Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!
Member: TysonPaul | Microsoft Community Hub
Selecting the Right Agentic Solution on Azure
Team Blog: Azure Architecture
Author: pranabpaul
Published: 09/16/2025
Summary: The article outlines Azure-specific options for building and deploying agentic solutions, emphasizing the shift from deprecated Assistants API to Azure AI Agent Service within Azure Foundry, which offers robust agent management and ongoing enhancements. Workflow-based projects may use Azure Logic Apps (preview), while advanced scenarios can leverage agent orchestrators like Semantic Kernel or AutoGen for custom architectures. Selection depends on workflow needs, code/no-code preference, hosting, orchestration complexity, and maintenance requirements, with Azure AI Agent Service recommended for most cases and further investments.
AI Azure Landing Zone: Shared Capabilities and Models to Enable AI as a Platform
Team Blog: Azure Architecture
Author: Rohon_Mohapatra
Published: 09/25/2025
Summary: The article outlines the Microsoft Azure AI Landing Zone architecture, a secure, scalable framework for deploying AI workloads across enterprise environments. It features separate landing zones for connectivity, AI applications, centralized AI services, and management. Key components include Application Gateway (WAF), private endpoints, Azure Key Vault, App Insights, and Logic Apps. The architecture ensures secure user access, efficient routing to AI models (OpenAI, Cognitive Services), centralized monitoring, usage reporting, and robust governance, enabling enterprises to deliver and manage advanced AI-powered applications while maintaining compliance, security, and operational efficiency across multiple Azure subscriptions.
Enable Certificate-Based Authentication for Windows Admin Center Gateway Servers with AD CS
Team Blog: ITOps Talk
Author: OrinThomas
Published: 09/22/2025
Summary: The article explains how to enable certificate-based authentication for Windows Admin Center (WAC) gateway servers using Active Directory Certificate Services (AD CS) and smart card logon. It details prerequisites, configuring certificate templates, enabling Authentication Mechanism Assurance (AMA) to dynamically assign a smartcard-required security group, and setting WAC to require this group for access. The process ensures only users who authenticate with approved smart card certificates can access WAC, strengthening security. It covers setup, testing, troubleshooting, limitations, and compatibility considerations, emphasizing domain-joined environments and robust group/policy configuration.
Supercharging NVAs in Azure with Accelerated Connections
Team Blog: ITOps Talk
Author: Pierre_Roman
Published: 09/25/2025
Summary: Accelerated Connections in Azure enables firewalls, routers, and SD‑WAN NVAs to handle higher connections-per-second (CPS) and more simultaneous sessions by offloading connection processing to dedicated hardware at the NIC level. This boosts stability during traffic surges, reduces connection drops, and allows for flexible scaling via performance tiers (A1-A8). Enablement requires downtime and careful planning, focusing on high-throughput NICs. The feature is especially beneficial for regulated, high-traffic industries, reducing the need for horizontal scaling and simplifying operations. Monitoring and iterative rollout are recommended for optimal performance and cost management.
Update Entra ID Device Extension Attributes via PowerShell & Create Dynamic Security Groups.
Team Blog: Core Infrastructure and Security
Author: SantoshPargi
Published: 09/01/2025
Summary: The article explains how to use PowerShell and Microsoft Graph to update Entra ID device extension attributes, which are custom fields for tagging devices. By modifying these attributes, organizations can automate device grouping and apply targeted security, Conditional Access, or Intune policies. The provided script reads device names from an Excel file, updates extensionAttribute6, and enables dynamic group membership based on attribute values. The process requires app registration and proper permissions. Caution is advised, and testing is recommended before production deployment.
Windows 365 Link – Deployment Planning, Setup and Enrollment
Team Blog: Core Infrastructure and Security
Author: MichaelHildebrand
Published: 09/09/2025
Summary: **Summary:** The Windows 365 Link is a device that simplifies secure access to Windows 365 Cloud PCs, requiring specific Intune, Entra, and Windows 365 configurations for deployment. It supports user-driven and admin-driven enrollment, with device management options and policy considerations, including device naming, security, and update settings. Authentication methods include passwords and FIDO2 keys. The Link device integrates with Microsoft Defender for Endpoint, supports SSO, and offers firmware controls. Deployment is straightforward, but tenant configurations should be reviewed to ensure compatibility and optimal device management.
