Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!
Member: TysonPaul | Microsoft Community Hub
Secure DNS with DoH: Public Preview for Windows DNS Server
Team Blog: Networking
Author: JorgeCañas
Published: 02/09/2026
Summary: Microsoft has launched a public preview of DNS over HTTPS (DoH) for Windows DNS Server, available in the February 2026 update for Windows Server 2025. DoH encrypts DNS queries and responses, enhancing authentication and privacy while maintaining existing server functions. This move aligns with Zero Trust security principles and supports U.S. federal cybersecurity requirements. The feature is disabled by default, is not production-ready, and currently only encrypts client-to-server traffic. Feedback is encouraged during the preview phase, with future updates planned for upstream encryption support.
Azure Blob Tiering: Clarity, Truths, and Practical Guidance for Architects
Team Blog: Azure Infrastructure
Author: nehatiwari1994
Published: 02/06/2026
Summary: The article explains Azure Blob Storage tiering for backup architects, debunking common misconceptions about tier performance and access. Hot, Cool, and Cold tiers are online and offer immediate data access; minimum retention is a billing rule, not a technical limit. Archive tier requires rehydration before restores. Restore speed depends on throughput architecture, not tier. Cost is influenced by both storage and access patterns. Effective tiering strategies and lifecycle policies are essential for scaling backup repositories from terabytes to petabytes, ensuring operational safety and cost control. The article offers practical design recommendations and clarifies Azure tier behaviors.
AKS Tenant Migration: Considerations and Approach
Team Blog: Azure Infrastructure
Author: SoumyaShet05
Published: 02/05/2026
Summary: 321: No summary could be found for article: [AKS Tenant Migration: Considerations and Approach] [https://techcommunity.microsoft.com/blog/azureinfrastructureblog/aks-tenant-migration-considerations-and-approach/4415198].
What’s new in FinOps toolkit 13 – January 2026
Team Blog: FinOps
Author: Michael_Flanakin
Published: 02/09/2026
Summary: FinOps toolkit 13 (January 2026) delivers stability and usability improvements for cloud cost management, including enhanced documentation, Key Vault purge protection options, Power BI report fixes, and streamlined Cost Management exports via PowerShell with Parquet support. The release strengthens security, reliability, and extensibility for enterprise-scale deployments. Community engagement is emphasized with new office hours. Future plans include AI-driven automation, expanded recommendations, and premium support services. The toolkit remains open-source and continues to evolve with community contributions and ongoing enhancements across Microsoft Cloud environments.
Reading GPSVC Like a Crime Novel
Team Blog: Ask the Directory Services Team
Author: Chris_Cartwright
Published: 02/25/2026
Summary: The article, "Reading GPSVC Like a Crime Novel," explains how to troubleshoot Group Policy issues using the enhanced GPSVC debug log in modern Windows 11 versions. It details the two core phases of Group Policy processing, emphasizes the importance of following log threads, and highlights the benefit of new date and time stamps for better correlation with other events. The post also covers enabling verbose logging, interpreting log entries, and using additional tools like TSS for deeper analysis, ultimately making GPSVC logs more powerful for diagnosing Group Policy problems.
What’s New in Windows Group Policy Preferences Debug Logging
Team Blog: Ask the Directory Services Team
Author: TagoreN
Published: 02/27/2026
Summary: The article outlines enhancements to Windows Group Policy Preferences (GPP) debug logging in Windows 11 versions 24H2 and 25H2 (from February 2026 preview updates). Administrators can now enable verbose GPP debug logging directly via Local Group Policy, not just domain-based GPOs. This change simplifies troubleshooting, reduces reliance on domain controllers, and allows easier, flexible diagnostic workflows on client devices. The article explains how to configure logging settings, log locations, and necessary permissions, highlighting a significant quality-of-life improvement for IT professionals managing GPP issues.
Azure Landing Zone and compliance for Banks (Indian Banks)
Team Blog: Azure Migration and Modernization
Author: srhulsus
Published: 02/12/2026
Summary: **Summary:** Azure Landing Zone (ALZ) provides Indian banks with a secure, compliant, and auditable cloud foundation, aligning with RBI and global standards (ISO 27001, PCI-DSS, FFIEC). It features subscription isolation, centralized IAM, robust network and data security, mandatory encryption, continuous monitoring, and business continuity controls. ALZ ensures India data residency, policy automation, regulatory audit support, and secure exit management. The architecture is regulator-accepted and proven by major banks, supporting governance, risk, and compliance mandates for hosting sensitive, regulated banking workloads on Azure.
Migrating Workloads from AWS to Azure: A Structured Approach for Cloud Architects
Team Blog: Azure Migration and Modernization
Author: rhack
Published: 02/18/2026
Summary: The article outlines a structured, five-phase approach for migrating workloads from AWS to Azure, emphasizing a “like-for-like” architecture to minimize risk and complexity. Key phases include planning, preparation, execution, evaluation, and decommissioning, with blue/green deployment recommended for risk reduction. Success hinges on comprehensive documentation, stakeholder alignment, phased validation, and having the current workload team lead the migration. External partners can assist with planning but should not execute cutovers. Once stability on Azure is achieved, optimization can begin. Thorough preparation and collaboration are essential for a confident, disruption-free migration.
