WEBVTT 00:00:03.759 --> 00:00:06.240 Welcome to the Azure Security Podcast, where 00:00:06.240 --> 00:00:08.759 we discuss topics relating to security, privacy, 00:00:09.060 --> 00:00:11.480 reliability, and compliance on the Microsoft 00:00:11.480 --> 00:00:16.280 Cloud Platform. Hey everybody, welcome to episode 00:00:16.280 --> 00:00:20.480 122. This week is myself, Michael, with Sarah 00:00:20.480 --> 00:00:23.320 and Mark. And in this episode, we actually have 00:00:23.320 --> 00:00:25.000 no news whatsoever, because we're going to talk 00:00:25.000 --> 00:00:27.300 about the Microsoft Ignite conference that was 00:00:27.300 --> 00:00:29.760 just a couple of weeks ago, and some other things 00:00:29.760 --> 00:00:32.909 that sort of took our interest. So Sarah, you 00:00:32.909 --> 00:00:34.869 were actually there. So why don't you give us 00:00:34.869 --> 00:00:39.409 a lowdown on what you saw? Okay. Yes, I was there. 00:00:39.490 --> 00:00:41.530 And if any of you watch the live stream, you 00:00:41.530 --> 00:00:44.990 might have seen me look far more glamorous than 00:00:44.990 --> 00:00:47.829 I usually do day to day because I have professional 00:00:47.829 --> 00:00:51.840 help. And I was there. It was in San Francisco. 00:00:52.020 --> 00:00:56.000 It was at the Moscone Center. It was about 20 00:00:56.000 --> 00:00:59.020 ,000 people, I believe, in person. So pretty 00:00:59.020 --> 00:01:03.759 big. It certainly felt big to me. And it was, 00:01:03.759 --> 00:01:07.349 as usual, it's sort of Tuesday to... friday midday 00:01:07.349 --> 00:01:10.090 the week before thanksgiving and there were a 00:01:10.090 --> 00:01:13.709 ton of announcements and you know there's keynotes 00:01:13.709 --> 00:01:17.310 breakouts uh then we have the big expo hall and 00:01:17.310 --> 00:01:20.090 there's labs and kind of everything if anyone's 00:01:20.090 --> 00:01:22.730 ever been to an ignite i guess you you know what 00:01:22.730 --> 00:01:26.530 to expect uh but it was it was good uh very busy 00:01:26.530 --> 00:01:30.959 i needed to sleep a lot afterwards And I'm going 00:01:30.959 --> 00:01:32.879 to have to quote you, Sarah, on this one, because 00:01:32.879 --> 00:01:35.500 I remember one of the opening lines that you 00:01:35.500 --> 00:01:37.780 made during the sort of interview segments was, 00:01:37.879 --> 00:01:41.939 there's heaps of security news. I use that on 00:01:41.939 --> 00:01:47.260 purpose. I mean, heaps is a very Aussie, Kiwi 00:01:47.260 --> 00:01:50.700 thing to say, rather than lots. I can't remember 00:01:50.700 --> 00:01:52.640 what the original word was in the script I've 00:01:52.640 --> 00:01:54.840 been given. We are allowed to change it a little 00:01:54.840 --> 00:01:56.620 bit. So you actually slipped in heaps on purpose? 00:01:57.700 --> 00:01:59.560 twice in like the first minute that's hilarious 00:01:59.560 --> 00:02:02.040 again that is like you say that's such an Australian 00:02:02.040 --> 00:02:05.159 and New Zealand thing to say I can't remember 00:02:05.159 --> 00:02:07.819 what the original word was but we are allowed 00:02:07.819 --> 00:02:10.080 we don't have to read it verbatim as long as 00:02:10.080 --> 00:02:11.879 everyone understands one of the funniest things 00:02:11.879 --> 00:02:14.740 I saw a presentation by Catherine Holdsworth 00:02:14.740 --> 00:02:17.639 who's from New Zealand and we've known each other 00:02:17.639 --> 00:02:19.840 for a long time and she was talking about butt 00:02:19.840 --> 00:02:26.250 locker Again, for anyone who doesn't know, here's 00:02:26.250 --> 00:02:27.990 how you tell an Australian accent from a New 00:02:27.990 --> 00:02:29.930 Zealand accent. Get them to say fish and chips. 00:02:30.409 --> 00:02:32.330 And if it's flush and chips, then they're from 00:02:32.330 --> 00:02:34.030 New Zealand. And if it's fish and chips, then 00:02:34.030 --> 00:02:35.650 they're from Australia. There you go. Now you 00:02:35.650 --> 00:02:38.610 know. This is correct. Thank you. Because people 00:02:38.610 --> 00:02:41.610 from New Zealand shift their vowels out by one. 00:02:42.030 --> 00:02:44.969 Shuft their vowels. Shuft. Shuft, yeah. They 00:02:44.969 --> 00:02:49.020 shuft their vowels. I think until you've – I 00:02:49.020 --> 00:02:50.939 know I couldn't tell the difference between Australian 00:02:50.939 --> 00:02:54.099 and Kiwi accents until I lived down here and 00:02:54.099 --> 00:02:57.080 listened to them all the time. But I definitely 00:02:57.080 --> 00:03:00.960 can now. There's also a chap – we digress massively. 00:03:01.000 --> 00:03:04.979 If you watch the keynote, there's a chap – called 00:03:04.979 --> 00:03:08.219 Scott Woodgate, who does some of the threat protection 00:03:08.219 --> 00:03:11.219 demos in the keynote at Ignite. And he's also 00:03:11.219 --> 00:03:15.400 a Kiwi. And so you can listen to him talk with 00:03:15.400 --> 00:03:17.560 his vowel shift as well. Actually, it's funny 00:03:17.560 --> 00:03:19.060 you say that. I was watching the video. I'm like, 00:03:19.199 --> 00:03:22.860 I know that guy. Then I heard him speaking. Oh, 00:03:22.979 --> 00:03:26.650 I do know that guy. Yeah. Let's get back to what 00:03:26.650 --> 00:03:28.129 we're actually here for, which is talk about 00:03:28.129 --> 00:03:31.490 the Microsoft Unite book of news. So like any 00:03:31.490 --> 00:03:33.189 big conference at Microsoft, there's always a 00:03:33.189 --> 00:03:36.310 book of news that gets released. And Mark, we've 00:03:36.310 --> 00:03:40.270 all been going through it, but what were your 00:03:40.270 --> 00:03:42.229 first thoughts when you went through it? The 00:03:42.229 --> 00:03:44.030 themes that really jumped out for me is that, 00:03:44.169 --> 00:03:47.069 and this is really in the spirit of the SFI, 00:03:47.069 --> 00:03:49.069 the Secure Future Initiative from Microsoft to 00:03:49.069 --> 00:03:51.169 make sure everything's secure. There's a whole 00:03:51.169 --> 00:03:53.710 lot of security in a lot of non -security products. 