Zero Trust
Lessons from the field. Always landing on my feet.
March 2026 Entra ID Changes: Passkey Auto-Enablement and Conditional Access Enforcement
Microsoft is shipping two Entra ID changes in March 2026 that will change how your users authenticate. Neither change requires administrator action to take effect, and that is precisely the risk. If you do not act before the deadlines, Microsoft β¦
Just-In-Time Access for AI Agents: Building a ZSP Gateway in Azure
AI coding assistants need Contributor access to deploy infrastructure. Backup automation needs Key Vault secrets at 2 AM. Security scanners need Reader access on a schedule. The easy answer is standing permissions-give each service principal what it β¦
Sentinel MCP Server: Securing Your SOC's New AI Attack Surface
In September 2025, Microsoft announced the Sentinel MCP Server, a Model Context Protocol implementation that lets MCP-compatible AI assistants query your Sentinel data using natural language. Microsoft highlights GitHub Copilot, Copilot Studio, and β¦
Secure Your Container Supply Chain: SBOM, Signing & Attestation with GitHub Actions
Over the last couple of weeks, Iβve been diving deep into container supply chain security. Between high-profile incidents like SolarWinds, Log4Shell, and the xz Utils backdoor, itβs clear that securing the build pipeline is just as critical as β¦
Terraform 1.11's Game-Changer: Keep Secrets Out of State for Good
If youβve worked with Terraform and secrets, youβve probably wondered: βWait, is my password actually in that state file?β The answer has historically been: yes. The sensitive = true flag does a great job hiding values from CLI output, but the state β¦
Securing the Agentic Workforce: Microsoft's Zero Trust for AI Agents
The enterprise is entering uncharted territory. AI agents, autonomous systems that can browse the web, execute code, access databases, and interact with third-party services, are no longer experimental. Theyβre being deployed at scale. And theyβre β¦