Exciting update: New Advanced Package benefit for ISV Success participants!
We are delighted to share yet another exciting benefit for our ISV Success program participants. In our ongoing commitment to support ISVs, we are introducing a new Advanced Package Benefit that could significantly enhance your development projects. NEW – Advanced Package Benefit - $25,000 USD ISV Success participants with an Azure, Security, or Industry AI certified software designation may now be eligible for additional Azure Sponsorship, providing another $25,000 USD, totaling an impressive $50,000 USD when combined with the Expanded and Core benefits packages. This substantial sponsorship aims to help you maximize the potential of Azure and drive innovation in your projects. Determine your eligibility To find out if you qualify for this advanced benefit, please reach out to your Build and Publish Engagement Manager. They will assist you in understanding the eligibility criteria and guide you through the process of applying for this additional Azure Sponsorship. At ISV Success, we are dedicated to offering valuable resources and support to help you achieve your development goals. Don't miss out on this exceptional opportunity to enhance your productivity and bring your projects to life with the power of Azure. To learn more about the ISV Success offering, go to https://www.microsoft.com/en-us/isv/isv-successStrengthening the software development company supply chain with DevSecOps practices
As cyber threats grow in complexity and frequency, embedding security into the product design lifecycle is no longer optional—it’s essential. In the Microsoft Security for ISV series, our fourth session, “Strengthen the software development company supply chain with DevSecOps practices,” provides in‐depth insights into how software development companies can build robust, secure, and resilient applications while accelerating development processes. By integrating security into every phase—from design to production—software development companies can protect customer data, ensure compliance, and build lasting trust. Understanding the Evolving Threat Landscape According to GitGuardian’s 2024 report, public GitHub repositories saw an alarming surge in hardcoded secrets — with nearly 24 million new secrets (23,770,171) added last year. This represents a 25% increase compared to the previous year and highlights a troubling trend: long-lived plaintext credentials such as API keys, passwords, and authentication tokens continue to proliferate in open-source projects. Despite GitHub’s efforts to filter out known credential patterns during the push process, the rise in generic secrets—which can include common usernames, unstructured passwords, or basic auth strings—remains largely unmitigated, providing attackers of any skill level with an easy entry point and the ability to move laterally within systems. Key Security Strategies for Software Development Companies Embedding Security Throughout the Software Development Lifecycle The evolution of DevSecOps is transforming how organizations approach application security. Michael Friedrich, Cloud Solution Architect at Microsoft, underscored two primary challenges: Growing code bases often come with increased vulnerabilities Developers need intuitive security tooling that doesn’t disrupt productivity DevSecOps is all about “shifting security left” by integrating security practices throughout development—as code is written, built, and deployed—instead of addressing vulnerabilities only after production. This approach not only saves time and resources but also reduces the likelihood of exploiting application-level vulnerabilities. Key strategies include: Early threat modelling to identify and mitigate risks before deployment Collaborative workflows that bring together developers and security teams Continuous scanning methods (static analysis, secret scanning, dependency review) to catch issues early For a deeper dive, explore Microsoft’s Secure Development Lifecycle guide (https://www.microsoft.com/en-us/securityengineering/sdl). Integrating GitHub Advanced Security and Microsoft Defender for Cloud GitHub and Microsoft work in unison for a unified secure development experience. GitHub Advanced Security is embedded directly into the developer workflow to detect vulnerabilities through advanced code scanning (powered by CodeQL), secret scanning, and dependency checks. The integration means that security alerts are provided as developers code—not as an afterthought—which speeds up remediation and reduces production issues. In parallel, Microsoft Defender for Cloud (formerly Defender CSPM) offers a cloud security posture management solution that: Pinpoints and prioritizes risks with a context-aware engine Provides actionable, recommendation-driven insights for DevOps environments Delivers continuous scanning across multi-cloud environments and CI/CD pipelines Learn more about Microsoft Defender for Cloud at https://docs.microsoft.com/en-us/azure/defender-for-cloud and enhance your cloud security posture. The Secure Future Initiative: Secure by