Browse All Security Content (376)

David Sanchez lays out a practical DevOps playbook for teams adopting AI coding agents (including GitHub Copilot Cloud Agent), focusing on readiness prerequisites, human–agent collaboration patterns, pipeline changes, governance, and security controls needed to keep quality and accountability intact as non-human contributors scale up.

In this community post, nishantmv breaks down a production-grade Azure serverless architecture for an enterprise facility-management IoT platform, covering a multi-provider telemetry pipeline, template-driven device modeling, an event-driven rule engine, and the security/resilience hardening that made it ready for production.

Allison announces that Dependabot and code scanning can now use OpenID Connect (OIDC) for organization-level access to private registries, reducing reliance on long-lived secrets and enabling short-lived, dynamically issued credentials.

Allison announces new GitHub features that surface deployment and runtime context in repository properties and security alert pages, helping teams automate policy enforcement and prioritize Dependabot and code scanning alerts based on real production risk.

Rahul Bhandari (MSFT) and Tara Overfield summarize the April 2026 .NET and .NET Framework servicing releases, including the updated versions, links to release notes and installers, and the list of security CVEs addressed across supported .NET and .NET Framework versions.

Gloridel Morales announces April patches for Azure DevOps Server, summarizing key fixes (pull request completion reliability, safer sign-out redirect validation, and GitHub Enterprise Server PAT connection) and showing how to verify the patch is installed.

Allison announces a public preview feature that lets teams link GitHub code scanning alerts to GitHub Issues, making it easier to track and prioritize security remediation work in existing planning workflows.

Joseph Katsioloudes introduces Season 4 of GitHub’s Secure Code Game, a hands-on set of challenges where you exploit and fix vulnerabilities in an agentic AI assistant (ProdBot) to learn real-world AI-agent security risks like prompt-based tool misuse, memory poisoning, and sandbox escape.

Allison summarizes GitHub Secret Scanning updates that expand push protection defaults, improve enterprise fork coverage, and add new API capabilities for alert validity, provider filtering, scan history, and enterprise-wide dismissal request reporting.

ManishChopra outlines six practical integration patterns for building agents and copilots that query Oracle Database@Azure with sub-millisecond proximity to Microsoft’s AI stack, covering options from Copilot Studio connectors to ORDS/PL/SQL, Azure Functions, and Logic Apps, plus the identity/governance controls typically needed for production.

Allison explains how GitHub’s SBOM export flow moved to an asynchronous model in the Dependency Graph UI and REST API, removing hard timeouts and adding a generate/fetch pattern for reliably downloading SBOM reports from large repositories.

Dorothy Pearce introduces GitHub’s free Code Security Risk Assessment, a one-click scan that uses CodeQL to surface vulnerabilities across up to 20 active repositories, and explains how the results help teams prioritize remediation (including where Copilot Autofix may apply).

Allison announces updates to GitHub Code Quality standard findings (public preview), including faster triage features like file-path search, bulk dismiss/reopen, and richer per-finding context, with fix suggestions generated by GitHub Copilot Autofix.

Allison announces GitHub Copilot data residency for US and EU regions plus FedRAMP Moderate support, outlining what features are covered, which models are available, the pricing uplift for compliant endpoints, and how enterprise/org admins can enable the policies.

jordanselig shows how to add runtime governance to a multi-agent ASP.NET Core travel planner on Azure App Service using the Microsoft Agent Governance Toolkit, including YAML policy allowlists, audit logging into Application Insights, and SRE controls like SLOs and circuit breakers.

Welcome back to this week's roundup. The main thread is that agents are showing up in more places, and teams are getting clearer ways to control how those agents run. Updates across Copilot (IDE, CLI, cloud agent, and mobile) focused on practical autonomy controls, offline/BYOK routing, cross-model review checkpoints, and security remediation loops that end in reviewable pull requests. In parallel, MCP and Azure AI Foundry updates continued to reinforce "run it like software" basics: deployable tool surfaces with real auth, consistent runtimes across cloud and local, and clearer observability and identity boundaries for day-two operations.

John Savill's Technical Training walks through how SFTP on Azure Storage can use Microsoft Entra ID for authentication, including a demo and practical notes on token lifetime and data-plane authorization (RBAC/ABAC).

John Savill's Technical Training shares a short overview pointing to a full video on integrating Microsoft Entra ID identities for authentication and authorization when accessing Azure Storage via SFTP.

fenildoshi2510 explains how to sync Azure Key Vault secrets into an AKS namespace managed by Rancher using External Secrets Operator (ESO) and Workload Identity, so apps can consume Kubernetes Secrets without storing any client secrets.

Sandeep Sen announces Azure MCP Server 2.0’s stable release, focusing on self-hosted remote MCP servers, authentication options (managed identity and OBO), security hardening, and operational improvements to support agentic workflows that automate and manage Azure resources.