Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!
Member: TysonPaul | Microsoft Community Hub
CPU oversubscription and new CPU jitter counters in Windows Server 2025
Team Blog: Windows OS Platform
Author: MarkKilimov
Published: 03/13/2025
Summary: The article discusses the concept of CPU oversubscription, which involves assigning more virtual processors to virtual machines than there are logical processors available on the host, enhancing resource efficiency but potentially disrupting performance balance. Windows Server 2025 introduces CPU jitter counters to monitor and manage such variability in processing times, caused by factors like CPU contention. These counters assist in optimizing resource allocation, troubleshooting, and proactive monitoring. Best practices include establishing baselines, using various counters, and reviewing resource allocation. The jitter counters aid administrators in improving performance stability and VM density, optimizing virtualized environments.
Register now for the Microsoft AI Skills Fest!
Team Blog: Microsoft Learn
Author: jeanaj
Published: 03/24/2025
Summary: Microsoft AI Skills Fest registration is open for engagement on April 8, 2025, aiming for a GUINNESS WORLD RECORDS™ title for most participants in an online AI lesson within 24 hours. This global event, starting at 9 AM AEST and concluding at 4 PM PDT, offers diverse AI learning activities to improve business and technical skills. Participants can continue developing AI expertise with 50 days of exploration and training sessions through May 28, 2025. The fest welcomes learners of all levels and backgrounds for deep dives, challenges, and practical sessions to enhance AI proficiency and creativity.
Replace your legacy VPN with an identity-centric ZTNA
Team Blog: Microsoft Entra (Azure AD)
Author: Ashish__Jain
Published: 03/31/2025
Summary: The article discusses the limitations of legacy VPNs in protecting organizational networks, emphasizing the need for a modern, identity-centric approach via Zero Trust Network Access (ZTNA). It highlights Microsoft Entra Private Access as a solution, offering precise, secure access to private apps and resources without granting unrestricted network access. The transition from VPN to ZTNA is facilitated through features like Quick Access and Conditional Access policies, enabling least-privilege access and enhancing security. The article outlines the benefits of Microsoft Entra, detailing its integration capabilities and identity security improvements while offering trial options for transitioning to ZTNA.
Deploy Microsoft Defender XDR today and start protecting your entire digital estate
Team Blog: FastTrack
Author: JulieHersum
Published: 03/31/2025
Summary: Microsoft’s 2024 Multicloud Security Risk Report highlights growing vulnerabilities due to increasing attack pathways, pushing organizations toward enhanced security solutions like Microsoft Defender XDR. Microsoft Defender offers comprehensive protection across endpoints, cloud apps, identity, and office applications, supported by seamless integration with Microsoft 365 products. Deployment challenges related to legacy systems, integration complexities, and staffing shortages are mitigated by FastTrack for Microsoft 365, providing streamlined guides and personalized setup instructions. The article also addresses common FAQs, including migration, incident response, and training for deploying Microsoft Defender efficiently and securely across digital estates.
Azure Virtual Desktop metadata database available in Southeast Asia
Team Blog: Azure Virtual Desktop
Author: Ron_Coleman
Published: 03/26/2025
Summary: Azure Virtual Desktop (AVD) has launched its metadata database in Southeast Asia, expanding its geographical footprint to nine regions including the U.S., Canada, EU, UK, Japan, Australia, India, South Africa, and now Asia. This development aims to enhance connectivity, reduce latency, and meet compliance requirements for organizations by allowing metadata storage within specified geographies. Data can also be replicated to paired regions for disaster recovery. The continued expansion of AVD showcases Microsoft's commitment to providing widespread access to Azure Virtual Desktop and Windows 365 services globally, meeting diverse organizational needs.
