Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!
Member: TysonPaul | Microsoft Community Hub
System Center 2025 Update Rollup 1 and more
Team Blog: System Center
Author: AakashMSFT
Published: 12/11/2025
Summary: System Center 2025 Update Rollup 1 (UR1) is now available, delivering enhanced security with TLS v1.3, support for SQL Server 2025, and expanded monitoring for new Linux distributions. Key improvements include issue fixes and new features across Operations Manager, Data Protection Manager, Service Manager, and Orchestrator, such as selective Hyper-V disk backup, Exchange Subscription Edition support, and improved stability. Updates also ensure GB18030-2022 compliance for Chinese characters. Ongoing hotfixes for System Center 2022 maintain security and compatibility. An Update Rollup for Virtual Machine Manager 2025 is forthcoming.
Automating Windows Server Licensing Benefits with Azure Arc Policy
Team Blog: Core Infrastructure and Security
Author: jpigott
Published: 12/22/2025
Summary: The article explains how automating Windows Server licensing with Azure Arc Policy streamlines compliance and management across hybrid environments. By deploying the policy, organizations can automatically enable licensing benefits—such as Azure Update Manager and Windows Admin Center—for all eligible Arc-enabled Windows Servers. The policy evaluates license status, applies appropriate profiles for Software Assurance or Pay-As-You-Go, and enables remediation for non-compliant machines. This reduces manual effort, minimizes errors, and ensures consistent, scalable licensing compliance for large server estates. Deployment and remediation steps are provided using Azure Policy and PowerShell.
Empower Your Cloud Identity: How to Convert User SOA from AD to Entra ID
Team Blog: Core Infrastructure and Security
Author: Farooque
Published: 12/15/2025
Summary: The article explains how shifting the Source of Authority (SOA) for users from on-premises Active Directory (AD) to Microsoft Entra ID enables organizations to fully leverage cloud-based identity management, security, and governance. This change removes AD dependencies, streamlines HR provisioning, and reduces the attack surface. The technical process is simple—a single attribute change via API—but requires careful planning, especially as changes in Entra ID won’t sync back to AD. Organizations must consider scenarios for retaining on-premises access and follow a checklist for a successful migration to a cloud-first identity model.
Private Preview: Azure Managed Prometheus on VM / VMSS
Team Blog: Azure High Performance Computing (HPC)
Author: Daramfon
Published: 12/11/2025
Summary: Azure Managed Prometheus now supports monitoring for virtual machines (VMs) and virtual machine scale sets (VMSS), extending beyond container workloads. This private preview enables unified, scalable metric collection—including GPU and InfiniBand—for HPC scenarios. Metrics are stored in Azure Monitor, and users gain a fully managed Prometheus experience with scraping, PromQL, alerting, and dashboards via Azure Managed Grafana. Customers can monitor mixed environments (AKS, VMSS, VMs) without managing backend infrastructure. Access requires subscription allowlisting, with onboarding and feedback managed through a GitHub repository.
Automating HPC Workflows with Copilot Agents
Team Blog: Azure High Performance Computing (HPC)
Author: xpillons
Published: 12/03/2025
Summary: Copilot Agents use AI to automate the creation of Slurm job submission scripts for High Performance Computing (HPC) workflows, reducing manual effort, errors, and delays. By interpreting user-provided context and applying best practices, Copilot quickly generates precise scripts, enabling researchers to focus on analysis rather than troubleshooting. The system supports iterative improvement and validation, increasing reliability and scalability. Automation benefits include faster script generation, minimized errors, improved consistency, and greater accessibility for new users, making HPC workloads more efficient and user-friendly.
Deploying Windows Servers in an Azure Availability Set
Team Blog: ITOps Talk
Author: OrinThomas
Published: 12/08/2025
Summary: This guide explains how to deploy Windows Server virtual machines in an Azure Availability Set to enhance reliability for IIS workloads. It details creating a resource group, configuring VMs with Premium SSDs for high SLAs, and assigning them to availability sets at creation for fault and update domain protection. Security settings such as disabling inbound ports and boot diagnostics are recommended. The process is repeated for additional VMs within the same set and network. Future guidance will address load balancing with Azure Application Gateway and security against DDoS and OWASP threats.
Anatomy of an Outage: How Microsoft focuses on Transparency during and post incident
Team Blog: ITOps Talk
Author: Rick Claus
Published: 12/16/2025
Summary: The article details Microsoft Azure’s approach to outage transparency, emphasizing rapid detection, clear communication, and post-incident learning. It highlights Azure’s five communication pillars—speed, accuracy, discoverability, parity, and transparency—and the importance of Azure Service Health for tailored incident alerts. The process covers pre-incident monitoring, equitable real-time updates, and thorough, blame-free post-incident reviews. Microsoft’s transparency culture and tools like Service Health empower infrastructure teams to respond effectively to outages. The key recommendation: proactively configure Azure Service Health to ensure timely, actionable notifications for your organization’s critical workloads.