General Availability of Azure Backup vaulted support for Azure Files Premium (SSD) shares
Team Blog: Azure Storage
Author: Subhash_athreya
Published: 09/23/2025
Summary: Microsoft has announced general availability of Azure Backup vaulted support for Azure Files Premium (SSD) shares, enabling enterprise-grade data protection for mission-critical workloads. This solution offers immutable, offsite backups, geo-redundant storage, and cross-region recovery, defending against ransomware, accidental deletion, and outages. Azure Backup aligns with the 3-2-1 backup rule and supports diverse scenarios, including VDI profiles, application storage, cloud-native, and hybrid environments. IT administrators can centrally manage backup policies, ensuring security, compliance, and long-term retention for critical data, strengthening business continuity and disaster recovery strategies on Azure.
Azure Native Pure Storage Cloud brings the best of Pure and Azure to our customers
Team Blog: Azure Storage
Author: karautenMSFT
Published: 09/25/2025
Summary: Azure Native Pure Storage Cloud integrates Pure Storage’s enterprise block storage with Azure, offering seamless management via Azure tools. The service provides high performance, resiliency, and cost-effectiveness for customers, especially those migrating on-premises VMware workloads. It simplifies storage provisioning and network connectivity, enabling advanced data management features like snapshots and replication. Pure Storage Cloud is supported primarily by Pure Storage, with Azure support as needed. Future enhancements and broader Azure integrations are planned, expanding use cases beyond VMware. Users can access demos and a free trial to experience the solution’s capabilities.
Monitoring web application traffic for configuring rate limit on Azure Front Door WAF
Team Blog: Azure Network Security
Author: andrewmathu
Published: 09/22/2025
Summary: The article explains how to use Azure Front Door WAF’s diagnostic logs and KQL queries to analyze real web traffic for effective rate limit configuration. It demonstrates how to set thresholds and durations based on observed traffic patterns, avoiding overly strict or lenient limits. By examining client IPs, geographies, and specific endpoints, users can create targeted rate limiting rules that balance security and usability, reducing abuse and maintaining app performance. The guidance emphasizes testing and customizing rules for your environment to prevent disruption to legitimate users.
Azure Front Door Protection against CVE-2025-8671 (MadeYouReset)
Team Blog: Azure Network Security
Author: yuvalpery
Published: 09/05/2025
Summary: Azure Front Door is protected against the newly disclosed HTTP/2 vulnerability CVE-2025-8671 (MadeYouReset), which can cause denial of service through repeated stream resets. Mitigations implemented in 2023 to address a similar attack (Rapid Reset, CVE-2023-44487) already defend against this new threat by safeguarding against all forms of stream cancellations. No customer action is required, and Azure services remain secure and resilient against these HTTP/2 protocol attacks.
Accelerate and Simplify Cloud Transformation with New Agentic AI Solutions
Team Blog: Azure Migration and Modernization
Author: PatWidjaja
Published: 09/17/2025
Summary: The article announces the upcoming Migrate and Modernize Summit on September 23-24, where IT professionals and cloud leaders will explore new agentic AI solutions for cloud transformation. Featuring keynote speakers from Microsoft, the event will showcase AI-powered tools, product innovations, real-world case studies, and hands-on sessions to accelerate migration, reduce costs, and minimize risk. Attendees can connect with experts, access curated learning paths, and participate in challenges to earn recognition. The summit aims to empower organizations to modernize confidently using Azure’s latest AI-assisted capabilities and support offerings.
Migrating Application Load Balancer from AWS to Azure Application Gateway
Team Blog: Azure Migration and Modernization
Author: Michael_Bender_MS
Published: 09/03/2025
Summary: Migrating from AWS Application Load Balancer to Azure Application Gateway is a strategic move to enhance agility, security, and business growth. The process involves assessing current capabilities, preparing configurations, executing a parallel deployment with careful DNS cutover, and validating performance using Azure’s monitoring tools. Best practices include leveraging Azure’s integrated features, automating deployments, minimizing downtime, and continuous optimization. The migration empowers organizations with enterprise-grade performance and security, future-proofing cloud infrastructure and supporting ongoing digital transformation.
