Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!
Member: TysonPaul | Microsoft Community Hub
Announcing the AI Infrastructure on Azure repository
Team Blog: Azure High Performance Computing (HPC)
Author: wolfgangdesalvador
Published: 05/28/2025
Summary: Microsoft has launched the AI Infrastructure on Azure repository, providing teams with comprehensive blueprints and guidance for building robust AI supercomputers on Azure. The repository includes Infrastructure as Code templates that optimize storage, compute, and orchestration for performance and reliability. It encompasses design considerations such as VM selection, storage strategies, and software orchestration integrations. The repo further offers node- and cluster-level health checks, real-world workload examples, and a range of configuration guidance, including storage solutions like Azure Managed Lustre and BlobFuse2. The initiative aims to enhance Azure's scalability and efficiency for large-scale AI projects.
Lifecycle Management of Blobs (Deletion) using Automation Tasks
Team Blog: Azure PaaS
Author: thakurmishra
Published: 05/22/2025
Summary: The article discusses the challenges of managing large volumes of idle blobs in Azure Storage and highlights the use of Automation Tasks to streamline their deletion. Manual deletion is impractical for many blobs; hence, Automation Tasks, which utilize logic app workflows, are effective for scheduling and managing blob deletions. This tool is particularly beneficial for automating deletions based on age and for system containers. The article details setting up Automation Tasks and addresses considerations such as firewall configurations and role assignments for successful execution. The feature is in preview, so limitations should be checked before production use.
Driving adoption and measuring impact with the Microsoft 365 Copilot Dashboard
Team Blog: FastTrack
Author: JulieHersum
Published: 05/29/2025
Summary: The article discusses the significant adoption of Microsoft 365 Copilot among Fortune 500 companies, highlighting its impact in enhancing productivity. Companies like Vodafone and Lumen Technologies showcase time and cost savings from its usage. The key to leveraging Copilot's potential lies in its dedicated dashboard, which helps organizations track adoption, productivity, and behavioral impacts. The dashboard provides insights into AI adoption, workflow integration, and user training needs. Admin responsibilities include setting up and managing access. Business leaders and other stakeholders can utilize these insights to refine strategies and maximize productivity. The dashboard is accessible through Microsoft 365 tools, supported by FastTrack services.
[Preview] Trusted launch Default for new Azure virtual machine, Scale set, compute gallery and disk
Team Blog: Azure Compute
Author: AjKundnani
Published: 05/28/2025
Summary: Azure is introducing a public preview for Trusted Launch as the default setting for new deployments of Gen2 Virtual Machines, Virtual Machine Scale Sets, Azure Compute Gallery, and OS disk resources. This change enhances security by enabling features like Secure Boot, vTPM, and Boot Integrity Monitoring to protect against modern threats and comply with various regulatory standards. During the preview, users can test and prepare for these changes by updating deployment API versions and registering the TrustedLaunchByDefaultPreview feature flag. Existing deployments are unaffected, but new deployments will default to Trusted Launch, increasing foundational security without additional costs.
Cross-Tenant Connectivity between Databricks and Storage account using Private Link
Team Blog: Azure Networking
Author: umairakhtar19
Published: 05/19/2025
Summary: The article outlines a high-level architecture for setting up cross-tenant connectivity between Azure Databricks in one Azure tenant (Tenant B) and a Hierarchical Namespace (HNS) enabled Storage Account in another tenant (Tenant A) using Azure Private Link. A private endpoint in Tenant B is used to access the storage account in Tenant A, requiring a Private DNS Zone configuration for proper name resolution. Additionally, a multi-tenant Service Principal is needed to secure access and provide role-based access control. The configuration process includes creating endpoints, DNS updates, and assigning necessary roles and permissions.
Discover the New Era of Windows Server 2025 Nano Server Containers
Team Blog: Containers
Author: Akarsh
Published: 05/13/2025
Summary: The article announces the launch of Windows Server 2025 Nano Server containers, which introduces Features on Demand (FoD) support to address previous limitations of Nano Server. Nano Server's minimal footprint made it efficient but lacked necessary application functionalities. Windows Server 2025 tackles these issues by allowing dynamic feature inclusion, such as 32-bit application support, during container build. FoD provides reduced image size, faster deployment, enhanced performance, and cost efficiency while maintaining granular control over container features. This development enables compatibility with legacy applications and specialized server roles, marking a significant advancement in Windows container technology.
