Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!
Member: TysonPaul | Microsoft Community Hub
Reimagining AI at scale: NVIDIA GB300 NVL72 on Azure
Team Blog: Azure Infrastructure
Author: gwaqar
Published: 10/28/2025
Summary: Microsoft has deployed the NVIDIA GB300 NVL72 infrastructure on Azure, offering unprecedented AI compute density in a single rack with 72 Blackwell Ultra GPUs and 36 Grace CPUs. The system features advanced liquid cooling, smart rack management, robust security, and streamlined deployment for rapid scaling. Innovations include improved power and thermal management, integrated diagnostics, and flexible cooling for global data centers. The GB300 platform enables efficient, reliable scaling of high-density AI clusters, supporting demanding workloads like multitrillion-parameter model training and inference, and exemplifies Microsoft’s commitment to cutting-edge, resilient AI infrastructure.
Managing Context Retention in Agentic AI
Team Blog: Azure Infrastructure
Author: RavinderGupta
Published: 10/03/2025
Summary: **Summary:** The article discusses the challenge of context retention in agentic AI systems, which can lead to loss of history, inconsistent outputs, and poor scalability. Python, with libraries like LangChain and CrewAI, offers effective tools for managing context, memory, and state persistence. It provides step-by-step guidance and sample code for building context-aware agents, including multi-agent systems using SQLite for shared context. Best practices include using structured memory, optimizing storage, and monitoring performance. Mastering these techniques ensures robust, coherent, and scalable agentic AI solutions.
Unlock cost savings with utilization-based storage recommendations in Azure Migrate
Team Blog: Azure Migration and Modernization
Author: ankitsurkar
Published: 10/15/2025
Summary: Azure Migrate now offers storage utilization-based recommendations, enabling organizations to right-size storage workloads and reduce costs by focusing on actual usage rather than allocated capacity. This new feature addresses the common issue of overprovisioned storage—nearly 40% on average—leading to more accurate migration assessments, optimized resource planning, and faster ROI. Customers can deploy an on-premises appliance and review tailored recommendations to unlock significant savings and efficiency. For further guidance, users are encouraged to consult Azure Migrate documentation.
Cut migration costs with B-Series and Cobalt 100 VM support in Azure Migrate
Team Blog: Azure Migration and Modernization
Author: ankitsurkar
Published: 10/09/2025
Summary: Azure Migrate now supports B-Series and Cobalt 100 VMs, enabling cost-effective cloud migration for workloads with variable or ARM64-specific requirements. B-Series VMs offer burstable CPU power and lower costs, ideal for dev/test and low-traffic applications, while Cobalt 100 VMs provide optimized performance for ARM64 workloads without re-architecting. These options help organizations plan migrations more accurately, optimize resource use, and save significantly by selecting the right VM type for each workload’s needs.
General Availability of CAPTCHA in Azure Front Door WAF
Team Blog: Azure Network Security
Author: andrewmathu
Published: 10/28/2025
Summary: Microsoft has announced the general availability of CAPTCHA in Azure Front Door Web Application Firewall (WAF), enhancing protection against automated bot attacks. The feature introduces human verification challenges for suspicious traffic, ensuring only legitimate users can access applications. The GA release offers improved branding, stability, performance, and full production support under Microsoft’s SLA. Existing preview users need no changes, while new users can enable CAPTCHA in custom or managed rules. This update strengthens security for web applications facing threats like bots and credential stuffing, making CAPTCHA a recommended defense mechanism for all production workloads.
Prescaling in Azure Firewall is now generally available
Team Blog: Azure Network Security
Author: surenjamiyanaa
Published: 10/16/2025
Summary: Azure Firewall’s new prescaling feature is now generally available, allowing users to set minimum and maximum capacity units for their firewalls. This ensures predictable performance and proactive scaling ahead of anticipated traffic spikes, such as during sales events, migrations, or seasonal peaks. Users can monitor capacity trends and receive alerts for scaling events. Prescaling is enabled via the Azure Portal and is billed per capacity unit hour, with rates for standard and premium options. This feature provides greater control and confidence in managing firewall resources for business-critical scenarios.
Beyond Basics: Practical scenarios with Azure Storage Actions
Team Blog: Azure Storage
Author: ShashankKumarShankar
Published: 10/17/2025
Summary: Azure Storage Actions enables policy-driven automation for cloud data management, addressing challenges in scale, compliance, and cost. The article explores three practical scenarios: automating creative asset lifecycles, preserving machine learning training datasets for audits, and cleaning up obsolete AI embeddings. By leveraging blob metadata and tags, organizations can automate legal holds, archiving, immutability, and deletions—eliminating manual scripts and reducing operational overhead while improving compliance, data discoverability, and cost efficiency. Resources for getting started are provided.
