NDC Sydney 2026

Modern software relies heavily on third-party components like open-source libraries and NuGet packages, which can introduce security risks. If you're not carefully managing these dependencies, you could expose your application to vulnerabilities or even malicious code—just like what happened with Log4J. In this session, we'll cover best practices for securing your .NET projects, including using tools like Trivy and NuGet’s security features to scan and monitor dependencies. We’ll also discuss supply chain observability—how to track vulnerabilities and ensure the integrity of your components. Beyond tools, we'll touch on team policies for approving third-party libraries, setting security gates in CI/CD pipelines, and fostering a security-first mindset in your organization. Live demos will show practical steps you can implement right away to protect your applications.

This session provides a direct comparison of several AI-assisted developer tools including GitHub Copilot, Cursor, Loveable, and others. Each tool will be tested against a consistent set of programming tasks such as writing new code, refactoring, debugging, and test generation. Attendees will see how each tool performs in terms of accuracy, speed, and integration with existing workflows. The session will highlight specific strengths and limitations based on real coding scenarios. It will also cover what happens when multiple tools are used together. This talk is intended for developers who want a practical understanding of how current AI tools support day-to-day programming work and where manual effort is still required.

Searching isn't just about exact matches anymore—users expect search results that understand context and adapt to their input. Enter the world of AI-driven fuzzy search! In this session, we’ll explore how to implement powerful search capabilities in .NET using Microsoft.Extensions.AI, Ollama, ChatGPT, and vectorization techniques. You’ll learn: - How to integrate AI into your .NET applications with Microsoft.Extensions.AI. - How ChatGPT and Ollama enhance contextual understanding. - Why vectorization is key to semantic search and how to implement it. Through live demos and practical examples, you'll leave equipped to build better, more user-friendly search experiences. Whether you're a .NET developer or an AI enthusiast, this session will give you tools to level up your search game.

Ephemeral environments sound like the perfect solution for quickly testing changes. Spin up fresh infrastructure for every feature branch, test in isolation, tear it down when you're done. Clean, efficient, disposable. Simple, right? Well, there's a bit more to it than that. In this talk, I'll explore why many teams love the idea of ephemeral environments but struggle to implement them. We'll cover the fundamentals you need to understand before diving in, from how long these environments should live, to whether they need to mirror production, to where your data comes from, and what you should use these environments for. You'll walk away understanding: - What ephemeral environments are, when they make sense, and what infrastructure maturity you need before attempting this - How your existing infrastructure choices (Kubernetes, Azure Static Web Apps, virtual machines, PaaS, etc.) influence your implementation approach - Real-world tradeoffs between the coordination overhead of static environments versus the cost and complexity of ephemeral ones - Why parameters and variables will be required everywhere, and why they can be frustrating This is an honest look at what works, what doesn't, and how to bridge the gap between wanting ephemeral environments and successfully running them. I'll show a couple of demos of getting started, so whether you're evaluating ephemeral environments for the first time or looking to understand why your initial experiments didn't stick, this talk will help you make informed decisions about your approach.

Some of the best things we build as programmers never ship to customers - they live in our homes, our budgeting processes, our daily tasks, and our random weekend experiments. From automating lights to building interactive budget trackers, personal dashboards, or tools that simply make life a bit smoother (usually!), these projects quietly become the most powerful way to learn new tech. In this talk, we'll explore how personal projects act as a low-pressure playground for levelling up - staying current with frameworks, trying new cloud services, strengthening patterns and architecture skills, and building confidence through hands-on experimentation. I'll share real examples from my own projects, from practical automations to things where I dared to think "I wonder if I could build that?", and will talk about some of the exciting platforms and tools that are out there now that make it ridiculously easy to prototype whatever wild idea pops into your head. Key takeaways of this talk will be inspiration for your next "for fun" build, an understanding of why these projects matter, and a reminder that some of the best learning happens away from your day job.

