<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>New blog articles in Microsoft Community Hub</title>
    <link>https://techcommunity.microsoft.com/t5/</link>
    <description>Microsoft Community Hub</description>
    <pubDate>Sun, 12 Jul 2026 17:46:09 GMT</pubDate>
    <dc:creator>Community</dc:creator>
    <dc:date>2026-07-12T17:46:09Z</dc:date>
    <item>
      <title>Beyond the Canvas: The Azure Architecture Diagram Builder Becomes Agent-Ready</title>
      <link>https://techcommunity.microsoft.com/t5/azure-architecture-blog/beyond-the-canvas-the-azure-architecture-diagram-builder-becomes/ba-p/4534590</link>
      <description>&lt;P&gt;&lt;STRONG&gt;AZURE ARCHITECTURE BLOG&lt;/STRONG&gt; · 8 MIN READ&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Author:&lt;/STRONG&gt; Arturo Quiroga, Senior Partner Solutions Architect — Microsoft&lt;/P&gt;
&lt;HR /&gt;
&lt;P&gt;Two months ago I published &lt;A href="https://techcommunity.microsoft.com/blog/azurearchitectureblog/from-prompt-to-production-building-azure-architecture-diagrams-with-ai/4520336" target="_blank" rel="noopener"&gt;&lt;EM&gt;From Prompt to Production: Building Azure Architecture Diagrams with AI&lt;/EM&gt;&lt;/A&gt;, introducing the open-source &lt;A href="https://aka.ms/diagram-builder" target="_blank" rel="noopener"&gt;Azure Architecture Diagram Builder&lt;/A&gt;. The response was humbling — thousands of you read it, tried the tool, and filed issues and feature requests. A follow-up on &lt;A href="https://techcommunity.microsoft.com/post-2-waf-validation/blog-draft-waf-validation.md" target="_blank" rel="noopener"&gt;how the Well-Architected Framework scoring works&lt;/A&gt; went deep on validation.&lt;/P&gt;
&lt;P&gt;You asked, and the tool grew. This post is about what’s new since May — and one change big enough to reframe the whole project: &lt;STRONG&gt;the Azure Architecture Diagram Builder is no longer just an app you click. It’s a partner you chat with, and a tool other agents can call.&lt;/STRONG&gt;&lt;/P&gt;
&lt;BLOCKQUOTE&gt;
&lt;P&gt;&lt;STRONG&gt;TL;DR.&lt;/STRONG&gt; Three arcs of new capability: (1) &lt;STRONG&gt;Architecture Chat&lt;/STRONG&gt; turns diagram design into a multi-turn conversation over the live canvas; (2) &lt;STRONG&gt;Blueprint Diagrams&lt;/STRONG&gt; produce hand-drawn, whiteboard-style deliverables alongside the formal topology; and (3) the app now exposes its capabilities as a &lt;STRONG&gt;Model Context Protocol (MCP) server&lt;/STRONG&gt;, so AI agents can generate, validate, cost, and render Azure architectures programmatically. Plus a &lt;STRONG&gt;13-model fleet&lt;/STRONG&gt;, deployment guides grounded in &lt;STRONG&gt;Microsoft Learn&lt;/STRONG&gt;, and July output enhancements.&lt;/P&gt;
&lt;/BLOCKQUOTE&gt;
&lt;HR /&gt;
&lt;H2 id="whats-new-at-a-glance"&gt;What’s new at a glance&lt;/H2&gt;
&lt;DIV class="styles_lia-table-wrapper__h6Xo9 styles_table-responsive__MW0lN"&gt;&lt;table border="1" style="width: 100%; height: 510.903px; border-width: 1px;"&gt;&lt;colgroup&gt;&lt;col style="width: 49.9588%" /&gt;&lt;col style="width: 49.9588%" /&gt;&lt;/colgroup&gt;&lt;thead&gt;&lt;tr style="height: 35.1215px;"&gt;&lt;th style="height: 35.1215px;"&gt;Capability&lt;/th&gt;&lt;th&gt;
&lt;P&gt;&lt;STRONG&gt;What it does&lt;/STRONG&gt;&lt;/P&gt;
&lt;/th&gt;&lt;/tr&gt;&lt;/thead&gt;&lt;tbody&gt;&lt;tr style="height: 83.1424px;"&gt;&lt;td style="height: 83.1424px;"&gt;&lt;STRONG&gt;Architecture Chat&lt;/STRONG&gt;&lt;/td&gt;&lt;td&gt;
&lt;P&gt;Refine a diagram by conversation — “add Front Door with WAF,” then“now make it zone-redundant.” Each turn reads the live canvas and auto-saves to history.&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;tr style="height: 83.1424px;"&gt;&lt;td style="height: 83.1424px;"&gt;&lt;STRONG&gt;Blueprint Diagrams (BETA)&lt;/STRONG&gt;&lt;/td&gt;&lt;td&gt;
&lt;P&gt;Hand-drawn, whiteboard-style renders with nested zones and numbered&amp;nbsp;flow arrows. Topology, Blueprint, or Both.&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;tr style="height: 59.1319px;"&gt;&lt;td style="height: 59.1319px;"&gt;&lt;STRONG&gt;A fleet of 13 models&lt;/STRONG&gt;&lt;/td&gt;&lt;td&gt;
&lt;P&gt;Multi-provider roster — GPT-5.x, DeepSeek, Grok, Mistral, and Kimi — with side-by-side comparison to pick the right brain per task.&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;tr style="height: 84.0799px;"&gt;&lt;td style="height: 84.0799px;"&gt;&lt;STRONG&gt;MCP server&lt;/STRONG&gt;&lt;/td&gt;&lt;td&gt;
&lt;P&gt;The app is now a remote MCP server. Agents can list_services, validate_architecture, estimate_costs, generate_bicep and render_diagram with typed, structured outputs.&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;tr style="height: 83.1424px;"&gt;&lt;td style="height: 83.1424px;"&gt;&lt;STRONG&gt;Microsoft Learn grounding&lt;/STRONG&gt;&lt;/td&gt;&lt;td&gt;
&lt;P&gt;Deployment guides now cite live Microsoft Learn documentation.&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;tr style="height: 83.1424px;"&gt;&lt;td style="height: 83.1424px;"&gt;&lt;STRONG&gt;Output enhancements (July 2026)&lt;/STRONG&gt;&lt;/td&gt;&lt;td&gt;
&lt;P&gt;Cost badges, light/dark render themes, and metadata panels in rendered diagrams.&lt;/P&gt;
&amp;nbsp;&lt;/td&gt;&lt;/tr&gt;&lt;/tbody&gt;&lt;/table&gt;&lt;/DIV&gt;
&lt;HR /&gt;
&lt;H2 id="from-clicking-to-conversing-architecture-chat"&gt;From clicking to conversing: Architecture Chat&lt;/H2&gt;
&lt;P&gt;The single most common request after the launch post was some version of &lt;EM&gt;“I love the first diagram, but I want to iterate without re-writing the whole prompt.”&lt;/EM&gt; Regenerating from scratch every time you tweak a requirement is slow and loses context.&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Architecture Chat&lt;/STRONG&gt; solves this. It’s a conversational panel that sits alongside the canvas and treats your diagram as a living document. Each message is a turn in an ongoing design session:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;EM&gt;“Add an Azure Front Door with WAF in front of the app tier.”&lt;/EM&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;EM&gt;“Now make the data layer zone-redundant.”&lt;/EM&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;EM&gt;“Swap the SQL Database for Cosmos DB and update the connections.”&lt;/EM&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;Every turn reads the &lt;STRONG&gt;current state of the canvas&lt;/STRONG&gt; — not the original prompt — so refinements compound naturally the way they would with a human architect at a whiteboard. The conversation auto-saves to history, so you can step back through the evolution of a design or branch from an earlier point.&lt;/P&gt;
&lt;FIGURE&gt;&lt;BR /&gt;
&lt;FIGCAPTION aria-hidden="true"&gt;Architecture Chat panel beside the canvas, showing a multi-turn conversation that incrementally adds and modifies services on the diagram.&lt;/FIGCAPTION&gt;
&lt;/FIGURE&gt;
&lt;img /&gt;
&lt;BLOCKQUOTE&gt;
&lt;P&gt;&lt;STRONG&gt;Figure 1.&lt;/STRONG&gt; Architecture Chat treats the diagram as a living document. Each message refines the current canvas — adding services, changing SKUs, or reorganizing groups — and the full exchange is saved to history.&lt;/P&gt;
&lt;/BLOCKQUOTE&gt;
&lt;P&gt;The shift is subtle but important: architecture design stops being a one-shot prompt and becomes an &lt;STRONG&gt;iterative dialogue&lt;/STRONG&gt;.&lt;/P&gt;
&lt;HR /&gt;
&lt;H2 id="the-whiteboard-deliverable-blueprint-diagrams-beta"&gt;The whiteboard deliverable: Blueprint Diagrams (BETA)&lt;/H2&gt;
&lt;P&gt;Formal topology diagrams with official Azure icons are perfect for documentation and stakeholder decks. But early-stage design conversations often want something looser — the hand-drawn feel of a whiteboard sketch that communicates intent without implying finality.&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Blueprint Diagrams&lt;/STRONG&gt; generate exactly that: a whiteboard-style render with nested zones (subscription → VNet → subnet), numbered flow arrows, and a deliberately sketchy aesthetic. You choose the output mode:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;Topology&lt;/STRONG&gt; — the formal, icon-based diagram from the launch post&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Blueprint&lt;/STRONG&gt; — the hand-drawn whiteboard style&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Both&lt;/STRONG&gt; — generate the two side by side&lt;/LI&gt;
&lt;/UL&gt;
&lt;FIGURE&gt;&lt;BR /&gt;
&lt;FIGCAPTION aria-hidden="true"&gt;The formal topology diagram of an architecture shown next to a Blueprint-style hand-drawn version of the same design with nested zones and numbered flow arrows.&lt;/FIGCAPTION&gt;
&lt;/FIGURE&gt;
&lt;img /&gt;
&lt;BLOCKQUOTE&gt;
&lt;P&gt;&lt;STRONG&gt;Figure 2.&lt;/STRONG&gt; The same architecture in two visual languages. &lt;STRONG&gt;Left:&lt;/STRONG&gt; the formal, icon-based topology. &lt;STRONG&gt;Right:&lt;/STRONG&gt; Blueprint mode — a whiteboard-style render with nested zones and numbered flow steps, plus a numbered legend explaining each hop. Use Blueprint for early design conversations and Topology for final documentation.&lt;/P&gt;
&lt;/BLOCKQUOTE&gt;
&lt;P&gt;It’s the same underlying architecture — two visual languages for two different moments in the design lifecycle.&lt;/P&gt;
&lt;HR /&gt;
&lt;H2 id="a-fleet-of-13-models-pick-the-right-brain-per-task"&gt;A fleet of 13 models: pick the right brain per task&lt;/H2&gt;
&lt;P&gt;The launch post shipped with multi-model support. That fleet has grown to &lt;STRONG&gt;13 models across five providers&lt;/STRONG&gt;, so you can match the model to the job — fast models for iteration, reasoning models for complex designs, code-optimized models for Bicep generation:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;OpenAI GPT-5.x&lt;/STRONG&gt; — GPT-5.1, GPT-5.2, GPT-5.2 Codex, GPT-5.3 Codex, GPT-5.4, GPT-5.4 Mini&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;DeepSeek&lt;/STRONG&gt; — V3.2 Speciale, V4 Pro&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;xAI Grok&lt;/STRONG&gt; — 4.1 Fast, 4.3&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Mistral&lt;/STRONG&gt; — Large 3&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;MoonshotAI Kimi&lt;/STRONG&gt; — K2.5, K2.7 Code&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;The &lt;STRONG&gt;Compare Models&lt;/STRONG&gt; feature runs the same prompt through any subset of these in parallel and ranks them on service count, token usage, latency, and cost — with &lt;EM&gt;Fastest / Cheapest / Most Thorough&lt;/EM&gt; badges — so you can make an evidence-based choice rather than a guess.&lt;/P&gt;
&lt;FIGURE&gt;&lt;BR /&gt;
&lt;FIGCAPTION aria-hidden="true"&gt;Compare Models results grid showing side-by-side metrics across all 13 models with Fastest, Cheapest, and Most Thorough badges.&lt;/FIGCAPTION&gt;
&lt;/FIGURE&gt;
&lt;img /&gt;
&lt;FIGURE&gt;&lt;BR /&gt;
&lt;FIGCAPTION aria-hidden="true"&gt;AI Critique panel with an overall ranking and per-model analysis generated by a critic model.&lt;/FIGCAPTION&gt;
&lt;/FIGURE&gt;
&lt;img /&gt;
&lt;BLOCKQUOTE&gt;
&lt;P&gt;&lt;STRONG&gt;Figure 3.&lt;/STRONG&gt; Multi-model comparison across the full 13-model fleet. &lt;STRONG&gt;Top:&lt;/STRONG&gt; the results grid ranks every model on service count, connections, token usage, latency, and cost, with &lt;EM&gt;Fastest / Cheapest / Most Thorough&lt;/EM&gt; badges. &lt;STRONG&gt;Bottom:&lt;/STRONG&gt; an optional AI Critique uses a critic model to rank the outputs and explain each model’s strengths and gaps.&lt;/P&gt;
&lt;/BLOCKQUOTE&gt;
&lt;P&gt;Adding a model is now a small, well-understood change — a testament to how the multi-provider abstraction has matured since May.&lt;/P&gt;
&lt;HR /&gt;
&lt;H2 id="the-headline-the-diagram-builder-is-now-an-mcp-server"&gt;The headline: the Diagram Builder is now an MCP server&lt;/H2&gt;
&lt;P&gt;Here’s the change that reframes the project. Everything above is about a &lt;EM&gt;person&lt;/EM&gt; using a &lt;EM&gt;web app&lt;/EM&gt;. But the same capabilities — generating a diagram, validating it against WAF, estimating its cost, producing Bicep — are exactly the things an &lt;STRONG&gt;AI agent&lt;/STRONG&gt; needs when it reasons about Azure architecture.&lt;/P&gt;