Design, Default, and Operations Microsoft’s “Secure Future Initiative” (SFI) is comprehensive framework ensures that security is embedded into every stage of product development and operations through three core principles: Secure by Design Incorporate security during the planning and architecture phases Protect identities and secrets from the start with strong key rotation, hardware security modules, and no hard-coded secrets Secure by Default Enforce robust security configurations so that protection is on by default (for example, MFA enforcement and least privilege access) Secure Operations Establish continuous monitoring protocols, rapid incident response, and centralized security logs Use tools like Microsoft Sentinel for real-time threat analytics These foundational elements ensure that as software development companies develop and scale innovative solutions—including those leveraging artificial intelligence—security remains a steadfast pillar. For additional guidance on Secure Future Initiative, visit https://www.microsoft.com/en-us/trust-center/security/secure-future-initiative Strengthening the Software Development Company Supply Chain with Modern DevSecOps Practices Modern software supply chains often include third-party dependencies, open-source libraries, and automated pipelines. Traditional security measures can’t keep pace with today’s integrated development models. Therefore, it’s critical to: Employ code signing and package verification for third-party components Adopt continuous security scanning using solutions like GitHub’s secret scanning with push protection Integrate Microsoft Defender for DevOps for comprehensive visibility from code to cloud For more on secure supply chain strategies, check out the Secure Supply Chain Consumption Framework (https://www.microsoft.com/en-us/securityengineering/opensource) Real-World Insights from BuildKite and the Role of DevSecOps Guest speaker Ken Thompson, VP of Product at BuildKite, shared practical examples from the front lines of secure continuous integration and delivery. BuildKite’s hybrid model, combining a software-as-a-service control plane with open-source on-premises agents, ensures that sensitive code and secrets never leave a customer’s infrastructure. This design enhances security while enabling: Rapid build times with hyper-parallelized pipelines Integrated security scanning within every build, thereby “shifting left” security Proven practices like the SLSA framework for artifact provenance, which verifies that code and pipelines are built in a trusted manner Ken highlighted examples where Uber have reduced build times from an hour to mere minutes while ensuring every pipeline pass incorporates critical vulnerability scanning. This demonstrates that robust security practices and efficiency can go hand in hand. Taking Action: Strengthening Your Security Posture Today Security is an ongoing journey. By adopting proactive security strategies, embracing DevSecOps practices, and integrating industry-leading tools, software development companies can build resilient, trusted applications that stand up to today’s cyber threats. Action Steps for Software Development Companies: Embed security into every phase of your SDLC Strengthen identity and access with strong MFA, conditional access, and the Zero Trust model Secure secrets using Azure Key Vault and GitHub Advanced Security for automated secret scanning Enhance supply chain security through continuous scanning and vulnerability remediation Monitor your cloud environments with Microsoft Defender for Cloud and Microsoft Sentinel for real-time insights Additional Resources: Microsoft Secure Development Lifecycle – https://www.microsoft.com/en-us/securityengineering/sdl Secure Supply Chain Consumption Framework – https://www.microsoft.com/en-us/securityengineering/opensource Cloud Adoption Framework – https://aka.ms/caf Zero Trust Guidance Center – https://aka.ms/Zero-Trust Start with Security – https://aka.ms/trysecurity SaaS Workload Guidance – https://learn.microsoft.com/en-us/azure/well-architected/saas/ Join ISV Success – https://www.microsoft.com/isv
Building your first AI Agent with Azure AI Agent Service
AI agents are transforming the way developers create intelligent AI applications, and Azure AI Agent Service is leading the charge. At a recent hands-on workshop at the Azure AI Foundry Partner Council, we explored how to build an agent application using Azure AI Agent Service, leveraging its powerful tools and SDKs to simplify AI development. Whether you're an experienced developer or just starting, this blog provides key insights into streamlining AI agent creation and integrating with enterprise systems. In this blog post, we’ll summarize the key topics covered during the workshop and highlight how Azure AI Agent Service empowers developers to create scalable, intelligent agents with minimal complexity. Introduction to Azure AI Agent Service The workshop kicked off with an overview of Azure AI Agent Service, explaining how it enables developers to create goal-driven AI agents with advanced reasoning and execution capabilities. Unlike