Model Context Protocol is rapidly becoming the de facto standard for LLMs and systems to communicate. This session explores the fundamentals of the MCP protocol, how to safely implement it into our applications with the .NET SDK and Semantic Kernel, plus key considerations for building a production-ready system – like auth, rate limits, and observability. We'll cover the basics of setting up an MCP server in .NET and exposing executable functionality as Tools, enabling any client to communicate with our application. We'll understand how Semantic Kernel's familiar concepts of Plugins and Functions map over to the world of MCP. Let's walk through integrating .NET's native Identity services to align with MCP’s authentication spec, enforce role-based permissions using Semantic Kernel Filters, and apply rate limiting middleware to keep systems reliable and secure. Finally we will discuss approaches to running intelligent .NET applications in the wild with Azure API Management, open telemetry, and .NET Aspire on Azure Container Apps.

Everyone's talking about AI agents, but few have operated one in production serving a real organization for an extended period. This talk shares hard-won lessons from building and evolving InfraAssistant — a multi-agent system that handles technical support, troubleshooting, knowledge management, and operational tasks for a platform engineering team, and is now growing into a customizable platform for the entire organization. We'll cover: the evolution from simple chatbot to a complex, dynamically evolving multi-agent system with MCP, hundreds of tools, and a diverse action space; which architectural pivots were necessary and why; practical challenges around context management, tool design, and reliability; and how to balance powerful agentic capabilities with security. Beyond the technical, we'll explore the foundational mechanisms enterprises need now to properly leverage generative AI and autonomous agents in the years ahead. Attendees will leave with practical patterns for building multi-agent systems that survive contact with reality, and architectural principles that prevent you from getting left behind as the field rapidly evolves.

Complexity is a property of systems with lots of components that interact in lots of ways. Bugs thrive in complexity. Inert bugs in one component may be activated by seemingly unrelated changes in another. Latent bugs may take years to be observed. Just writing lots of unit tests for this kind of software isn't enough. Bad tests slow you down without catching meaningful bugs. Good tests are hard-working productivity multipliers. In this session we'll explore a variety of testing techniques applied to a commercial database engine over a decade of active development, including model-based testing, fuzzing, and more. Borrowing methodologies from other industries, we'll see how testing complex software requires challenging our ideas of what a test is, and how testing fits into software development.

For a while now, GitHub Actions has been a powerful tool for automating processes directly from your GitHub repository. This session aims to transcend beyond basic tutorials and dive into the sophisticated capabilities of GitHub Actions, offering insights into building, testing, and deploying applications with unparalleled efficiency. Throughout this session, we'll navigate through the intricacies of GitHub Actions, uncovering the potential of this automation powerhouse. You'll gain a deep understanding of advanced concepts and techniques, ensuring you can leverage GitHub Actions to its full extent for your projects. Here's what you'll learn: - Optimizing GitHub Actions Runners: Master the art of selecting and optimizing runners for faster builds and deployments. - Mastering YAML Workflow Syntax: From triggers to conditionals, learn to craft workflows that respond dynamically to the complexities of your project. - Leveraging Advanced Features: Dive into job dependencies, matrix builds, and outputs for sophisticated workflow design. - Securing with Environments and Secrets: Implement best practices for managing sensitive data and configuring secure deployment environments. - Dynamic Deployments: Explore advanced deployment strategies to container registries and Azure, ensuring your application is delivered efficiently to the right platforms. Enhanced with real-world examples, this session will equip you with the skills to implement advanced CI/CD workflows that streamline your development process, improve code quality, and accelerate deployment cycles. Whether you're looking to refine your existing CI/CD practices or expand your GitHub Actions expertise, this talk will provide valuable insights and techniques that are immediately applicable.

Autonomous AI agents are quickly becoming the next frontier in software development, moving beyond copilots to systems that can sense, reason, and act independently. But with this evolution comes a new set of challenges: agents that operate without clear boundaries, make opaque decisions, or act without human oversight can introduce serious risks to safety, fairness, and accountability. In this session, we’ll explore how developers can apply the principles of Responsible AI to build autonomous agents that are not only powerful but also trustworthy. We’ll walk through technical implementation strategies using publicly available Microsoft and Azure tools, including orchestration frameworks, fairness assessment toolkits, and governance patterns that enforce safe behaviour. Through hands-on demos, we’ll showcase practical examples of how to audit agent behaviour, enforce action boundaries, and build systems that align with ethical and regulatory standards. You’ll see how to use tools to embed responsibility into every layer of your agentic architecture. This talk will equip you with practical techniques to build autonomous AI agents responsibly using open-source tools, design patterns, and governance frameworks that ensure safety, transparency, and accountability from day one.

