The Azure Security Podcast

Follow The Azure Security Podcast
Share on
Copy link to clipboard

A twice-monthly podcast dedicated to all things relating to Security, Privacy, Compliance and Reliability on the Microsoft Cloud Platform. Hosted by Microsoft security experts, Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos. https://azsecuritypodcast.net/

Michael Howard, Sarah Young, Gladys Rodriguez and Mark Simos


    • Jun 9, 2025 LATEST EPISODE
    • monthly NEW EPISODES
    • 36m AVG DURATION
    • 114 EPISODES


    Search for episodes from The Azure Security Podcast with a specific topic:

    Latest episodes from The Azure Security Podcast

    Episode 114: SQL Server 2025 Security Improvements

    Play Episode Listen Later Jun 9, 2025 25:21 Transcription Available


    In this episode, Michael talks to Pieter Vanhove and Pratim Dasgupta about the new security changes in SQL Server 2025. The news includes updates on MCP, Private Link and Microsoft Build 2025 security sessions presented by Michael and Sarah.https://aka.ms/azsecpod

    Episode 113: Microsoft Red Team

    Play Episode Listen Later May 16, 2025 35:48 Transcription Available


    In this episode, Michael, Sarah, and Mark talk to Craig Nelson, VP of the Microsoft Red Team about how the Red Team works to help secure Microsoft and its customers.In life, there are things you know you know, things you know you don't know, and finally, things you don't know you don't know. This episode is full of the latter.We also cover security news about LLMs and MCP, TLS 1.1 and 1.0 deprecation, Private End Point Improvements, Containers and more.https://aka.ms/azsecpod

    Episode 112: Security Copilot Agents

    Play Episode Listen Later May 13, 2025 29:53 Transcription Available


    In this episode Michael talks with guest Ran Munsch, Principal Product Manager at Microsoft about Security Copilot and Security Copilot Agents. We also discuss Azure Security news about System.Data.SqlClient, April 2025 Secue Future Initiative progress report, Azure Database for PosrgreSQL, Azure DevTest Labs, VNets, Front Door WAF CAPTCHA, API management and more.https://aka.ms/azsecpod

    Episode 111: Securing Agentic AI

    Play Episode Listen Later Apr 17, 2025 23:26 Transcription Available


    In this episode Michael and Sarah talk with guest Amanda Minnich about securing agentic AI systems, the security challenges they face, and how to secure them.We also discuss Azure Security news about Azure File Sync, Docker support in Azure and a new series of Secure Future Initiative videos with appearances from Michael, Sarah, and various guests.

    Episode 110: Securing GenAI Applications with Entra (3 of 4): Monitoring and More

    Play Episode Listen Later Apr 1, 2025 40:14 Transcription Available


    In this episode Michael and Gladys talk to Sharon Chahal who is a Principal Program Manager in the Identity team at Microsoft about monitoring and auditing when building GenAI applications. We also cover other related topics.Michael and Gladys cover the latest security news about API Security Posture Management, Azure Key Vault in China, Azure Data Studio retirement, new least privilege permissions in Graph and more.https://aka.ms/azsecpod

    Episode 109: Securing GenAI Applications with Entra (2 of 4) - Overpermissioning

    Play Episode Listen Later Feb 19, 2025 37:57


    In this episode, Michael, Gladys and Mark talk to guest Bailey Bercik about the problem of overpermissioning and how to use Microsoft Entra Permissions Management to identify and manage over-permissioned identities in multi-cloud environments to reduce security risks, especially for AI apps.We also cover the latest security news about AI red teaming, Azure SQL DB logging, Azure Confidential Ledger, Star Blizzard spear-phishing campaign and CISA Zero Trust Maturity Model.https://aka.ms/azsecpod

    Episode 108: Securing GenAI Applications with Entra

    Play Episode Listen Later Jan 20, 2025 22:27


    In this episode Michael, Gladys, Mark and Sarah talk to guest Diana Vicezar from the Microsoft Entra team about security Generative AI applications. Note, this is a short, simple intro episode to introduce three follow-on episodes. We also cover security news about TLS 1.3 and Azure Event Grid, big updates to Microsoft Defender for Cloud, Azure Database for MySQL, SQL Managed Instance and Confidential Ledger.

