Introduction
#

This week, Microsoft organized MS Build 2024. At this event, you can expect everything about the latest technology trends, potential new innovative features, and technology to build the future. The goal is to bring together developers, industry disruptors, and technologists who share their ideas, connect with their peers, and help the Microsoft Community have the opportunity to learn new skills.

If you weren’t at the conference, no problem at all. Expect everything about Azure, DevOps, Cloud Security, Windows and, of course, Copilot. Luckily, most sessions are recorded and available on the Conference Landing Page. You may want to see the excellent and promising opening keynote by Satya Nadella, Rajesh Jha, and Kevin Scott. It is incredible to hear about all the opportunities that are unlocked in the era of AI, like accelerating Cloud Security Remediation.

You can watch the recorded keynote below. Enjoy!

Below, I will go through a selection of my sessions you don’t want to miss.

Selection of sessions you don’t want to miss
#

The first session you don’t want to miss as a Security Professional is the talk about AI Security called ‘Inside AI Security with Mark Russinovich’. Mark Russinovich takes us through the landscape of AI security, with a focus on threat modeling, defense tactics, red teaming approaches, and the path to confidential AI. All based on Microsoft’s experiences developing and operating OpenAI services at scale. During the talk, we learn about the various kinds of attacks in AI systems like LLMs and possible defense techniques, such as backdoors, poison data, prompt injection attacks, and more.

Another one of my favorites is the session delivered by the GitHub Team. The talk is about ‘baking Security into your workflow with GitHub Advanced Security and AI’ and, as expected, a live demo. It gives a good inside view of the features provided by GitHub Advanced Security. Copilot included. Justin Hutchings and Madison Oliver deliver a well prepared session on how to prevent most security vulnerabilities entering your enterprise repositories. Expect some Dependabot and AI to quickly fix most of the coding issues that cause vulnerabilities.

Are you more into lessons learned and sharing practices? Then you don’t want to miss the session on Red Teaming, especially when AI comes around the corner. It’s about ‘How Microsoft Approaches AI Red Teaming’. You can expect a good deep dive into the AI Red Team (AIRT) which serves as the independent red team for high-risk AI across Microsoft, identifying vulnerabilities in pre-ship products and driving research to scale insights across the company. All about Processes, Techniques and Tools like PyRIT. Learn more about their tooling here, which is Open Source and available at GitHub for download.

Already tired of AI? Let’s dive into container security. Ever thought about securing AKS and taking the Supply Chain approach. Listen to the talk about ‘Securing the Containers’ Supply Chain for Azure Kubernetes Service’ delivered by Payal Mahesh and Toddy Mladenov. They take us into the world of Containers Secure Supply Chain (CSSC) framework. We learn about the various stages during a live demo. Very informative session. If you are ready to learn more, just go through the documentation at Microsoft Learn.

Looking for more Cloud Security related sessions? Just visit the landing page here.

I will end this blog with some Observability. Also on this topic there was a very interesting session. The talk takes us from Code to Cloud, as we nowadays expect from Modern Observability tools. Learn about using E2E Diagnostics, diving into the Azure Monitor Pipeline, extending Cloud Native Monitoring with Managed Grafana or Prometheus, and embracing techniques like Chaos Engineering, which is called Azure Chaos Studio. All are available on the Azure platform today. Brought by Rahul Bagaria and many others from the Azure Monitor team.