In preparation for a presentation that I had today at Microsoft Secure in Norway, where I had a talk about how to get the most out of Copilot for Security I needed to do a lot of research. Therefore, I wanted to share some of the research here, based upon my findings on how Copilot for Security works. NOTE: If you want to see the presentation you can view it here –> msandbu/securitycopilot (github.com) Firstly, the Copilot for Security consists of three main parts. 1: The web service (for the standalone service) or the embedded part which is directly available as part of Sentinel, Defender ..read more

Last year I wrote a blog article about Microsoft Global Secure Access and what kind of services it provides. Therefore, I decided to write an example about use-cases for it in preparation for a session I have tomorrow Agenda – xenappblog you can also view the PPT here –> community/GSA-MariusSandbu.pptx at main · msandbu/community (github.com) One thing that is missing in Microsoft Azure today in the networking stack is a “true” optimal Zero-trust network access (as seen from the CISA Zero-Trust framework screenshot below). Today we have the option to route traffic from one service to anothe ..read more

Yesterday I had a tweet that blew up quite quickly, because I was doing some research for a customer to uncover the cost for a new VDI solution. While in hindsight I should have been a lot more accurate on the tweet, but I’ll explain. NOTE: I Do not cover the cost for the underlying virtualization stack/platform such as storage, hyper-v, xenserver etc. If you see something clearly wrong with the calculations or facts let me know. Recently Microsoft made AVD on Azure Stack HCI generally available and in the past I have written about Citrix vs AVD Part One (Citrix (CVAD) vs Azure Virtual Deskt ..read more

With all the turmoil around VMware, should you consider moving to an alternative platform? With all the changes happening in VMware, both at the company and licensing changes many are looking towards changing to another virtualization layer. Why? 1: They have gotten a price increase on their license, for many of the smaller customers they will most likely get a price increase in their license. This is because of the product bundles that are changing (VMware by Broadcom Dramatically Simplifies Offer Lineup and Licensing Model – VMware News and Stories) which makes sense for the larger enterpri ..read more

In preparation for my upcoming session at Experts Live Denmark, I wanted to write a blog post showing the overall state of generative AI and LLMs. There is a lot of development happening here now and therefore I wanted to give a current overview of the different models, support for multi-modality, integrations and give a glimpse into what is going on in terms of autonomous agents. Note, that this is my personal reflection based upon my own experience and based upon knowledge I have built up during the course of the last years. What is Generative AI? Let’s start with the basic part, what is Gen ..read more

One of the easiest ways to get started with running LLMs locally on your own machine is using Ollama. Ollama is an open-source product that provides a local llm inference API that you can interact it. It also provides a CLI tool that you can also use to interact with in real-time. You can also add your own data models, if you for instance have a data set that you need to merge with a base LLM. You can download the tool from here Ollama and it has a set of predefined models that you can download and use –> library (ollama.com) Ollama also supports the same OpenAI compatibility as o ..read more

To clear some of the confusion around this new encryption feature in Microsoft Azure called Encryption at host, what does it actually do? When reading the documentation from Microsoft is states the following “When you enable encryption at host, that encryption starts on the VM host itself, the Azure server that your VM is allocated to. The data for your temporary disk and OS/data disk caches are stored on that VM host. After enabling encryption at host, all this data is encrypted at rest and flows encrypted to the Storage service, where it’s persisted. Essentially, encryption at host encrypts ..read more

While there are many blog posts and articles mentioning WHY you should secure your GenAI services or applications that you are building, almost none of the describe the tools and methods to secure them. Therefore, I decided to write my own blog post on what kind of security risks you can have with building Gen AI tools and how you can secure them. Let’s start with an overview visualization of how many of the regular RAG based services are built and work. This visualization below shows much of the different components involved in a RAG (Retrieval Augmented Generation) application. Where the pur ..read more

I have been reading so many bad blog posts lately regarding Microsoft Copilot and how they work that I decided to write a bit more in-depth the inner workings of the different offerings so that you can get some more sense on how they actually work. While I wrote a somewhat intro here –> How do the different Copilot services from Microsoft actually work? – msandbu.org however I wanted to go more in-depth. Firstly, we need to understand the ecosystem. All the different Copilot offerings from Microsoft is using a service underneath called Azure OpenAI (which is a managed service) but for the s ..read more

This is a follow-up of my series on Ransomware (Part One: Analyzing the Anatomy of a Ransomware Attack – msandbu.org) the reason why I released this follow-up is that lately we have seen a large increase in Ransomware attacks. The reason behind this is that because lately there have been many critical vulnerabilities related to external services such as VPN, VDI and web based services that have been exploited heavily by the different active ransomware groups. In the first part I focused on the initial attack, on how the attackers get access. In this blog post I want to focus on what happens af ..read more