Public Preview: Deploy OSS Large Language Models with KAITO on AKS on Azure Local
Team Blog: Azure Arc
Author: haojiehang
Published: 05/20/2025
Summary: The article announces the public preview of KAITO on AKS for deploying Open Source Large Language Models (LLMs) on Azure Local. This extension, available as part of Azure Arc-enabled Kubernetes clusters, streamlines LLM deployment by providing preset models and guidance on GPU SKUs, reducing common issues like memory errors. KAITO enables companies to deploy AI models locally, meeting low latency and regulatory needs across industries. Users can author deployment workflows with YAML and evaluate models using AI Toolkit in Visual Studio Code. KAITO integrates with Azure Managed Grafana for monitoring, facilitating a smoother deployment and evaluation process for edge-based AI applications.
Configure SSH Server on Windows Server 2025
Team Blog: ITOps Talk
Author: OrinThomas
Published: 05/31/2025
Summary: The article provides a step-by-step guide on enabling and configuring the built-in SSH server on Windows Server 2025, simplifying secure remote command-line access without third-party tools. It covers enabling the SSH server via Server Manager, adjusting firewall rules in Windows Defender Firewall with Advanced Security, and managing SSH user access by modifying the OpenSSH Users group. Users can connect using SSH clients, with detailed syntax provided. Additionally, it advises on further SSH server configurations, such as shell specification and key-based authentication, recommending Microsoft's documentation for advanced settings.
Pioneering Performance and Scale: Compute Innovations Unveiled at Build
Team Blog: Azure Infrastructure
Author: Max_Uritsky
Published: 05/22/2025
Summary: At Build 2025, Microsoft introduced Azure Boost, setting new industry benchmarks in storage performance and network optimization. Achieving 800K IOPS and 16 GB/s throughput for remote storage, Azure Boost enhances compute offerings with accelerated hardware offloading. New VM series, such as Fxv2 and network-optimized Dnsv6 and Ensv6, promise improved CPU performance and 200 Gbps bandwidth. Azure Compute Fleet and Instance Mix innovations facilitate scalable, cost-effective deployment for fluctuating workloads. Together, these advancements ensure Azure leads in cloud performance, scalability, and cost efficiency, offering businesses the tools to excel in complex digital environments.
Enhance Your Linux Workloads with Azure Files NFS v4.1: Secure, Scalable, and Flexible
Team Blog: Azure Storage
Author: Rena Shah
Published: 05/20/2025
Summary: Azure Files NFS v4.1 is a fully managed, enterprise-grade solution for running high-performance Linux workloads in the cloud. It offers native NFS semantics, full POSIX compatibility, high availability, and data durability, eliminating the need for file server management. Enhancements include in-transit encryption via TLS, enabled by a mount helper package, and RESTful access for scalable, stateless operations. This ensures robust security and supports diverse workloads such as AI/ML, CI/CD, and big data analytics. Azure Files bridges traditional systems and the modern cloud, offering protocol flexibility, powerful security, and scalability for modern infrastructure needs.
Learning FOCUS: Prices + quantities
Team Blog: FinOps
Author: flanakin
Published: 05/28/2025
Summary: The article explains the FinOps Open Cost and Usage Specification (FOCUS), focusing on how billing data is categorized and quantified. It outlines key concepts like PricingQuantity, ConsumedQuantity, and CommitmentDiscountQuantity, illustrating how different quantities are measured and priced, akin to buying items in bulk versus individually. Various payment metrics are discussed, including list, contracted, and effective prices. The piece also touches on querying cost in FinOps hubs, emphasizing pricing calculations, and previewed upcoming content on discounts and savings. Readers are encouraged to explore Power BI reports and FinOps hubs for detailed analyses.
Common Azure Policy Issues and Solutions
Team Blog: Azure Governance and Management
Author: Balajiranganathan
Published: 05/21/2025
Summary: Azure Policy, crucial for governance and compliance in Azure environments, often encounters issues that affect its functionality. Common problems include policies not evaluating correctly, resource creation being denied, unexpected compliance reports, challenges in custom policy development, issues with Azure Key Vault policies, and performance concerns in large environments. Solutions involve adjusting policy modes, validating logic with Azure tools, and ensuring correct scopes. Users should review error messages, consider non-production testing, and employ strategic policy deployment, such as using top-level management groups. Additionally, leveraging Azure RBAC and Enterprise Azure Policy as Code can enhance performance and scalability.
Getting Started with Azure Firewall REST API – Part II
Team Blog: Azure Network Security
Author: saikishor
Published: 05/23/2025
Summary: The article provides an in-depth guide on deploying advanced Azure Firewall configurations using REST API. Key topics include setting up authentication, creating secure DNAT rules, enabling Intrusion Detection and Prevention (IDPS), and utilizing web categories for application rule management. It also covers creating FQDN and URL filtering rules, associating multiple public IPs for scalability, enabling diagnostic settings for logging, and customizing SNAT private IP ranges. The article's comprehensive step-by-step approach aims to help users automate and enhance enterprise security measures using Azure Firewall’s capabilities in cloud-native environments.