&lt;P&gt;So we exposed them. The Azure Architecture Diagram Builder now runs as a &lt;STRONG&gt;Model Context Protocol (MCP) server&lt;/STRONG&gt;. Any MCP-capable agent can call its tools with typed inputs and structured outputs:&lt;/P&gt;
&lt;DIV class="styles_lia-table-wrapper__h6Xo9 styles_table-responsive__MW0lN"&gt;&lt;table border="1" style="width: 98.7963%; height: 259.653px; border-width: 1px;"&gt;&lt;colgroup&gt;&lt;col style="width: 50.0054%" /&gt;&lt;col style="width: 50.0054%" /&gt;&lt;/colgroup&gt;&lt;thead&gt;&lt;tr style="height: 35.1215px;"&gt;&lt;th style="height: 35.1215px;"&gt;Tool&lt;/th&gt;&lt;th&gt;
&lt;P&gt;&lt;STRONG&gt;What the agent gets&lt;/STRONG&gt;&lt;/P&gt;
&lt;/th&gt;&lt;/tr&gt;&lt;/thead&gt;&lt;tbody&gt;&lt;tr style="height: 35.434px;"&gt;&lt;td style="height: 35.434px;"&gt;&lt;CODE&gt;list_services&lt;/CODE&gt;&lt;/td&gt;&lt;td&gt;
&lt;P&gt;The catalog of supported Azure services and categories&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;tr style="height: 35.434px;"&gt;&lt;td style="height: 35.434px;"&gt;&lt;CODE&gt;validate_architecture&lt;/CODE&gt;&lt;/td&gt;&lt;td&gt;
&lt;P&gt;A WAF assessment with pillar scores and findings&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;tr style="height: 59.1146px;"&gt;&lt;td style="height: 59.1146px;"&gt;&lt;CODE&gt;estimate_costs&lt;/CODE&gt;&lt;/td&gt;&lt;td&gt;
&lt;P&gt;Multi-region cost estimates from the Azure Retail Prices API&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;tr style="height: 35.434px;"&gt;&lt;td style="height: 35.434px;"&gt;&lt;CODE&gt;generate_bicep&lt;/CODE&gt;&lt;/td&gt;&lt;td&gt;
&lt;P&gt;Infrastructure-as-Code templates for the design&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;tr style="height: 59.1146px;"&gt;&lt;td style="height: 59.1146px;"&gt;&lt;CODE&gt;render_diagram&lt;/CODE&gt;&lt;/td&gt;&lt;td&gt;
&lt;P&gt;A rendered diagram (topology or blueprint) of the architecture&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;/tbody&gt;&lt;/table&gt;&lt;/DIV&gt;
&lt;P&gt;&lt;STRONG&gt;This means an agent can hold a conversation like &lt;EM&gt;“design a HIPAA-compliant platform, check it against the Well-Architected Framework, tell me the monthly cost in West Europe, and give me the Bicep”&lt;/EM&gt; — and the Diagram Builder answers each part programmatically, returning structured data the agent can reason over and chain.&lt;/STRONG&gt;&lt;/P&gt;
&lt;FIGURE&gt;&lt;BR /&gt;
&lt;FIGCAPTION aria-hidden="true"&gt;Microsoft Scout invoking the Diagram Builder’s render_diagram MCP tool, showing the tool-call parameters and saving the generated SVG to the workspace.&lt;/FIGCAPTION&gt;
&lt;/FIGURE&gt;
&lt;img /&gt;
&lt;FIGURE&gt;&lt;BR /&gt;
&lt;FIGCAPTION aria-hidden="true"&gt;The Azure architecture diagram rendered by the MCP tool and displayed inline in the Microsoft Scout conversation.&lt;/FIGCAPTION&gt;
&lt;/FIGURE&gt;
&lt;img /&gt;
&lt;BLOCKQUOTE&gt;
&lt;P&gt;&lt;STRONG&gt;Figure 4.&lt;/STRONG&gt; The Diagram Builder as an MCP server inside &lt;STRONG&gt;Microsoft Scout&lt;/STRONG&gt;. &lt;STRONG&gt;Top:&lt;/STRONG&gt; from a natural-language request, the agent calls the &lt;CODE&gt;render_diagram&lt;/CODE&gt; tool with structured parameters (title, format, direction, theme, region) and saves the returned SVG to its workspace. &lt;STRONG&gt;Bottom:&lt;/STRONG&gt; the rendered architecture — grouped zones, labeled flows, and cost badges — appears inline in the conversation, generated entirely through agent tool calls.&lt;/P&gt;
&lt;/BLOCKQUOTE&gt;
&lt;P&gt;The tool that started as a canvas for humans is now also a &lt;STRONG&gt;building block for agents&lt;/STRONG&gt;. That’s the arc: &lt;EM&gt;from an app you click, to a partner you chat with, to a tool other agents call.&lt;/EM&gt;&lt;/P&gt;
&lt;HR /&gt;
&lt;H2 id="grounded-in-microsoft-learn-and-sharper-output"&gt;Grounded in Microsoft Learn, and sharper output&lt;/H2&gt;
&lt;P&gt;Two smaller-but-meaningful improvements round out the release:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;Microsoft Learn grounding.&lt;/STRONG&gt; Deployment guides now search official &lt;A href="https://learn.microsoft.com/" target="_blank" rel="noopener"&gt;Microsoft Learn&lt;/A&gt; documentation at generation time and cite it, so the guidance reflects current, authoritative practice rather than a model’s training snapshot.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Output enhancements (July 2026).&lt;/STRONG&gt; Rendered diagrams now carry per-service &lt;STRONG&gt;cost badges&lt;/STRONG&gt;, support &lt;STRONG&gt;light and dark render themes&lt;/STRONG&gt;, and include &lt;STRONG&gt;metadata panels&lt;/STRONG&gt; that summarize the architecture — service counts, regions, and estimated cost — directly on the image.&lt;/LI&gt;
&lt;/UL&gt;
&lt;HR /&gt;
&lt;H2 id="highlights"&gt;Highlights&lt;/H2&gt;
&lt;P&gt;Since the May launch, the Azure Architecture Diagram Builder has grown from a design tool into an agent-ready platform:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;Conversational design&lt;/STRONG&gt;: iterate on a diagram by chatting over the live canvas, with full history&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Two visual languages&lt;/STRONG&gt;: formal topology and hand-drawn Blueprint, from the same architecture&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;13 models, five providers&lt;/STRONG&gt;: choose the right brain per task, with evidence-based comparison&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Agent-ready&lt;/STRONG&gt;: an MCP server exposing generation, validation, costing, and IaC as callable tools&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Grounded guidance&lt;/STRONG&gt;: deployment guides cite live Microsoft Learn documentation&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Still open source&lt;/STRONG&gt;: every capability above is available to inspect, extend, and contribute to&lt;/LI&gt;
&lt;/UL&gt;
&lt;H2 id="try-it-today"&gt;Try It Today&lt;/H2&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;Live demo&lt;/STRONG&gt;: &lt;A href="https://aka.ms/diagram-builder" target="_blank" rel="noopener"&gt;https://aka.ms/diagram-builder&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Source code&lt;/STRONG&gt;: &lt;A href="https://github.com/Arturo-Quiroga-MSFT/azure-architecture-diagram-builder" target="_blank" rel="noopener"&gt;GitHub repository&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Documentation&lt;/STRONG&gt;: See the &lt;A href="https://github.com/Arturo-Quiroga-MSFT/azure-architecture-diagram-builder/blob/main/DOCS/getting-started-guide.md" target="_blank" rel="noopener"&gt;Getting Started Guide&lt;/A&gt; for setup, and the repository’s MCP server directory for agent integration.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;If you read the first post and tried the tool — thank you. The features above exist because you told me what you needed. Keep the feedback coming via GitHub Issues.&lt;/P&gt;
&lt;HR /&gt;
&lt;P&gt;&lt;STRONG&gt;Tags:&lt;/STRONG&gt; &lt;CODE&gt;artificial intelligence&lt;/CODE&gt; · &lt;CODE&gt;application&lt;/CODE&gt; · &lt;CODE&gt;apps &amp;amp; devops&lt;/CODE&gt; · &lt;CODE&gt;well architected&lt;/CODE&gt; · &lt;CODE&gt;infrastructure&lt;/CODE&gt;&lt;/P&gt;</description>
      <pubDate>Fri, 10 Jul 2026 21:40:06 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/azure-architecture-blog/beyond-the-canvas-the-azure-architecture-diagram-builder-becomes/ba-p/4534590</guid>
      <dc:creator>arturoqu</dc:creator>
      <dc:date>2026-07-10T21:40:06Z</dc:date>
    </item>
    <item>
      <title>Azure Front Door: Resiliency Series – Part 3: Tenant isolation</title>
      <link>https://techcommunity.microsoft.com/t5/azure-networking-blog/azure-front-door-resiliency-series-part-3-tenant-isolation/ba-p/4535866</link>
      <description>&lt;P&gt;Abhishek Tiwari, Vice President of Engineering, Azure Networking&lt;BR /&gt;Amit Srivastava, Partner Director of PM, Azure Networking&lt;BR /&gt;Varun Chawla, Partner Director of Engineering, Azure Networking&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Azure Front Door serves hundreds of thousands of tenants from hundreds of edge locations, densely sharing the globally distributed edge fleet. That density is exactly what allows us to deliver global scale, performance, and cost efficiency. It also means that, without strong isolation, a single tenant’s incompatible configuration or anomalous traffic can, in the worst case, affect many other tenants. The October 2025 incidents reinforced how important it is to contain this class of risk. Our goal for this tenant isolation is simple to state and hard to achieve: no single tenant’s configuration or traffic should be able to impact any other tenant.&lt;/P&gt;
&lt;P&gt;In &lt;A href="https://techcommunity.microsoft.com/blog/azurenetworkingblog/azure-front-door-implementing-lessons-learned-following-october-outages/4479416" target="_blank" rel="noopener"&gt;Part 1&lt;/A&gt; of our three part mini blog series, we outlined our four‑pillar strategy for improving the resiliency of Azure Front Door: configuration resiliency, data plane resiliency, tenant isolation, and accelerated Recovery Time Objective (RTO). &lt;A href="https://techcommunity.microsoft.com/blog/azurenetworkingblog/azure-front-door-implementing-lessons-learned-following-october-outages/4479416" target="_blank" rel="noopener"&gt;Part 1&lt;/A&gt; detailed how we would make configuration propagation safer and how the data plane keeps serving from a ‘last‑known‑good’ (LKG) configuration, even if an incompatible configuration change is propagated to the data plane. &lt;A href="https://techcommunity.microsoft.com/blog/azurenetworkingblog/azure-front-door-resiliency-series-%E2%80%93-part-2-faster-recovery-rto/4503091" target="_blank" rel="noopener"&gt;Part 2&lt;/A&gt; turned to recovery, showing how we bring the system back to full operation in an accelerated, predictable, and in a bounded timeframe. In this final part, we turn to the tenant isolation pillar that ensures that any single tenant configuration or traffic issues are limited in scope to that tenant alone and do not impact other tenants. We will also show how Azure Front Door achieves single-tenant containment through configuration isolation, lazy loading, and a micro-cellular layered ingress-sharding architecture.&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Repair status: all outstanding items now complete&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;Before we dive into tenant isolation, here is a final update on the overall repair items from the two October 2025 incidents (you can review the details in our Azure Incident Retrospective sessions for the October 9th and October 29th incidents). We are pleased to report that all outstanding work across every pillar is now complete and fully deployed in production – including the tenant isolation work described in this post. With these safeguards in place, we have also returned configuration propagation latency to pre‑incident levels while keeping platform stability our top priority. In the table below, “Completed” means broadly deployed in production.&lt;/P&gt;
&lt;DIV class="styles_lia-table-wrapper__h6Xo9 styles_table-responsive__MW0lN"&gt;&lt;table border="1" style="border-width: 1px;"&gt;&lt;tbody&gt;&lt;tr&gt;&lt;td&gt;
&lt;P&gt;&lt;STRONG&gt;Learning category&lt;/STRONG&gt;&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;&lt;STRONG&gt;Goal&lt;/STRONG&gt;&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;&lt;STRONG&gt;Repairs&lt;/STRONG&gt;&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;&lt;STRONG&gt;Status&lt;/STRONG&gt;&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;
&lt;P&gt;&lt;STRONG&gt;Safe customer configuration deployment&lt;/STRONG&gt;&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;Incompatible configuration never propagates beyond ‘EUAP or canary regions’&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;Control plane and data plane defect fixes; forced synchronous configuration processing; additional stages with extended bake time; early detection of crash state&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;&lt;SPAN class="lia-text-color-6"&gt;&lt;STRONG&gt;Completed&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;