Introducing Cross Resource Metrics and Alerts Support for Azure Storage
Team Blog: Azure Storage
Author: dafalkne
Published: 10/06/2025
Summary: Microsoft has introduced Cross Resource Metrics and Alerts for Azure Storage, enabling users to aggregate, visualize, and monitor metrics across multiple storage accounts within the same subscription and region. This feature supports blob, file, table, and queue metrics, allowing centralized monitoring and fleet-wide alerting from a single dashboard. Users can create unified charts and alerts for various accounts, improving operational efficiency and scalability for large environments. Setting up involves selecting multiple accounts in Azure Monitor, configuring metrics and filters, and establishing cross-resource alert rules to promptly address performance issues across the storage fleet.
Windows 10 Extended Security Updates for Azure Virtual Desktop
Team Blog: Azure Virtual Desktop
Author: ivaylo_ivanov
Published: 10/14/2025
Summary: Windows 10 will reach end of support on October 14, 2025. For Azure Virtual Desktop, existing session hosts running Windows 10 version 22H2 will receive Extended Security Updates (ESU) at no extra cost and automatically via Windows Update. New session hosts with Windows 10 can use marketplace images until 2026 (with Microsoft 365 Apps) or 2028 (without). Microsoft recommends upgrading to Windows 11 for continued support and security. Issues with Azure Virtual Desktop will be supported, but OS-related issues may require reproduction on Windows 11 before support is provided.
Now in public preview: Ephemeral OS disk support on Azure Virtual Desktop
Team Blog: Azure Virtual Desktop
Author: Ron_Coleman
Published: 10/15/2025
Summary: Azure Virtual Desktop has launched a public preview of Ephemeral OS disk support, enabling the operating system to be stored on a VM’s local storage for stateless workloads. This feature delivers faster provisioning, improved performance, and simplified management by eliminating reliance on remote storage and reducing latency. Ephemeral OS disks are ideal for environments needing rapid reimaging and scalability, as changes are not retained after sessions end. Available for pooled host pools with session host configuration, it integrates with Dynamic Autoscaling for efficient resource management. Documentation and setup guidance are provided for interested users.
Identify Device state in EntraID/Defender with PowerShell
Team Blog: Core Infrastructure and Security
Author: edgarus71
Published: 10/22/2025
Summary: The article outlines a method to identify device states (enabled/disabled) in EntraID/Defender using PowerShell. It involves registering an app in EntraID to obtain credentials, encrypting the client secret with Windows DPAPI, and creating a device list text file. The provided PowerShell script authenticates via MS Graph API, checks each device’s status, and exports results to a CSV file. The solution emphasizes security by encrypting secrets and does not require complex configurations, making it suitable for bulk device status checks in EntraID environments.
Solving Network Connectivity for MDE and MDI
Team Blog: Core Infrastructure and Security
Author: WillS1485
Published: 10/10/2025
Summary: The article discusses deploying a preconfigured Squid proxy solution to securely enable Microsoft Defender for Endpoint (MDE) and Microsoft Defender for Identity (MDI) connectivity in hybrid cloud environments. By configuring proxies at the application level, organizations can allow necessary communication to Azure endpoints while restricting broader internet access. The solution uses an automated script for setup on Ubuntu, ensuring only required traffic is permitted, simplifying incident response and deployment without extensive firewall changes. Configuration details for both MDE and MDI are provided, and the script is available on GitHub with a disclaimer about support.
Cross Forest - Certificate Enrollment
Team Blog: Ask the Directory Services Team
Author: Manuel_Alvarez_V
Published: 10/22/2025
Summary: The article explores Cross Forest Certificate Enrollment, crucial for secure authentication across multiple Active Directory forests. It outlines two main methods: the preferred Certificate Enrollment Policy (CEP) and Certificate Enrollment Service (CES) roles, which offer secure, scalable, and centralized management via HTTPS, and the legacy PKISync.ps1 PowerShell script, which is simpler but less secure and harder to manage. The blog details configurations, requirements, pros, cons, and best practices, concluding that CEP/CES is recommended for organizations of all sizes due to its superior efficiency and security over PKISync.
Ready to accelerate your Zero Trust journey? Discover what’s next
Team Blog: FastTrack
Author: JulieHersum
Published: 10/03/2025
Summary: The article emphasizes the importance of Zero Trust as a modern security standard and introduces Microsoft’s Zero Trust workshop as a practical tool for IT admins. It helps organizations assess security maturity across six pillars, identify and address gaps, and align teams for executive buy-in. The workshop provides actionable steps to turn strategy into results, making security a proactive advantage. Readers are encouraged to explore the workshop to accelerate their Zero Trust implementation and improve protection of identities, apps, and data.