    Episode 107: Secure by default and Copilot Overshare Blueprints

    Play Episode Listen Later Jan 6, 2025 37:19


    Happy New Year!In this episode Michael, Sarah and Mark talk to Maxime Bombardier and Emily Blundo about the Secure by default and Copilot overshare blueprints. We also cover news about Always Encrypted Assessment in SQL Server Management Studio, MVP Summit, mapping Entra to the Open Group standard for Adaptive Access, and various CISO Workshop topics!https://aka.ms/azsecpod

    Episode 106: Microsoft Ignite Security Wrap-up

    Play Episode Listen Later Dec 10, 2024 44:23


    In this episode, Michael, Mark, and Sarah go over what they found interesting from Microsoft Ignite. Mark has a discount code for his Zero Trust Book, too.https://aka.ms/aszecpod

    Episode 105: Azure and Entra ID Security Tools

    Play Episode Listen Later Nov 22, 2024 36:59


    In this episode, Michael, Sarah, and Mark talk to Merill Fernando about a set of open source tools he and his team have developed to help people understand their Azure and Entra ID security postures.We also cover news about Fabric, TLS 1.o and 1,1 retirement, Microsoft Ignite, FIDO2, Confidential Containers and Red Hat OpenShift and various Zero Trust news.https://aka.ms/azsecpod

    Episode 104: The Post Bluehat Wrap-up

    Play Episode Listen Later Nov 8, 2024 37:17


    In this episode, Michael talks to Nic Fillingham about the recent Microsoft Bluehat Security conference held at the Microsoft HQ in Redmond, WA. We also discuss how to tell the NZ and Australian accents apart. This alone is worth listening too :)This is a follow-on from episode 103 when we talked about what was coming up for Bluehat.No news, as this is a special, smaller episode. It's also the least edited; other than some ums and ers getting removed and a small retake, the result is as was recorded. Let us know what you think, this feels a little more 'chatty' and personable.https://aka.ms/azsecpod

    Episode 103: Security Conferences and Bluehat

    Play Episode Listen Later Oct 17, 2024 48:17


    In this episode we speak to Nic Fillingham who is a Senior Program Manager at Microsoft about security conferences and mainly about the Microsoft Bluehat conference he runs. We also discuss security about PostgreSQL, Cosmos DB, IP address management, containers and AI Studio. https://aka.ms/azsecpod

    Episode 102: Entra ID Purple-teaming with Dr Azure AD

    Play Episode Listen Later Oct 7, 2024 36:42


    In this episode Michael and Sarah talk to Nestori Syynimaa about Entra ID security and his purple-team tool, AADInternals. We also cover the latest security news about Secure Future Initiative (SFI), MFA for Azure Portal, Playright, WordPress, NSG, Bastion, Azure Functions, MS Ignite, App Service, Defender for Cloud, Containers, Azure Monitor, AKS, Trustworthy AI and Azure AI Content Safety.https://aka.ms/azsecpod

    Episode 101: The GHOST Threat Hunting Team

    Play Episode Listen Later Sep 20, 2024 22:39


    In this episode Michael, Mark and Sarah talk to Matt Zorich and Waymon Ho of the Microsoft GHOST team. We discuss the role GHOST plays in protecting both Microsoft and our customers from nation-state threat actors. We also cover the latest security news about Event Grid, NetApp Files, Chaos Studio and AKS. https://aka.ms/azsecpod