&lt;P&gt;&lt;STRONG&gt;Data plane resiliency&lt;/STRONG&gt;&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;Configuration processing cannot impact data plane availability&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;Manage data‑plane lifecycle to prevent outages caused by configuration‑processing defects; isolated work‑process in every data plane server to process and load the configuration&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;&lt;SPAN class="lia-text-color-6"&gt;&lt;STRONG&gt;Completed&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;
&lt;P&gt;&lt;STRONG&gt;100% Azure Front Door resiliency posture for Microsoft internal services&lt;/STRONG&gt;&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;Microsoft operates an isolated, independent Active/Active fleet with automatic failover for critical Azure services&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;Phase 1: onboarded critical services batch impacted on Oct 29th outage running on a day‑old configuration; Phase 2: automation &amp;amp; hardening of operations, auto‑failover and self‑management of onboarding for additional services&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;&lt;SPAN class="lia-text-color-6"&gt;&lt;STRONG&gt;Completed&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;
&lt;P&gt;&lt;STRONG&gt;Recovery improvements&lt;/STRONG&gt;&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;Data plane crash recovery in under 10 minutes&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;Data plane boot‑up time optimized via local cache; recovery time accelerated to under 10 minutes&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;&lt;SPAN class="lia-text-color-6"&gt;&lt;STRONG&gt;Completed&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;
&lt;P&gt;&lt;STRONG&gt;Tenant isolation&lt;/STRONG&gt;&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;No configuration or traffic regression can impact other tenants&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;Micro‑cellular Azure Front Door with ingress layered shards&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;&lt;SPAN class="lia-text-color-6"&gt;&lt;STRONG&gt;Completed&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;/tbody&gt;&lt;colgroup&gt;&lt;col style="width: 25.00%" /&gt;&lt;col style="width: 25.00%" /&gt;&lt;col style="width: 25.00%" /&gt;&lt;col style="width: 25.00%" /&gt;&lt;/colgroup&gt;&lt;/table&gt;&lt;/DIV&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Why isolation at edge scale is deceptively hard&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;Traditional isolation techniques such as dedicating separate hardware to each tenant or running every tenant inside its own virtual machine are impractical at the edge. Edge sites are constrained on space, power, and capacity. The entire premise of a modern, multi-tenant application delivery platform is that any tenant can be served from any site closest to the user. We cannot simply partition hundreds of thousands of tenants onto dedicated machines without giving up either proximity, scale, or the efficiency that make the edge fast and cost efficient. Isolation therefore, must be achieved in software, inside a multi-tenant fleet.&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;What we already do today&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;Azure Front Door already includes several layers of tenant isolation and partitioning. However, the incidents in October clearly highlighted that these techniques were not enough. Prior to the incidents, our protection mechanisms included:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;Infrastructure partitioning. &lt;/STRONG&gt;Edge sites were organized into physically isolated primary and fallback traffic rings.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Noisy‑neighbor protection. &lt;/STRONG&gt;Fair‑share resource allocation, rate limiting, and anomaly-based load protection kept any single tenant from monopolizing shared resources such as CPU, memory, or network bandwidth on an Azure Front Door server.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Circuit breakers. &lt;/STRONG&gt;Circuit breakers shed costly work first and can disable a risky per‑tenant feature before it exhausts shared resources on a server.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Real‑time crash protection. &lt;/STRONG&gt;A crash‑analysis system correlates crash signatures across machines and can pinpoint and block crash patterns caused by tenant IPs or traffic patterns.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;While these protections are valuable, many of them are reactive and proved insufficient during the October incidents. The next generation of isolation makes single‑tenant containment a fundamental part of the platform which governs how configurations are loaded, and how traffic is served.&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Configuration isolation: loading only what is needed&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;Part 2 introduced ‘lazy loading’ as a recovery optimization technique. It is also an important configuration‑isolation mechanism. Historically, every worker on every edge server had to be ready to serve any tenant, which meant each worker loaded a large set of tenant configurations. A single incompatible configuration could therefore ripple across many workers.&lt;/P&gt;
&lt;P&gt;With lazy loading, a worker loads a tenant’s configuration and its TLS certificates only when it actually receives traffic for that tenant. The practical consequence for isolation is powerful: a faulty configuration can only affect the workers that have loaded that specific tenant, never the entire server or fleet. Combined with per‑tenant validation on load, and the &lt;STRONG&gt;Food Taster &lt;/STRONG&gt;safeguard from Part 1 (a sacrificial process that pretests every configuration change in isolation), configuration problems are caught early and contained to the smallest possible footprint.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;img /&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;Figure 1: With lazy loading, an incompatible configuration is contained to the workers serving that tenant, instead of poisoning the whole server.&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Tenant isolation: a micro-cellular, layered ingress sharding architecture&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;Configuration isolation limits the blast radius of an incompatible configuration. Traffic isolation addresses the other half of the problem: a tenant whose anomalous traffic incident, like a sudden surge, a pathological request pattern, or malicious activity, could degrade a shared worker. Our approach is a micro‑cellular architecture that combines multiple concepts working together.&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;Worker‑process isolation. &lt;/STRONG&gt;Each edge server already runs many independent worker processes. Instead of letting every worker serve every tenant, we assign tenants to specific groups of workers. Those worker group (shards) become the unit of isolation: if a tenant destabilizes its shard, the impact is contained to that shard’s workers while the rest of the server keeps serving normally.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Ingress sharding. &lt;/STRONG&gt;Rather than a handful of fixed shards, we compose shards from overlapping subsets of a server’s workers. Even a modest number of workers can be combined into an enormous number of distinct, overlapping shards – giving us a very large number of fine‑grained fault domains without dedicating hardware to every tenant.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;img /&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;&amp;nbsp;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;Figure 2: Tenants are randomly assigned to different shards on each server (layer). Even when a good tenant shares the noisy tenant’s shard on one layer, routing steers its traffic to healthy shards on the others.&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;Multi‑layer ingress sharding. &lt;/STRONG&gt;This is where ‘layered’ comes in. Each edge server is treated as an independent layer, and each tenant is assigned to a different, randomly chosen shard on every server. Because assignments are independent from one server to the next, two tenants that happen to share a shard on one server are extremely unlikely to share a shard again on another server. The chance of any good tenant repeatedly colliding with a noisy tenant across many servers becomes vanishingly small.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Intelligent ingress routing. &lt;/STRONG&gt;Tying it together is a routing layer that terminates each incoming connection, identifies the tenant, and steers the request to that tenant’s assigned, healthy shard. If a shard is unhealthy or saturated, traffic is directed to the tenant’s healthy shards on other layers.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;img /&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;Figure 3: Intelligent Ingress Routing&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;The combined effect is that when a noisy tenant overwhelms or crashes its shard on one server, only that shard is affected. Because every other tenant is spread across a different, randomized set of shards, they continue to find healthy paths, and the routing layer moves their traffic accordingly. A worst-case availability problem is downgraded to, at most, a small and redistributable capacity problem, that the routing layer smooths over.&lt;/P&gt;
&lt;P&gt;An in-depth technical analysis of layered ingress sharding is available &lt;A href="https://techcommunity.microsoft.com/blog/reliability-and-resiliency-in-azure/introducing-layered-ingress-sharding-achieving-single-tenant-isolation-in-multi-/4535859" target="_blank" rel="noopener"&gt;here&lt;/A&gt; for reference.&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Shrinking the blast radius&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;Taken together, these mechanisms fundamentally change the shape of failure. In a uniform, fully shared fleet, an incompatible tenant can, in the worst case, affect a large share of the tenants on a machine, in an edge location, or beyond. With configuration isolation and layered ingress sharding, the same failure is confined to a subset of workers serving the offending tenant. Our target for this tenant isolation pillar is effectively single‑tenant containment: a configuration or traffic anomaly caused by one tenant should never cause issues to any other tenants.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;img /&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;Figure 4: From a shared fleet where a single tenant can affect many, to micro‑cellular shards that confine impact to the offending tenant.&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Validating isolation in practice&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;As with our recovery work, we don’t simply design these boundaries and assume they hold, we test them. Through deliberate fault‑injections, we have pushed noisy and faulty tenants into the system and confirmed that impact stayed contained to the offending shard, that healthy tenants kept serving, and that the routing layer steered around unhealthy shards as intended. This turns isolation from a design claim into a well-drilled, and repeatable outcome.&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Closing&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;This post concludes our three-part mini blog series on Azure Front Door resiliency. We have shared how we are making configuration propagation safer (&lt;A href="https://techcommunity.microsoft.com/blog/azurenetworkingblog/azure-front-door-implementing-lessons-learned-following-october-outages/4479416" target="_blank" rel="noopener"&gt;Part 1&lt;/A&gt;), recovering faster when failures do occur (&lt;A href="https://techcommunity.microsoft.com/blog/azurenetworkingblog/azure-front-door-resiliency-series-%E2%80%93-part-2-faster-recovery-rto/4503091" target="_blank" rel="noopener"&gt;Part 2&lt;/A&gt;), and containing the blast radius stemming from any single tenant through configuration isolation and a micro‑cellular, layered‑sharding architecture (Part 3).&lt;/P&gt;