Public Preview: Audit and Enable Windows Recovery Environment (WinRE) for Azure Arc-enabled Servers
Team Blog: Azure Arc
Author: Aurnov_Chattopadhyay
Published: 10/21/2025
Summary: Microsoft has announced a Public Preview of Azure Policies to audit and enable Windows Recovery Environment (WinRE) on Azure Arc-enabled Windows Servers. WinRE allows secure system recovery after critical failures. The Machine Configuration component in Azure Connected Machine agent checks WinRE status and enforces compliance. These policies are free for certain licensing plans and enable organizations to centrally manage and ensure recovery readiness across hybrid and multicloud environments, improving resilience for mission-critical workloads. Charges apply for other servers. Deployment is managed via Azure Policy assignments.
Addressing Air Gap Requirements through Secure Azure Arc Onboarding
Team Blog: Azure Arc
Author: AkashKumarSingh
Published: 10/06/2025
Summary: The article discusses how regulated industries can securely onboard Azure Arc in air-gapped environments, which are isolated from external networks for compliance and security. It outlines the challenges of maintaining isolation while enabling cloud management, and details architectural patterns—using combinations of firewalls, proxies, Private Link, and Arc Gateway—to achieve secure connectivity. Emphasizing zero trust principles, the article recommends rigorous monitoring, governance, and automation to balance operational agility with uncompromised security and regulatory compliance in hybrid and multi-cloud setups.
Smarter Cloud, Smarter Spend: How Azure Powers Cost-Efficient Innovation
Team Blog: FinOps
Author: kyleikeda
Published: 10/30/2025
Summary: The Forrester Total Economic Impact™ study, commissioned by Microsoft, highlights how organizations can achieve significant cost savings and operational benefits by migrating to Microsoft Azure and adopting AI. Key tools like Azure Hybrid Benefit, reservations, and cost management solutions drive 25–35% reductions in cloud spending, $8.7 million NPV over three years, and improved productivity. Strategic pricing and optimization enable predictable budgeting, reinvestment in innovation, and enhanced governance. Azure’s unified approach empowers businesses to modernize efficiently and accelerate AI adoption while controlling costs.
Unlock Savings with Copilot Credit Pre-Purchase Plan
Team Blog: FinOps
Author: kyleikeda
Published: 10/27/2025
Summary: The Copilot Credit Pre-Purchase Plan (P3) offers organizations a one-year, upfront payment option for Microsoft Copilot Credits, enabling predictable costs and up to 20% savings through volume discounts. Credits are automatically deducted as used across Copilot Studio, Dynamics 365 agents, and Copilot Chat. The plan provides flexibility to add more credits or switch to pay-as-you-go, and unused credits expire after a year. P3 is ideal for businesses with variable or growing usage, simplifying billing and budgeting while supporting scalable AI deployment. Purchase and management are handled via the Azure portal.
How Azure NetApp Files Object REST API powers Azure and ISV Data and AI services – on YOUR data
Team Blog: Azure Architecture
Author: GeertVanTeylingen
Published: 10/14/2025
Summary: The article introduces the Azure NetApp Files Object REST API, a new solution enabling direct, secure, S3-compatible access to enterprise data for Azure analytics and AI services. This eliminates costly data transfers and duplication, streamlines workflows, and enhances productivity while maintaining compliance and data security. Supporting multiple protocols, it empowers diverse use cases across industries—from real-time analytics to AI-powered insights—by integrating seamlessly with Microsoft Fabric, OneLake, Databricks, Power BI, and more, revolutionizing cloud operations and data management.
Validating Scalable EDA Storage Performance: Azure NetApp Files and SPECstorage Solution 2020
Team Blog: Azure Architecture
Author: GeertVanTeylingen
Published: 10/10/2025
Summary: Azure NetApp Files is a cloud-native, enterprise-grade storage solution validated for Electronic Design Automation (EDA) workloads via the SPECstorage® Solution 2020 benchmark. It delivers unmatched performance, scalability, and low-latency access, supporting massive datasets and global collaboration. Benchmark results confirm linear scalability and sub-millisecond response times, enabling engineering teams to accelerate simulations, optimize costs, and streamline workflows without infrastructure bottlenecks. Trusted by leading semiconductor firms, Azure NetApp Files empowers rapid chip design, 24/7 productivity, and flexible resource management, positioning it as a reliable, future-ready platform for the evolving semiconductor industry.
From the frontlines: Empowering call center agents with Windows 365 Frontline
Team Blog: Intune Customer Success
Author: Intune_Support_Team
Published: 10/31/2025
Summary: **Summary:** The article discusses how Windows 365 Frontline optimizes Cloud PC deployments for call center agents, enabling secure, flexible, and cost-effective computing for shift-based and part-time workers. It compares dedicated mode (personal, persistent desktops) and shared mode (ephemeral, pooled desktops), detailing use cases and best practices for Microsoft Intune configuration, security, and scaling. Windows 365 Frontline streamlines management, supports BYOD and remote scenarios, and improves operational efficiency while safeguarding data, making it ideal for dynamic call center environments.
