Cloud Security
Lessons from the field. Always landing on my feet.
Agent 365 Ships May 1. I Tested the Defender Playbook for AI Agent Attacks.
Microsoft Agent 365 goes generally available on May 1, 2026. Most launch-week posts will explain what it is. I wanted to answer a different question: What does an AI agent attack look like in a real Microsoft defender stack before Agent 365 becomes β¦
Scan Every Blob, Trace Every Read: Defender for Storage + Sentinel
Storage is where malware waits. A blob uploaded to ingest/ by a pipeline step, a partnerβs SFTP connector, or a misconfigured Logic App sits quietly until something downstream opens it β a Data Factory copy, a Function app, a Synapse notebook, a β¦
Investigate Hidden Privilege Paths with Microsoft Sentinel Data Federation and Custom Graphs
After a compromised service principal incident, the first triage question is always the same: βWhat else can this identity reach?β The answer usually lives outside Sentinel, buried in entitlement exports, RBAC snapshots, or asset inventories that β¦
Building Custom Sentinel Connectors in One Click with CCF Push
Getting custom data into Microsoft Sentinel has traditionally required a lot of moving parts. You need a Data Collection Endpoint, a Data Collection Rule, an Entra app registration with a client secret, RBAC role assignments, a custom table β¦
AKS Runtime Security: Binary Drift, Anti-Malware & Gated Deployment with Defender for Cloud
In December, I published a post on securing the container supply chain β SBOM generation, image signing, and build provenance with GitHub Actions. That covered build-time security: making sure the image you ship is the image you built. But what β¦
The February 2026 Microsoft Sentinel Drop: UEBA Essentials, Copilot Connector, and 9 New GA Connectors
February 2026 brought one of the more substantial Sentinel drops in recent memory. UEBA Essentials hit v3.0.6 with a refined workbook and more than 30 hunting queries (including multi-cloud detections shipped in earlier releases), the M365 Copilot β¦
Sentinel MCP Server: Securing Your SOC's New AI Attack Surface
In September 2025, Microsoft announced the Sentinel MCP Server, a Model Context Protocol implementation that lets MCP-compatible AI assistants query your Sentinel data using natural language. Microsoft highlights GitHub Copilot, Copilot Studio, and β¦
Terraform 1.11's Game-Changer: Keep Secrets Out of State for Good
If youβve worked with Terraform and secrets, youβve probably wondered: βWait, is my password actually in that state file?β The answer has historically been: yes. The sensitive = true flag does a great job hiding values from CLI output, but the state β¦
Securing the Agentic Workforce: Microsoft's Zero Trust for AI Agents
The enterprise is entering uncharted territory. AI agents, autonomous systems that can browse the web, execute code, access databases, and interact with third-party services, are no longer experimental. Theyβre being deployed at scale. And theyβre β¦