How to enable HTTPS support for Microsoft Connected Cache for Enterprise and Education
Team Blog: Intune Customer Success
Author: Intune_Support_Team
Published: 02/20/2026
Summary: Starting June 16, 2026, Intune will require HTTPS for Microsoft Connected Cache nodes serving Win32 apps. To retain bandwidth savings and localize content, admins must configure HTTPS on their Connected Cache servers by preparing a TLS certificate, generating a CSR on the node, signing it with a CA, importing the certificate, and validating HTTPS. The process is similar for Windows and Linux hosts. Regular certificate monitoring and renewal are necessary. Without HTTPS, devices will fall back to CDN. Improvements and fixes are underway, and early setup ensures readiness for the upcoming enforcement.
Support tip: Resolve device noncompliance with Mobile Threat Defense partner apps
Team Blog: Intune Customer Success
Author: Intune_Support_Team
Published: 02/02/2026
Summary: The article explains how to resolve device noncompliance issues in Microsoft Intune when using Mobile Threat Defense (MTD) partner apps like Microsoft Defender for Endpoint. It outlines steps for users to restore compliance, including installing or activating the MTD app, refreshing the app’s connection, or reinstalling it. It also details simplified remediation for iOS/iPadOS and steps to refresh the MTD connection on Android if sign-out is blocked. The guidance helps organizations ensure device compliance and secure access to work or school resources while reducing support overhead.
Announcing Public Preview: Simplified Machine Provisioning for Azure Local
Team Blog: Azure Arc
Author: PragyaDwivedi
Published: 02/26/2026
Summary: Microsoft has announced the public preview of Simplified Machine Provisioning for Azure Local, streamlining edge infrastructure deployment by shifting configuration to Azure. IT teams can now centrally define and automate provisioning using Azure Arc, with minimal onsite interaction—staff only need to rack, power on hardware, and use a prepared USB. Built on the FIDO Device Onboarding standard, this approach ensures secure, consistent device onboarding and management at scale, with end-to-end deployment visibility. This new process enables faster, less error-prone deployments, allowing organizations to efficiently provision and manage Azure Local infrastructure across multiple sites.
Unlock outbound traffic insights with Azure StandardV2 NAT Gateway flow logs
Team Blog: Azure Networking
Author: cozhang
Published: 02/06/2026
Summary: The article introduces the Azure StandardV2 NAT Gateway, highlighting new features such as zone-redundancy, enhanced throughput, dual-stack IP support, and the availability of flow logs. Flow logs provide detailed outbound traffic data, improving security, compliance, and troubleshooting. They help monitor traffic patterns, identify issues like connection drops, and optimize network architecture. The article explains enabling and using flow logs for diagnostics, emphasizing their value in validating connectivity and auditing outbound flows, and encourages users to leverage these insights for resilient Azure deployments.
Migration, Modernization & Agentic Tools
Team Blog: ITOps Talk
Author: OrinThomas
Published: 02/25/2026
Summary: The article discusses how agentic tools are transforming cloud migration and modernization by introducing autonomy, continuous optimization, and context-aware decision-making. Rather than a one-time process, migration becomes an ongoing, self-improving system with tools like Azure Copilot and GitHub Copilot. These tools automate environment discovery, recommend modernization paths, execute migrations, validate and optimize workloads, and ensure governance. They classify workloads, automate migration waves, and continuously enhance cost, performance, security, and compliance, reducing manual effort and errors while enabling safe, efficient, and policy-driven cloud transitions.
Automating Large‑Scale Data Management with Azure Storage Actions
Team Blog: ITOps Talk
Author: 1Nataraj
Published: 02/25/2026
Summary: Azure Storage Actions is a fully managed, serverless automation platform that enables customers to automate large-scale data management tasks—such as tiering, tagging, deletion, and applying immutability policies—across Azure Blob Storage and Data Lake Storage without custom code or infrastructure. It uses reusable, condition-based storage tasks and assignments, supporting compliance, cost optimization, and operational efficiency. The platform provides built-in monitoring, auditing, and preview features, making it suitable for scenarios requiring traceability. Common use cases include regulatory compliance, cost control, and metadata management across industries like finance, airlines, and manufacturing.
Securing A Multi-Agent AI Solution Focused on User Context & the Complexities of On-Behalf-Of.
Team Blog: Azure Architecture
Author: Charles_Chukwudozie
Published: 02/11/2026
Summary: The article outlines how an enterprise-grade multi-agent AI system was designed to securely preserve user identity and enforce access controls when AI agents interact with backend services like Databricks. By implementing Microsoft Entra ID’s On-Behalf-Of (OBO) flow, each AI agent operates strictly within the authenticated user’s permissions, maintaining RBAC policies and an audit trail. The solution uses a custom OAuth provider, per-user agent instances, and human-in-the-loop approval for sensitive operations, aligning with Zero Trust principles and ensuring robust AI governance for enterprise applications.
