Guidance for governing the identities of AI agents and non-human identities (NHIs) — Microsoft 365 Copilot Studio agents, Microsoft Foundry agents, custom AI agents, and traditional service principals/managed identities — through their full lifecycle. Covers ownership and tagging, scoped permissions and consent (delegated vs application; Sites.Selected; mailbox-scoped Graph), credential hygiene (federated credentials, certificates, no secrets), Conditional Access for workloads, agent-level access reviews via Entra ID Governance, lifecycle workflows for agent decommissioning, audit (agent prompts, agent actions, agent identity sign-ins), incident response when an agent is compromised, and integration with Purview AI Hub for usage signals. WHEN: AI agent identity governance, non-human identity governance, NHI lifecycle, Copilot Studio agent identity, Foundry agent governance, agent service principal, scoped Graph permissions agent, agent access review, decommission AI agent, agent credential rotation, compromis
Guidance for Azure AI Content Safety — programmatic content moderation for text, images, multimodal, and generative AI guardrails. Covers Content Safety categories (hate, violence, sexual, self-harm) with severity levels, Prompt Shields for jailbreak and indirect prompt injection detection, groundedness detection (hallucination check vs grounding sources), protected material detection (text and code), custom categories, blocklists, Content Safety Studio for tuning, integration with Azure OpenAI as input/output filters (built-in plus custom), latency/cost trade-offs, agent guardrails, and deployment patterns (sidecar in app, integrated with Azure OpenAI). WHEN: Azure AI Content Safety, prompt shields, jailbreak detection, indirect prompt injection, groundedness check, protected material detection, content moderation, generative AI guardrails, harmful content categories, custom blocklist AI, agent guardrail. DO NOT USE for AI workload threat detection / SOC alerts (use defender-for-cloud-ai), end-user AI usage
Guidance for secure remote VM management in Azure using Azure Bastion combined with Defender for Cloud just-in-time (JIT) VM access. Covers Bastion SKU selection (Developer / Basic / Standard / Premium), IP-based and shareable-link connections, native client (RDP/SSH from local machine via az CLI), session recording (Premium), private-only deployment, JIT request workflow and policy, RBAC for connect operations, integration with Conditional Access (via Bastion + Entra login on the VM), Azure Policy enforcement to require Bastion + JIT and prohibit public IP on VMs, and migration off VPN/jump-box patterns. WHEN: Azure Bastion design, Bastion SKU comparison, JIT VM access, just-in-time access Azure, Bastion shareable link, native client Bastion, session recording Bastion, eliminate public IP on VMs, replace jump host with Bastion, secure RDP SSH Azure, Bastion Premium recording. DO NOT USE for hybrid/SD-WAN VPN design, GSA Private Access (use entra-global-secure-access), or cluster-only K8s access.
Guidance for Azure Confidential Computing — protecting data in use through hardware-based Trusted Execution Environments (TEEs). Covers Confidential VMs (AMD SEV-SNP, Intel TDX), Confidential containers on AKS (Kata + AMD SEV-SNP), confidential GPU VMs (NVIDIA H100 with TDX), Azure Key Vault Managed HSM and Premium with secure-key-release for confidential workloads, attestation (Microsoft Azure Attestation service), confidential ledger, scenarios (multi-party data sharing, regulated workload isolation, AI training on sensitive data), key-release policies tying secrets to attested TEE state, and decision criteria vs CMK/Customer Key. WHEN: Azure Confidential Computing, AMD SEV-SNP, Intel TDX, confidential VM, confidential AKS container, confidential GPU H100, Azure Attestation, secure key release, multi-party computation, confidential AI, encrypted memory Azure, hardware enclave Azure. DO NOT USE for general data-at-rest CMK (use azure-key-vault), application encryption SDK only, or non-Azure TEE design.
Guidance for Azure DDoS Protection — Network Protection (per-VNet) and IP Protection (per public IP) tiers built on the same always-on Microsoft platform. Covers tier selection vs free Basic infrastructure protection, scope (VNet vs single IP), traffic profiling and mitigation policy auto-tuning, attack analytics and metrics, attack alerts to Sentinel, DDoS Rapid Response engagement, integration with Azure WAF and Front Door, cost-protection guarantee, mitigation reports for compliance, and per-region capacity planning. WHEN: Azure DDoS Protection, DDoS Network Protection, DDoS IP Protection, layer 3/4 DDoS, attack analytics Azure, DDoS rapid response, cost protection DDoS, DDoS metrics, mitigation report, simulate DDoS Azure. DO NOT USE for layer 7 / app-layer attack mitigation alone (use azure-waf), Azure Firewall design (use azure-firewall), or hybrid network DDoS via on-prem appliances.
Guidance for the security-side use of Azure Monitor and Log Analytics — designing the workspace strategy that feeds Microsoft Sentinel and Defender for Cloud, choosing analytics vs basic vs auxiliary log tiers, retention and archive, table-level transformations to drop noise pre-ingestion, Data Collection Rules (DCRs) and Azure Monitor Agent (AMA), workspace topology (single vs regional vs sovereign), commitment tiers and cost control, customer-managed keys for the workspace, RBAC including table-level RBAC, integration with Sentinel (workspace requirements), and decommissioning legacy MMA. WHEN: Log Analytics workspace design, Azure Monitor security data, Sentinel workspace, log tier basic auxiliary, AMA Azure Monitor Agent, DCR data collection rule, drop columns ingestion transform, log retention archive, workspace CMK, table-level RBAC, log ingestion cost control. DO NOT USE for Sentinel detection authoring (use sentinel-detection-engineering), App Insights instrumentation (use appinsights-instrumentation)
Guidance for Azure Web Application Firewall — deployed on Azure Front Door (global, edge-tier) or Azure Application Gateway (regional, integrated with backend pools). Covers WAF policy design with managed rule sets (Microsoft Default Rule Set, Bot Manager, OWASP CRS), custom rules (rate limit, geo-block, IP allow/deny), exclusion design (the long-tail tuning task that decides whether WAF stays in Prevention), JSON challenge / CAPTCHA, log analytics integration, false-positive triage workflow, integration with Defender for Cloud and Sentinel, regional vs global trade-off, and migration from third-party WAF. WHEN: Azure WAF, Front Door WAF, Application Gateway WAF, OWASP CRS Azure, bot manager Azure, WAF custom rules, WAF rate limiting, WAF false positives, WAF exclusions, WAF prevention vs detection, JSON challenge WAF, geo-block WAF. DO NOT USE for L3/L4 DDoS (use azure-ddos-protection), Azure Firewall design (use azure-firewall), or non-HTTP workloads.
Guidance for Microsoft Purview Compliance Manager — continuous compliance posture across Microsoft and non-Microsoft assets, mapped to 360+ regulatory templates (ISO 27001/27018/27701, SOC 2, NIST 800-53/171/CSF, PCI DSS, HIPAA, GDPR, FedRAMP, IRAP, Essential Eight, DORA, EU AI Act, etc.). Covers compliance score, improvement actions (Microsoft-managed vs customer-managed), evidence collection, assessment authoring (custom templates from CSV), multi-assessment grouping, automated testing of technical controls via Microsoft 365 / Defender for Cloud / Entra, evidence repository, audit-ready reports, and continuous assessment vs point-in-time. WHEN: Compliance Manager, compliance score, regulatory assessment Purview, NIST 800-53 assessment, ISO 27001 evidence, FedRAMP assessment, custom compliance template, improvement action, technical control automation, audit evidence M365, DORA assessment, EU AI Act assessment. DO NOT USE for Defender for Cloud regulatory dashboard (use defender-for-cloud-hardening), Records