00:03:54.509 --> 00:03:57.550 And so I was just sort of struck by the number 00:03:57.550 --> 00:04:00.129 of different security sort of features and capabilities 00:04:00.129 --> 00:04:02.669 and reviews and whatnot that were part of all 00:04:02.669 --> 00:04:04.909 these non -security products. That was the first 00:04:04.909 --> 00:04:07.270 thing that jumped out at me. There's a lot of 00:04:07.270 --> 00:04:09.870 AI protections and making sure that as AI is 00:04:09.870 --> 00:04:11.569 integrated in all the different Microsoft products 00:04:11.569 --> 00:04:14.090 that there's prompt injection protections here 00:04:14.090 --> 00:04:16.990 and there and the security overlays and the intercepts, 00:04:16.990 --> 00:04:20.009 but also in the products themselves. And of course, 00:04:20.009 --> 00:04:23.029 some dedicated features around security, quite 00:04:23.029 --> 00:04:26.639 a few. we'll cover. And then the big one that 00:04:26.639 --> 00:04:30.000 I picked up on that was just a really nice kind 00:04:30.000 --> 00:04:33.740 of feature set or a bunch of things was the Agent 00:04:33.740 --> 00:04:36.540 360, I believe it's called, which is really kind 00:04:36.540 --> 00:04:41.959 of that security lifecycle being applied to the 00:04:41.959 --> 00:04:44.819 posture side as well as the threat protection 00:04:44.819 --> 00:04:47.740 side, kind of left of bang, right of bang, for 00:04:47.740 --> 00:04:50.480 the lifecycle of agents and, of course, managing 00:04:50.480 --> 00:04:52.680 the identity of it, et cetera. So I think it's 00:04:52.680 --> 00:04:54.339 primarily like an identity feature. but then 00:04:54.339 --> 00:04:56.420 making sure that over the lifecycle of the agent 00:04:56.420 --> 00:05:00.439 that we're able to do all that stuff. And I think 00:05:00.439 --> 00:05:03.040 I might have stolen some from Sarah's thunder 00:05:03.040 --> 00:05:05.040 based on that reaction. What do you mean by left 00:05:05.040 --> 00:05:08.459 of bang, right of bang? Oh, so that's an expression 00:05:08.459 --> 00:05:12.850 I use to describe the security lifecycle. Bang 00:05:12.850 --> 00:05:15.449 being an incident or breach or an attack actually 00:05:15.449 --> 00:05:17.709 happening. Left of bang is all the stuff you 00:05:17.709 --> 00:05:19.750 do ahead of time to try and prevent that and 00:05:19.750 --> 00:05:22.550 block it from happening. Sometimes, you know, 00:05:22.550 --> 00:05:24.290 called posture management. And then right of 00:05:24.290 --> 00:05:27.149 bang is, you know, what do you do when the bad 00:05:27.149 --> 00:05:29.990 stuff happens? And how do you handle it? And, 00:05:30.009 --> 00:05:31.990 you know, sort of detection being the turning 00:05:31.990 --> 00:05:34.050 point between them and that your spawn recover. 00:05:34.449 --> 00:05:36.850 And the NIST cybersecurity framework terminology 00:05:36.850 --> 00:05:40.100 is your security operations or SOC. And then 00:05:40.100 --> 00:05:44.139 the identify, prevent, and detect, the first 00:05:44.139 --> 00:05:45.699 part of detect, setting them up in the first 00:05:45.699 --> 00:05:48.319 place, is left of bang. So it's a markism, it's 00:05:48.319 --> 00:05:53.459 not a nistism? It's becoming a more -ism. It's 00:05:53.459 --> 00:05:55.660 in some of the open group work and some of the 00:05:55.660 --> 00:05:59.019 Microsoft stuff. And it's a really good, simple 00:05:59.019 --> 00:06:01.100 way to explain stuff because it's the same as 00:06:01.100 --> 00:06:03.480 any other risk, right? You want to keep the bad 00:06:03.480 --> 00:06:05.360 stuff from happening and you want to deal with 00:06:05.360 --> 00:06:06.959 the bad stuff when it happens. And it just tends 00:06:06.959 --> 00:06:09.279 to break it down in a proactive versus reactive 00:06:09.279 --> 00:06:13.139 way. And if you don't invest in both, well, you're 00:06:13.139 --> 00:06:15.259 either unprepared for the bad stuff or you're 00:06:15.259 --> 00:06:16.740 dealing with a bunch of bad stuff you could have 00:06:16.740 --> 00:06:19.279 prevented. So, Mark, I'm going to, first of all, 00:06:19.319 --> 00:06:24.180 it's Agent 365. Oh, I'm sorry. I was five short. 00:06:24.300 --> 00:06:29.279 My bad. It's Agent 365. But you're right. I was 00:06:29.279 --> 00:06:31.560 going to talk about it. But I think there's lots 00:06:31.560 --> 00:06:34.120 to say about it because, you know what, based 00:06:34.120 --> 00:06:36.740 on my chats with people when I was at Ignite, 00:06:36.740 --> 00:06:39.959 and obviously this is entirely non -scientific. 00:06:40.519 --> 00:06:44.079 The Agent 365 was the thing that a lot of people 00:06:44.079 --> 00:06:47.000 were talking about. So if you didn't see it, 00:06:47.120 --> 00:06:50.980 it's very cool. It's very visual. Officially, 00:06:50.980 --> 00:06:55.540 we're calling it a IT admin tool, but I believe 00:06:55.540 --> 00:06:58.920 that it will end up being used much more widely 00:06:58.920 --> 00:07:01.439 than that by a lot of different... types of people 00:07:01.439 --> 00:07:04.680 in different roles because it visualizes how 00:07:04.680 --> 00:07:08.639 will your agents talk to each other. It also 00:07:08.639 --> 00:07:12.339 sucks up signals from Entra, Defender, Purview. 00:07:12.480 --> 00:07:15.000 So you can have a look at what data sources it's 00:07:15.000 --> 00:07:17.240 talking to. You can have a look at the risks 00:07:17.240 --> 00:07:20.500 and the compliance piece all in one portal. So 00:07:20.500 --> 00:07:24.060 it isn't an officially in a security tool, but 00:07:24.060 --> 00:07:29.420 I foresee it being. used a lot as one when it 00:07:29.420 --> 00:07:33.300 comes out properly. I believe it's in private 00:07:33.300 --> 00:07:35.459 preview at the moment, so it's a bit limited, 00:07:35.560 --> 00:07:38.220 but I can't believe that lots of people won't 00:07:38.220 --> 00:07:41.360 use it. That's my gut feel. Yeah, even if it's 00:07:41.360 --> 00:07:43.199 not a security tool, it's definitely welcome 00:07:43.199 --> 00:07:45.180 to the security table at Thanksgiving. Well, 00:07:45.240 --> 00:07:47.519 sorry, that's a US reference. It's welcome to 00:07:47.519 --> 00:07:49.480 family dinner. Yeah, I think a lot of people 00:07:49.480 --> 00:07:53.920 will use it for a variety of different things. 00:07:55.420 --> 00:07:58.569 Yeah. So, hey, Michael, what about you? What 00:07:58.569 --> 00:08:00.750 did you see that was exciting? Yeah, well, let's 00:08:00.750 --> 00:08:03.509 sort of round robin this. There's a whole bunch 00:08:03.509 --> 00:08:05.350 of things that took my fancy, but the first one, 00:08:05.370 --> 00:08:06.810 which should be of absolutely no surprise to 00:08:06.810 --> 00:08:10.589 absolutely nobody whatsoever, is we have now 00:08:10.589 --> 00:08:14.170 GA'd post -quantum cryptography APIs in Windows, 00:08:14.350 --> 00:08:15.990 and they're also now surfaced actually in .NET 00:08:15.990 --> 00:08:18.670 10. So post -quantum crypto, if you're not aware, 00:08:18.949 --> 00:08:22.250 is basically when quantum computers become mainstream. 