Explore HPC & AI Innovation: Microsoft + AMD at HPC Roundtable 2025
Team Blog: Azure High Performance Computing (HPC)
Author: Fernando_Aznar
Published: 09/29/2025
Summary: The HPC Roundtable 2025 in Turin, hosted by DoITNow on September 30th, will spotlight Microsoft and AMD’s advancements in cloud-native HPC and AI infrastructure. Highlights include Polestar’s session on modernizing engineering workflows with Microsoft Azure HPC and a panel on accelerating intelligence in HPC and AI. Attendees will gain insights into transforming simulation and engineering with scalable cloud solutions, network with industry leaders, and explore future strategies for high-performance computing and artificial intelligence across various industries.
CycleCloud + Hammerspace
Team Blog: Azure High Performance Computing (HPC)
Author: anhoward
Published: 09/25/2025
Summary: The article highlights how Azure CycleCloud, Slurm, and Hammerspace simplify high-performance computing (HPC) in the cloud. CycleCloud automates cluster deployment and scaling, Slurm manages job scheduling, and Hammerspace provides seamless, high-performance global data access via standard NFS. Integration is straightforward, requiring minimal configuration and no application changes. Features like Scheduled Events enable automated resource cleanup, reducing costs and administrative overhead. This streamlined approach accelerates results, enhances efficiency, and allows HPC users to focus on core tasks rather than infrastructure management.
Announcing General Availability of Azure D192 Sizes in the Azure Dsv6 and Ddsv6-series VM Families
Team Blog: Azure Compute
Author: sarah-zhou
Published: 09/08/2025
Summary: Microsoft has announced the general availability of the Azure D192 size for Dsv6 and Ddsv6-series VMs, featuring 192 vCPUs and 768 GiB of RAM powered by Intel Xeon Platinum 8573C processors. These VMs offer high performance, enhanced security via Intel Total Memory Encryption, up to 400K IOPS, 12 GB/s storage throughput, and 82 Gbps network bandwidth. The D192 sizes are suitable for demanding workloads and are now available in multiple Azure regions. Dsv6 uses managed disks, while Ddsv6 includes local NVMe storage for improved IOPS and low-latency access.
Announcing preview of new Azure Dasv7, Easv7, Fasv7-series VMs based on AMD EPYC™ ‘Turin’ processor
Team Blog: Azure Compute
Author: ArpitaChatterjee
Published: 09/09/2025
Summary: Microsoft has announced a preview of new Azure virtual machines powered by 5th Generation AMD EPYC™ ‘Turin’ processors, available in select regions. These VMs offer up to 35% improved CPU performance, expanded scalability up to 160 vCPUs, higher memory capacity, and enhanced storage throughput. New VM families and constrained-core options help optimize costs and performance for various workloads, including AI, analytics, and web servers. Security features and advanced networking are included. The VMs support multiple memory-to-vCPU ratios and will be charged during preview, with pricing details provided upon access.
Announcing General Availability of Azure Local on Microsoft Azure Government Cloud
Team Blog: Azure Arc
Author: meenagowdar
Published: 09/30/2025
Summary: Azure Local is now generally available for Azure Government, enabling agencies to run cloud-connected infrastructure on-premises while maintaining operational control and compliance. It offers streamlined deployment, unified management, comprehensive observability, flexible workload support, robust security, and access to Extended Security Updates for legacy products. Agencies benefit from features like Trusted Launch for VMs, integration with Azure Monitor and Defender, and non-disruptive updates. Azure Local empowers government organizations to modernize infrastructure, support mission-critical workloads, and meet stringent regulatory requirements with scalability, reliability, and security.
Announcing the General Availability of Arc Gateway for Azure Local
Team Blog: Azure Arc
Author: Cristian Edwards Sabathe
Published: 09/25/2025
Summary: Microsoft has announced the General Availability of Arc Gateway for Azure Local, streamlining secure connectivity between on-premises and edge environments and Azure. Arc Gateway centralizes HTTPS egress, drastically reducing firewall rules and endpoints from over 100 to fewer than 28, simplifying management and enhancing security. It integrates seamlessly with enterprise proxies and supports Azure Local VMs and AKS clusters. Existing Azure Local VMs can use Arc Gateway if guest management is enabled, while AKS clusters support is in public preview. Documentation and guides are available for deployment and further exploration.