&lt;P&gt;Resiliency, however, is not a project with an end date. It is an ongoing commitment. While this series concludes the blog series of our response to the October 2025 incidents, our investments in Azure Front Door’s resiliency, isolation, and recovery will continue. As we make further improvements, we will keep sharing them with you.&lt;/P&gt;
&lt;P&gt;We deeply value our customers’ trust in Azure Front Door. We remain committed to exceeding expectations for security, reliability, and transparency.&lt;/P&gt;</description>
      <pubDate>Fri, 10 Jul 2026 22:08:29 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/azure-networking-blog/azure-front-door-resiliency-series-part-3-tenant-isolation/ba-p/4535866</guid>
      <dc:creator>AbhishekTiwari</dc:creator>
      <dc:date>2026-07-10T22:08:29Z</dc:date>
    </item>
    <item>
      <title>Welcome Back to AZ Update</title>
      <link>https://techcommunity.microsoft.com/t5/itops-talk-blog/welcome-back-to-az-update/ba-p/4535872</link>
      <description>&lt;P&gt;Hello Folks!&lt;BR /&gt;&lt;BR /&gt;&lt;STRONG&gt;Welcome Back to AZ Update&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;A few years ago, Antony Bartolo and I launched a simple idea called &lt;STRONG&gt;AZ Update&lt;/STRONG&gt;.&lt;/P&gt;
&lt;P&gt;The goal was to provide a place where IT professionals could quickly understand what was changing in Azure, why it mattered, and what they should pay attention to next. The show became a weekly conversation focused on Azure news, infrastructure, operations, security, and the real-world impact of Microsoft's latest cloud updates.&lt;/P&gt;
&lt;P&gt;Today, Azure is moving faster than ever.&lt;/P&gt;
&lt;P&gt;Every week brings new services, platform capabilities, operational improvements, AI innovations, and architectural guidance. Keeping up is a full-time job. Most of us don't have time to read every blog post, release note, announcement, and documentation update.&lt;/P&gt;
&lt;P&gt;That's why I'm bringing &lt;STRONG&gt;AZ Update&lt;/STRONG&gt; back.&lt;/P&gt;
&lt;P&gt;This time, as a &lt;STRONG&gt;weekly LinkedIn newsletter &lt;/STRONG&gt;and this blog.&amp;nbsp; To be completely transparent I am using an AI Agent to parse the update list for any in the last 7 days, filter for Infra/Ops content and research product docs and help with the draft. I do review content and write the post myself.&lt;/P&gt;
&lt;P&gt;Each edition will cut through the noise and focus on what matters most for cloud architects, platform engineers, infrastructure teams, SREs, security professionals, and IT operators. I'll share the Azure announcements worth your attention, explain why they're important, highlight practical implications, and point you to the resources that can help you go deeper.&lt;/P&gt;
&lt;P&gt;Just a concise weekly briefing from one ITPro to another.&lt;/P&gt;
&lt;P&gt;If your day-to-day involves building, operating, securing, or modernizing infrastructure in Azure, Azure Arc, AKS, hybrid environments, or the growing world of AI-powered operations, this newsletter is for you.&lt;/P&gt;
&lt;P&gt;Welcome to the next chapter of &lt;STRONG&gt;AZ Update&lt;/STRONG&gt;.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;H2&gt;Here is week 1!&lt;/H2&gt;
&lt;P&gt;This week’s Azure infrastructure updates bring practical operational gains for security, platform reliability, disaster recovery, and identity-driven access control. Here is a detailed ITPro breakdown with implementation guidance you can use in production planning.&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Update #1 - Generally Available: Network Security Perimeter support for Azure Event Hubs&lt;/LI&gt;
&lt;LI&gt;Update #2 - Generally Available: Confidential Computing support for Azure Event Hubs Dedicated&lt;/LI&gt;
&lt;LI&gt;Update #3 - Generally Available: Support 5x churn in Azure Site Recovery&lt;/LI&gt;
&lt;LI&gt;Update #4 - Generally Available: Microsoft Entra ID-based access for Azure Blob Storage SFTP&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;Update #1 - Generally Available: Network Security Perimeter support for Azure Event Hubs&lt;/H3&gt;
&lt;H2&gt;Why ITPros should care&lt;/H2&gt;
&lt;P&gt;Network Security Perimeter for Event Hubs changes how ITPros enforce connectivity boundaries around mission-critical event pipelines. Instead of depending only on isolated firewall rules per namespace, you can apply perimeter-aware controls that are easier to govern consistently across multiple services.&lt;/P&gt;
&lt;P&gt;From an operations perspective, this is a service-level hardening improvement. It helps reduce accidental exposure and supports better audit conversations when security teams ask for clear evidence of allowed and denied paths.&lt;/P&gt;
&lt;H2&gt;Operational value&lt;/H2&gt;
&lt;P&gt;The operational value is stronger day-two control. You can standardise network access policy patterns for producer and consumer applications, reduce policy drift, and simplify incident investigations when unexpected traffic appears.&lt;/P&gt;
&lt;P&gt;For production rollout, validate all dependencies first: private endpoints, DNS resolution, trusted service exceptions, managed identities, and cross-subscription network paths.&lt;/P&gt;
&lt;H2&gt;Real-world example with step-by-step guidance&lt;/H2&gt;
&lt;OL&gt;
&lt;LI&gt;Inventory current producer and consumer traffic flows, including private endpoints, DNS zones, and any trusted service allowances.&lt;/LI&gt;
&lt;LI&gt;Deploy a pilot Event Hubs namespace with perimeter controls in non-production and mirror realistic ingestion and consumption traffic.&lt;/LI&gt;
&lt;LI&gt;Apply least-privilege inbound and outbound perimeter rules, then execute end-to-end send/receive tests with representative message volume.&lt;/LI&gt;
&lt;LI&gt;Review diagnostic logs for denies, refine exceptions only where business-justified, and capture evidence for change management.&lt;/LI&gt;
&lt;LI&gt;Promote to production in stages with a rollback plan that restores previous network policy if message flow health degrades.&lt;/LI&gt;
&lt;/OL&gt;
&lt;H2&gt;Technical details including code examples&lt;/H2&gt;
&lt;P&gt;Use the following sequence when validating that perimeter onboarding did not break data plane operations. The first command confirms your active Azure context, the second verifies endpoint reachability, and the third validates Event Hub metadata retrieval.&lt;/P&gt;
&lt;P&gt;Run this safely in a test window before production enforcement. If connectivity and control-plane checks pass in test, repeat with production namespace read-only checks before enabling stricter policies.&lt;/P&gt;
&lt;LI-CODE lang=""&gt;az account show --output table

Test-NetConnection &amp;lt;namespace&amp;gt;.servicebus.windows.net -Port 5671

az eventhubs eventhub show --resource-group &amp;lt;rg&amp;gt; --namespace-name &amp;lt;namespace&amp;gt; --name &amp;lt;eventhub&amp;gt; --output table&lt;/LI-CODE&gt;
&lt;P&gt;Expected outcome: TCP probe to port 5671 succeeds, and Event Hub metadata query returns without auth or network timeout errors. If probe fails, check DNS, NSGs, route tables, private endpoint linkage, and perimeter rule assignment scope.&lt;/P&gt;
&lt;H2&gt;Comprehensive Resources&lt;/H2&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;A href="https://azure.microsoft.com/updates?id=567203" target="_blank"&gt;Azure update: Network Security Perimeter support for Azure Event Hubs&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://learn.microsoft.com/azure/private-link/network-security-perimeter-concepts" target="_blank"&gt;Network Security Perimeter concepts&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://learn.microsoft.com/azure/event-hubs/" target="_blank"&gt;Azure Event Hubs documentation&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://learn.microsoft.com/azure/event-hubs/network-security" target="_blank"&gt;Event Hubs networking and security&lt;/A&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;UL&gt;
&lt;LI&gt;&amp;nbsp;&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;Update #2 - Generally Available: Confidential Computing support for Azure Event Hubs Dedicated&lt;/H3&gt;
&lt;H2&gt;Why ITPros should care&lt;/H2&gt;
&lt;P&gt;Confidential Computing support for Event Hubs Dedicated matters when ITPros operate regulated or high-sensitivity event streams. It extends protection expectations beyond encryption at rest and in transit, into stronger assurances during processing.&lt;/P&gt;
&lt;P&gt;Compared with older architectures, this reduces the need for some compensating controls and helps security and operations teams align on platform-native protections for streaming workloads.&lt;/P&gt;
&lt;H2&gt;Operational value&lt;/H2&gt;
&lt;P&gt;Operationally, this strengthens trust boundaries for event ingestion platforms that feed analytics, SIEM, and business-critical automation. It also improves evidence posture for compliance reviews where data handling controls must be demonstrated end to end.&lt;/P&gt;
&lt;P&gt;Before rollout, validate throughput impact, partition behaviour, client compatibility, and observability baselines so confidentiality controls do not create unexpected SLO regressions.&lt;/P&gt;
&lt;H2&gt;Real-world example with step-by-step guidance&lt;/H2&gt;
&lt;OL&gt;
&lt;LI&gt;Classify Event Hubs namespaces by sensitivity and select the first dedicated environment where enhanced confidentiality requirements apply.&lt;/LI&gt;
&lt;LI&gt;Enable and validate in non-production with representative producer and consumer load, including peak and burst patterns.&lt;/LI&gt;
&lt;LI&gt;Measure latency, throughput, and throttling trends before and after enablement to confirm workload behaviour remains acceptable.&lt;/LI&gt;
&lt;LI&gt;Capture attestation and configuration evidence required by internal security governance or external auditors.&lt;/LI&gt;
&lt;LI&gt;Roll out in waves by workload criticality, with rollback criteria tied to message latency, error rates, and throttling thresholds.&lt;/LI&gt;
&lt;/OL&gt;
&lt;H2&gt;Technical details including code examples&lt;/H2&gt;
&lt;P&gt;This validation example confirms namespace details and metrics health so you can compare baseline vs post-change behaviour. The metrics query focuses on ingestion, egress, and throttling signals that commonly surface operational risk first.&lt;/P&gt;
&lt;P&gt;Run with a least-privileged operations identity that can read namespace configuration and metrics. Avoid making unrelated changes while collecting baseline evidence.&lt;/P&gt;
&lt;LI-CODE lang=""&gt;az eventhubs namespace show --resource-group &amp;lt;rg&amp;gt; --name &amp;lt;namespace&amp;gt; --output jsonc

az monitor metrics list --resource /subscriptions/&amp;lt;sub&amp;gt;/resourceGroups/&amp;lt;rg&amp;gt;/providers/Microsoft.EventHub/namespaces/&amp;lt;namespace&amp;gt; --metric IncomingMessages OutgoingMessages ThrottledRequests --interval PT5M

az account show --query user.name -o tsv&lt;/LI-CODE&gt;
&lt;P&gt;Expected outcome: namespace query succeeds, metrics return consistently, and no abnormal throttling spike appears after control changes. If results diverge, review dedicated capacity planning, partition strategy, RBAC scope, and workload profile fidelity.&lt;/P&gt;
&lt;H2&gt;Comprehensive Resources&lt;/H2&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;A href="https://azure.microsoft.com/updates?id=567212" target="_blank"&gt;Azure update: Confidential Computing support for Azure Event Hubs Dedicated&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://learn.microsoft.com/azure/event-hubs/event-hubs-dedicated-overview" target="_blank"&gt;Event Hubs Dedicated overview&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://learn.microsoft.com/azure/confidential-computing/overview" target="_blank"&gt;Azure Confidential Computing overview&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://learn.microsoft.com/azure/event-hubs/monitor-event-hubs" target="_blank"&gt;Monitor Azure Event Hubs&lt;/A&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;UL&gt;