Simplifying Kubernetes Data Protection with CloudCasa and Microsoft Azure Blob Storage
Team Blog: Azure Storage
Author: dmalbrough
Published: 03/20/2025
Summary: The article introduces a partnership between CloudCasa and Microsoft Azure Blob Storage, focusing on enhancing data protection for Kubernetes and hybrid cloud environments. The integration simplifies backup and disaster recovery for Azure Kubernetes Service (AKS) and extends centralized protection to hybrid clusters using Azure Arc. CloudCasa implements efficient incremental backups stored in Azure Blob, reducing costs and network usage. This system offers a unified management for container and VM backups, streamlining recovery and meeting compliance needs. With CloudCasa's lightweight agent technology and Azure Blob's scalable storage, businesses can manage data protection effectively across varying environments.
Protect against Next.js CVE-2025-29927 with Azure Web Application Firewall (WAF)
Team Blog: Azure Network Security
Author: yuvalpery
Published: 03/27/2025
Summary: Next.js versions prior to 12.3.5, 13.5.9, 14.2.25, and 15.2.3 are vulnerable to CVE-2025-29927, which allows bypassing authorization checks within applications. Upgrading to these patched versions is strongly recommended. For Next.js 11.x or other unpatchable applications, mitigation can be achieved by creating a custom rule in Azure Web Application Firewall, blocking requests with the 'x-middleware-subrequest' header. This rule, however, may also impact legitimate sites using auth middleware. The article provides detailed steps on configuring a custom rule in Azure Portal to protect against this vulnerability.
Subscription Vending, now and beyond
Team Blog: Azure Governance and Management
Author: Seif_Bassem
Published: 03/19/2025
Summary: The article discusses the importance of Subscription Vending in efficiently managing Azure subscriptions as organizations increase their cloud presence. Subscription vending automates the provisioning process, streamlining deployment with standardized workflows that enforce governance and compliance. By treating subscriptions as the primary management unit, organizations can better manage cost boundaries and apply policies at scale. New enhancements to the Bicep and Terraform modules, including Azure Verified Modules for improved support, RBAC constrained delegation, and Privileged Identity Management, enhance security and efficiency. The modules also facilitate virtual network and Bastion deployments, supporting secure remote connections and monitoring.
Windows Server 2025 Software Defined Datacenter: Networking Deployment Series (1/6)
Team Blog: Networking
Author: Param_Mahajan
Published: 03/25/2025
Summary: The article introduces a series on deploying Windows Server 2025 Software Defined Datacenter (SDDC) with a focus on Network ATC at Contoso Medical Center. It outlines six essential steps for optimizing network deployment using Windows Server 2025, highlighting Network ATC for automating and simplifying network configurations, ensuring compliance with Microsoft’s best practices, and improving efficiency. The integration with Windows Admin Center enables intuitive management and monitoring. Contoso seeks to enhance its network management across new and existing clusters, leveraging Network ATC for consistency, reliability, and scalability, crucial for expanding their healthcare operations.
What’s new in Microsoft Intune: March 2025
Team Blog: Microsoft Intune
Author: ScottSawyer
Published: 03/31/2025
Summary: The March 2025 update for Microsoft Intune emphasizes enhancing endpoint management by offering several new capabilities. Key upgrades include automated Apple software policy updates using Apple's DDM protocol, allowing efficient OS version management and progressive deployments. A preview for Windows 365 Frontline introduces shared Cloud PC access with improved provisioning through Windows Autopilot, enhancing user experience while maintaining device configuration. Remote Help expands support by enabling secure connections for Azure Virtual Desktop multisession VMs, streamlining support operations. Additionally, Samsung Knox Mobile Enrollment allows bulk enrollment of Android Enterprise devices, enhancing security through hardware-backed attestation features.
From the frontlines: Accelerating retail worker shared device experience (Part one)
Team Blog: Intune Customer Success
Author: Intune_Support_Team
Published: 03/25/2025
Summary: The article by Yusuke Shinoki discusses enhancing retail worker experiences through shared device solutions managed via Microsoft Intune. With technology revolutionizing retail operations, store staff use shared devices to access inventory and manage orders efficiently, requiring secure, easy sign-in/out processes. For retail associate device needs, the article highlights the use of Intune's Android Enterprise dedicated devices with Microsoft Entra shared mode and Managed Home Screen to streamline access, boost productivity, and maintain security. The approach enables seamless sign-on with session PINs, app switching, and QR code authentication, ultimately improving user experience and operational efficiency in retail environments.