Reference Architecture for Highly Available Multi-Region Azure Kubernetes Service (AKS)
Team Blog: Azure Architecture
Author: rgarofalo
Published: 02/03/2026
Summary: This article presents a reference architecture for deploying Azure Kubernetes Service (AKS) across multiple Azure regions to maximize availability and resilience. It compares active/active, active/passive, and deployment stamp patterns, detailing trade-offs in availability, complexity, and cost. Key components include Azure Front Door for global routing, geo-replicated data services, centralized monitoring, and consistent security. The article emphasizes clear design choices, regular testing, and operational preparedness, highlighting that multi-region resilience requires coordinated patterns, not a simple switch, and should align with business RTO/RPO objectives and operational maturity.
Public Preview: Restrict usage of user delegation SAS to an Entra ID identity
Team Blog: Azure Storage
Author: ellievail
Published: 02/26/2026
Summary: Microsoft has announced the public preview of user-bound user delegation SAS for Azure Storage, enhancing security by restricting SAS token usage to a specific Microsoft Entra ID identity. This extension of user delegation SAS ensures only the designated user can access storage resources, reducing the risk of unintended access. The feature is available at no additional cost in all public regions and supports cross-tenant scenarios. It integrates with existing Azure RBAC and is accessible via REST APIs, SDKs, PowerShell, and CLI. Setup involves assigning the correct roles, obtaining user IDs, and generating the SAS token.
Azure Migrate: Now Supporting Premium SSD V2, Ultra and ZRS Disks as Targets
Team Blog: Azure Storage
Author: Lakshya_Jalan
Published: 02/18/2026
Summary: 321: No summary could be found for article: [Azure Migrate: Now Supporting Premium SSD V2, Ultra and ZRS Disks as Targets] [https://techcommunity.microsoft.com/blog/azurestorageblog/azure-migrate-now-supporting-premium-ssd-v2-ultra-and-zrs-disks-as-targets/4495332].
Bringing AI fluency to every corner of the organization (even yours!)
Team Blog: Microsoft Learn
Author: AshleyMastersHall
Published: 02/19/2026
Summary: The article emphasizes the importance of AI fluency for all roles within organizations, likening AI’s impact to the transformative effect of GPS on navigation. It defines AI fluency as understanding and effectively using generative AI in care tasks, now a critical skill for the modern workplace. The author provides practical, approachable steps to integrate AI into daily workflows, recommends starting small, and highlights Microsoft’s AI Skills Navigator as a resource. The core message: AI is already changing work, and building fluency—starting with familiar tasks—ensures continued relevance and success.
Microsoft Credentials roundup: February 2026 edition
Team Blog: Microsoft Learn
Author: PujaA
Published: 02/26/2026
Summary: Microsoft’s February 2026 Credentials roundup introduces four new AI-focused Certifications and six new Applied Skills, targeting both technical and business professionals. These credentials validate expertise in AI integration, Copilot, and agent solutions, enhancing career prospects in an AI-powered workplace. Applied Skills offer quick, practical assessments in real-world AI tasks. Several older Certifications and Applied Skills are being retired, reflecting Microsoft’s ongoing commitment to current, relevant skills. Additional AI-focused updates are planned for March 2026 and beyond, further expanding learning and credentialing opportunities in AI and cloud technologies.
Public Preview: Automatic zone balance for Virtual Machine Scale Sets
Team Blog: Azure Compute
Author: HilaryWang
Published: 02/17/2026
Summary: Azure has introduced the public preview of automatic zone balance for Virtual Machine Scale Sets, which ensures VMs are evenly distributed across availability zones with no manual intervention. This feature continuously monitors and rebalances VMs, minimizing the impact of zone failures and maintaining optimal resiliency. It uses a create-before-delete approach with health checks and built-in safety measures, reducing operational overhead and ensuring workload stability. Automatic instance repairs are enabled by default. To use this feature, register for the preview, meet prerequisites, and enable it via the Azure portal, CLI, PowerShell, or REST API.
Azure Automated Virtual Machine Recovery: Minimizing Downtime
Team Blog: Azure Compute
Author: Jon_Andoni_Baranda
Published: 02/04/2026
Summary: Azure Automated Virtual Machine Recovery is a built-in Azure feature designed to minimize VM downtime by automatically detecting, diagnosing, and mitigating failures within seconds, without customer intervention. It operates continuously, leveraging multiple detection mechanisms and optimized recovery paths, ensuring business continuity and consistent SLA compliance. Recovery Event Annotations provide deep visibility into the recovery process, helping identify bottlenecks and improve reliability. Over the past 18 months, this system has halved average VM downtime, empowering customers to confidently run resilient applications with reduced risk of service disruption and financial loss. No setup is required; all Azure VMs benefit automatically.
Azure CLI Windows MSI Upgrade Issue: Root Cause, Mitigation, and Performance Improvements
Team Blog: Azure Tools
Author: Alex-wdy
Published: 02/03/2026
Summary:
Microsoft