Protect against React RSC CVE-2025-55182 with Azure Web Application Firewall (WAF)
Team Blog: Azure Network Security
Author: yuvalpery
Published: 12/04/2025
Summary: On December 3, 2025, a critical remote code execution vulnerability (CVE-2025-55182) was disclosed in React Server Components, affecting several React versions. Attackers can exploit unsafe deserialization to execute arbitrary server code. Immediate upgrading to patched React releases is strongly advised. For additional protection, Azure Web Application Firewall (WAF) users should enable the latest Default Rule Set (DRS) 2.1 or implement provided custom WAF rules to block exploit patterns. The article details rule configurations for Azure Application Gateway, Containers, and Front Door, and recommends validating custom rules before production deployment.
Application layer DDoS protection using the HTTP DDoS Ruleset in Azure WAF
Team Blog: Azure Network Security
Author: saikishor
Published: 12/18/2025
Summary: The article discusses Azure Application Gateway WAF’s HTTP DDoS Ruleset, which provides adaptive, application-layer protection against sophisticated HTTP-based DDoS attacks, such as floods, API abuse, and slow HTTP attacks. By learning normal traffic baselines, using dynamic detection, and leveraging Microsoft’s global threat intelligence, the ruleset can automatically identify and block abnormal client behavior. Metrics and logs offer visibility into mitigated threats. Sensitivity settings balance detection and false positives. The solution is easy to enable and integrates with existing WAF policies, helping organizations proactively defend against evolving application-layer DDoS threats.
Scaling Azure Compute for Performance
Team Blog: Azure Compute
Author: DanaCozmei
Published: 12/02/2025
Summary: The article highlights Azure Compute’s new features unveiled at Ignite 2025, aimed at supporting demanding workloads like AI, analytics, and globally distributed apps. Key advancements include Direct Virtualization for low-latency GPU/NVMe access, large containers for accelerated AI/ML, VM Applications for streamlined global deployments, Scheduled Actions for automation, enhanced resiliency via Azure Compute Gallery, and flexible VMSS Instance Mix for capacity scaling. These innovations enable intelligent, adaptive infrastructure, simplifying operations and boosting performance, cost-efficiency, and reliability for customers driving next-generation cloud solutions.
Windows on Arm runs more apps and games with new Prism update
Team Blog: Windows OS Platform
Author: Marc_Sweetgall
Published: 12/05/2025
Summary: The latest Prism update boosts Windows on Arm devices by expanding support for more x86 instruction set extensions, including AVX and AVX2, enabling additional apps and games—especially creative tools—to run under emulation. This update allows previously incompatible software, such as Ableton Live 12, to install and operate smoothly. The improvements are available for all Windows on Arm devices running Windows 11, version 24H2 or later, with enhanced emulation for 64-bit apps by default and optional support for 32-bit apps. Microsoft remains committed to further enhancing Prism emulation capabilities.
Announcing Support for S2D and SAN Coexistence
Team Blog: Failover Clustering
Author: Rob-Hindman
Published: 12/04/2025
Summary: Microsoft has announced support for using Storage Spaces Direct (S2D) and SAN storage together in a single Windows Server 2022/2025 failover cluster. This allows customers to combine S2D Cluster Shared Volumes (CSVs) with SAN CSVs, enabling flexible migration, backup, and data management for workloads, including AI and ML. Both storage types can be validated and managed in one cluster, with specific formatting requirements for each. This update responds to customer feedback and enhances options for virtualization and data protection without VM disruption.
Announcing Support for S2D Campus Cluster on Windows Server 2025
Team Blog: Failover Clustering
Author: Rob-Hindman
Published: 12/11/2025
Summary: Microsoft announced support for S2D Campus Cluster in Windows Server 2025, enabling resilient storage solutions across two racks within a campus, such as hospitals or schools. With the 2025-12 Security Update (KB5072033), features like Rack Level Nested Mirror (RLNM) enhance data resiliency, allowing survival of rack and node failures. The configuration offers tradeoffs between cost and performance, requires SSD/NVMe drives, and specific networking setups. Guidance and PowerShell scripts are provided for deployment. The article acknowledges MVP contributions and addresses FAQs about supported cluster sizes, volume limits, and infrastructure recommendations.
Key Considerations for Modernizing and Migrating Custom Applications to Azure
Team Blog: Azure Migration and Modernization
Author: srhulsus
Published: 12/12/2025
Summary: The article outlines essential steps for migrating and modernizing custom applications to Azure. Key considerations include assessing current applications, choosing suitable migration strategies, modernizing compute and databases, designing secure architectures, ensuring high availability, adopting DevOps, monitoring operations, managing costs, and conducting thorough testing. Azure’s cloud-native services and AI-driven tools, such as Azure Migrate and GitHub Copilot, streamline migration, optimize performance, enhance security, and accelerate modernization, helping organizations transition smoothly while improving reliability, scalability, and cost efficiency.
