Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!
Member: TysonPaul | Microsoft Community Hub
Enhance Your Data Protection Strategy with Azure Elastic SAN’s Newest Backup Options
Team Blog: Azure Storage
Author: adarsh_v
Published: 08/18/2025
Summary: Azure Elastic SAN now supports public preview integrations with Azure Backup and Commvault, providing automated, managed backup and recovery for Elastic SAN volumes. Azure Backup offers independent, crash-consistent snapshots, up to 450 daily restore points, simplified management, and seamless Azure integration. Commvault delivers enterprise-grade protection, snapshot-based backups, flexible recovery (including cross-region restores), and indefinite retention, supporting both Windows and Linux VMs. These solutions enhance data protection against loss, ransomware, and errors, ensuring secure, recoverable cloud storage for various organizational needs. Azure Backup suits single-volume scenarios, while Commvault is ideal for complex, multi-volume enterprise deployments.
Finding the Right Page number in PDFs with AI Search
Team Blog: Azure PaaS
Author: samsarka
Published: 08/11/2025
Summary: The article discusses how AI-powered search can accurately extract and associate page numbers with search results in large PDF documents using Azure Blob Storage and Azure AI Search. It details technical steps such as configuring storage permissions, applying OCR skillsets, setting up parent-child index projections, and defining search index schemas. By rendering each PDF page as an image and processing it with OCR, the system enables precise, page-level content retrieval, facilitating better navigation, citation, and trust in AI-generated responses for users searching within complex documents.
Protect against SharePoint CVE-2025-53770 with Azure Web Application Firewall (WAF)
Team Blog: Azure Network Security
Author: yuvalpery
Published: 08/11/2025
Summary: Microsoft disclosed CVE-2025-53770, a critical vulnerability in on-premises SharePoint Server (2010, 2013, 2016, 2019, SE) allowing unauthenticated remote code execution via authentication bypass and deserialization flaws. Patches are available for 2016, 2019, and SE, but not for 2010 or 2013. Organizations should immediately apply updates, restrict access to unsupported versions, and implement custom Azure Web Application Firewall (WAF) rules to detect and block attack patterns targeting vulnerable SharePoint endpoints, as detailed in Microsoft’s official guidance.
Azure CNI Overlay for Application Gateway for Containers and Application Gateway Ingress Controller
Team Blog: Azure Networking
Author: jonw
Published: 08/29/2025
Summary: Microsoft has announced the general availability of Azure CNI Overlay for Application Gateway for Containers and AGIC. This integration enhances IP scalability and performance for AKS clusters by enabling direct pod-to-pod routing without encapsulation overhead. It addresses key challenges like IP exhaustion and load balancing for containerized applications. The solution supports over 1 million IPs across clusters in the same VNet and ensures feature parity with kubenet, which is being retired. Customers can now upgrade AKS networking to Azure CNI Overlay while maintaining business continuity and leveraging a high-performance ingress solution.
Announcing more Azure VMware Solution enhancements
Team Blog: Azure Migration and Modernization
Author: christopheherrbach
Published: 08/25/2025
Summary: Microsoft announced several enhancements to Azure VMware Solution (AVS) at VMware Explore in Las Vegas, including expansion to 35 global regions with eight more planned by year-end. AVS now offers improved support for VMware Cloud Foundation, DISA IL5 authorization for government use, flexible Azure NetApp Files storage options, and expanded Azure Elastic SAN support for all node types. These updates make AVS a robust choice for migrating and optimizing VMware workloads in Azure, with resources available for learning and skill-building through the Azure VMware Solution 2025 Learn Challenge.
Container Networking with Azure Application Gateway for Containers (AGC): Overlay vs. Flat AKS
Team Blog: Azure Infrastructure
Author: lakshaymalik
Published: 08/31/2025
Summary: Azure Application Gateway for Containers (AGC) integrates with AKS using two networking models: Overlay (Azure CNI Overlay) and Flat (Azure CNI Pod/Node Subnet). Overlay conserves VNet IPs by assigning pods overlay CIDRs, while Flat gives pods VNet-routable IPs for direct access. AGC auto-detects the model, requires a /24 subnet, supports network policies, and leverages Layer-7 routing and security features. Deployment uses Gateway API resources without changes for either model. Overlay requires ALB Controller v1.7.9+. AGC enables flexible, secure, and scalable ingress for AKS, integrating with Azure’s security and monitoring tools.