&lt;LI&gt;&amp;nbsp;&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;Update #3 - Generally Available: Support 5x churn in Azure Site Recovery&lt;/H3&gt;
&lt;H2&gt;Why ITPros should care&lt;/H2&gt;
&lt;P&gt;Higher churn support in Azure Site Recovery is directly relevant for ITPros protecting write-intensive systems. It expands what can be replicated reliably, reducing DR exceptions for fast-changing workloads.&lt;/P&gt;
&lt;P&gt;Compared with the previous operational envelope, this gives more room for modern transactional applications while still requiring disciplined capacity and replication health management.&lt;/P&gt;
&lt;H2&gt;Operational value&lt;/H2&gt;
&lt;P&gt;Operational value is improved DR coverage and better alignment between production write behaviour and recovery plans. Teams can protect more workloads without bespoke workaround architecture.&lt;/P&gt;
&lt;P&gt;For production rollout, validate process server sizing, bandwidth headroom, cache storage performance, and sustained replication lag during peak change windows.&lt;/P&gt;
&lt;H2&gt;Real-world example with step-by-step guidance&lt;/H2&gt;
&lt;OL&gt;
&lt;LI&gt;Baseline current churn and replication lag for candidate workloads to identify which systems benefit most from the increased support.&lt;/LI&gt;
&lt;LI&gt;Enable replication in a pilot for one high-churn workload and observe initial seeding and steady-state health.&lt;/LI&gt;
&lt;LI&gt;Run test failover and reprotect to verify recovery objectives and operational runbook completeness.&lt;/LI&gt;
&lt;LI&gt;Tune bandwidth and cache settings if lag increases during peak write intervals or backup overlap windows.&lt;/LI&gt;
&lt;LI&gt;Onboard additional workloads incrementally and use replication health gates before each expansion wave.&lt;/LI&gt;
&lt;/OL&gt;
&lt;H2&gt;Technical details including code examples&lt;/H2&gt;
&lt;P&gt;These commands are relevant for validating actual recovery readiness instead of configuration-only status. They expose protected item health and support controlled failover rehearsal.&lt;/P&gt;
&lt;P&gt;Use a non-production network for test failover and document outputs so operations and business continuity stakeholders share the same readiness evidence.&lt;/P&gt;
&lt;LI-CODE lang=""&gt;az site-recovery fabric list --resource-group &amp;lt;rg&amp;gt; --vault-name &amp;lt;vault&amp;gt; -o table

az site-recovery protected-item list --resource-group &amp;lt;rg&amp;gt; --vault-name &amp;lt;vault&amp;gt; --fabric-name &amp;lt;fabric&amp;gt; --protection-container &amp;lt;container&amp;gt; -o table

az site-recovery recovery-plan test-failover --resource-group &amp;lt;rg&amp;gt; --vault-name &amp;lt;vault&amp;gt; --name &amp;lt;recoveryPlan&amp;gt; --network-id &amp;lt;testNetworkId&amp;gt;&lt;/LI-CODE&gt;
&lt;P&gt;Expected outcome: protected items remain healthy, lag remains within target, and test failover completes without consistency errors. If failures occur, inspect connectivity, process server capacity, cache throughput, and policy mappings.&lt;/P&gt;
&lt;H2&gt;Comprehensive Resources&lt;/H2&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;A href="https://azure.microsoft.com/updates?id=566966" target="_blank"&gt;Azure update: Support 5x churn in Azure Site Recovery&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://learn.microsoft.com/azure/site-recovery/" target="_blank"&gt;Azure Site Recovery documentation&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://learn.microsoft.com/azure/site-recovery/site-recovery-monitor-and-troubleshoot" target="_blank"&gt;Monitor and troubleshoot Site Recovery&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://learn.microsoft.com/azure/site-recovery/site-recovery-plan-capacity" target="_blank"&gt;Site Recovery capacity planning&lt;/A&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;UL&gt;
&lt;LI&gt;&amp;nbsp;&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;Update #4 - Generally Available: Microsoft Entra ID-based access for Azure Blob Storage SFTP&lt;/H3&gt;
&lt;H2&gt;Why ITPros should care&lt;/H2&gt;
&lt;P&gt;This launch modernises SFTP access for Azure Blob Storage by bringing identity control closer to Microsoft Entra. ITPros gain stronger governance options than local-account-only models for many enterprise scenarios.&lt;/P&gt;
&lt;P&gt;Operationally, the key change is identity lifecycle alignment: provisioning, review, and revocation can be managed with central identity processes instead of fragmented local credentials.&lt;/P&gt;
&lt;H2&gt;Operational value&lt;/H2&gt;
&lt;P&gt;The value is reduced credential sprawl, better auditability, and clearer access accountability across teams and external partners exchanging files over SFTP.&lt;/P&gt;
&lt;P&gt;Before production, validate client compatibility, RBAC scope, network restrictions, access review cadence, and emergency break-glass procedures.&lt;/P&gt;
&lt;H2&gt;Real-world example with step-by-step guidance&lt;/H2&gt;
&lt;OL&gt;
&lt;LI&gt;Confirm SFTP is enabled on the storage account and validate networking model (public endpoint restrictions or private access path) matches policy.&lt;/LI&gt;
&lt;LI&gt;Assign Entra-based permissions with least privilege and validate scope at storage account and container boundaries.&lt;/LI&gt;
&lt;LI&gt;Test SFTP authentication and file operations using approved clients while collecting diagnostic logs for audit evidence.&lt;/LI&gt;
&lt;LI&gt;Validate joiner-mover-leaver scenarios by changing membership and role assignments, then confirming access updates propagate correctly.&lt;/LI&gt;
&lt;LI&gt;Roll out in stages by partner or workload segment with clear support ownership and incident response runbooks.&lt;/LI&gt;
&lt;/OL&gt;
&lt;H2&gt;Technical details including code examples&lt;/H2&gt;
&lt;P&gt;This sequence verifies account capability and role assignment posture before user acceptance testing. It is useful for catching scope mistakes that often cause authentication-success/data-access-failure patterns.&lt;/P&gt;
&lt;P&gt;Run safely by using a dedicated test identity and non-production storage account first; then repeat read-only validation in production before broad enablement.&lt;/P&gt;
&lt;LI-CODE lang=""&gt;az storage account show --name &amp;lt;storageAccount&amp;gt; --resource-group &amp;lt;rg&amp;gt; --query "{name:name,isSftpEnabled:isSftpEnabled,allowBlobPublicAccess:allowBlobPublicAccess}" -o jsonc

az role assignment list --assignee &amp;lt;principalObjectId&amp;gt; --scope /subscriptions/&amp;lt;sub&amp;gt;/resourceGroups/&amp;lt;rg&amp;gt;/providers/Microsoft.Storage/storageAccounts/&amp;lt;storageAccount&amp;gt; -o table

az account show --query user.name -o tsv&lt;/LI-CODE&gt;
&lt;P&gt;Expected outcome: SFTP capability is enabled, expected role assignments are present, and test identity can perform allowed operations only. If sign-in works but file actions fail, inspect RBAC propagation delay, ACL/permission scope, and storage network restrictions.&lt;/P&gt;
&lt;H2&gt;Comprehensive Resources&lt;/H2&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;A href="https://azure.microsoft.com/updates?id=567085" target="_blank"&gt;Azure update: Microsoft Entra ID-based access for Azure Blob Storage SFTP&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://learn.microsoft.com/azure/storage/blobs/secure-file-transfer-protocol-support" target="_blank"&gt;SFTP support for Azure Blob Storage&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://learn.microsoft.com/azure/storage/blobs/authorize-access-azure-active-directory" target="_blank"&gt;Authorize blob data with Microsoft Entra ID&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://learn.microsoft.com/security/benchmark/azure/baselines/storage-security-baseline" target="_blank"&gt;Azure Storage security baseline&lt;/A&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;If you are planning adoption, start with one workload per update area, collect operational evidence, and standardise the validated pattern in your runbooks and IaC modules. That approach keeps change safe while accelerating delivery.&lt;/P&gt;
&lt;P&gt;Cheers!&lt;/P&gt;
&lt;P&gt;Pierre&lt;/P&gt;</description>
      <pubDate>Fri, 10 Jul 2026 20:20:19 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/itops-talk-blog/welcome-back-to-az-update/ba-p/4535872</guid>
      <dc:creator>Pierre_Roman</dc:creator>
      <dc:date>2026-07-10T20:20:19Z</dc:date>
    </item>
    <item>
      <title>Introducing Layered Ingress Sharding: Achieving Single-Tenant Isolation in Multi-Tenant Services</title>
      <link>https://techcommunity.microsoft.com/t5/reliability-and-resiliency-in/introducing-layered-ingress-sharding-achieving-single-tenant/ba-p/4535859</link>
      <description>&lt;P&gt;Abhishek Tiwari, Vice President of Engineering, Azure Networking&lt;BR /&gt;Amit Srivastava, Partner Director of PM, Azure Networking&lt;BR /&gt;&lt;SPAN style="color: rgb(30, 30, 30);"&gt;Varun Chawla, Partner Director of Engineering, Azure Networking&lt;/SPAN&gt;&lt;/P&gt;
&lt;H2&gt;Why Multi‑Tenant Isolation Is Still Hard at Hyperscale&lt;/H2&gt;
&lt;P&gt;Modern cloud platforms thrive on multitenancy. By sharing infrastructure across tenants, services like Azure Front Door (AFD) can deliver massive scale, global reach, and cost efficiency. At hyperscale, however, this efficiency comes with a hard truth:&amp;nbsp;&lt;STRONG&gt;rare failures are inevitable, and their blast radius matters more than their frequency&lt;/STRONG&gt;. When hundreds of thousands of tenants share a global data plane, a single misbehaving tenant, configuration regression, or zero-day exploit can turn a low probability event into a high impact outage.&lt;/P&gt;
&lt;P&gt;Over the years, the industry has developed many protections — rate limiting, circuit breakers, fair share scheduling, crash protection, and various sharding strategies. These techniques dramatically reduce&amp;nbsp;&lt;EM&gt;average case&lt;/EM&gt;&amp;nbsp;risk, but they still struggle to bound&amp;nbsp;&lt;EM&gt;worst case&lt;/EM&gt;&amp;nbsp;impact. In particular, they fall short of delivering what customers intuitively expect:&amp;nbsp;&lt;EM&gt;single tenant isolation semantics&amp;nbsp;&lt;/EM&gt;(the guarantee that one tenant’s failure does not affect another)&amp;nbsp;&lt;STRONG&gt;without&lt;/STRONG&gt;&amp;nbsp;requiring dedicated per-tenant infrastructure.&lt;/P&gt;
&lt;P&gt;At Azure Front Door, we’ve been working on a new architectural approach that directly targets worst case blast radius. Today, I’m excited to introduce&amp;nbsp;&lt;STRONG&gt;Layered Ingress Sharding&lt;/STRONG&gt;, a sharding strategy designed to enable&amp;nbsp;&lt;EM&gt;single tenant fault isolation&lt;/EM&gt;&amp;nbsp;for largescale multitenant services.&lt;/P&gt;
&lt;H2&gt;From Traditional Sharding to Ingress Sharding&lt;/H2&gt;
&lt;P&gt;Traditional partitioning assigns each tenant to a fixed shard. This limits blast radius, but tenants in the same shard can still experience complete outages when that shard fails. Shuffle sharding improves on this by assigning each tenant to a subset of instances, where subsets partially overlap, dramatically reducing the probability of widespread impact. However, shuffle sharding still allows&amp;nbsp;&lt;STRONG&gt;100% availability loss for tenants in the affected shard&lt;/STRONG&gt;, relies heavily on client retries, and introduces nontrivial capacity loss in overlapping shards.&lt;/P&gt;
&lt;P&gt;To address these limitations, we introduced&amp;nbsp;&lt;STRONG&gt;Ingress Sharding&lt;/STRONG&gt;.&lt;/P&gt;
&lt;P&gt;With ingress sharding, an&amp;nbsp;&lt;STRONG&gt;ingress controller,&amp;nbsp;&lt;/STRONG&gt;which we call&amp;nbsp;&lt;STRONG&gt;IRIS (Intelligent Routing with Ingress Sharding)&lt;/STRONG&gt;, sits directly on the data path. Ingress sharding uses&amp;nbsp;&lt;STRONG&gt;shuffle sharding&lt;/STRONG&gt;&amp;nbsp;to construct shards from service instances; IRIS operates&amp;nbsp;&lt;EM&gt;on top of these shards&lt;/EM&gt;&amp;nbsp;to perform tenant-aware, capacity-aware routing rather than introducing a new shard construction algorithm. IRIS identifies the tenant for each incoming connection and deterministically maps that tenant to a shard.&lt;/P&gt;