00:08:23.199 --> 00:08:25.360 they're going to break a lot of the asymmetric 00:08:25.360 --> 00:08:28.019 algorithms. So RSA, elliptic curve, Diffie -Hellman, 00:08:28.100 --> 00:08:30.920 they're all going to get completely broken. There 00:08:30.920 --> 00:08:33.019 is an attack against symmetric algorithms called 00:08:33.019 --> 00:08:36.639 Grover's attack, but it's not as serious as the 00:08:36.639 --> 00:08:38.740 attacks against asymmetric algorithms. For those 00:08:38.740 --> 00:08:40.799 who want to know, basically the reason why is 00:08:40.799 --> 00:08:43.299 because quantum computers are very good at breaking 00:08:43.299 --> 00:08:47.679 algorithms, whereas symmetric stuff like AES 00:08:47.679 --> 00:08:50.960 and SHA -256 and so on, they're all just bit 00:08:50.960 --> 00:08:54.059 twiddling. you know, shifting, exclusive warring, 00:08:54.059 --> 00:08:56.460 bitmasking, all that sort of stuff. So it's not 00:08:56.460 --> 00:08:58.980 like an algorithm per se, whereas the algorithmic 00:08:58.980 --> 00:09:00.700 side of things, quantum computers are very good 00:09:00.700 --> 00:09:03.580 at breaking that. So basically RSA, elliptic 00:09:03.580 --> 00:09:05.500 curve, Diffie -Hellman, they're all going to 00:09:05.500 --> 00:09:08.220 get completely busted wide open when quantum 00:09:08.220 --> 00:09:11.070 computers come online. And the real attack that's 00:09:11.070 --> 00:09:13.090 going on now is a thing called harvest now, decrypt 00:09:13.090 --> 00:09:16.490 later. So you may actually have your data harvested 00:09:16.490 --> 00:09:18.809 and not even realize it. And then if it's super 00:09:18.809 --> 00:09:21.289 sensitive stuff, then the bad guys will then 00:09:21.289 --> 00:09:23.649 decrypt it later on. And it may still hold some 00:09:23.649 --> 00:09:26.470 value, even though it may be 10 years from now. 00:09:26.730 --> 00:09:28.850 So really people should start moving across to 00:09:28.850 --> 00:09:32.149 these post -quantum crypto algorithms, especially 00:09:32.149 --> 00:09:34.759 with things like key wrapping. So they're available 00:09:34.759 --> 00:09:41.120 now in GA, on Windows and in .NET 10. And it's 00:09:41.120 --> 00:09:43.820 an evolving area. Things will change, but these 00:09:43.820 --> 00:09:46.259 algorithms that we have in there have been pretty 00:09:46.259 --> 00:09:49.779 much solidified. The thing that sort of is a 00:09:49.779 --> 00:09:52.200 precursor to all of this, though, is if you are 00:09:52.200 --> 00:09:54.320 looking at post -quantum crypto, which you should, 00:09:54.480 --> 00:09:58.059 you really need to consider crypto agility. Like 00:09:58.059 --> 00:10:00.539 if you're not building cryptographic solutions 00:10:00.539 --> 00:10:05.029 with agility in mind, be in a world of hurt when 00:10:05.029 --> 00:10:07.149 these post -quantum crypto algorithms are sort 00:10:07.149 --> 00:10:09.230 of forced upon you. So if you're not familiar 00:10:09.230 --> 00:10:11.409 with crypto agility, go and look it up, read 00:10:11.409 --> 00:10:14.049 a few things about it. There's a couple of books 00:10:14.049 --> 00:10:17.409 I know of that explain it pretty well, but it's 00:10:17.409 --> 00:10:19.090 a big deal. So that's my first one that I had, 00:10:19.169 --> 00:10:21.750 post -quantum crypto. Huge, huge. Nice to see 00:10:21.750 --> 00:10:24.990 that it's in GA in Windows and .NET 10. The other 00:10:24.990 --> 00:10:30.669 thing that was... Quite interesting was, well, 00:10:30.789 --> 00:10:33.809 quite interesting and necessary. So many purview 00:10:33.809 --> 00:10:36.509 announcements. I don't know. I don't even know. 00:10:36.549 --> 00:10:39.269 There's just so much more. We're really building 00:10:39.269 --> 00:10:42.090 out the data security piece for obvious reasons 00:10:42.090 --> 00:10:46.110 because of AI. I'm just going to, I won't even 00:10:46.110 --> 00:10:49.549 dig into them in any specific detail because 00:10:49.549 --> 00:10:52.750 you can go and read up about them. But just there 00:10:52.750 --> 00:10:55.970 is more. There is way more controls for data. 00:10:57.129 --> 00:10:59.350 Purview is getting, there are some blades that 00:10:59.350 --> 00:11:01.649 are getting completely revamped. And the whole 00:11:01.649 --> 00:11:03.769 idea is that we're making it easier and easier 00:11:03.769 --> 00:11:06.929 and easier for folks to be able to get control 00:11:06.929 --> 00:11:11.019 of their data. particularly now, you know, everyone's 00:11:11.019 --> 00:11:13.899 using AI and agents. I mean, a big theme that 00:11:13.899 --> 00:11:15.759 came through, and again, if you watch the keynote, 00:11:15.840 --> 00:11:18.299 you'll see it, is this observability piece. And 00:11:18.299 --> 00:11:20.500 I think we're going to hear the word observability 00:11:20.500 --> 00:11:23.940 a lot more. Now, in terms of security, of course, 00:11:23.960 --> 00:11:25.820 we've cared about observability and security 00:11:25.820 --> 00:11:28.879 for a long time. But this whole observability 00:11:28.879 --> 00:11:31.080 concept that I think you'll hear a lot about 00:11:31.080 --> 00:11:35.580 from Microsoft going forward is Not just security, 00:11:35.720 --> 00:11:38.480 right? It's wider than that, although security 00:11:38.480 --> 00:11:42.659 is a big piece of it. So, yeah, that's the other 00:11:42.659 --> 00:11:45.820 thing that I think is interesting. Plus, we announced, 00:11:46.080 --> 00:11:47.779 well, it was already announced, it was announced 00:11:47.779 --> 00:11:50.350 a build, but now it's actually... you can go 00:11:50.350 --> 00:11:54.149 and use it, at least in preview, is Agent ID. 00:11:54.429 --> 00:11:56.909 So Agent ID is actually a completely separate, 00:11:57.090 --> 00:11:59.809 it's part of Entra, but it's a completely separate 00:11:59.809 --> 00:12:02.909 store and it stores other bits of information 00:12:02.909 --> 00:12:05.490 about the agent, like the metadata, et cetera. 