simple chatbots, these agents can integrate with external data sources, automate workflows, and execute complex business processes autonomously. Creating Your First AI Agent Developers were guided through the step-by-step process of building an AI agent using Python and the Azure AI Agent Service SDK. Key concepts covered included: Setting up the development environment Defining tools for the agent Managing conversations with threads Using system prompts to guide AI behavior Function Calling and SQL Queries One of the most exciting demonstrations involved function calling, where AI agents interact with external systems. The session showcased how agents can: Generate and execute SQL queries Retrieve, analyze, and manipulate real-time data Seamlessly integrate with databases for enterprise applications Code Interpreter for Data Visualization To enhance user interactions, the workshop highlighted the code interpreter tool, allowing AI agents to: Write and execute Python code Generate visual representations like pie charts Process CSV files for advanced data analysis Retrieval Augmented Generation (RAG) Developers were introduced to Retrieval Augmented Generation (RAG), a technique that improves AI responses by leveraging external documents. The session covered: Setting up a simple vector store Using file search to provide context-aware responses This technique is valuable for applications where AI agents need to reference structured data to provide accurate, informed answers. Bing Grounding for Competitive Insights A standout feature discussed was Bing Search grounding, which enables AI agents to: Retrieve up-to-date web data Perform competitive product analysis Deliver real-time business insights By integrating Bing Search, AI agents can stay informed with the latest industry trends, making them highly relevant in business environments. About the Azure AI Foundry Partner Council: The Azure AI Foundry Partner Council is a dynamic and collaborative initiative designed to foster innovation and drive advancements in artificial intelligence. This council brings together a diverse group of industry leaders, technology experts, and strategic partners who are committed to leveraging the power of Azure AI to solve complex business challenges. Through the Azure AI Foundry Partner Council, members are empowered to push the boundaries of what is possible with AI, ultimately driving progress and delivering value to their organizations and customers. Call to Action and Resources Leverage this GitHub Repo with Presenter and Proctor Resources Azure AI Agent Service Documentation Fundamentals of AI Agents on Azure Introducing Azure AI Agent Service Blog Post Python Library Workshop Repository Export and Import Agents using Solutions How to use Grounding with Bing Search in Azure AI Agent Service Sample Code for Custom Functions If you’re looking to take your AI development skills to the next level, don’t miss this opportunity. Watch the recording today and start building intelligent AI agents with Azure AI Agent Service!New GitHub Copilot benefit for ISV Success Expanded Package
We are thrilled to announce a new benefit for some of our ISV Success participants. As part of our continuous commitment to supporting and empowering ISVs, we are introducing a NEW Expanded Package benefit that can take your development projects to the next level. NEW – Expanded Package benefit ISV Success Expanded Package participants are now potentially eligible for up to $5,000 in Azure credits, exclusively for GitHub Copilot. This incredible opportunity is designed to help you leverage the power of GitHub Copilot, an innovative AI tool that assists developers in writing code faster, with greater efficiency and confidence. How to determine your eligibility To find out if you qualify for this enhanced benefit, please reach out to your Engagement Manager. (To find out who is your assigned ISV Success Engagement Manager, type “who is my engagement manager” into the AI-powered assistant on ISV Hub: https://www.microsoft.com/isv/. If you are in Marketplace Rewards, you can email rewards@microsoft.com a member of the Market Rewards team will respond within 1-2 business days.) They will assist you in understanding if you are eligible for criteria and guide you through the process of applying for Expanded Package and these additional GitHub Copilot credits. At ISV Success, we are dedicated to offering valuable resources and support to help you achieve your development goals. Don't miss out on this exceptional opportunity to enhance your productivity and bring your projects to life with the power of GitHub Copilot. Stay tuned for more updates and exciting announcements from ISV Success! Additional Resources: Join ISV Success Review all ISV Success benefits Learn more about expanded benefitsWhat's New with GitHub for ISVs: September 2023 Edition
In this new monthly blog series focused on GitHub, we will be sharing product updates, notable reads, and other new resources that can be leveraged by ISVs who are building apps for the commercial marketplace. Check out what was new in September!