Our commitment to help build AI skills in higher education
Team Blog: Microsoft Learn
Author: jeanaj
Published: 09/12/2025
Summary: Microsoft has announced new initiatives to equip higher education students and faculty with essential AI skills, including free AI Bootcamps for faculty worldwide in multiple languages. The company is also partnering with community colleges in the U.S. to offer free AI training and certifications, aiming to benefit over 10 million students. These efforts focus on providing cutting-edge tools, training, and credentials to empower educators to lead confidently and prepare students for success in the AI-driven job market.
Supercharge your workflow with real-time information from the Microsoft Learn MCP Server
Team Blog: Microsoft Learn
Author: curtis_lee
Published: 09/17/2025
Summary: The article introduces the Microsoft Learn MCP Server, which connects AI agents directly to real-time, official Microsoft documentation. This integration ensures developers and IT teams access up-to-date, relevant information within their workflow, enhancing productivity, accuracy, and security. The server supports focused excerpts and full documentation, streamlining tasks like help desk support, onboarding, and secure coding. Upcoming features include ready-to-use code samples. The MCP Server is positioned as a new standard for empowering AI-driven workplaces with trustworthy, actionable data, helping organizations maximize efficiency and make better decisions.
From the frontlines: Delivering critical early responder device management
Team Blog: Intune Customer Success
Author: Intune_Support_Team
Published: 09/30/2025
Summary: The article discusses how emergency services like paramedics and police use Microsoft Intune to manage mobile devices efficiently and securely. Shared iPads in ambulances utilize Apple’s Automated Device Enrollment for seamless access and security, while police departments deploy fully managed Android tablets with device staging for rapid, consistent, and compliant setups. These solutions ensure frontline workers have secure, real-time access to critical apps and data, reduce IT overhead, and maintain operational readiness, illustrating best practices for device management in high-stakes field environments.
Support tip: Troubleshoot device cap reached when enrolling devices into Microsoft Intune
Team Blog: Intune Customer Success
Author: Intune_Support_Team
Published: 09/09/2025
Summary: **Summary:** The article explains how to troubleshoot device enrollment failures in Microsoft Intune due to device limit restrictions set by Intune or Microsoft Entra. It details the differences between Intune device enrollment limits and Microsoft Entra device registration limits across platforms (Android, iOS, macOS, Windows), and guides users to resolve errors by removing inactive or stale devices or increasing device limits in the respective admin centers. Special scenarios like Windows Autopilot hybrid join are addressed, recommending best practices to avoid limit issues by managing device records and user assignments appropriately.
Accelerating Infrastructure as Code: Introducing Game-Changing Terraform Features for Azure
Team Blog: Azure Tools
Author: stevenjma
Published: 09/26/2025
Summary: Microsoft’s Terraform on Azure team has announced major new features to simplify and accelerate infrastructure automation. Highlights include seamless AI-powered code generation in the Azure portal with Copilot, an integrated VS Code extension with IntelliSense, code samples, reverse engineering (Export Terraform), and advanced preflight policy validation. The new MS Graph provider extends Terraform’s reach to Microsoft 365, Windows, and Dynamics 365 configurations. These enhancements streamline workflows, improve compliance, and unify management of Azure and Microsoft resources, making Infrastructure as Code easier and more comprehensive for all users.
Developer Tier APIM + Self-hosted Gateway
Team Blog: Azure PaaS
Author: reve
Published: 09/27/2025
Summary: The article discusses the Developer tier of Azure API Management (APIM), highlighting its premium features like virtual network injection and self-hosted gateway support. While the Developer tier offers many advanced capabilities, it lacks an SLA, making it suitable mainly for non-production and evaluation scenarios. Combining the Developer tier with a self-hosted gateway on a managed VM can provide greater control over service availability and minimize disruptions, such as those caused by VM OS upgrades during business hours.