Protect Tier 1. Sleep well at Night.
Team Blog: Core Infrastructure and Security
Author: DagmarHeidecker
Published: 05/29/2025
Summary: The article discusses strategies to protect Tier 1 systems, crucial for maintaining organizational cybersecurity. It emphasizes the "assume breach" approach and highlights the risk posed by "permanently privileged Tier 1 accounts." To mitigate this, adopting Just-in-Time (JIT) administration is recommended, temporarily elevating user privileges when needed and reducing lateral movement opportunities for attackers. A budget-friendly JIT solution created by experts, using PowerShell scripts, is available on GitHub. It involves configuring and automating access through Active Directory, ensuring temporary privileged access without permanent memberships. The article urges organizations to prioritize protecting Tier 1 systems strategically.
Building an Enterprise RAG Pipeline in Azure with NVIDIA AI Blueprint for RAG and Azure NetApp Files
Team Blog: Azure Architecture
Author: GeertVanTeylingen
Published: 05/19/2025
Summary: The article outlines how to build an enterprise-level Retrieval-Augmented Generation (RAG) pipeline using Azure, NVIDIA’s AI Blueprint, and Azure NetApp Files. It addresses challenges in deploying RAG at scale, such as managing multimodal content, ensuring low latency, maintaining relevance, and meeting compliance standards. The collaboration between Microsoft, NVIDIA, and NetApp offers a reference architecture for efficient, scalable production-ready RAG systems, leveraging GPU acceleration and high-performance storage. This setup supports applications like enterprise search and customer support, enhancing productivity and compliance across industries, while optimizing costs and ensuring security.
Build skills that matter—faster—with AI-assisted learning and Applied Skills
Team Blog: Microsoft Learn
Author: jeanaj
Published: 05/19/2025
Summary: Microsoft Learn is enhancing skill development with AI-assisted learning tools and new Applied Skills offerings. AI features include personalized assistance via Ask Learn in Microsoft documentation and Visual Studio Code, tailored learning plans, and AI-powered assessments to track progress. New beginner-level Applied Skills and expanded AI scenarios, including GitHub Copilot, are available for practical skill validation. Additionally, Microsoft Learn invites participants to join the AI Skills Fest Challenge for a chance to win free certification exams. These initiatives aim to empower users with in-demand skills in the evolving AI economy.
Migration planning of MySQL workloads using Azure Migrate
Team Blog: Azure Migration and Modernization
Author: ankitsurkar
Published: 05/29/2025
Summary: The article introduces Azure Migrate's new feature for discovering and assessing MySQL databases on Windows and Linux servers, enhancing visibility and providing tailored migration recommendations to Azure Database for MySQL. This capability helps businesses efficiently plan the migration of their critical MySQL workloads, leveraging Azure's scalability, cost efficiency, and robust security. The feature enables users to assess Azure readiness, receive SKU recommendations, and estimate costs for hosting MySQL workloads. The summary provides a guide for onboarding users through a five-step process: creating an Azure Migrate Project, configuring the appliance, reviewing inventory, and assessing readiness for a seamless transition.
Azure CLI and Azure PowerShell Build 2025 Announcement
Team Blog: Azure Tools
Author: Alex-wdy
Published: 05/22/2025
Summary: At Microsoft Build 2025, new enhancements to Azure CLI and Azure PowerShell focus on quality, security, and user experience. Both tools now support Long-Term Support (LTS) and Short-Term Support (STS) models, providing flexibility for users. Azure PowerShell's Get-AzAccessToken cmdlet transitions to using SecureString for security improvements. Azure PowerShell can now be installed via Microsoft Artifact Registry, offering security and performance benefits. Usability improvements include real-time progress bars and JSON-based resource creation. Azure CLI gains enhanced cloud metadata handling for custom clouds, removing reliance on hardcoded endpoints. Continued investments are made in Copilot's response quality and performance.
From the frontlines: Delivering great dedicated device experiences for retail workers
Team Blog: Intune Customer Success
Author: Intune_Support_Team
Published: 05/28/2025
Summary: In the article, Shawn Catlin, a Microsoft Intune Product Manager, discusses how Intune enhances the management of retail devices to improve operational efficiency and work-life balance for retail managers. The article highlights Intune's role in simplifying device management through features like staged enrollment, app management, and configurable restrictions. Catlin details a scenario where Intune is used to manage company-issued devices efficiently, facilitating work-life balance for retail shift managers by integrating work profiles and restricting app access during off-hours. The blog emphasizes using Intune for secure retail operations and supporting frontline workers.
Microsoft