00:12:05.960 --> 00:12:08.059 If you create a first -party agent, it's just 00:12:08.059 --> 00:12:10.340 going to be in there straight away. And you'll 00:12:10.340 --> 00:12:13.179 be able to onboard third -party agents into it. 00:12:13.240 --> 00:12:16.120 And if you can, if you do, then you get that 00:12:16.120 --> 00:12:19.700 full observability piece. And Agent Idea will 00:12:19.700 --> 00:12:22.200 be using the A2A protocol to go and discover 00:12:22.200 --> 00:12:25.799 agents in your environment. So again, this is 00:12:25.799 --> 00:12:28.419 a security thing, absolutely. But I think it'll 00:12:28.419 --> 00:12:30.740 be wider than that to make sure everybody knows 00:12:30.740 --> 00:12:33.039 where these agents are, what they're doing, blah, 00:12:33.159 --> 00:12:35.100 blah. And I think we'll see more and more on 00:12:35.100 --> 00:12:37.230 that. That was kind of a rambling update that 00:12:37.230 --> 00:12:39.990 went through identity and purview, but I think 00:12:39.990 --> 00:12:42.990 it's two themes that are pretty important that 00:12:42.990 --> 00:12:45.330 we'll just hear more about. Actually, I want 00:12:45.330 --> 00:12:48.690 to kind of just riff off that because it's actually 00:12:48.690 --> 00:12:52.009 a comment that I want to make is one thing that 00:12:52.009 --> 00:12:55.529 we're doing in Windows is working on isolation 00:12:55.529 --> 00:12:58.850 for agents as well. And I think that's incredibly 00:12:58.850 --> 00:13:00.830 important, right? Because if you essentially 00:13:00.830 --> 00:13:03.230 don't, let's just, don't read too much into what 00:13:03.230 --> 00:13:05.820 I say next, which is, you know, Let's just say 00:13:05.820 --> 00:13:08.759 you don't want to trust the AI agent for whatever 00:13:08.759 --> 00:13:11.360 reason. You need to really isolate that. And 00:13:11.360 --> 00:13:13.360 a big part of the Secure Future Initiative actually 00:13:13.360 --> 00:13:16.419 is isolation. And so if you can isolate code 00:13:16.419 --> 00:13:18.139 that's running on Windows, agent code that's 00:13:18.139 --> 00:13:19.559 running on Windows, in case it decides to go 00:13:19.559 --> 00:13:22.139 running away from you. You can, you know, contain 00:13:22.139 --> 00:13:24.360 the damage. So there's actually a lot of work 00:13:24.360 --> 00:13:26.580 going on in that area right now. We've actually 00:13:26.580 --> 00:13:30.360 blogged about it a little bit. It's still relatively 00:13:30.360 --> 00:13:32.820 early in the works, but I've been doing a lot 00:13:32.820 --> 00:13:34.919 of research into it, you know, as an old Windows 00:13:34.919 --> 00:13:38.259 guy, both literally and figuratively. especially 00:13:38.259 --> 00:13:40.559 Windows security, that's something of great interest 00:13:40.559 --> 00:13:43.139 to me. So it's good to see that work going on 00:13:43.139 --> 00:13:45.419 too, is recognizing that we need to isolate this 00:13:45.419 --> 00:13:47.960 code, not just say, hey, that's like a security 00:13:47.960 --> 00:13:50.759 agent. We need to isolate it to any agent, not 00:13:50.759 --> 00:13:53.000 just security -related agents. And one of the 00:13:53.000 --> 00:13:58.750 things that I picked up on... that was, I'm not 00:13:58.750 --> 00:14:00.149 sure if it's actually in the book, I was kind 00:14:00.149 --> 00:14:01.769 of looking for it, but it was announced at the 00:14:01.769 --> 00:14:05.230 same time, was that Security Copilot is actually 00:14:05.230 --> 00:14:07.250 going to be included as part of the E5 license, 00:14:07.450 --> 00:14:09.090 which I know a lot of enterprise organizations 00:14:09.090 --> 00:14:12.730 have. And so it's going to be a gradual rollout 00:14:12.730 --> 00:14:16.590 that's already started. But I thought this was 00:14:16.590 --> 00:14:18.950 pretty cool because it allows a lot more folks 00:14:18.950 --> 00:14:23.070 to have access to use this AI technology to benefit 00:14:23.070 --> 00:14:26.429 security. Because you need to secure the AI. 00:14:26.669 --> 00:14:29.070 you're using, but AI is actually a technology 00:14:29.070 --> 00:14:31.710 you can use for security also. And so I thought 00:14:31.710 --> 00:14:33.830 that was really cool and I'm really looking forward 00:14:33.830 --> 00:14:36.389 to that. I also did notice there's a bunch more 00:14:36.389 --> 00:14:38.629 agents as well that were announced for all sorts 00:14:38.629 --> 00:14:41.529 of different products, you know, across Intune 00:14:41.529 --> 00:14:45.230 and Defender and Purview and whatnot. So that 00:14:45.230 --> 00:14:48.309 was also kind of similar to that. Yeah, Mark, 00:14:48.509 --> 00:14:51.370 I actually had a conversation with a lot of folks 00:14:51.370 --> 00:14:54.129 about that topic. I know many people are pretty 00:14:54.129 --> 00:14:59.309 excited to have security co -pilot SCUs included 00:14:59.309 --> 00:15:04.029 in E5 so they can go and experiment with security 00:15:04.029 --> 00:15:06.710 co -pilot and see what they can do with it without 00:15:06.710 --> 00:15:09.929 having to commit to buying something. So I think 00:15:09.929 --> 00:15:13.409 that's a big one for sure. On a totally different 00:15:13.409 --> 00:15:16.830 topic, next item that really took my fancy was 00:15:16.830 --> 00:15:19.470 hardware accelerated BitLocker in Windows. We'll 00:15:19.470 --> 00:15:22.169 start to see this early next year. Makes absolute 00:15:22.169 --> 00:15:27.269 sense to have hardware acceleration. People just 00:15:27.269 --> 00:15:30.129 think it's just acceleration, and that's true. 00:15:30.490 --> 00:15:32.190 I mean, acceleration is obviously a big deal. 00:15:32.230 --> 00:15:34.070 Anything that can speed up disk IO is always 00:15:34.070 --> 00:15:36.210 a good thing. But there's more to it than that. 00:15:36.289 --> 00:15:38.690 And the big one is the fact that the keys are 00:15:38.690 --> 00:15:43.279 right there. They're in hardware. That's really 00:15:43.279 --> 00:15:46.320 cool because that way they're never outside in 00:15:46.320 --> 00:15:49.440 normal memory. They're maintained within the 00:15:49.440 --> 00:15:51.100 hardware, so that's really good to see as well. 00:15:51.940 --> 00:15:55.059 So yeah, there'll be some new systems on the 00:15:55.059 --> 00:15:56.700 chip coming out early next year, especially on 00:15:56.700 --> 00:15:59.500 laptops, and this will be great to see. Again, 00:15:59.659 --> 00:16:01.620 just removing that one little barrier that some 00:16:01.620 --> 00:16:03.759 people have against the potential performance 00:16:03.759 --> 00:16:08.269 impact of... full -volume disk encryption. So 00:16:08.269 --> 00:16:11.230 another thing that caught my eye, and I'm always 00:16:11.230 --> 00:16:16.440 a big fan of the... everybody runs a bunch of 00:16:16.440 --> 00:16:18.299 different technology, not just Microsoft technology. 00:16:18.620 --> 00:16:21.019 And so I really love it to see like when there's 00:16:21.019 --> 00:16:24.980 a integrations, like the third party, the attack 00:16:24.980 --> 00:16:27.360 disruption capability, the feature that is part 00:16:27.360 --> 00:16:28.960 of the sort of defender Sentinel capability. 