Migrate from Amazon API Gateway to Azure API Management
Team Blog: Azure Migration and Modernization
Author: dan_lepow
Published: 12/04/2025
Summary: The article provides a comprehensive guide for migrating from Amazon API Gateway to Azure API Management. It includes detailed feature mapping between AWS and Azure, covers infrastructure, API workloads, and configurations, and offers workarounds where direct equivalents are lacking. The guide outlines assessment and preparation steps, a phased migration process to minimize risk, and post-migration optimization. It features an architecture-focused example for healthcare APIs and references additional resources for migrating other AWS workloads to Azure. The guide aims to help teams plan, implement, and validate a seamless API migration.
Azure Arc Server Forum: 2026 Updates
Team Blog: Azure Arc
Author: Aurnov_Chattopadhyay
Published: 12/08/2025
Summary: The Azure Arc Server Forum enters its fourth year in 2026, with monthly sessions held every third Thursday (except July and December) featuring live demos, Q&A, and feedback opportunities on Windows, Linux, and SQL Server management across hybrid, multicloud, and edge environments. Participants receive a monthly newsletter with updates on new capabilities, agent improvements, and opportunities to influence the product roadmap. Forum recordings are available on YouTube within 2-3 weeks, and registration is open via the provided link.
Azure Arc Monthly Forum Recap – November 2025
Team Blog: Azure Arc
Author: yunishussein
Published: 12/17/2025
Summary: The November 2025 Azure Arc Monthly Forum recap covers key previews and updates: Auto Agent Upgrade (public preview) enables automatic AZCM agent updates; Essential Machine Management (private preview) offers unified machine management; Machine Configuration – CIS Baseline Compliance (public preview) allows advanced baseline management via Azure Policy. FAQs clarify EMM coverage, Operations Center branding, training resources, and cost details. Security baseline updates and Linux support in guest configuration are planned. Feedback channels and documentation links are provided for each feature.
Verified skills, real impact: Microsoft Credentials help you get AI-ready
Team Blog: Microsoft Learn
Author: ElisaGraceffo
Published: 12/12/2025
Summary: AI is transforming business across all roles, making verified skills essential for individuals and organizations. Microsoft Credentials—including Certifications and Applied Skills—help validate and showcase AI expertise, boosting career growth and organizational readiness. Microsoft has expanded its credentials portfolio to include business-focused and technical AI skills, now accessible to a broader audience. EPAM Systems demonstrates how these credentials create competitive advantage. The new AI Skills Navigator streamlines skill development, helping users build personalized learning paths and ensuring teams are AI-ready in today’s rapidly evolving workplace.
Secure, Seamless Access using Managed Identities with Azure Files SMB
Team Blog: Azure Storage
Author: Priyanka-Gangal
Published: 12/15/2025
Summary: Azure Files SMB now supports Managed Identities in public preview, enabling secure, credential-free, identity-based access integrated with Microsoft Entra ID. This eliminates the need for storage account keys, aligns with Zero Trust principles, and provides built-in RBAC, compliance with FIPS, and multi-client support across Windows and Linux. Key benefits include enhanced security for CI/CD pipelines and AKS workloads, simplified compliance, and streamlined configuration. The feature is available at no additional cost and aims to help organizations achieve enterprise-grade security and governance for file share access across cloud-native and hybrid environments.
Transforming Data migration using Azure Copilot
Team Blog: Azure Storage
Author: madhurinrao
Published: 12/11/2025
Summary: Azure Copilot’s new Storage Migration Solutions Advisor streamlines data migration to Azure by providing conversational, AI-driven guidance. It recommends optimal migration tools—both Microsoft-native and third-party—based on user-specific scenarios, such as data size, protocol, and bandwidth. This reduces complexity, speeds decision-making, and minimizes migration risks across on-premises, cloud-to-cloud, and hybrid environments. Users interact via prompts, receive tailored recommendations, and access relevant documentation, making migrations more efficient and less error-prone. Pro tips include running proof-of-concept migrations and leveraging Azure Storage Discovery for post-migration insights.
Azure Policy: Required Actions for Docker Content Trust Deprecation in Azure Container Registry
Team Blog: Azure Governance and Management
Author: ShannonHicks
Published: 12/17/2025
Summary: Azure Container Registry (ACR) is deprecating the Docker Content Trust (DCT) feature over three years, which will remove the trustPolicy property from APIs and affect related Azure Policy aliases. No built-in policies use these aliases, but custom policies referencing them must be updated or removed to avoid compliance issues. Policies using trustPolicy.status will break when the property is deleted. Users should identify affected policies, update or remove them, test changes, and monitor Azure documentation for further updates on transitioning to the Notary Project.
