineering Lead in the Open Service Mesh team at Microsoft and he gives us insights into the OSM add-on for AKS and tells us why that makes applications on AKS so much more secure.

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode422.mp3

YouTube: https://youtu.be/DICsJmFSGCs

Resources: https://openservicemesh.io/

Cloud Native Computing Foundation (cncf.io)

 

Other updates:

General availability: App Service - Networking capabilities added to Basic pricing tier | Azure updates | Microsoft Azure

 

Public preview: App Service - Configure networking in Azure Portal during app creation | Azure updates | Microsoft Azure

Keywords:

Filed Under: Podcast

Episode 406 - Azure Bastion

by Evan Basalik December 16, 2021

Keywords:

Filed Under: Podcast

Episode 367 - Enterprise Scale Landing Zones

by Cynthia Kreng February 28, 2021

The team talks to Azure specialists Jeff Mitchell and Rob Kuehfus about the Enterprise Scale Landing Zones that are part of the Cloud Adoption Framework. These architectural templates allow enterprises to lay down an Azure footprint that is consistent with best practices in terms of security, governance, networking and identity and can be leveraged by new and existing Azure customers.

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode367.mp3

YouTube: https://youtu.be/5xshifBaj1E

Resources:

 

Review the Enterprise-scale landing zones Architecture guidance

Review the Enterprise-scale landing zones implementation guidelines

Review and deploy a reference implementation

MS Learning Path - Create an enterprise-scale architecture in Azure

Try out the reference implementation on your own: Introduction to Enterprise Scale ‘in-a-box’ tutorial (Github)

Check out the Channel 9 series for ESLZ and WAF here

Other updates:

· Azure Defender for App Service introduces dangling DNS protection - https://azure.microsoft.com/en-in/blog/azure-defender-for-app-service-introduces-dangling-dns-protection/
· Prevent dangling DNS entries and avoid subdomain takeover - https://docs.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover

Demystifying cloud economics
https://azure.microsoft.com/en-us/blog/demystifying-cloud-economics/
E-commerce on Azure increases security with Payment Card Industry Three-Domain Secure compliance
https://azure.microsoft.com/en-us/blog/e-commerce-on-azure-increases-security-with-payment-card-industry-three-domain-secure-compliance/
Automating quota management with Azure Quota REST API
https://azure.microsoft.com/en-us/blog/automating-quota-management-with-azure-quota-rest-api/
Microsoft plans to establish first datacenter region in Indonesia
https://azure.microsoft.com/en-us/updates/microsoft-plans-to-establish-first-datacenter-region-in-indonesia/

 

 

Keywords: , ,

Filed Under: Podcast

Episode 352 - Azure Security Podcast

by Sujit D'Mello November 2, 2020

Kendall, Cale and Sujit talk to Michael Howard, a Senior Principal Consultant at Microsoft and an expert in Azure Security related topics. Michael has his own Podcast on these topics so we asked him about some of the trends, issues and advise he has discussed on his own Podcast. He provides some great insights into what is top-of-mind in the cloud security space.

 

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode352.mp3

Resources:

Podcast
https://azsecuritypodcast.net/
https://twitter.com/AzureSecPod

Me
https://twitter.com/michael_howard
https://www.linkedin.com/in/mikehow/
https://michaelhowardsecure.blog/

Other updates:

Azure Cost Management and Billing updates – October 2020
https://azure.microsoft.com/en-us/blog/azure-cost-management-billing-updates-october-2020/
  
Microsoft unlocks the full potential of the smart building ecosystem
https://azure.microsoft.com/en-us/blog/microsoft-unlocks-the-full-potential-of-the-smart-building-ecosystem/
https://azure.microsoft.com/en-us/updates/public-preview-aks-pod-identity/
https://azure.microsoft.com/en-us/updates/ga-azure-spot-on-aks/

 

Keywords:

Filed Under: Podcast

Episode 333 - TLS 1.0 Deprecation

by Evan Basalik June 8, 2020

Candace Jackson, a Senior PM in the Azure Security team, give us an update on the effort to remove the use of TLS 1.0 from applications in Azure.

 

Media file:

 https://azpodcast.blob.core.windows.net/episodes/Episode333.mp3

Resources:

links:
https://www.microsoft.com/en-us/download/details.aspx?id=55266
https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls


Connection logging - This help identify what cipher suites and protocols are negotiated during a successful handshake

IIS
https://cloudblogs.microsoft.com/microsoftsecure/2017/09/07/new-iis-functionality-to-help-identify-weak-tls-usage/

Nginx
http://nginx.org/en/docs/http/ngx_http_ssl_module.html#variables
https://serverfault.com/questions/620123/how-can-i-let-nginx-log-the-used-ssl-tls-protocol-and-ciphersuite

Apache -
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#envvars
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#logformats