00:16:30.059 --> 00:16:33.000 And that it was extended to, you know, stuff 00:16:33.000 --> 00:16:36.320 from AWS proof point and Okta. And so that was 00:16:36.320 --> 00:16:39.080 pretty cool. It's sort of a, if I recall correctly, 00:16:39.159 --> 00:16:41.919 this capability is sort of, it's sort of like 00:16:41.919 --> 00:16:45.460 a, And kind of using that right of bang, left 00:16:45.460 --> 00:16:48.460 of bang analogy from earlier, it's sort of like 00:16:48.460 --> 00:16:50.500 after you see something going on, it can actually 00:16:50.500 --> 00:16:53.820 do some stuff that kind of edge you a little 00:16:53.820 --> 00:16:56.500 bit to the left of bang to sort of block what's 00:16:56.500 --> 00:17:00.000 going on and contain the attack. And so seeing 00:17:00.000 --> 00:17:02.799 that go beyond just the Microsoft data sets into 00:17:02.799 --> 00:17:05.480 additional third parties is pretty cool. Our 00:17:05.480 --> 00:17:09.200 next one is Zero Trust DNS. This is a new update 00:17:09.200 --> 00:17:13.359 to the DNS client in Windows. So without going 00:17:13.359 --> 00:17:15.079 into all the horrible icky details, because it's 00:17:15.079 --> 00:17:16.559 actually pretty technical, when I was reading 00:17:16.559 --> 00:17:19.000 through the description of this, being on the 00:17:19.000 --> 00:17:21.819 red team, what's interesting about it is it basically 00:17:21.819 --> 00:17:25.849 blocks DNS. which means that names don't resolve 00:17:25.849 --> 00:17:29.630 and IP addresses don't resolve unless they are 00:17:29.630 --> 00:17:32.410 actually validated by specific DNS servers, for 00:17:32.410 --> 00:17:35.250 example, over TLS and so on. So it's a whole 00:17:35.250 --> 00:17:38.970 sort of privileged DNS infrastructure. The nice 00:17:38.970 --> 00:17:40.549 thing about that is if you have some malware 00:17:40.549 --> 00:17:42.670 on the box that tries to open up a command and 00:17:42.670 --> 00:17:46.710 control back channel, it doesn't work. So this 00:17:46.710 --> 00:17:49.930 is fantastic to see. And it's all sort of in 00:17:49.930 --> 00:17:52.430 compliance with some of the NIST standards around 00:17:52.430 --> 00:17:55.690 zero trust. So always good to see. Yeah, I've 00:17:55.690 --> 00:17:57.049 actually been following that for a couple of 00:17:57.049 --> 00:17:59.390 years. And I've been really excited about this 00:17:59.390 --> 00:18:01.569 technology because a lot of times the attackers 00:18:01.569 --> 00:18:03.190 just say, oh, I'm going to get lazy and just 00:18:03.190 --> 00:18:06.210 do a C2 and it keeps me to an IP address and 00:18:06.210 --> 00:18:08.910 it keeps me stealthy and whatnot. But this basically 00:18:08.910 --> 00:18:11.990 forces them to get into the real world resolvable 00:18:11.990 --> 00:18:14.910 DNS world. And so it forces them to be a lot 00:18:14.910 --> 00:18:16.690 more visible. And so they don't get to hide in 00:18:16.690 --> 00:18:19.450 the shadows of just IP to IP stuff. They actually 00:18:19.450 --> 00:18:21.309 do have to show up in a registry. Otherwise, 00:18:21.369 --> 00:18:22.950 we're not talking to you. All right, I got another 00:18:22.950 --> 00:18:25.509 one. Passkey sync. For those of you not familiar 00:18:25.509 --> 00:18:29.289 with Passkey, basically passwords are dead. You 00:18:29.289 --> 00:18:31.869 shouldn't be using passwords at all. I mean, 00:18:31.890 --> 00:18:34.769 we've known that for, you know, who knows how 00:18:34.769 --> 00:18:37.569 long. Passwords are just such a weak link. They're 00:18:37.569 --> 00:18:40.369 convenient, but they're just lousy. So Passkey 00:18:40.369 --> 00:18:44.130 seems to be the sort of... de facto standard 00:18:44.130 --> 00:18:47.509 around credentials. It's a public -private key 00:18:47.509 --> 00:18:50.009 pair. They're phishing resistant. They're bound 00:18:50.009 --> 00:18:52.150 to hardware and that sort of stuff. The problem 00:18:52.150 --> 00:18:55.410 is it can be sometimes hard to get them to roam 00:18:55.410 --> 00:18:57.869 across different devices. Well, now we have that 00:18:57.869 --> 00:19:00.690 support built into Windows 11. And you can actually 00:19:00.690 --> 00:19:02.970 also choose your passkey manager in Windows 11 00:19:02.970 --> 00:19:06.150 too. And Windows Hello can be one of those pass... 00:19:06.509 --> 00:19:09.750 passkey managers if you want so this really helps 00:19:09.750 --> 00:19:11.250 you know if you're using a windows laptop with 00:19:11.250 --> 00:19:14.029 windows hello it really helps to sort of smooth 00:19:14.029 --> 00:19:16.730 out and make it really easy to handle handle 00:19:16.730 --> 00:19:18.970 passkeys really good to see i'm a big fan of 00:19:18.970 --> 00:19:20.930 passkeys you know multi -factor authentication 00:19:20.930 --> 00:19:22.869 is one thing but passkeys just take it to the 00:19:22.869 --> 00:19:25.319 next level So another one that caught my eye, 00:19:25.359 --> 00:19:28.079 and this kind of fits the theme of just AI and 00:19:28.079 --> 00:19:30.839 security showing up in all sorts of places, is 00:19:30.839 --> 00:19:35.339 the Microsoft Internet Access has some prompt 00:19:35.339 --> 00:19:37.960 injection protections that essentially allow 00:19:37.960 --> 00:19:40.779 it to work across pretty much all the generative 00:19:40.779 --> 00:19:43.420 AI apps, whether sanctions, unsanctioned custom, 00:19:43.539 --> 00:19:46.720 et cetera. And then in looking deeper at the 00:19:46.720 --> 00:19:49.180 network traffic as well to look for unsanctioned 00:19:49.180 --> 00:19:52.039 AI usage. So really kind of just applying that 00:19:52.039 --> 00:19:55.539 policy. over sort of otherwise uncontrolled, 00:19:55.539 --> 00:19:59.039 unmanaged types of connections. That's an important 00:19:59.039 --> 00:20:01.059 point. I was actually going to talk about that 00:20:01.059 --> 00:20:03.200 too, but I'm actually glad you did. It's really 00:20:03.200 --> 00:20:08.900 cool to see policy around, enforceable policy 00:20:08.900 --> 00:20:12.779 around how AI operates in the environment being 00:20:12.779 --> 00:20:16.769 rolled out into our products. It sort of feels 00:20:16.769 --> 00:20:18.450 a little bit like the wild, wild west right now 00:20:18.450 --> 00:20:21.609 with agents and MCP and so on. We're already 00:20:21.609 --> 00:20:25.730 seeing rogue MCP agents. Surprise, surprise. 