Designing for Certainty: How Azure Capacity Reservations Safeguard Mission‑Critical Workloads
Team Blog: Azure Governance and Management
Author: Goutham_Bandapati
Published: 08/25/2025
Summary: Azure Capacity Reservations allow organizations to secure specific VM resources in designated regions or zones, ensuring availability for mission-critical workloads during demand spikes. Unlike Reserved Instances, which offer cost savings for steady usage but don’t guarantee resource access, Capacity Reservations guarantee placement but incur costs even if idle. Combining both approaches—reserving capacity for reliability and using Reserved Instances for savings—mitigates risk, optimizes costs, and enhances resilience against unpredictable cloud demand, especially for regulated, latency-sensitive, or high-stakes workloads. This strategy is essential across all major clouds to transform capacity from a risk into a managed asset.
Upcoming Changes to Instance Size Flexibility Ratios for Azure Reservations: What You Need to Know
Team Blog: Azure Compute
Author: kyleikeda
Published: 08/04/2025
Summary: On September 4, Azure will update instance size flexibility ratios for reservations covering select Virtual Machines, Azure Redis Cache, and Dedicated Hosts. These changes, aimed at optimizing reservation discounts, may impact reservation coverage—potentially increasing or decreasing the number of units covered—without changing prices. Users should review impacted SKUs and monitor reservation utilization after the update to manage costs effectively. Recommendations include adjusting usage, exchanging reservations, or utilizing Azure Advisor for cost-saving strategies. Guidance is available in the Azure Portal and Microsoft documentation.
SQL Server enabled by Azure Arc is now generally available in the US Government Virginia region
Team Blog: Azure Arc
Author: AbdullahMSFT
Published: 08/14/2025
Summary: SQL Server enabled by Azure Arc is now generally available in the US Government Virginia region, allowing government agencies to manage on-premises SQL Server instances through the Azure Government portal securely and compliantly. Key features include onboarding SQL Server instances, inventory management, extended security updates, and licensing management. Some advanced features, like failover clustering and certain services, were initially unavailable but have since been enabled, including Always On availability groups and SQL Server services. This launch marks a significant step for hybrid data management in the government cloud, with further enhancements planned.
Mobile Plans moves to the web
Team Blog: Windows OS Platform
Author: HunterM
Published: 08/28/2025
Summary: Microsoft is retiring the Windows Mobile Plans app to simplify mobile data activation on PCs. Users will now buy and manage cellular plans directly through mobile operator websites and Windows Settings, eliminating the need for a separate app. eSIM activation will be streamlined and secure, with device IDs shared via Windows Settings. The transition begins in the second half of 2025, with full retirement by February 2026. Existing cellular functions remain unaffected. Operators gain more control over the activation process, and Microsoft is supporting them through the transition for a seamless user experience.
System Center 2022 Update Rollup 3
Team Blog: System Center
Author: AakashMSFT
Published: 08/25/2025
Summary: System Center 2022 Update Rollup 3 (UR3) delivers stability, security, and compatibility improvements across Operations Manager, Service Manager, Virtual Machine Manager, and Orchestrator. Key updates include expanded guest OS support (Windows Server 2025, multiple Linux distributions), HTTPS-by-default for storage providers, enhanced console stability, restored Teams notifications, improved platform stability on new CPUs/OS builds, .NET 8 and gMSA support for Orchestrator, and TLS 1.3 enablement. UR3 incorporates previous fixes from UR2 and can be installed even if UR2 failed, reflecting Microsoft’s ongoing commitment to regular quality updates.
Windows Server 2025 Software Defined Datacenter: Networking Deployment Series (4/6)
Team Blog: Networking
Author: cindywan
Published: 08/28/2025
Summary: Part 4 of the Windows Server 2025 Networking Deployment Series details how Contoso Medical Center secures its Software Defined Datacenter using SDN features. By leveraging Network Security Groups (NSGs), tag-based segmentation, and Default Network Policies (DNP), Contoso enforces Zero Trust, automates VM protection, and ensures consistent security from creation. These capabilities simplify policy management, enhance compliance, and protect critical healthcare workloads without manual firewall rules. The article also previews upcoming topics on Accelerated Networking and SDN Multisite, and encourages readers to try these features using Windows Admin Center and SDNExpress v2.
Certifications refresh: AI-focused and fundamentals updates
Team Blog: Microsoft Learn
Author: GretchenLaBelle
Published: 08/28/2025
Summary: Microsoft Learn is updating its certification and training offerings to focus on AI, Microsoft 365, Copilot, and agents, reflecting the growing integration of AI in business. New certifications will validate foundational and expert AI skills, while beginner-level courses for various functional roles are being introduced. Microsoft will retire select Fundamentals Certifications (MS-900, MB-910, MB-920) after December 31, 2025, but earned certifications remain valid. Applied Skills micro-credentials are also available, with a chance to win a 50% exam voucher. More details on new AI-focused certifications will be announced soon.
