The Azure Security Podcast

In this episode, Michael and Sarah talk to Sophie Ke and Dave Minasyan about Microsoft Baseline Security Mode, a new feature to help ease security settings. We also cover the latest Azure security news including Microsoft 365 E7, Microsoft 365 Copilot, Azure Blob Storage SFTP, Azure Database for PostgreSQL, and new Confidential VM types. https://aka.ms/azsecpod

Blake Strom, cybersecurity researcher who founded MITRE ATT&CK and worked at MITRE and Microsoft. He recounts the Fort Meade experiment origins, how red/blue tests shaped the ATT&CK matrix, and why sub-techniques were added. He discusses ATT&CK evaluations, common misuses, and the project's unexpected rise in influence.

In this episode Michael talks to Raji Vanninathan about the Microsoft Security Response Center for AI. We also cover security news about AKS Deployment Safeguards policies. https://aka.ms/azsecpod

In this episode, Michael, Sarah and Mark talk to Nick Wryter about agentic AI identity, with a big focus on least privilege issues. We also cover news about:Microsoft AI TourAzure Database for PostgresSQLAzure MCP Server for Azure Confidential LedgerApplication Gateway, FIPS 140-2 and TLSOutbound internet access from VMsAzure NetApp Files and Ransomware protectionAzure Cosmos DB Mirroringhttps://aka.ms/azsecpod

In this episode Michael, Sarah and Mark discuss security-related topics from the recent Microsoft Ignite 2025 event. Lots of AI-related security topics, including using AI for security and defending AI systems. Bitlocker, Windows and so much more!This is the last episode of 2025! It was a blast, and thanks for listening! We hope you find this material useful! https://aka.ms/azsecpod@AzureSecPod See you in 2026!

Mark Simos, a standards and architecture expert who leads Open Group security initiatives, joins to discuss new security standards documentation. He explains the Security Roles and Glossary standard aimed at clarifying terminology and defining roles to enhance organizational security. Topics include the importance of logging in security operations, the alignment of roles with job functions and risks, and the integration of zero trust principles. Mark also highlights how these standards can impact hiring and performance evaluations in the evolving tech landscape.

In this discussion, Merill Fernando, a Customer Experience PM at Microsoft Identity, sheds light on her journey in the identity space and the creation of the Zero Trust Workshop. She explores how modern authentication enables conditional access while contrasting with legacy systems. Merill shares success stories from the workshop that helped clients secure funding and enhance security posture. She also discusses her podcast, Entra.chat, aimed at building a community of identity professionals, and emphasizes the importance of content creation for career growth.

In this episode Michael, Sarah and Mark talk with guest Ryen Macababbad, Principal Security Program Manager at Microsoft about her current work on standardizing security terminology and taxonomy across Microsoft. Also, how getting terminology right is important to security, especially for those with neurodiverse conditions, such as autism.We also discuss Azure Security news about the Microsoft AI tour Sarah is doing, Cosmos DB, and Michael goes on a rant about TLS certificate checking. https://aka.ms/azsecpod

In this episode Michael and Mark talk with guest Mark Russinovich, Technical Fellow, Deputy CISO and Chief Technology Officer of Microsoft Azure about quantum cryptography and quantum computing and its implications for security and the future. NOTE: There's a portion where Mark and Michael talk about a quote made by Richard Feynman about understanding technical topics, but this is actually attributed to Albert Einstein. However, there is no definitive record of Einstein writing or saying this exact phrase in his published works or speeches.We decided to not cover any Azure Security news in this episode.

Russ Rogers, a member of the Xbox team with a background as an old school hacker, dives into the intriguing world of gaming security. He discusses the unique vulnerabilities in online gaming, including the risks of leaderboard manipulation and the protection of legacy games. The conversation also highlights the challenges of DDoS attacks and the industry's holistic strategies to combat them. Additionally, they explore the critical need for safeguarding minors in online spaces, underscoring the importance of both technology and parental guidance.