00:20:27.029 --> 00:20:29.210 So yeah, it's really good to see policy rolling 00:20:29.210 --> 00:20:33.089 out around what agents can be used and that sort 00:20:33.089 --> 00:20:35.009 of stuff. So that's really great to see. And 00:20:35.009 --> 00:20:36.670 in fact, if I look at some of this work that's 00:20:36.670 --> 00:20:39.690 going on right now in Windows, without talking 00:20:39.690 --> 00:20:41.990 about... Without going into all the details about 00:20:41.990 --> 00:20:44.410 the isolation, a big part of it is only allowing 00:20:44.410 --> 00:20:47.990 digitally signed agents to operate, which is 00:20:47.990 --> 00:20:50.329 great. I love that. I'm a big fan of digital 00:20:50.329 --> 00:20:53.329 signatures on absolutely everything because you 00:20:53.329 --> 00:20:55.750 can really control what can run rather than running 00:20:55.750 --> 00:20:58.529 just rogue software. Yeah, and one of the themes, 00:20:58.690 --> 00:21:01.470 as a longtime security person, you always notice 00:21:01.470 --> 00:21:03.490 is like, hey, a new thing came out. Did you secure 00:21:03.490 --> 00:21:07.910 it? I don't know, right? And the thing that I 00:21:07.910 --> 00:21:11.309 like about this generation of technology, essentially 00:21:11.309 --> 00:21:15.950 the apps and the agents for AI, is the technology 00:21:15.950 --> 00:21:19.809 to secure the new technology is actually coming 00:21:19.809 --> 00:21:24.190 out. at a pretty good clip. So as AI is coming 00:21:24.190 --> 00:21:26.349 out, of course, in the beginning, it almost always 00:21:26.349 --> 00:21:29.869 starts with, here's a great capability, and there's 00:21:29.869 --> 00:21:31.849 a limited amount of ability to secure it. But 00:21:31.849 --> 00:21:35.309 just the sheer comprehensiveness and the thoughtfulness 00:21:35.309 --> 00:21:39.799 of how it's integrated. Just the ability to secure 00:21:39.799 --> 00:21:43.339 this generation is happening a lot faster than 00:21:43.339 --> 00:21:46.400 previous generations of apps in terms of you 00:21:46.400 --> 00:21:48.880 look at cloud or enterprise or whatever before 00:21:48.880 --> 00:21:52.779 that. It feels like it's much more rich, more 00:21:52.779 --> 00:21:55.740 thoughtful types of controls that are available 00:21:55.740 --> 00:22:00.079 to secure this generation of technology. Perhaps 00:22:00.079 --> 00:22:03.619 I'm more cynical than you are. I don't disagree 00:22:03.619 --> 00:22:07.039 with you. I mean, it's also really hard technology 00:22:07.039 --> 00:22:09.779 to secure, to be fair, right? Because the non 00:22:09.779 --> 00:22:12.740 -deterministic thing of like, let's ask it a 00:22:12.740 --> 00:22:14.400 question and let's see how many answers we can 00:22:14.400 --> 00:22:16.039 get from the same question. That's why I said 00:22:16.039 --> 00:22:19.000 before, I'm not saying you don't trust the agent, 00:22:19.180 --> 00:22:21.720 but you can't really trust the agent, right? 00:22:21.779 --> 00:22:24.579 Because it's non -deterministic. And that's why 00:22:24.579 --> 00:22:27.380 you've got to isolate it. Well, I think trust 00:22:27.380 --> 00:22:29.779 is too binary in terms of it is or it isn't. 00:22:29.779 --> 00:22:31.960 It's not a black and white question. It's how 00:22:31.960 --> 00:22:34.740 do you scope it? The biggest thing I've seen 00:22:34.740 --> 00:22:38.359 is a lot of the bad habits we've sort of accrued 00:22:38.359 --> 00:22:41.200 through the deterministic era, we're going to 00:22:41.200 --> 00:22:43.259 have to deal with. If you don't document your 00:22:43.259 --> 00:22:45.640 code in a deterministic thing, yeah, you can 00:22:45.640 --> 00:22:48.039 reverse engineer it, even if someone didn't document 00:22:48.039 --> 00:22:50.000 it or didn't write the design down or whatever. 00:22:50.279 --> 00:22:52.799 But when it's non -deterministic, asking the 00:22:52.799 --> 00:22:55.660 question of what is this actually supposed to 00:22:55.660 --> 00:22:58.480 do becomes a lot harder without documentation. 00:22:59.640 --> 00:23:02.359 And so I just think it's really interesting that 00:23:02.359 --> 00:23:04.119 we're having to go back to basics again, but 00:23:04.119 --> 00:23:07.000 just in a new way. Because if you don't scope 00:23:07.000 --> 00:23:08.599 this thing and constrain it and say it should 00:23:08.599 --> 00:23:10.519 do this, well, let's make sure it can only do 00:23:10.519 --> 00:23:12.680 that. I feel like there's definitely some new 00:23:12.680 --> 00:23:14.519 challenges on this. I'm not doubting that. I'm 00:23:14.519 --> 00:23:16.240 just saying at least we have tech to work with. 00:23:17.400 --> 00:23:22.259 Yeah, another aspect of that is the fact that 00:23:22.259 --> 00:23:27.890 we're kind of model agnostic. I don't know if 00:23:27.890 --> 00:23:30.109 that's the official line we use. I don't know. 00:23:30.170 --> 00:23:31.609 I'm just looking at it from a lay perspective. 00:23:32.430 --> 00:23:36.029 But, you know, we can use different LLMs for 00:23:36.029 --> 00:23:39.809 different jobs and we can route the prompt to 00:23:39.809 --> 00:23:42.789 the appropriate LLM at the back end. The reason 00:23:42.789 --> 00:23:45.890 why I'm saying this is you can get better quality 00:23:45.890 --> 00:23:47.890 results from different types of LLMs for specific 00:23:47.890 --> 00:23:51.940 tasks. And I like that. I like the fact that 00:23:51.940 --> 00:23:55.019 we'll choose a better LLM based on what you're 00:23:55.019 --> 00:23:58.119 doing. So for example, just recently I've been 00:23:58.119 --> 00:24:00.940 using different... Like Gemini 3, I've been using 00:24:00.940 --> 00:24:05.500 Claude 4 .5, I think, for AI work. And it seems 00:24:05.500 --> 00:24:08.460 to work very, very well compared to other LLMs. 00:24:08.660 --> 00:24:11.359 Now, I'm not saying that that is our official 00:24:11.359 --> 00:24:14.380 stance on anything. That's just my personal experience 00:24:14.380 --> 00:24:17.000 in Visual Studio Code where I can select the 00:24:17.000 --> 00:24:19.140 LLM that I want. And again, I found that from 00:24:19.140 --> 00:24:21.200 a security perspective, I've been doing quite 00:24:21.200 --> 00:24:26.099 a bit of experimentation around how can GitHub 00:24:26.099 --> 00:24:28.670 co -pilot do a code review, a security code review, 00:24:28.849 --> 00:24:30.809 and how good is that code review based on the 00:24:30.809 --> 00:24:34.210 backend LLM. And again, because we're agnostic, 00:24:34.289 --> 00:24:36.190 I can choose the LLM that I want. I found that 00:24:36.190 --> 00:24:39.250 things like Claude are actually very good at 00:24:39.250 --> 