Exclude Prefix in Azure Storage Action: Smarter Blob Management
Team Blog: Azure PaaS
Author: ManjunathS
Published: 09/30/2025
Summary: Azure Storage Actions offers automation for blob management, and its "Exclude Prefix" feature allows users to omit specific blobs or folders from targeted actions like deletion or tier changes. By specifying prefixes to exclude, critical data such as logs or configs can be protected during automated tasks. This feature enhances control, reduces errors, and enables more granular workflows, improving operational efficiency for large-scale data management in Azure Blob Storage. Additionally, exclusions can be set using task conditions and the "Not" operator for further customization.
Azure Networking Portfolio Consolidation
Team Blog: Azure Networking
Author: Sudha_Mahajan
Published: 09/15/2025
Summary: Microsoft is consolidating its Azure Networking portfolio to address customer feedback about complexity and service overlap. The new approach organizes networking services around four core scenarios: network foundations, hybrid connectivity, load balancing/content delivery, and network security. By merging related services, retiring outdated offerings, and streamlining documentation, Azure Networking aims to simplify decision-making, enhance product alignment, and improve user experience across Azure.com, the portal, and documentation. These changes help customers quickly find relevant solutions, boost productivity, and better follow industry best practices. Further improvements are planned in the coming months.
Using Application Gateway to secure access to the Azure OpenAI Service: Customer success story
Team Blog: Azure Networking
Author: vnamani
Published: 09/25/2025
Summary: A large enterprise customer built a secure, on-prem generative AI app using Azure OpenAI, despite lacking private connectivity and mature Azure infrastructure. By deploying Application Gateway as a reverse proxy with SSL termination, Web Application Firewall, Network Security Groups, and custom IP/firewall rules, they restricted access to specific ranges and ports. The solution enabled secure, governed communication with Azure OpenAI via public endpoints, leveraging customer-issued SSL certificates, without needing a full Azure landing zone or private network. This architecture met stringent security requirements and facilitated successful deployment of the AI application.
Architecting Multi-region solution in Azure - Lessons Learned
Team Blog: Azure Infrastructure
Author: prjelesi-msft
Published: 09/22/2025
Summary: The article emphasizes the importance of architecting Azure solutions with a multi-region strategy to maximize performance, scalability, availability, cost optimization, compliance, and disaster recovery. It outlines key benefits, critical planning considerations, and practical lessons learned for both new (greenfield) and existing (brownfield) deployments. Success requires early region-agnostic design, careful region selection, and readiness to manage added operational complexity. By leveraging Azure as a global platform, organizations can future-proof their cloud architecture and enhance reliability, resilience, and user experience.
GA: Enhanced Audit in Azure Security Baseline for Linux
Team Blog: Azure Governance and Management
Author: AmirB
Published: 09/02/2025
Summary: Microsoft has announced the General Availability of Enhanced Azure Security Baseline for Linux, providing scalable, audit-only security monitoring for over 1.6 million Linux devices across Azure and Arc-enabled environments. The solution enables organizations to continuously audit Linux configurations against industry benchmarks, offering granular insights and detailed reporting without enforcing changes. Key features include broad distribution support, over 200 security checks, enterprise-scale reporting, and no additional licensing costs. This release empowers enterprises to improve visibility, streamline compliance, and reduce risk in cloud and hybrid Linux estates. Auto-remediation is available only in limited preview.
Cloud and AI Cost Efficiency: A Strategic Imperative for Long-Term Business Growth
Team Blog: Azure Governance and Management
Author: Fernando_Vasconcellos
Published: 09/29/2025
Summary: In today’s digital-first economy, cost efficiency in cloud and AI is vital for sustainable business growth. Microsoft’s Azure Essentials framework provides a structured, three-stage approach—readiness, design, and optimization—to help organizations maximize ROI, innovate, and scale efficiently. By leveraging proven frameworks, tools, pricing models, and resources, businesses can align technology investments with strategic goals, control spending, and enhance agility. Azure’s solutions and best practices enable companies to continuously monitor, optimize, and govern cloud and AI usage, ensuring innovation and profitability without overspending, and positioning organizations for long-term success.
Microsoft