    Episode 100: Our stories so far

    Play Episode Listen Later Aug 29, 2024 48:56


    In this episode Michael, Sarah, Gladys and Mark talk about our careers so far, explain some funny stories and our wishes for a more secure future. Our storiesMark at the startSarah 4m 5sGladys 6m 50sMichael 12m 22sFunny StoriesMark 19m 31sSarah 20m 33sGladys 22m 46sMichael 24m 39sCareer AdviceMark 26m 58sSarah 29m 18sGladys 31m 48sMichael 34m 40sFutureMark 36m 27sSarah 38m 33sGladys 40m 34sMichael 42m 24sBehind the ScenesMark 43m 36s

    Episode 99: Securing Copilot AI Data and Purview

    Play Episode Listen Later Aug 16, 2024 37:29


    In this (late) episode, we chat to Andrew McMurray, a Principal Product Manager at Microsoft about securing Copilot data as well as how Purview can play a role in doing so. We also cover news about MFA access to the Azure Portal (Important), PostgreSQL, Entra ID and Windows authn metadata, Backup Vaults, Conditional Access Policy, ADFS, and Azure Container Apps.

    Episode 98: Secure Future Initiative and Rust at Microsoft

    Play Episode Listen Later Jun 21, 2024 37:19


    In this episode Michael and Gladys talk with guest Dave Weston about Secure Future Initiative and the growing use of the Rust programming language at Microsoft.On the topic of Rust, Michael and Dave nerd out, and we make no apologies!https://aka.ms/azsecpod

    Episode 97: Securing AI

    Play Episode Listen Later Jun 6, 2024 39:48


    In this episode Michael and Sarah talk with guest Richard Diver about securing solutions that use AI and LLMs. Richard also talks about his new book on AI Security, and Michael and Richard talk about what it takes to write a book. We also discuss Azure Security news about Chaos Studio, API Management, Azure Bastion, Front Door, AKS and Copilot for Security and lots more!Also note, we have changed the URL for the show notes web site, so please use this from now on: https://aka.ms/azsecpod.

    Episode 96: Cloud Native Applications Protection Platform (CNAPP)

    Play Episode Listen Later May 3, 2024 21:23


    In this episode Michael, Sarah, and Mark talk with guest (and good friend of the podcast) Yuri Diogenes about CNAPP - Cloud Native Application Protection Platform and announce the release of a CNAPP e-book.

    Episode 95: Threat Intelligence

    Play Episode Listen Later Apr 25, 2024 31:28


    In this episode Michael, Sarah and Mark talk with guest Sherrod DeGrippo, Director of Threat Intelligence Strategy at Microsoft about the current state of Threat Intelligence. We also discuss Azure Security news about Tampa BSides, Virtual Networks, Azure Database for MySQL and PostgreSQL, and SQL Server on Linux.The Microsoft Azure Security Podcast (azsecuritypodcast.net)

    Episode 94: Copilot for Security

    Play Episode Listen Later Apr 1, 2024 35:50


    In this episode Michael, Sarah and Mark talk with guest Ryan Munsch about the newly released Copilot for Security. We also discuss Azure Security news about Azure SQL DB, SSMS 20, Change Actor, Copilot for Azure SQL DB, Azure Container Apps, AI Prompt Shields, AI Groundedness Detection and BlueHat India and Israel.New tab (azsecuritypodcast.net)

    Episode 93: Continuous Security Development Lifecycle

    Play Episode Listen Later Mar 25, 2024 39:12


    In this episode Michael, Sarah, and Mark talk with guests Tony Rice and David Ornstein about insights into the Continuous SDL (Security Development Lifecycle).We also discussed Azure Security news about Azure Key Vault, Cloud PKI, OAuth2, updated SQL Server password verifiers, Memory Safety and Azure SQL DB.The Microsoft Azure Security Podcast (azsecuritypodcast.net)

    Episode 92: Global Azure is soon, sign up and give a security presentation!

    Play Episode Listen Later Mar 15, 2024 42:07


    In this episode Michael and Sarah talk to Martin Abbott about the Global Azure event that starts soon, https://globalazure.net/. We talk about how to successfully fill out a Call for Papers (CFP) so YOU can present to a global audience about security topics that interest you. We also cover security news SQL Always Encrypted, SymCrypt and Rust, SQL Security Fundamentals, and free Security 101 material.