Unlocking Flexibility with Azure Files Provisioned V2
Team Blog: ITOps Talk
Author: Pierre_Roman
Published: 08/14/2025
Summary: Azure Files Provisioned V2 introduces a flexible billing model, letting users independently provision storage, IOPS, and throughput for predictable costs and enhanced performance. Unlike previous models, it eliminates per-operation fees and enables scaling up to 50,000 IOPS and 5 GiB/sec throughput per share. This simplifies management, supports larger workloads, and often lowers costs by 30–50% for active use cases. Provisioned V2 streamlines planning and budgeting, making Azure Files more cloud-friendly and enterprise-ready while addressing common pain points in cloud file storage.
From the frontlines: Managing common kiosk scenarios in your business
Team Blog: Intune Customer Success
Author: Intune_Support_Team
Published: 08/28/2025
Summary: The article by Saurabh Sarkar discusses managing Windows kiosk devices using Microsoft Intune to boost productivity in sectors like airlines and restaurants. It outlines how Intune enables centralized configuration, security, and compliance for kiosk devices, highlighting a pizza restaurant scenario using Windows Autopilot and Edge kiosk mode. Key features include auto logon, restricted browser access, and automated Wi-Fi connectivity. The post emphasizes best practices for deploying, managing, and securing frontline devices, and references further resources for effective kiosk management.
Provider-Managed Azure Subscriptions: Cost Control and Commitment Clarity
Team Blog: FinOps
Author: Dirk_Brinkmann
Published: 08/29/2025
Summary: The article discusses scenarios where enterprise customers allow service providers to manage Azure subscriptions using the provider’s tenant, while billing remains with the customer. This arrangement enables customers to maintain full control over pricing, cost allocation, and Azure Consumption Commitment (MACC) utilization, with complete cost visibility. Service providers manage resources but have limited access to pricing and billing details. Clear governance, billing policies, and RBAC configurations are essential for effective management, ensuring decoupled operational control and cost ownership between customers and service providers.
Governing Copilot agents: Your next step starts here
Team Blog: FastTrack
Author: JulieHersum
Published: 08/21/2025
Summary: Rob Howard’s article outlines a practical governance framework for managing Microsoft 365 Copilot AI agents. It emphasizes three pillars: security controls via Microsoft Purview, management controls through admin centers, and agent usage reporting for compliance. The article introduces governance zones—sandbox, controlled, and trusted—for phased Copilot deployment based on risk and data sensitivity. Additional resources include a readiness checklist, deployment examples, tool integration links, and previews of upcoming guidance. The article is part of Microsoft’s FastTrack initiative, providing IT admins with ongoing support and resources for effective Copilot governance.
Transforming Enterprise AKS: Multi-Tenancy at Scale with Agentic AI and Semantic Kernel
Team Blog: Core Infrastructure and Security
Author: jianshn
Published: 08/29/2025
Summary: The article details how to deploy Agentic AI using Semantic Kernel on Azure Kubernetes Service (AKS) with a scalable, secure multi-tenant architecture. By isolating tenants through AKS namespaces, dedicated node pools, managed identities, and RBAC/ABAC for Azure Blob Storage, the solution ensures strong data and compute separation, minimizing cross-tenant risks and optimizing resource use. The post provides step-by-step implementation guidance, including credential scoping and deployment of AI agents, enabling enterprise-grade multi-tenancy for AI workloads with operational flexibility, cost efficiency, and security.
Announcing MSGraph Provider Public Preview and the Microsoft Terraform VSCode Extension
Team Blog: Azure Tools
Author: stevenjma
Published: 08/14/2025
Summary: Microsoft has announced the public preview of the Terraform MSGraph provider and the new Microsoft Terraform VSCode extension. The MSGraph provider enables managing Entra and M365 Graph APIs, offering broader and more immediate support for Microsoft cloud resources compared to the AzureAD provider. The VSCode extension consolidates AzureRM, AzAPI, and MSGraph support, adds features like exporting Azure resources as Terraform code, and enhances coding with IntelliSense and code samples. These tools aim to streamline infrastructure-as-code workflows, simplify resource management, and accelerate automation for Terraform practitioners in the Microsoft ecosystem.
Microsoft