Cross-platform development has never been more capable—or more chaotic. Between native UI frameworks, AI-assisted design, and the rise of Model Context Protocols (MCPs), developers are navigating a rapidly shifting landscape. In this session, we’ll cut through the noise and explore how the Uno Platform, combined with Hot Design and MCP-powered workflows, enables you to deliver elegant, truly cross-platform applications running on Windows, iOS, Android, macOS, Linux, and WebAssembly—all from a single C# codebase. We’ll walk through practical examples of how Hot Design transforms UI workflows using live editing, AI-generated layouts, and instant visual feedback. Then we’ll go deeper into how MCPs allow developers to scaffold whole apps that leverage themes, toolkit, extensions and other features of the Uno Platform. Whether you're building your first Uno app or optimising a production-scale solution, you’ll leave understanding: - How Uno Platform’s UI and runtime architecture enables native performance everywhere - How Hot Design boosts iteration speed with real-time design-to-code workflows - How MCPs enrich developer tooling with AI-driven context, automation, and smart refactoring - Patterns for combining all three to build modern apps faster, cleaner, and smarter If you want to glimpse the future of .NET app development—and start using it today—this session is for you.

Agentic applications are inherently complex to build, you have so many systems that need to be connected together, from databases to APIs to cloud platforms. Microsoft's new Agent Framework can reduce part of this complexity by abstracting away the underlying AI platform, allowing you to move between local and cloud with easy, but there's still a lot of additional overhead for all the other parts of the application to manage. Enter Aspire, a platform for simplifying the development and deployment of distributed applications, be the monoliths or microservices. So, let's bring all of this together and see how we can get to the simplicity of cloning a repo and hitting run to have a fully functioning development environment for agentic development that seamlessly rolls into production deployments.

CSS has never been more powerful, intuitive, or exciting! With groundbreaking features such as scroll-linked animations, advanced text wrapping and nesting, intelligent selectors like :has() and :not(), and the adaptive magic of container queries — the way we build the web is evolving like never before. In this fast-paced and high-energy talk, Lemon will introduce you to the latest and greatest features of modern CSS, and give you tips for using them to transform your projects—whether you’re giving an old site a fresh coat of paint or leveling up your current workflow. Get ready to expand your CSS toolkit and create beautiful, performant designs with confidence. This is the CSS you didn’t know you’ve been waiting for.

We love adding features, but what about taking them away? Deprecating and deleting code is one of the most neglected parts of the software lifecycle, often postponed until it becomes painful, risky, or politically tricky. In this talk, we’ll explore how feature toggles, typically used to launch features, can be just as powerful for retiring them. We’ll cover real-world examples and lessons learned from within Octopus and discuss tooling tips to help you clean up your codebase without fear. If your product roadmap is filled with more "we should remove that someday" than you're comfortable admitting, this talk is for you.

Scaling a database sounds like a great idea, but have you considered the number of ways it can fail? Add some nodes, throw in replication, and suddenly you're explaining to stakeholders why two customers saw two different truths at the same time. Turns out distributed systems have opinions about physics - but data modeling can help. This session covers the fundamentals (replication, consistency, partitions) and the tradeoffs nobody mentioned when they said "just scale horizontally." We'll look at real failure modes and practical patterns for building systems that handle chaos without dragging your app down with them.

Tired of Jira suggestions that actually make sense? Ever wish your project assistant had less emotional intelligence and more sarcasm? In this talk, we’ll build an AI-powered Rovo agent that lives in your Jira instance and gives gloriously bad advice. Whether it’s renaming every ticket to “ASAP Fix Me” or suggesting you "pivot to blockchain," this is your chance to explore Atlassian’s AI ecosystem by doing the absolute wrong thing—on purpose. Behind the chaos is a serious dive into building custom Rovo agents using Forge, Atlassian’s serverless app platform. You’ll learn how to tap into structured context, design agent behaviors, call external APIs, and create an experience that’s technically robust but deeply unhelpful. Come for the bad ideas, stay for the genuinely useful lessons in AI-powered automation inside Jira.