00:24:43.630 doing security code reviews. In fact, there was 00:24:43.630 --> 00:24:46.849 a class of vulnerabilities, and this is something 00:24:46.849 --> 00:24:48.509 that does terrify me, to be honest with you, 00:24:48.609 --> 00:24:55.369 is JOT token parsing, JWT parsing issues. And 00:24:55.369 --> 00:24:57.579 we found actually that, static analysis is actually 00:24:57.579 --> 00:25:00.460 not very good at it, but LLMs are actually very, 00:25:00.559 --> 00:25:02.900 well, they're better than static analysis tools 00:25:02.900 --> 00:25:05.460 at doing it. And as long as you have the correct 00:25:05.460 --> 00:25:07.160 prompt or a good prompt, you can actually find 00:25:07.160 --> 00:25:11.119 these issues in code. So again, because we're... 00:25:11.369 --> 00:25:14.170 essentially LLM agnostic, we can choose the best 00:25:14.170 --> 00:25:16.650 LLM for the task. Again, I've found that certain 00:25:16.650 --> 00:25:18.710 LLMs are better at finding these class of vulnerabilities 00:25:18.710 --> 00:25:21.369 than other LLMs. The reason why I'm talking about 00:25:21.369 --> 00:25:22.750 this, it sounds like I'm being completely random. 00:25:22.990 --> 00:25:25.470 I'm actually really not. It was the fact that 00:25:25.470 --> 00:25:28.130 you just said the word non -deterministic. Yes, 00:25:28.289 --> 00:25:31.410 LLMs are non -deterministic, at least today they 00:25:31.410 --> 00:25:33.650 are, but you can also choose a better LLM for 00:25:33.650 --> 00:25:36.490 the task that you want to actually perform. Even 00:25:36.490 --> 00:25:38.329 though it's non -deterministic, it may give you... 00:25:38.509 --> 00:25:40.410 better results than something that's not really 00:25:40.410 --> 00:25:42.930 tuned for that kind of workload. Does that make 00:25:42.930 --> 00:25:46.690 sense? Or did I just ramble? Absolutely. At the 00:25:46.690 --> 00:25:50.269 end of the day, there's a lot on the AI stuff. 00:25:50.410 --> 00:25:51.970 I've been spending a lot of time on it lately. 00:25:52.410 --> 00:25:54.809 But I think the models themselves are going to 00:25:54.809 --> 00:25:57.450 become more specialized. Because a general purpose 00:25:57.450 --> 00:25:59.369 model will get you a certain amount of things. 00:25:59.569 --> 00:26:02.210 But I think as the application architectures 00:26:02.210 --> 00:26:04.950 evolve, you're going to need something that does 00:26:04.950 --> 00:26:07.789 a particular task well. you don't necessarily 00:26:07.789 --> 00:26:09.869 need a model that also knows how to give you, 00:26:09.890 --> 00:26:12.990 you know, knows how to play chess and knows how 00:26:12.990 --> 00:26:15.849 to, you know, recommend tourist spots in Rome 00:26:15.849 --> 00:26:18.009 or whatever it is, right? Like you're going to 00:26:18.009 --> 00:26:19.690 want something that is focused on a particular 00:26:19.690 --> 00:26:21.930 task. It understands the language and the task. 00:26:22.490 --> 00:26:24.269 But, you know, I feel like we're going to end 00:26:24.269 --> 00:26:26.250 up having to sort of evolve that architecture 00:26:26.250 --> 00:26:29.150 from a, I'm going to ask one thing of one general 00:26:29.150 --> 00:26:32.289 purpose model and hope. and some of them are 00:26:32.289 --> 00:26:34.349 biased in different directions, but I think we're 00:26:34.349 --> 00:26:37.109 going to start to see more specific models that 00:26:37.109 --> 00:26:39.349 are focused on other things, or at least that's 00:26:39.349 --> 00:26:41.690 my hope. Like sort of, I think they were called 00:26:41.690 --> 00:26:44.109 SLMs at one point. Yeah, small language models. 00:26:44.650 --> 00:26:47.230 Yeah, I just feel like, you know, there's a certain... 00:26:47.400 --> 00:26:48.980 Because you have to constrain it to do the only 00:26:48.980 --> 00:26:50.500 thing you want to do and not the other things. 00:26:50.619 --> 00:26:53.000 It's like an intern that won't pay attention 00:26:53.000 --> 00:26:57.539 to instructions sometimes. How do you keep them 00:26:57.539 --> 00:27:01.279 focused on the task at hand? I often quibble 00:27:01.279 --> 00:27:04.200 about this, but if I'm asking an LLM about Rust, 00:27:04.440 --> 00:27:07.539 I can guarantee it's not about iron oxide. It's 00:27:07.539 --> 00:27:10.000 not about the video game. It's not about the 00:27:10.000 --> 00:27:13.700 movie. It's about a programming language. I don't 00:27:13.700 --> 00:27:16.500 want you to give me stuff about the atomic composition 00:27:16.500 --> 00:27:20.880 of, iron oxide i don't really care um but i do 00:27:20.880 --> 00:27:22.980 want to know you know how to solve specific problems 00:27:22.980 --> 00:27:24.539 in the programming language that we call rust 00:27:24.539 --> 00:27:27.759 yeah and you're going to get some of that through 00:27:27.759 --> 00:27:29.960 you know it knows you and it has a profile on 00:27:29.960 --> 00:27:32.160 you and it has your history and whatever and 00:27:32.160 --> 00:27:34.000 then there's a certain amount that like hey if 00:27:34.000 --> 00:27:35.839 this is like super sensitive we want this thing 00:27:35.839 --> 00:27:38.440 to do like you know mental health recommendations 00:27:38.440 --> 00:27:42.089 or whatever you know for your application then 00:27:42.089 --> 00:27:44.250 you may want to have something that's tuned in 00:27:44.250 --> 00:27:46.930 a very, very different way or just simply doesn't 00:27:46.930 --> 00:27:50.390 have access to certain things. And so I just 00:27:50.390 --> 00:27:53.089 feel like there's more to evolve in that space. 00:27:53.650 --> 00:27:55.109 It's funny you should bring that up. Have you 00:27:55.109 --> 00:27:58.650 ever seen that thing that's on X, on Grok, where 00:27:58.650 --> 00:28:02.230 you can actually say, do an image of me based 00:28:02.230 --> 00:28:05.789 on my tweets? I've heard about it. I haven't 00:28:05.789 --> 00:28:09.349 heard of that. And it's hilarious. For me, it 00:28:09.349 --> 00:28:11.849 came back with a guy in scuba gear and a laptop 00:28:11.849 --> 00:28:15.269 with some locks on the table or something. It 00:28:15.269 --> 00:28:19.190 was hilarious, yeah. AI knows way too much about 00:28:19.190 --> 00:28:23.650 me. I know, yeah. It really does. Someone sent 00:28:23.650 --> 00:28:25.589 me a prompt, actually, when I was at Ignite. 