&lt;P&gt;Instead of relying on clients to retry when a shard is unhealthy, IRIS actively:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Monitors the health of service instances&lt;/LI&gt;
&lt;LI&gt;Tracks available capacity in real time&lt;/LI&gt;
&lt;LI&gt;Retries and reroutes traffic internally&lt;/LI&gt;
&lt;LI&gt;Steers traffic away from unhealthy or overloaded instances&lt;/LI&gt;
&lt;LI&gt;Dynamically expands the set of service instances used for oversized tenants when sustained load exceeds a single shard’s capacity&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;In effect, IRIS turns shard selection into a&amp;nbsp;&lt;STRONG&gt;real-time, capacity-aware decision&lt;/STRONG&gt;&amp;nbsp;that is reevaluated for every new connection. This moves fault resilience and load balancing&amp;nbsp;&lt;EM&gt;inside&lt;/EM&gt;&amp;nbsp;the platform, rather than pushing that burden onto clients.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;img /&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Ingress sharding significantly improves isolation and resilience, but on its own, a tenant can still experience a complete loss of availability if all instances in its shard are affected.&lt;/P&gt;
&lt;H2&gt;Introducing Layers: Isolation Through Independence&lt;/H2&gt;
&lt;P&gt;&lt;STRONG&gt;Layered Sharding&lt;/STRONG&gt;&amp;nbsp;adds a new dimension to multitenant isolation. In Layered Sharding, the service is divided into multiple independent&amp;nbsp;&lt;EM&gt;layers&lt;/EM&gt;. A&amp;nbsp;&lt;EM&gt;layer&lt;/EM&gt;&amp;nbsp;represents an independent serving dimension of the system capable of handling tenant traffic independently.&lt;/P&gt;
&lt;P&gt;This technique was developed to reduce blast radius by changing&amp;nbsp;&lt;EM&gt;how tenants are assigned across shards&lt;/EM&gt;, rather than changing the underlying shard construction within a single layer. A key design goal is that layered sharding is&amp;nbsp;&lt;STRONG&gt;orthogonal to the underlying sharding strategy&lt;/STRONG&gt;. It works with existing approaches, whether that is standard partitioning-based sharding, shuffle sharding, or other shard assignment schemes used within a layer.&lt;/P&gt;
&lt;P&gt;Within each layer:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Service instances are grouped into shards using an existing sharding technique (for example, traditional partitioning or shuffle sharding)&lt;/LI&gt;
&lt;LI&gt;Each tenant is assigned to a shard&amp;nbsp;&lt;EM&gt;independently in that layer&lt;/EM&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;Crucially,&amp;nbsp;&lt;STRONG&gt;tenant-to-shard assignments are randomized and independent across layers&lt;/STRONG&gt;. This independence is what gives layered sharding its isolation properties, regardless of the specific sharding algorithm used within a single layer.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;img /&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;The definition of a&amp;nbsp;&lt;EM&gt;layer&lt;/EM&gt;&amp;nbsp;itself is intentionally flexible and service dependent. In Azure Front Door, each server naturally acts as one layer. In other services, a layer might correspond to a cluster, a scale unit, a fault domain, or even a regional partition — any unit capable of serving tenant traffic independently while preserving uniform load distribution.&lt;/P&gt;
&lt;P&gt;The result is powerful: even if a tenant’s traffic causes failures in one shard in one layer, it is statistically unlikely that the same tenant will collide with the same peers across many layers. Instead of experiencing a full outage, other tenants see at most a small, transient reduction in capacity, often invisible with standard retry behavior.&lt;/P&gt;
&lt;P&gt;Layered sharding alone already reduces availability impact across tenants. But when combined with ingress sharding, it enables something fundamentally stronger.&lt;/P&gt;
&lt;H2&gt;Layered Ingress Sharding&lt;/H2&gt;
&lt;P&gt;&lt;STRONG&gt;Layered Ingress Sharding&lt;/STRONG&gt;&amp;nbsp;integrates two complementary ideas:&lt;/P&gt;
&lt;OL&gt;
&lt;LI&gt;&lt;STRONG&gt;Layered Sharding&lt;/STRONG&gt;&amp;nbsp;spreads tenants across many independent layers with randomized shard assignments.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Ingress Sharding&amp;nbsp;&lt;/STRONG&gt;dynamically routes traffic to healthy service instances across layers using real‑time health and capacity signals.&lt;/LI&gt;
&lt;/OL&gt;
&lt;P&gt;The key blast radius reduction that enables single tenant isolation comes from the combination of&amp;nbsp;&lt;STRONG&gt;independent shard randomization across layers with active, intelligent traffic steering&lt;/STRONG&gt;.&lt;/P&gt;
&lt;P&gt;When a tenant misbehaves due to harmful traffic, a bad configuration, or an unknown vulnerability, IRIS detects unhealthy service instances and automatically routes traffic to healthy shards in other layers. Because shard assignments are independent, IRIS can always find unaffected capacity for well-behaved tenants.&lt;/P&gt;
&lt;P&gt;The resulting behavior is a fundamental shift in multitenant failure dynamics:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Outages remain localized to the&amp;nbsp;&lt;EM&gt;misbehaving&lt;/EM&gt;&amp;nbsp;tenant&lt;/LI&gt;
&lt;LI&gt;Healthy tenants continue to serve traffic&lt;/LI&gt;
&lt;LI&gt;Blast radius shrinks from fleetwide to tenant-local&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;In effect, a shared multi‑tenant system begins to behave like it has&amp;nbsp;&lt;STRONG&gt;single tenant‑ isolation&lt;/STRONG&gt;&lt;STRONG&gt;&amp;nbsp;semantics&lt;/STRONG&gt;, without abandoning multitenancy.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;img /&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;H2&gt;Why the Math Works&lt;/H2&gt;
&lt;P&gt;The guarantees behind layered ingress sharding are not heuristic, they’re statistical.&lt;/P&gt;
&lt;P&gt;Because tenant-to-shard assignments are randomized independently across layers, the probability that two tenants repeatedly collide in the same shard follows a binomial distribution. With production representative configurations, tens of layers and shuffle-sharded service instances, the probability that an arbitrary tenant experiences a user-visible failure due to another tenant drops below what standard client retries already mask.&lt;/P&gt;
&lt;P&gt;Instead of asking&amp;nbsp;&lt;EM&gt;“Can a noisy neighbor impact me?”&lt;/EM&gt;, the system answers&amp;nbsp;&lt;EM&gt;“What is the probability that a single connection attempt is unlucky across all layers?”&amp;nbsp;&lt;/EM&gt;and that&amp;nbsp;&lt;STRONG&gt;probability decreases exponentially as the number of layers increases&lt;/STRONG&gt;.&lt;/P&gt;
&lt;P&gt;This allows us to trade catastrophic outages for rare, isolated, and standard retry-mitigated events.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;img /&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;H2&gt;A Hidden Benefit: Identifying Bad Tenants&lt;/H2&gt;
&lt;P&gt;Layered ingress sharding provides an additional, powerful side benefit:&amp;nbsp;&lt;STRONG&gt;automated identification of misbehaving tenants&lt;/STRONG&gt;.&lt;/P&gt;
&lt;P&gt;Because shard assignments are computed independently across layers, a tenant that is consistently responsible for failures appears as a common factor across impacted shards and service instances. By correlating signals across layers, the platform can accurately identify the offending tenant and apply targeted mitigations such as isolation, throttling, or traffic steering without relying on coarse-grained circuit breakers that penalize everyone.&lt;/P&gt;
&lt;P&gt;This dramatically improves response time under high load or adversarial conditions while preserving availability for unaffected tenants.&lt;/P&gt;
&lt;H2&gt;Beyond Azure Front Door&lt;/H2&gt;
&lt;P&gt;While Layered Ingress Sharding was developed in the context of Azure Front Door, the underlying principle is broadly applicable.&lt;/P&gt;
&lt;P&gt;Any large‑scale multi‑tenant system that:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Serves many tenants from shared infrastructure&lt;/LI&gt;
&lt;LI&gt;Can distribute traffic uniformly across independent layers&lt;/LI&gt;
&lt;LI&gt;Can enforce shard-level isolation within each layer&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;can benefit from this approach.&lt;/P&gt;
&lt;P&gt;Layers don’t have to be servers they could be clusters, scale units, or regional partitions. The key is&amp;nbsp;&lt;STRONG&gt;independent assignment across layers combined with intelligent ingress routing&lt;/STRONG&gt;.&lt;/P&gt;
&lt;P&gt;We believe this pattern represents a reusable architectural strategy for building resilient, hyperscale, multi‑tenant services.&lt;/P&gt;
&lt;H2&gt;Closing Thoughts&lt;/H2&gt;
&lt;P&gt;Multi‑tenancy doesn’t have to mean shared fate. Layered Ingress Sharding shows that by combining probabilistic isolation with intelligent ingress routing, we can build systems where failures are expected, bounded, and automatically contained, even at hyperscale.&lt;/P&gt;
&lt;P&gt;Rather than eliminating failure, this approach mathematically constrains its impact. And in large‑scale multi‑tenant platforms, that distinction makes all the difference.&lt;/P&gt;</description>
      <pubDate>Fri, 10 Jul 2026 20:37:31 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/reliability-and-resiliency-in/introducing-layered-ingress-sharding-achieving-single-tenant/ba-p/4535859</guid>
      <dc:creator>VarunChawla</dc:creator>
      <dc:date>2026-07-10T20:37:31Z</dc:date>
    </item>
    <item>
      <title>mssql-python 1.11.0: Fixes for transaction semantics, Apple Silicon imports, and bulk copy</title>
      <link>https://techcommunity.microsoft.com/t5/sql-server-blog/mssql-python-1-11-0-fixes-for-transaction-semantics-apple/ba-p/4535807</link>
      <description>&lt;P data-line="4"&gt;This release is about removing friction in real production paths. It fixes transaction handling in with blocks, restores clean-machine imports on Apple Silicon, improves NULL binary parameter binding, removes a class of hangs in SSH-tunnel-style forwarding setups, and unblocks bulk copy with service principal authentication.&lt;/P&gt;
&lt;H2 data-line="6"&gt;Upgrade&lt;/H2&gt;
&lt;LI-CODE lang="bash"&gt;pip install --upgrade mssql-python&lt;/LI-CODE&gt;
&lt;P data-line="12"&gt;&amp;nbsp;&lt;/P&gt;
&lt;H2 data-line="14"&gt;Highlights&lt;/H2&gt;
&lt;H3 data-line="16"&gt;with connection:&amp;nbsp;now commits on success and rolls back on exception&lt;/H3&gt;
&lt;P data-line="18"&gt;The&amp;nbsp;Connection&amp;nbsp;context manager now implements the documented commit-on-success / rollback-on-exception behavior when&amp;nbsp;autocommit=False. The connection still closes on exit.&lt;/P&gt;
&lt;P data-line="20"&gt;Code like this now behaves the way most users already expected it to:&lt;/P&gt;
&lt;LI-CODE lang="python"&gt;import mssql_python

conn = mssql_python.connect(connection_string, autocommit=False)

with conn:
    cursor = conn.cursor()
    cursor.execute("INSERT INTO dbo.audit_log(message) VALUES (?)", ("created",))&lt;/LI-CODE&gt;
&lt;P data-line="32"&gt;If the code in the block succeeds, the insert is committed. If the code in the block raises an error, the transaction is rolled back.&lt;/P&gt;
&lt;H3 data-line="34"&gt;Apple Silicon imports work on clean machines again&lt;/H3&gt;
&lt;P data-line="36"&gt;We fixed the bundled macOS ODBC dylib configuration for every architecture shipped in the universal2 wheel.&lt;/P&gt;
&lt;P data-line="38"&gt;For Apple Silicon users, this removes a frustrating failure mode where&amp;nbsp;import mssql_python&amp;nbsp;could point at a missing Homebrew&amp;nbsp;unixODBC&amp;nbsp;path on a clean machine. In 1.11.0, the bundled libraries resolve correctly without a separate unixODBC install.&lt;/P&gt;
&lt;H3 data-line="40"&gt;NULL&amp;nbsp;BINARY&amp;nbsp;and&amp;nbsp;VARBINARY&amp;nbsp;parameters bind more reliably&lt;/H3&gt;