    Episode 91: Azure Chaos Studio

    Play Episode Listen Later Feb 13, 2024 32:50


    In this episode, Michael talks with Rigel Carlson from the Chaos Studio development team about Chaos Studio through a security lens. Michael also discusses news about Midnight Blizzard and has some advice about using Azure's DefaultAzureCredential()The Microsoft Azure Security Podcast (azsecuritypodcast.net)

    Episode 90: AI Red Teaming

    Play Episode Listen Later Jan 29, 2024 38:54


    This is a MUST LISTEN episode for anyone involved in products using AI, or for people who want to learn some of the latest attacks against large language models. Make sure you peruse the exhaustive list of AI security links at The Microsoft Azure Security Podcast (azsecuritypodcast.net), We cover news about Azure SQL DB, Trusted VMs, NetApp Files, Azure Load Testing and Front Door. Mark covers further details about Zero Trust and the CISO Workshop.

    Episode 89: We Look Back on 2023

    Play Episode Listen Later Dec 18, 2023 40:56


    In this episode we look back at what stood out for each of us and what we go up to. We also cover something not security-related, but of interest to all your geeks out there - EQ vs IQ. So make sure you stay until the end!

    Episode 88: Securing SQL Databases though the eyes of an attacker

    Play Episode Listen Later Dec 1, 2023 45:53


    In this episode Michael talks with colleagues in the Azure Data Platform Security Team, Sharath Unni and Raul Garcia about securing Azure SQL DB, SQL MI and SQL Server through the eyes of an attacker.

    Episode 87: Advances in Always Encrypted and Transparent Data Encryption

    Play Episode Listen Later Nov 15, 2023 21:07


    In this episode, Michael talks with his colleagues Pieter Vanhove and Mirek Sztajno about updates to Always Encrypted and Transparent Data Encryption in SQL Server and Azure SQL DB.

    Episode 86: Zero Trust Playbook Series Zero Trust Overview and Playbook Introduction

    Play Episode Listen Later Oct 31, 2023 34:20


    In this episode Michael talks with guest Nikhil Kumar and our own Mark Simos about a new book they have co-authored named "Zero Trust Playbook Series Zero Trust Overview and Playbook Introduction: Actionable Guidance for Business, Security, and Technology Leaders and Practitioners."

    Episode 85: Security Bug Bounties

    Play Episode Listen Later Oct 11, 2023 24:47


    In this episode Michael and Sarah talk with guest Madeline Eckert about Security Bug Bounties.We also discuss Azure Security news about SQL Server 2022, Azure certificate changes, TLS 1.0 and 1.1 deprecation, GitHub security scanning, Ransomeware defenses, Zero Trust and more.; and by 'more' we mean lock-picking!

    Episode 84: Attack Simulation

    Play Episode Listen Later Sep 22, 2023 44:10


    In this episode Michael, Sarah, Gladys, and Mark talk with guest Roberto Rodriguez about attack simulation, Cloud Katana, and AI.We also discuss Azure Security news about Azure SQL DB, Azure Key Vault, Cosmos DB, Trusted Launch VMs, Azure Artifacts, Zero Trust, Windows and TLS and Entra ID.

    Episode 83: PowerShell Automation and Scripting for Cybersecurity

    Play Episode Listen Later Aug 14, 2023 36:48


    In this episode Michael and Sarah with guest Miriam Wiesner about her new book, "PowerShell Automation and Scripting for Cybersecurity" which comes out soon. We also discussed Azure Security news about: Azure SQL DB Always Encrypted improvements, Azure SQL Managed Instance, App Gateway for Containers and Bring your own Key for AKS Ephemeral Disks.