Announcing General Availability for Azure Resource Graph (ARG) GET/LIST API
Team Blog: Azure Governance and Management
Author: JaspreetKaur
Published: 12/03/2025
Summary: The Azure Resource Graph (ARG) GET/LIST API is now generally available, offering a 10X increase in throttling quotas for resource lookups compared to standard ARG queries. This API enables scalable, high-performance GET and LIST operations, reducing read throttling and improving reliability for high-volume scenarios. By appending the “useResourceGraph=true” parameter, users can route requests to the optimized ARG backend. It’s ideal for retrieving or listing resources within a single scope and is currently supported for the resources and computeresources tables. The switch to ARG GET/LIST API is fully controlled by the caller.
Microsoft Agent Pre-Purchase Plan: One Unified Path to Scale AI Agents
Team Blog: FinOps
Author: kyleikeda
Published: 12/08/2025
Summary: The Microsoft Agent Pre-Purchase Plan (P3) offers organizations a unified, upfront payment model for deploying AI agents across both Microsoft Foundry and Copilot Studio, leveraging Work IQ, Fabric IQ, and Foundry IQ. P3 simplifies procurement, budget management, and access to over 32 agentic services, while delivering predictable savings and flexibility. With a single pool of credits, customers can efficiently scale intelligent, context-driven agents without platform limitations, streamlining AI adoption and governance. The plan is designed to support innovation, cost-effectiveness, and enterprise-wide AI deployment, as announced at Microsoft Ignite 2025.
Network Detection and Response (NDR) in Financial Services
Team Blog: Azure Networking
Author: Marc de Droog
Published: 12/18/2025
Summary: Financial Services organizations must comply with PCI DSS v4.0.1, which demands robust network monitoring and intrusion detection. Traditional tools often fall short; Network Detection and Response (NDR) solutions use advanced analytics to monitor, detect, and respond to threats in real-time, supporting key PCI requirements. In Azure, native tools (VTAP, Flow Logs, Traffic Analytics), third-party NDR platforms, Microsoft Sentinel (SIEM), and Defender for Cloud (compliance monitoring) together enable a layered, PCI-compliant defense. NDR provides deep visibility and automated incident response, enhancing both security and compliance for cardholder data environments in the cloud.
Azure Networking 2025: Powering cloud innovation and AI at global scale
Team Blog: Azure Networking
Author: Sudha_Mahajan
Published: 12/18/2025
Summary: In 2025, Azure Networking powered major cloud and AI innovations, notably enabling Microsoft’s Fairwater AI datacenter’s ultra-fast GPU interconnects. Key advancements included higher-capacity ExpressRoute and VPN gateways, simplified global connectivity via Virtual WAN, enhanced multicloud integration, and robust resiliency tools. Security was strengthened with DNS Security Policies and threat intelligence. AI-driven management tools like Azure Copilot made network operations more intelligent. These investments ensured Azure could meet unprecedented hybrid and AI workload demands, delivering secure, high-performance connectivity and setting the stage for self-optimizing, AI-powered networks in the future.
How to Modernise a Microsoft Access Database (Forms + VBA) to Node.JS, OpenAPI and SQL Server
Team Blog: Azure Architecture
Author: anthkernan
Published: 12/08/2025
Summary: The article details the modernization of Microsoft Access databases—traditionally reliant on forms and VBA—to scalable, standards-based architectures using Node.js, OpenAPI, SQL Server, and optionally MongoDB. Key steps included migrating data to SQL Server (via SSMA and Liquibase), generating RESTful APIs, translating business logic to Node.js, and recreating user interfaces with accessibility in mind. GitHub Copilot dramatically accelerated development, automating code, documentation, and testing. The approach reduced delivery time from months to weeks, preserved business functionality, and offers a blueprint for organizations seeking efficient, AI-powered legacy system upgrades.
From Large Semi-Structured Docs to Actionable Data: Reusable Pipelines with ADI, AI Search & OpenAI
Team Blog: Azure Architecture
Author: anishganguli
Published: 12/09/2025
Summary: The article outlines a robust, reusable pipeline for extracting actionable data from large, semi-structured documents—such as contracts, invoices, and compliance records—using Azure Document Intelligence, OpenAI, and AI Search. It details challenges like inconsistent layouts and cross-page dependencies, then presents a chunking, OCR, context-aware analysis, entity grouping, and extraction workflow. The solution emphasizes data stewardship, deterministic outputs, and rigorous evaluation for precision and reliability, supporting scalable downstream integration. Various deployment models and alternative approaches are discussed, making the architecture adaptable for enterprise compliance, analytics, and automation across industries.
Microsoft