Passwordless Authentication with FIDO2 Security Key for Remote Desktop Connection
Team Blog: Core Infrastructure and Security
Author: Farooque
Published: 03/28/2025
Summary: The article explores the use of FIDO2 security keys for passwordless authentication via Remote Desktop Connection (RDP), focusing on a Zero Trust approach. It details how to configure RDP for both Entra ID-joined and Hybrid-joined devices on Windows 10/11 using WebAuthn and RDPAAD protocols. For Entra ID-joined devices, users must be added to the local Remote Desktop Users group. Hybrid-joined devices require Kerberos authentication with an Active Directory Read-Only Domain Controller in Entra ID. Conditional Access Policies can enforce phishing-resistant authentication using FIDO2 keys for secure RDP access. The next blog will cover on-premises domain use.
Resilience Testing with Azure Chaos Studio: Compute Failures
Team Blog: Azure Tools
Author: prasha01
Published: 03/19/2025
Summary: The article discusses using Azure's Chaos Studio for resilience testing in cloud infrastructures, focusing on simulating compute failures, specifically Availability Zone shutdowns. It emphasizes a hypothesis-driven approach: defining a failure scenario, designing a fault injection experiment, running the test, and analyzing results to validate or invalidate hypotheses. Key practices include configuring autoscale settings, maintaining balanced instance counts, and ensuring load balancing to enhance resilience. The tutorial guides users through creating and executing experiments in Chaos Studio and monitoring metrics to assess impact, encouraging regular resilience tests for ongoing reliability improvements.
Lifecycle Management of Azure storage blobs using Azure Data Factory (ADF)
Team Blog: Azure PaaS
Author: Deeksha_S_A
Published: 03/31/2025
Summary: The article details a method for automatically deleting Azure storage blobs using Azure Data Factory (ADF), especially targeting scenarios where lifecycle management does not support page blob deletion. It provides a step-by-step guide to creating an ADF pipeline, starting from resource creation on the Azure portal, to configuring the pipeline for deletion activities and setting conditions like "Filter by last Modified." Additionally, it highlights options to manually or automatically trigger the pipeline. The process allows integration with various tools, emphasizing the versatility of ADF in cloud storage management.
Azure’s ND GB200 v6 Delivers Record Performance for Inference Workloads
Team Blog: Azure High Performance Computing (HPC)
Author: HugoAffaticati
Published: 03/31/2025
Summary: Azure's ND GB200 v6 virtual machines demonstrate significant performance improvements for AI inference workloads. Key metrics include a theoretical 2.5x performance increase over the previous ND H100 v5, peaking at 2,744 TFLOPS FP8 throughput and 7.35 TB/s HBM bandwidth utilization. Using NVIDIA's LLAMA 2 70B model, these VMs achieved an average throughput of 48,088 tokens/sec per VM, roughly 3.9x higher than ND H100 v5. The setup showcases 9x improved performance across an NVL72 rack of 18 VMs. The article also details reproduction steps for Azure users using NVIDIA's triton_trtllm_v0.18.0dev_repro-v4.1 container.
Skill your team to increase performance efficiency of Azure and AI projects
Team Blog: Azure Architecture
Author: MeganLordeonPennie
Published: 03/25/2025
Summary: The article discusses the importance of performance efficiency in managing cloud workloads on Azure, emphasizing the role of Azure Essentials in achieving this. It highlights the benefits of optimizing migration speed, operational effectiveness, and system resiliency through tools like Azure Monitor and Azure Advisor. The Azure Well-Architected Framework offers a comprehensive approach to balance performance, cost, reliability, and security. Azure Essentials, alongside self-paced training on Microsoft Learn, aims to improve the performance of Azure and AI projects by equipping teams with necessary skilling, tools, and frameworks for building efficient, resilient workloads.
Microsoft