&lt;P data-line="42"&gt;We fixed the&amp;nbsp;SQLDescribeParam&amp;nbsp;ordinal remapping issue behind GitHub issue&amp;nbsp;#627.&lt;/P&gt;
&lt;P data-line="44"&gt;1.11.0 improves parameter binding for NULL binary values, especially in temp-table and table-variable scenarios. When automatic type resolution is not possible, the driver now gives actionable guidance instead of a vague failure, including cursor.setinputsizes() guidance for binary columns.&lt;/P&gt;
&lt;H2 data-line="46"&gt;Bug fixes worth calling out&lt;/H2&gt;
&lt;H3 data-line="48"&gt;Shutdown and parameter-typing paths no longer hang SSH-tunnel-style forwarders&lt;/H3&gt;
&lt;P data-line="50"&gt;We fixed hangs caused by holding the GIL across blocking ODBC operations.&lt;/P&gt;
&lt;P data-line="52"&gt;This matters most for users routing connections through an in-process Python TCP forwarder, including SSH-tunnel-style setups. Closing connections and cursors after parameterized queries, as well as executing parameterized queries containing&amp;nbsp;None, no longer wedge the interpreter in those paths.&lt;/P&gt;
&lt;H3 data-line="54"&gt;Bulk copy with service principal authentication no longer freezes&lt;/H3&gt;
&lt;P data-line="56"&gt;1.11.0 also picks up&amp;nbsp;mssql-py-core&amp;nbsp;0.1.6, which fixes a freeze affecting bulk copy with&amp;nbsp;Authentication=ActiveDirectoryServicePrincipal.&lt;/P&gt;
&lt;P data-line="58"&gt;If you are using service principal authentication for bulk ingest workloads, this release is worth taking promptly.&lt;/P&gt;
&lt;H2 data-line="60"&gt;Upgrading&lt;/H2&gt;
&lt;P data-line="62"&gt;For most users,&amp;nbsp;pip install --upgrade mssql-python&amp;nbsp;is all you need. If you had local workarounds for broken&amp;nbsp;with connection:&amp;nbsp;transaction behavior, Apple Silicon import issues, or binary&amp;nbsp;NULL&amp;nbsp;parameter binding, 1.11.0 is the release where those workarounds should become unnecessary.&lt;/P&gt;
&lt;P data-line="64"&gt;This is not a feature-heavy release. We opted to focus on the friction you are reporting in real production workflows:&lt;/P&gt;
&lt;UL data-line="66"&gt;
&lt;LI data-line="66"&gt;transactional&amp;nbsp;with&amp;nbsp;blocks now persist successful work&lt;/LI&gt;
&lt;LI data-line="67"&gt;Apple Silicon setup is smoother on clean machines&lt;/LI&gt;
&lt;LI data-line="68"&gt;binary&amp;nbsp;NULL&amp;nbsp;parameters are more reliable&lt;/LI&gt;
&lt;LI data-line="69"&gt;SSH-tunnel and threaded forwarding scenarios are less fragile&lt;/LI&gt;
&lt;LI data-line="70"&gt;service principal bulk copy is unblocked&lt;/LI&gt;
&lt;/UL&gt;
&lt;H2 data-line="72"&gt;Thank you&lt;/H2&gt;
&lt;P data-line="74"&gt;Thanks to everyone who filed issues, sent repros, and reviewed fixes in this cycle. Several of the changes in 1.11.0 came directly from concrete user reports in production-like environments, which made the failure modes easier to reproduce and fix.&lt;/P&gt;
&lt;P data-line="76"&gt;If you upgrade to 1.11.0 and hit anything unexpected, please open an issue in the repository.&lt;/P&gt;
&lt;P data-line="78"&gt;Repository:&amp;nbsp;&lt;A href="https://github.com/microsoft/mssql-python" data-href="https://github.com/microsoft/mssql-python" target="_blank"&gt;microsoft/mssql-python&lt;/A&gt;&amp;nbsp;&lt;/P&gt;
&lt;P data-line="78"&gt;Issue tracker: &lt;A href="https://github.com/microsoft/mssql-python/issues" data-href="https://github.com/microsoft/mssql-python/issues" target="_blank"&gt;open an issue&lt;/A&gt;&lt;/P&gt;
&lt;P data-line="78"&gt;Release notes:&amp;nbsp;&lt;A href="https://github.com/microsoft/mssql-python/releases/tag/v1.11.0" data-href="https://github.com/microsoft/mssql-python/releases/tag/v1.11.0" target="_blank"&gt;mssql-python v1.11.0&lt;/A&gt;&lt;/P&gt;</description>
      <pubDate>Fri, 10 Jul 2026 17:00:00 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/sql-server-blog/mssql-python-1-11-0-fixes-for-transaction-semantics-apple/ba-p/4535807</guid>
      <dc:creator>DavidLevy</dc:creator>
      <dc:date>2026-07-10T17:00:00Z</dc:date>
    </item>
    <item>
      <title>July update: What’s new for partners in AI Business Solutions</title>
      <link>https://techcommunity.microsoft.com/t5/partner-news/july-update-what-s-new-for-partners-in-ai-business-solutions/ba-p/4535116</link>
      <description>&lt;P&gt;&lt;SPAN data-contrast="none"&gt;July’s AI Business Solutions&amp;nbsp;newsletter highlights&amp;nbsp;key opportunities&amp;nbsp;for Microsoft partners—from new Microsoft 365 Copilot SKUs and agent scenarios to licensing changes, limited-time offers, and events.&amp;nbsp;Discover&amp;nbsp;what’s changed and how you can&amp;nbsp;drive adoption and impact for your&amp;nbsp;customers.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559739&amp;quot;:0,&amp;quot;335559740&amp;quot;:259,&amp;quot;469777462&amp;quot;:[142],&amp;quot;469777927&amp;quot;:[0],&amp;quot;469777928&amp;quot;:[1]}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;NAV aria-label="Page sections"&gt;
&lt;P class="lia-align-center"&gt;&lt;STRONG&gt;Navigate to&lt;/STRONG&gt;&lt;/P&gt;
&lt;P class="lia-align-center"&gt;&lt;A href="#community--1-News-and-announcements" target="_self"&gt;News and Announcements&lt;/A&gt; | &lt;A href="#community--1-Incentives-and-offers" target="_self"&gt;Incentives and Offers&lt;/A&gt; | &lt;A href="#community--1-skilling-events" target="_self"&gt;Skilling and Events&lt;/A&gt; | &lt;A class="lia-internal-link" href="#community--1-go-to-market" target="_self"&gt;Go-To-Market&lt;/A&gt; | &lt;A class="lia-internal-link" href="#community--1-customer-success" target="_self"&gt;Customer Success&lt;/A&gt;&lt;/P&gt;
&lt;/NAV&gt;
&lt;DIV style="max-width: 90%; margin: 0 auto; padding: 20px;"&gt;
&lt;DIV style="display: flex; align-items: center; justify-content: center; min-height: 100px; background-color: rgb(150,156,192);"&gt;
&lt;H2 class="lia-linked-item" style="margin: 0; font-size: 24px; text-align: center; color: #ffffff; font-weight: bold;"&gt;&lt;a id="community--1-News-and-announcements" class="lia-anchor"&gt;&lt;/a&gt;News and Announcements&lt;/H2&gt;
&lt;/DIV&gt;
&lt;DIV style="padding: 20px 0;"&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;&lt;SPAN data-contrast="auto"&gt;Microsoft 365 Business with Copilot SKUs now available:&amp;nbsp;&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;SPAN data-contrast="auto"&gt;Your small and medium-sized business (SMB) AI opportunity just became easier to scale. Microsoft 365 Business with Copilot SKUs are now generally available,&amp;nbsp;turning a successful promo into a permanent, predictable offer with AI built into every license. That means faster sales, larger deals, and a clearer path to drive renewal growth—without managing add-ons or promo windows.&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://aka.ms/bskuwithCopilotGA" target="_blank"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;Read the blog post&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt;&amp;nbsp;to explore this&amp;nbsp;opportunity and&amp;nbsp;find more&amp;nbsp;details in the&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://learn.microsoft.com/partner-center/announcements/2026-july?wt.mc_id=xmw13103qr" target="_blank"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;Partner Center announcement.&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559738&amp;quot;:240,&amp;quot;335559739&amp;quot;:240,&amp;quot;335559740&amp;quot;:259}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;SPAN data-contrast="auto"&gt;&lt;STRONG&gt;New&amp;nbsp;licensing&amp;nbsp;prerequisite for Microsoft Agent 365:&lt;/STRONG&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN data-contrast="auto"&gt;New Microsoft&amp;nbsp;Agent 365&amp;nbsp;purchases&amp;nbsp;now&amp;nbsp;require&amp;nbsp;prerequisite&amp;nbsp;licenses to ensure customers have the security, identity,&amp;nbsp;and&amp;nbsp;compliance foundation&amp;nbsp;needed to use agent capabilities effectively.&amp;nbsp;Customers can meet these prerequisites through eligible Microsoft 365 licensing or by licensing the required security components, as outlined in the Microsoft Product Terms. Use this update to assess customer readiness early,&amp;nbsp;identify&amp;nbsp;licensing gaps, and guide customers toward the&amp;nbsp;right&amp;nbsp;Microsoft&amp;nbsp;365, Business Premium, and&amp;nbsp;security solutions&amp;nbsp;to support governed AI adoption.&amp;nbsp;Learn more&amp;nbsp;about how this&amp;nbsp;update&amp;nbsp;can empower your customers&amp;nbsp;as you review&amp;nbsp;the&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://www.microsoft.com/licensing/terms/productoffering/Agent365/EAEAS?wt.mc_id=ewq1j20v92" target="_blank"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;Microsoft Product Terms&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt;.&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559738&amp;quot;:240,&amp;quot;335559739&amp;quot;:240,&amp;quot;335559740&amp;quot;:259}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;&lt;SPAN data-contrast="auto"&gt;Temporary&amp;nbsp;purchasing&amp;nbsp;pause of Windows 365 GPU Enterprise Select&amp;nbsp;lifted:&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;SPAN data-contrast="auto"&gt;&amp;nbsp;After&amp;nbsp;a&amp;nbsp;temporary purchasing limitation&amp;nbsp;was&amp;nbsp;put&amp;nbsp;in place for the Windows 365 GPU Enterprise Select 256-GB SKU in the CSP channel through June 30, 2026,&amp;nbsp;the SKU&amp;nbsp;is&amp;nbsp;available for purchase again&amp;nbsp;as of&amp;nbsp;July 1, 2026, in alignment with the standard CSP publishing cadence. Customers who have expressed interest should be informed of this availability timeline, and there is no impact&amp;nbsp;to&amp;nbsp;any existing Windows 365 entitlements.&amp;nbsp;Explore&amp;nbsp;the&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://learn.microsoft.com/partner-center/announcements/2026-june?wt.mc_id=cw509jciyw#windows-365-gpu-enterprise-select-256-gb-sku-available-on-july-1" target="_blank"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;Partner Center announcement&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt;&amp;nbsp;to learn more about&amp;nbsp;how&amp;nbsp;the&amp;nbsp;Windows 365 GPU Enterprise Select 256-GB SKU&amp;nbsp;can&amp;nbsp;optimize&amp;nbsp;your customers’ graphic-intense workloads.&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559738&amp;quot;:240,&amp;quot;335559739&amp;quot;:240,&amp;quot;335559740&amp;quot;:259}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;&lt;SPAN data-contrast="auto"&gt;Smarter targeting for per-user promotions:&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;SPAN data-contrast="auto"&gt;&amp;nbsp;Also coming in FY27, Microsoft can target offers by seat count with greater precision, building stronger motions for partners to&amp;nbsp;acquire&amp;nbsp;customers and grow at scale. Learn more in the&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://aka.ms/Azure-per-user-promo-PCA" target="_blank"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;Partner Center announcement&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt;.&lt;/SPAN&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;/DIV&gt;
&lt;/DIV&gt;
&lt;DIV style="max-width: 90%; margin: 0 auto; padding: 20px;"&gt;
&lt;DIV style="display: flex; align-items: center; justify-content: center; min-height: 100px; background-color: rgb(150,156,192);"&gt;
&lt;H2 class="lia-linked-item" style="margin: 0; font-size: 24px; text-align: center; color: #ffffff; font-weight: bold;"&gt;&lt;a id="community--1-Incentives-and-offers" class="lia-anchor"&gt;&lt;/a&gt;Incentives and Offers&lt;/H2&gt;
&lt;/DIV&gt;