00:28:25.589 --> 00:28:29.970 An MVP friend sent me a prompt, and it was, I 00:28:29.970 --> 00:28:33.420 paraphrase, but it said, based on what you know 00:28:33.420 --> 00:28:36.880 about me, to put into co -pilot, based on what 00:28:36.880 --> 00:28:39.019 you know about me, act as my career coach and 00:28:39.019 --> 00:28:41.420 tell me where I'm good, where I'm bad. And it 00:28:41.420 --> 00:28:45.880 was pretty good, actually. It was the whole thing. 00:28:46.200 --> 00:28:49.240 And I was like, wow. It told me that I broke 00:28:49.240 --> 00:28:52.420 my focus too much, responded to emails too quickly, 00:28:52.539 --> 00:28:55.339 et cetera, and it might affect my focus and I 00:28:55.339 --> 00:28:57.240 should be aware of it, et cetera, et cetera. 00:28:57.339 --> 00:28:59.380 There were quite a few of them, but it was interesting. 00:28:59.640 --> 00:29:02.180 That sounds accurate, though. Oh, yeah, it does. 00:29:02.359 --> 00:29:04.359 I mean, I was like, yeah, you're not inaccurate. 00:29:04.619 --> 00:29:07.119 It's an interesting prompt. Maybe I'll put the 00:29:07.119 --> 00:29:09.960 prompt in the show notes if you want to use it 00:29:09.960 --> 00:29:12.140 for yourself. All right, I have one more news 00:29:12.140 --> 00:29:15.000 item that took my fancy. I'm very happy to see 00:29:15.000 --> 00:29:18.259 this. The Windows Endpoint Security Platform 00:29:18.259 --> 00:29:22.880 API is now available in preview to our Microsoft 00:29:22.880 --> 00:29:26.980 Virus Initiative partners. This is huge because 00:29:26.980 --> 00:29:31.240 this API is a user mode set of APIs. And the 00:29:31.240 --> 00:29:33.119 whole point is we want to try and pull as much 00:29:33.119 --> 00:29:37.019 out of the kernel. The kernel in Windows is just 00:29:37.019 --> 00:29:40.099 getting too big, and we're loading too many third 00:29:40.099 --> 00:29:43.319 -party components into the kernel. Not to cast 00:29:43.319 --> 00:29:47.240 any dispersions on that, but... You really want 00:29:47.240 --> 00:29:51.000 the kernel to be as small as possible. I think 00:29:51.000 --> 00:29:53.200 we all know what the trigger was to this. We've 00:29:53.200 --> 00:29:55.160 known this was a problem that could happen, and 00:29:55.160 --> 00:29:58.220 it did happen when there was an update from a 00:29:58.220 --> 00:30:00.640 large, well -known company that went out and 00:30:00.640 --> 00:30:03.400 shut down thousands of Windows machines, just 00:30:03.400 --> 00:30:08.440 blue -screened them. This is really, really cool. 00:30:08.940 --> 00:30:13.180 Now we're opening up this API. for anti -malware 00:30:13.180 --> 00:30:15.099 vendors so they can call into this API and then 00:30:15.099 --> 00:30:18.839 provide their own value add on top. And that 00:30:18.839 --> 00:30:20.579 way it's actually in user mode and not down in 00:30:20.579 --> 00:30:23.460 the kernel. Really great. Bring a lot more stability 00:30:23.460 --> 00:30:26.579 and reliability and resilience to the OS, which 00:30:26.579 --> 00:30:30.720 is always a good thing. Kind of it. Well, for 00:30:30.720 --> 00:30:33.960 this year, right, guys? I just want to back up 00:30:33.960 --> 00:30:37.019 just a minute. It is it in terms of this year, 00:30:37.099 --> 00:30:38.319 but I just want to point something else out. 00:30:38.539 --> 00:30:40.680 The items that the three of us brought up from 00:30:40.680 --> 00:30:42.319 the Book of News are just some items, right? 00:30:42.400 --> 00:30:44.319 There's so much more in there around security. 00:30:44.460 --> 00:30:46.960 These are just the ones that, A, took our fancy, 00:30:47.019 --> 00:30:50.019 and B, we could squeeze in in 30 minutes. Yeah, 00:30:50.059 --> 00:30:51.700 so definitely go check out the Book of News. 00:30:51.779 --> 00:30:54.099 And of course, you can also, if you want to actually 00:30:54.099 --> 00:30:57.200 watch the... If you want to watch the sessions, 00:30:57.400 --> 00:30:59.920 most of them are recorded. They're now on YouTube 00:30:59.920 --> 00:31:02.140 or they're on the Ignite website. So you can 00:31:02.140 --> 00:31:04.160 go and actually watch any of them if they take 00:31:04.160 --> 00:31:06.799 your fancy. Obviously, we'll see you in the new 00:31:06.799 --> 00:31:09.160 year. Some of you might have noticed this year, 00:31:09.220 --> 00:31:11.740 we probably haven't managed to get out two episodes 00:31:11.740 --> 00:31:14.119 a month quite as consistently as we have before. 00:31:14.900 --> 00:31:18.339 That's just because... We live and breathe this 00:31:18.339 --> 00:31:21.480 stuff and we do do it on the side of our jobs. 00:31:21.579 --> 00:31:25.200 We try our best. So apologies that we might not 00:31:25.200 --> 00:31:27.960 have quite hit that as well this year as in previous 00:31:27.960 --> 00:31:31.319 years. We try our best, but it isn't our day 00:31:31.319 --> 00:31:33.720 jobs. And that's an important point. I mean, 00:31:33.740 --> 00:31:37.079 all of us love this topic so much, the area of 00:31:37.079 --> 00:31:40.059 cybersecurity so much. And it's our day jobs, 00:31:40.079 --> 00:31:42.140 right? That's what we do. This is something that 00:31:42.140 --> 00:31:43.819 we don't do as part of our day jobs. We do it 00:31:43.819 --> 00:31:47.690 after hours. But with that said, we will never, 00:31:47.730 --> 00:31:52.069 at least never knowingly, sacrifice quality over 00:31:52.069 --> 00:31:53.990 quantity. Like we don't want to just get an episode 00:31:53.990 --> 00:31:56.230 out just to, hey, we've got to make two weeks. 00:31:56.309 --> 00:31:58.430 Let's just, you know, pump out some junk. We 00:31:58.430 --> 00:32:01.559 don't want to do that. So we'll always try to 00:32:01.559 --> 00:32:04.180 keep the quality as good as possible. All right. 00:32:04.259 --> 00:32:08.200 So let's bring this episode to an end. As Sarah 00:32:08.200 --> 00:32:11.099 said, this is going to be our last for 2025. 00:32:11.960 --> 00:32:14.480 We'll see you guys in the new year. There's always 00:32:14.480 --> 00:32:18.299 a lot to talk about. We thoroughly enjoy doing 00:32:18.299 --> 00:32:21.680 this podcast. It really is a labor of love, but 00:32:21.680 --> 00:32:25.759 we do enjoy doing it. So with that, stay safe 00:32:25.759 --> 00:32:29.240 and we'll see you in 2026. for listening to the 00:32:29.240 --> 00:32:32.119 Azure Security Podcast. You can find show notes 00:32:32.119 --> 00:32:36.119 and other resources at our website, azsecuritypodcast 00:32:36.119 --> 00:32:39.900 .net. If you have any questions, please find 00:32:39.900 --> 00:32:43.319 us on Twitter at AzureSecPod. Background music 00:32:43.319 --> 00:32:46.680 is from ccmixter .com and licensed under the 00:32:46.680 --> 00:32:47.759 Creative Commons license.