    Episode 82: Modern Security Strategy

    Play Episode Listen Later Aug 8, 2023 35:35


    This week Michael and Mark talk to Microsoft Security MVP Truls Dahlsveen about his thoughts on Modern Security Strategy. It's a fascinating and practical discussion!We also cover security news about Application Gateway TLS policy, Defender for IoT and some new documentation from the OpenGroup about Zero Trust Commandments.

    Episode 81: Audit logging in Azure SQL Database

    Play Episode Listen Later Jul 28, 2023 26:33


    In this special episode Michael talks to his colleague Sravani Saluru about how to configure, monitor and manage audit logging in Azure SQL Database. She also shares some inside hints and tips!

    Episode 80: Microsoft Incident Response

    Play Episode Listen Later Jul 14, 2023 33:53


    In this episode Michael and Sarah talk with guest Matt Zorich from the Microsoft Incident Response team. We also cover the latest Azure security news about Azure's Web Application Firewall and Azure Monitor RBAC.

    microsoft azure incident response web application firewall
    Episode 79: Threat Intelligence with MSTICPy

    Play Episode Listen Later Jun 13, 2023 28:10


    In this episode, Michael and Sarah talk to Thomas Roccia about Threat Intelligence with MSTICPy. We also cover security news about Azure Files SMB, App Gateway, Event Hubs and Linux Containers.

    Episode 78: Entra Permissions Management updates

    Play Episode Listen Later Jun 2, 2023 32:13


    In this episode Michael and Gladys talk with guests Marcelo di lorio and Neil Walker about all the latest news in Entra Permissions Management.We also cover the latest Azure security news about Microsoft Build, Confidential Computing, Key Vault, SQL MI, and Azure Content Safety and more.

    Episode 77: Securing Infrastructure as Code (IaC)

    Play Episode Listen Later May 19, 2023 40:57


    This week, Michael, Mark and Gladys talk to Anthony Shaw about some of the best practices and tooling for securing Infrastructure as Code (IaC) solutions. Sarah is away in Singapore, presenting at BlackHat.We also cover security news about DDoS, Cosmos DB, Microsoft Defender for APIs, Load Balancer, Zero Trust and discovering Internet-facing devices.

    Episode 76: Microsoft Security Research Insights

    Play Episode Listen Later May 3, 2023 26:42


    In this episode Michael, Sarah, and Mark talk with guest Negar Shabab. We also discuss Azure Security news about new Confidential Computing VMs, SQL Server, T-SQL Parsing, Auditing in Azure SQL DB, Sentinel and more.Make sure you go to The Microsoft Azure Security Podcast (azsecuritypodcast.net), because Mark ordered pizza during the recording.

    Episode 75: What's new in Microsoft Defender for Cloud

    Play Episode Listen Later Apr 14, 2023 36:02


    In this episode Michael, Sarah, Gladys, and Mark talk with a good friend of the Podcast, Yuri Diogenes, about the latest Microsoft Defender for Cloud news.We also discuss Azure Security news about Trusted VM Launch, Chaos Studio, Azure SQL DB, DDoS protection, Confidential Containers, Firewall and more.

    Episode 74: What's New in Azure Policy

    Play Episode Listen Later Apr 7, 2023 35:02


    Michael and Mark talk to Kemley Nieva from the Azure Governance team about some of the recent updates and improvements to Azure Policy. We also cover the latest Azure security news covering Microsoft Security Copilot, Azure Functions, SQL Managed Instance, Azure Backup, Ephemeral OS disks, Azure Cache for Redis, Azure SQL Database, Azure Monitor, API Management, Azure Maps and Storage.

    Episode 73: Microsoft Defender for Cloud as Code

    Play Episode Listen Later Mar 23, 2023 27:42


    In this episode Michael and Gladys talk with guests Sean Wesonga and Bojan Magusic about using Infrastructure as Code (IaC) with Microsoft Defender for Cloud. We also discuss Azure Security news about new Azure SQL Database migration abilities for authentication and Transparent Data Encryption (TDE).