Microsoft Intune Advanced Analytics in action: Real-world scenarios for IT teams
Team Blog: Intune Customer Success
Author: Intune_Support_Team
Published: 10/08/2025
Summary: Microsoft Intune Advanced Analytics enhances device management for IT teams by providing deep insights into device health, user experience, and organizational trends. Building on Endpoint analytics, it offers advanced features like custom device scopes, resource performance and battery health monitoring, anomaly detection, and detailed device queries using KQL. These tools help IT admins proactively optimize device performance, support decisions on hardware refreshes or lifespan extensions, and troubleshoot issues in near real time. The article demonstrates practical scenarios for using Advanced Analytics to streamline IT operations and improve end-user satisfaction.
Revolutionizing Reliability: Introducing the Azure Failure Prediction and Detection (AFPD) system
Team Blog: Azure Compute
Author: andrewb710
Published: 10/31/2025
Summary: The Azure Failure Prediction and Detection (AFPD) system, launched in 2024, unifies and enhances Azure’s reliability tools by integrating prediction, detection, mitigation, notification, and remediation for hardware and software failures. AFPD reduces reboots by over 36%, proactively maintains cloud health, and minimizes customer downtime across various workloads. It leverages advanced models and real-time telemetry, provides actionable notifications, and enables automated recovery through integrations like VM Watch and Project Flash endpoints, streamlining incident response and improving overall platform stability for Azure Compute and Storage customers.
Streamline Cloud Spend with Azure Reserved VM Instances
Team Blog: Azure Compute
Author: kyleikeda
Published: 10/29/2025
Summary: Azure Reserved Virtual Machine Instances (RIs) help organizations like Contoso reduce and predict cloud costs for GPU-heavy AI workloads. By committing to specific VM types and regions for 1 or 3 years, customers can save up to 72% compared to pay-as-you-go pricing. Contoso used Azure Advisor for recommendations, chose a Shared scope for broad coverage, enabled instance size flexibility, and set up monitoring with Cost Management. These strategies led to significant savings, performance stability, and budget predictability, making RIs a smart choice for predictable compute needs.
Requesting and Installing an SSL Certificate for Internet Information Server (IIS)
Team Blog: ITOps Talk
Author: OrinThomas
Published: 10/09/2025
Summary: The article outlines the process for requesting and installing an SSL certificate in Internet Information Server (IIS). Steps include generating a Certificate Signing Request (CSR) using the MMC Certificates snap-in, submitting the CSR to a Certification Authority, downloading the issued certificate, and installing it on the server. After installation, the SSL certificate is bound to the IIS website via HTTPS bindings. Finally, the setup is verified by browsing to the site and ensuring a secure connection without browser warnings, confirming successful SSL deployment.
Strengthening Azure File Sync security with Managed Identities
Team Blog: ITOps Talk
Author: Pierre_Roman
Published: 10/08/2025
Summary: The article explains how using Managed Identities with Azure File Sync enhances security and simplifies credential management. Traditionally, authentication relied on certificates or keys, which pose security and operational risks. Managed Identities eliminate the need for credentials, leveraging Azure Role-Based Access Control (RBAC) for fine-grained access. This approach supports both Azure and hybrid environments, streamlines onboarding, improves integration, and enables transparent auditing. New deployments now default to Managed Identity, promoting secure, manageable, and scalable enterprise file sync solutions within the Azure ecosystem. The article also provides steps for enabling Managed Identity on both Azure and non-Azure servers.
AMBA-ALZ pattern: Learn about the latest and greatest enhancements!
Team Blog: Azure Governance and Management
Author: BrunoGabrielli
Published: 10/08/2025
Summary: The article announces major enhancements to the AMBA-ALZ pattern on Azure, effective from October 2025. Key updates include the adoption of the Azure Service Health built-in policy for improved trust and feature parity, and the introduction of a new least privileged "Monitoring Policy Contributor" role for managed identities, reducing security risks by limiting permissions. Both changes streamline deployments and strengthen security. Guidance is provided for updating existing deployments, and users are encouraged to explore the improved features using various Azure deployment methods.
The Complete Guide to Renewing an Expired Certificate in Microsoft HPC Pack 2019 (Single Head Node)
Team Blog: Azure High Performance Computing (HPC)
Author: vinilv
Published: 10/30/2025
Summary: This article provides a step-by-step guide for renewing an expired certificate in a Microsoft HPC Pack 2019 single-head-node cluster. It covers checking the certificate status, creating a new self-signed certificate, distributing it to compute nodes, updating the head node, and modifying the SQL database thumbprint. Finally, administrators reboot the head node to restore secure cluster operations, ensuring continued communication and job scheduling without reinstalling HPC components.
Microsoft