In this session I am showing you how I combined the hottest AI-topics to create an assistant for my grandma, in an attempt to help her with some of the difficulties that many older people face. Upon an edge device, I designed, implemented and deployed a solution that acts as a communication bridge between the elderly and the outer world, including care takers, nurses, doctors etc. To achieve that, it uses local resources as well as Azure resources for multiple heavier tasks. I will go through all the challenges I faced, stretching from hardware and software to people skills and the fear of the unknown.

Over the years, the concept has had many different names. From “observables” in KnockoutJS, to “refs” in VueJS, before Solid made “signals” popular. We’ve seen the carcinization of frontend frameworks in the pursuit of more seamless and fine-grained reactivity in our applications. But what actually are Signals? Why do we keep coming back to them? And why is their potential adoption as a language standard such a big deal?

Building secure applications requires more than just adding encryption. Through live demos and real-world examples, we'll explore how to properly implement security features like end-to-end encryption, perfect forward secrecy, and secure device migration. You'll see how to protect both data and metadata, at rest and in transit, and learn about the common pitfalls that can compromise seemingly secure systems. Using a chat application as our example, we'll walk through the evolution from basic encryption to a robust security system. We'll examine how real-world applications handle key management, protect against traffic analysis, and manage secure device enrollment. You'll learn the architectural patterns that make applications truly secure at scale. Whether you're building a messenger, a document store, or any application that needs to protect user data, you'll leave with practical knowledge of how to implement encryption correctly and make informed security decisions in your own projects.

As organizations integrate Generative AI into their systems, securing data access for both human users and AI agents has become a critical challenge. Traditional access control approaches fall short when AI systems need contextual, document-level permissions at scale and speed. This talk demonstrates how Fine-Grained Authorization (FGA) provides robust security for Retrieval-Augmented Generation (RAG) and agentic AI systems. Learn how to implement permission models that protect sensitive information while enabling AI to access only authorized data. The talk explores implementations using OpenFGA and LangChain, showcasing how to build security directly into AI retrieval pipelines. The presenters will provide real world case studies to discover how enterprises can prevent data leakage, implement multi-tenant isolation, and maintain audit trails while scaling to billions of access decisions. Open source tools like OpenFGA and integration techniques with vector databases will be featured, along with best practices for real-world deployment. Thus join us to understand how one can maintain security without sacrificing performance or user experience in Agentic / Gen AI applications.

Azure Data's developer story is getting good. Data API builder provides a drop-in replacement for most middle tiers with secure, feature-rich REST and GraphQL endpoints that expose SQL, Cosmos, Postgres, and MySQL in Azure, on-prem, or any cloud with a rich developer experience, CLI, and breadth of tools. Azure Data's MCP story is also getting good. At the heart of our agentic play is Data API builder's new MCP experience, which provides DML and DQL interop for models in a novel and performant way that keeps security and scale top of mind. Integrated with AI Foundry, Entra, ACA, and SQL, the SQL MCP Server is an important puzzle piece. For three years, Data API builder has given developers the flexibility, telemetry, and topological options they need to snap into the enterprise architectures of our largest customers and the earliest hobbyists. Free, open source, and fully supported, Data API builder is the cornerstone of our Data story arc to enable every developer. But that's easy to say. Come see for yourself what Data API builder can do for classic line-of-business apps interacting with backend data sources, how massive chunks of a code base made redundant by the engine can be eliminated, and how intelligent apps integrating AI agents through LLM models can "just work" against your data sources.

Software used to be predictable. You could trace the logic, reason about behaviour, and prove the results. Better tools have made us faster and allowed us to build more with less effort. But the further we step away from the code, the less control we really have. This is not a new problem, but it's more relevant than ever. Generative AI has dropped the barrier to entry dramatically, and it's never been easier to produce probably-working software with a single prompt. So how do we avoid sleepwalking into brittle, opaque systems that only appear correct? When is "good enough" actually good enough? And when the result always looks right, how do we know when to step in?

In this session, I want to show developers and architects how to build a resilient, cloud-native, active-active distributed microservices platform using Azure Container Apps and Terraform Stacks. We’ll start from a simple front end and progressively assemble a fully authenticated API tier, event-driven communication with Event Grid, and a lightweight GitOps workflow that continuously deploys both infrastructure and services across multiple regions. The goal is to demonstrate clear, repeatable patterns that make serverless microservices easier to build, operate, and scale.