    Episode 72: What's top of mind for the hosts and career advice!

    Play Episode Listen Later Mar 8, 2023 61:25


    In this episode Michael, Sarah, Gladys and Mark interview each other! The Podcast is almost three years old, and things have changed for each of us, so we thought we'd re-introduce ourselves, reflect, give career advice, and talk about what's top of mind for each of us!We also discuss Azure Security news about SQL Server and Azure SQL DB, MFA and AAD, AAD and IPv6, new SC-100 study guide and more.

    Episode 71: Azure SQL Database and Always Encrypted using Virtualization-Based Security Enclaves

    Play Episode Listen Later Feb 15, 2023 28:13


    In this special episode, Michael sits down with Pieter Vanhove about a new addition to the SQL Server 'Always Encrypted' family. The new addition, Virtualization-Based Security Enclaves (VBS), is now in Preview and allows for more scalability and lower cost when using secure enclaves compared to the current SGX-based enclaves.

    Episode 70: Microsoft Purview

    Play Episode Listen Later Feb 13, 2023 34:05


    In this episode Michael and Sarah talk with guests Beau Faull and Lou Mercuri about some new features and updated naming in Microsoft Purview. Beau and Lou are also co-hosts of the Coast2Coast Podcast on YouTube.We also discuss Azure Security news about Trusted Boot VMs, Sentinel and Defender for Cloud.

    Episode 69: Secured Supply Chain and Software Bill of Materials (SBOM)

    Play Episode Listen Later Feb 2, 2023 27:20


    In this episode, Michael and Mark talk to Adrian Diglio about Software Bill of Materials and its role in helping secure the software supply chain.We also have news items about SQL Server, Azure SQL DB, Azure Database for PostgreSQL, Azure Database for MySQL and Application Secure Groups and Private Endpoints. Mark goes over MCRA, Immutable Laws of Cybersecurity and Security Architecture Design.

    SQL Server 2022

    Play Episode Listen Later Dec 7, 2022 33:07


    Michael sits down with Ajay Jagannathan who is the Principal Group PM Manager for SQL Server. Michael also covers a couple of SQL Server related news items.

    Privileged Access

    Play Episode Listen Later Nov 24, 2022 32:04


    Michael and Sarah talk to Bronwyn Mercer from Microsoft Australia about Privileged Access as well as some ideas and processes to help you succeed. Also, the latest security news about Managed HSM, Defender for DevOps, TLS and ARM, SQL Server 2022, Application Gateway.Finally, 'Designing and Developing Secure Azure Solutions' is now available. https://azsec.tech/get

    Workload Identities

    Play Episode Listen Later Nov 11, 2022 31:57


    In this episode Michael, Sarah and Mark talk with guest Joey Snow about Workload Identities in Azure. We also chat about least privilege and privileged accounts in general. Finally, the latest Azure Security news about: Azure Front Door, Log Analytics, Web Application Firewall and AKS SSH keys.

    identities azure workload web application firewall
    Microsoft Defender for Threat Intelligence

    Play Episode Listen Later Nov 4, 2022 38:14


    In this episode Michael, Sarah, Gladys and Mark talk with guests Rijuta Kapoor and Brandon about Microsoft Defender for Threat Intelligence. We also discuss Azure Security news about Azure Service Bus and TLS, PostgreSQL, VMs, SQL Server and Confidential VMs, Azure SQL DB, Workload Identities, Microsoft Entra and other security news from Ignite.

    The SQL Server Permission Model Explained

    Play Episode Listen Later Oct 15, 2022 46:15


    In this special, out of band episode, Michael talks to Andreas Wolter about the SQL Server and Azure SQL Database permission model. To many, the model is a mystery, but Andreas explains how it works as Michael poses security challenges.

    Claim The Azure Security Podcast

    In order to claim this podcast we'll send an email to with a verification link. Simply click the link and you will be able to edit tags, request a refresh, and other features to take control of your podcast page!

    Claim Cancel