 Some resource specific documenation that shows how to configure protocol and cipher suite usage
https://docs.microsoft.com/en-us/azure/app-service/environment/app-service-app-service-environment-custom-settings#disable-tls-10-and-tls-11
Blog: https://blogs.msdn.microsoft.com/appserviceteam/2018/04/17/app-service-and-functions-hosted-apps-can-now-update-tls-versions/
https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-ssl#enforce-tls-1112
https://docs.microsoft.com/en-us/azure/cloud-services/applications-dont-support-tls-1-2

 

Other updates:

Live Video Analytics now in public preview
Updated: June 01, 2020
Live Video Analytics (LVA) on IoT Edge is now in public preview. It is a platform to capture, record, and analyze live video and publish the results (video and/or video analytics), for you to build intelligent video applications. You can use LVA for a number of use cases across industries such as retail, healthcare, and transportation. You can bring any custom AI by plugging in video analysis edge modules, whether they are Cognitive Services containers, custom edge modules built with open source machine learning models, or custom models trained with a customer’s own data. You can also combine video analysis with other business data to make smarter business decisions.
LVA integrates with a number of Azure services (in the cloud and/or the edge), such as Stream Analytics on IoT Edge, Cognitive Services on IoT Edge, Media Services, Event Hub, and Cognitive Services.

From <https://azure.microsoft.com/en-us/updates/live-video-analytics-now-in-public-preview/>

 

 
 
 NOW AVAILABLE
CNI security vulnerability in older AKS clusters and mitigation steps
Updated: June 01, 2020
A security vulnerability has been identified in the container networking implementation (CNI) in CNI plugin versions v0.8.6 and older that may affect older AKS clusters.
Details
An AKS cluster configured to use an affected container networking implementation is susceptible to man-in-the-middle (MitM) attacks. By sending “rogue” router advertisements, a malicious container can reconfigure the host to redirect part or all of the IPv6 traffic of the host to the attacker-controlled container. Even if there was no IPv6 traffic before, if the DNS returns A (IPv4) and AAAA (IPv6) records, many HTTP libraries will try to connect via IPv6 first then fallback to IPv4, giving an opportunity to the attacker to respond.
This vulnerability has been given an initial severity of Medium with a score of 6.0.
Vulnerability analysis and verification
All AKS clusters created or upgraded with a Node Image Version later or equal than “2019.04.24” are not vulnerable, as they set net.ipv6.conf.all.accept_ra to 0 and enforce TLS with proper certificate validation.
Clusters created or last upgraded before that date are susceptible to this vulnerability.
You can verify if your current Node Image is vulnerable by running: https://aka.ms/aks/MitM-check-20200601  on a machine that has CLI access to the cluster’s nodes.
Windows nodes are not affected by this vulnerability.

From <https://azure.microsoft.com/en-us/updates/cni-security-vulnerability-in-older-aks-clusters-and-mitigation-steps/>

From //build 2020 - Azure SQL Edge (preview)
https://azure.microsoft.com/en-us/services/sql-edge/


Deploy to Azure using GitHub Actions from your favorite tools
https://azure.microsoft.com/en-us/blog/deploy-to-azure-using-github-actions-from-your-favorite-tools/

 

Keywords:

Filed Under: Podcast

Episode 317 - Azure Lighthouse Security

by Cale Teeter March 2, 2020
In this episode we chat with Gunnar Campo on Azure Lighthouse, which provides partners with an easy way to run managed solutions for customers, and manage this via a single plan of glass.  Gunnar talks through the various areas that Lighthouse helps here with RBAC, scaling, and monitoring of these solutions.

 

Media file: https://azpodcast.blob.core.windows.net/episodes/Episode317.mp3

Transcript: https://eus2.videoindexer.ai/accounts/e0eee289-7730-4999-978b-eb7f63be8cb5/videos/fb6da9345b/

 

Other updates:

Azure Monitor Log Analytics now has new, upgraded visualizations

From <https://azure.microsoft.com/en-us/updates/azure-monitor-log-analytics-upgraded-results-visualization/>

Fileless attack detection for Linux in preview
https://azure.microsoft.com/en-us/blog/fileless-attack-detection-for-linux-in-preview/

Burst 4K encoding on Azure Kubernetes Service
https://azure.microsoft.com/en-us/blog/burst-4k-encoding-on-azure-kubernetes-service/

A secure foundation for IoT, Azure Sphere now generally available
https://azure.microsoft.com/en-us/blog/a-secure-foundation-for-iot-azure-sphere-now-generally-available/

Preview of Active Directory authentication support on Azure Files
https://azure.microsoft.com/en-us/blog/preview-of-active-directory-for-authentication-on-azure-file/

 

Keywords:

Filed Under: Podcast

Announcements

Now on Spotify! Simply search for Azure Podcast and you will find it. Also available on YouTube and Amazon Music as well! 

Podcast Clients

You can find us on iTunes, Spotify, XBOX Music and in most Podcast clients on Android. Or simply use the RSS feed link above and plug it into your Podcast client.



Flyer

Love this podcast? Use this flyer to socialize it with your community.

Calendar

<<  December 2024  >>
MoTuWeThFrSaSu
2526272829301
2345678
9101112131415
16171819202122
23242526272829
303112345

View posts in large calendar

Tag cloud