devsecops – IT-DRAFTS

April 10, 2026

Sentinel + GitHub + IP allow list = everything works… until u turn security on

There is a very specific type of failure that shows up in Microsoft Sentinel setups.No errors. No alerts. No logs screaming at u. Just… nothing works. You connect the GitHub app.Authorisation succeeds.UI looks fine. And your repositories simply do not appear. Then u disable the IP allow list in GitHub… and suddenly everything works. That…

September 18, 2025

WireGuard in AKS: Microsoft Finally Gets Serious About In-Transit Encryption

Alright folks, let’s cut through the PR fluff. Microsoft just dropped WireGuard in-transit encryption for AKS (yep, still Public Preview), and it’s actually worth paying attention to. What’s the Deal? AKS now supports WireGuard-based encryption between pods that live on different nodes. This is baked into Azure CNI with Cilium, so you don’t need to…

August 6, 2025August 6, 2025

The Technical Foundation of Multi-Agent Copilot Systems and Secure AI Infrastructure in Microsoft Azure

🧬 1. Copilot Agent Architecture: Internal Design Archetype of a Copilot Agent in Microsoft Copilot Studio: Agent: ID: uuid Permissions: [Graph.Read, SharePoint.ReadWrite, CustomAPI.SendEmail] State: Memory: long-term vector embeddings (Azure AI Search) Session Context: transient (JSON graph) Plugins: – Planner – Orchestrator – GraphExecutor LLM Endpoint: Azure OpenAI (GPT-4o) Storage: Cosmos DB / Azure Table 🗉…

July 11, 2025

🧨 SUDO, YOU HAD ONE JOB!

Hi, now any user can get root — and Microsoft told you this would happen “Don’t run as root!” — they shouted.“Use sudo, it’s secure!” — they said.Well guess what?Even a user not in sudoers can now gain full root access. All thanks to sudo‘s cozy little bug involving chroot, nsswitch.conf, and your complacency. 🧬…

July 10, 2025

Azure WAF vs Entra External ID: When Your Firewall Starts Shooting the Good Guys

Hi there, you’ve got a slick identity federation flow with Microsoft Entra External ID.User hits login.yourbrand.com, gets redirected to Entra, auths like a champ, and…BOOM — 403 Forbidden. Why?Because your Azure Web Application Firewall (WAF) is having a mental breakdown over a legit id_token.Yeah — your security layer just called your login system a malicious…

June 10, 2025June 9, 2025

What is Azure Firewall?

Hi there, So, picture this. you’re in the cloud. services buzzing. users everywhere. data flowing like it owns the place. it’s chaos. fun chaos. but chaos nonetheless. and in the middle of it, your firewall. no, the firewall. Azure Firewall. this thing isn’t some dusty rule-checker. it’s a fully managed, intelligent, cloud-native security brain. yeah,…