&lt;DIV style="padding: 20px 0;"&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;&lt;SPAN data-contrast="auto"&gt;Frontier Accelerate for Copilot&amp;nbsp;is&amp;nbsp;your&amp;nbsp;hero FY27 investment for AI and agents:&amp;nbsp;&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;SPAN data-contrast="auto"&gt;FY27 partner investments are here, and Frontier Accelerate for Copilot is our hero investment across Microsoft 365 E7, Copilot, agents, and Agent 365. It supports discovery, technical workshops, and deployment motions that move customers from AI curiosity to operationalized Copilot and agent scenarios at scale—while this year's CSP incentives reward the adoption and expansion you drive. Explore the&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://aka.ms/incentivesguide" target="_blank"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;FY27 incentives guide&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt;&amp;nbsp;and register for a Partner Investments Community Call (in the&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://aka.ms/PartnerInvestmentsCommunityCalls" target="_blank"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;Americas&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt;&amp;nbsp;or&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://aka.ms/PartnerInvestmentsCommunityCalls_APAC" target="_blank"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;Asia&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt;).&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559739&amp;quot;:160,&amp;quot;335559740&amp;quot;:259}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;&lt;SPAN data-contrast="auto"&gt;Save with Microsoft 365 Copilot and Microsoft&amp;nbsp;365 Copilot Business&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;SPAN data-contrast="auto"&gt;&lt;STRONG&gt;:&amp;nbsp;&lt;/STRONG&gt;Customers want AI that delivers measurable value now. Microsoft 365 and Copilot help employees supercharge productivity, streamline everyday tasks, and reduce costs across the business. Available&amp;nbsp;now, a new wave of FY27 CSP promotions&amp;nbsp;provide&amp;nbsp;a compelling, easy-to-position lever to scale Microsoft 365 Copilot and Copilot Business.&amp;nbsp;Learn more about&amp;nbsp;the&amp;nbsp;offers&amp;nbsp;below&amp;nbsp;on the&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://microsoftpartners.microsoft.com/csp/promos?wt.mc_id=9qf7zcja3j" target="_blank"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;CSP&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;o&lt;/SPAN&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;ffers and&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;p&lt;/SPAN&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;romotions&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;site&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt;.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559739&amp;quot;:0,&amp;quot;335559740&amp;quot;:259}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;UL&gt;
&lt;LI style="list-style-type: none;"&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;&lt;SPAN data-contrast="auto"&gt;Microsoft 365 Copilot:&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;SPAN data-contrast="auto"&gt; 15% off new&amp;nbsp;one-year subscription on 300+ licenses&amp;nbsp;and&amp;nbsp;30% off 1,000+ licenses for SMB and&amp;nbsp;corporate customers; 15% off new&amp;nbsp;three-year subscription on 300+ licenses through&amp;nbsp;September 30, 2026.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559685&amp;quot;:720,&amp;quot;335559739&amp;quot;:0,&amp;quot;335559740&amp;quot;:276}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;LI style="list-style-type: none;"&gt;&amp;nbsp;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;&lt;SPAN data-contrast="auto"&gt;Microsoft 365 E7:&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;SPAN data-contrast="auto"&gt;&lt;STRONG&gt; &lt;/STRONG&gt;10% off new&amp;nbsp;one-year subscription on 10+ licenses&amp;nbsp;and&amp;nbsp;15% off 100+&amp;nbsp;licenses; 15% off new&amp;nbsp;three-year subscription on 300+ licenses through&amp;nbsp;December&amp;nbsp;31, 2026.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559739&amp;quot;:0,&amp;quot;335559740&amp;quot;:276}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;LI style="list-style-type: none;"&gt;&amp;nbsp;
&lt;UL&gt;
&lt;LI aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="73" data-list-defn-props="{&amp;quot;335552541&amp;quot;:1,&amp;quot;335559685&amp;quot;:720,&amp;quot;335559991&amp;quot;:360,&amp;quot;469769226&amp;quot;:&amp;quot;Symbol&amp;quot;,&amp;quot;469769242&amp;quot;:[8226],&amp;quot;469777803&amp;quot;:&amp;quot;left&amp;quot;,&amp;quot;469777804&amp;quot;:&amp;quot;&amp;quot;,&amp;quot;469777815&amp;quot;:&amp;quot;multilevel&amp;quot;}" data-aria-posinset="2" data-aria-level="1"&gt;&lt;STRONG&gt;&lt;SPAN data-contrast="auto"&gt;Microsoft 365 Copilot Business:&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;SPAN data-contrast="auto"&gt;&lt;STRONG&gt; &lt;/STRONG&gt;Up to 15% off new add-on subscription on up to 300 licenses&amp;nbsp;and&amp;nbsp;25% off new&amp;nbsp;Microsoft 365&amp;nbsp;Business Basic + Copilot Business bundle on up to 300 licenses through&amp;nbsp;December&amp;nbsp;31, 2026.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559739&amp;quot;:0,&amp;quot;335559740&amp;quot;:276}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;/UL&gt;
&lt;/DIV&gt;
&lt;/DIV&gt;
&lt;DIV style="max-width: 90%; margin: 0 auto; padding: 20px;"&gt;
&lt;DIV style="display: flex; align-items: center; justify-content: center; min-height: 100px; background-color: rgb(150,156,192);"&gt;
&lt;H2 class="lia-linked-item" style="margin: 0; font-size: 24px; text-align: center; color: #ffffff; font-weight: bold;"&gt;&lt;a id="community--1-skilling-events" class="lia-anchor"&gt;&lt;/a&gt;Skilling and Events&lt;/H2&gt;
&lt;/DIV&gt;
&lt;DIV style="padding: 20px 0;"&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;&lt;SPAN data-contrast="auto"&gt;Start FY27 ready to execute and scale&amp;nbsp;Microsoft 365&amp;nbsp;Copilot and agents:&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;SPAN data-contrast="auto"&gt;&lt;STRONG&gt;&amp;nbsp;&lt;/STRONG&gt;Join us at MCAPS Start for Partners for a deep dive into how partners can unlock a new wave of transformation with Copilot and agents—grounded in real customer scenarios, reimagined business processes, and scalable impact.&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://aka.ms/MCAPS2026AIBS" target="_blank"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;Register now&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt;&amp;nbsp;to&amp;nbsp;learn about the&amp;nbsp;next chapter of opportunity powered by AI.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559738&amp;quot;:240,&amp;quot;335559739&amp;quot;:240,&amp;quot;335559740&amp;quot;:259}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;&lt;SPAN data-contrast="none"&gt;Join us for the Microsoft Partner FY27 GTM Kickoff Event:&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;SPAN data-contrast="none"&gt;&amp;nbsp;For a double-click on the priorities shared at MCAPS&amp;nbsp;Start for&amp;nbsp;Partners,&amp;nbsp;don’t&amp;nbsp;miss this&amp;nbsp;critical FY27 planning moment. Hear directly from Microsoft executives&amp;nbsp;about&amp;nbsp;priorities, learn how to build your strategy around Frontier Transformation, and gain insight into the market trends and investments shaping growth.&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://events.microsoft.com/flow/microsoft/startpartners27/landingpage/page/eventlandingpage?wt.mc_ID=mcapsforp2026_mcaps_corp_np_bl_blog" target="_blank"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;Register for&lt;/SPAN&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;&amp;nbsp;the&lt;/SPAN&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;A href="https://partner-gtm.msftevents.io/?wt.mc_id=bkln03ukod" target="_blank"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;Microsoft Partner FY27 GTM Kickoff Event&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="none"&gt;&amp;nbsp;on&amp;nbsp;July 28.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559738&amp;quot;:240,&amp;quot;335559739&amp;quot;:240,&amp;quot;335559740&amp;quot;:259}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;&lt;SPAN data-contrast="none"&gt;Nominations for the 2026&amp;nbsp;Microsoft Partner of the Year Awards&amp;nbsp;are closed:&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;SPAN data-contrast="none"&gt;&lt;STRONG&gt;&amp;nbsp;&lt;/STRONG&gt;Nominations for the 2026 Microsoft Partner of the Year Awards closed on July 7, 2026. Thank you to those who nominated their organizations—and&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://partner.microsoft.com/awards?wt.mc_id=yqfggerz2s" target="_blank"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;stay tuned for winner announcements&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="none"&gt;&amp;nbsp;in November.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559738&amp;quot;:240,&amp;quot;335559739&amp;quot;:0,&amp;quot;335559740&amp;quot;:259,&amp;quot;469777462&amp;quot;:[142],&amp;quot;469777927&amp;quot;:[0],&amp;quot;469777928&amp;quot;:[1]}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;&lt;SPAN data-contrast="auto"&gt;Turn AI demand into repeatable revenue with Frontier Transformation campaigns:&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;SPAN data-contrast="auto"&gt;&amp;nbsp;Build AI thought leadership and pipeline with the Frontier Transformation campaign in a box, a ready-to-launch, co-branded campaign that helps customers embed AI across their&amp;nbsp;business with the governance, security, and intelligence needed to scale. Use it to go to market faster, generate qualified leads, build pipeline without creating assets from scratch, and position your business as a strategic AI partner.&amp;nbsp;Explore&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://pmc.partner.microsoft.com/platform/campaign/6a13ed78b6a53cad4536fef8/preview?category=campaign&amp;amp;attributes=Language.English&amp;amp;search=frontier&amp;amp;origin=content-library" target="_blank"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;Partner Marketing Center Pro&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt;,&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://partner.microsoft.com/marketing-center/assets/collection/ai-transformation-collection#/?wt.mc_id=1j654clygz" target="_blank"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;download key campaign in a box assets&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt;, or visit&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://partner.microsoft.com/marketing-center?wt.mc_id=fiwaoysewk" target="_blank"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;Partner Marketing Center&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt;&amp;nbsp;for more information.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559738&amp;quot;:240,&amp;quot;335559739&amp;quot;:240,&amp;quot;335559740&amp;quot;:259}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;&lt;SPAN data-contrast="auto"&gt;Check out the Microsoft Partner Skilling Hub, a unified platform for all your skilling needs:&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;SPAN data-contrast="auto"&gt;&amp;nbsp;In this fast-moving market, skilling is no longer a nice-to-have—it's&amp;nbsp;a must&amp;nbsp;for&amp;nbsp;adopting&amp;nbsp;new technologies,&amp;nbsp;driving innovation,&amp;nbsp;and&amp;nbsp;winning&amp;nbsp;business. Find all the skilling opportunities you need to keep winning on the Microsoft Partner Skilling Hub, our unified platform that brings together all partner skilling resources into one seamless experience.&amp;nbsp;This experience&amp;nbsp;offers sales, technical, and solution-based learning, skilling paths mapped to Solutions Partner designations and specializations, and continuously updated content.&amp;nbsp;Explore&amp;nbsp;the&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://www.skilling-hub.com/?wt.mc_id=v9vgcyhh4k" target="_blank"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;Skilling Hub&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt;&amp;nbsp;today.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559738&amp;quot;:240,&amp;quot;335559739&amp;quot;:240,&amp;quot;335559740&amp;quot;:259}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;/DIV&gt;
&lt;/DIV&gt;
&lt;DIV style="max-width: 90%; margin: 0 auto; padding: 20px;"&gt;
&lt;DIV style="display: flex; align-items: center; justify-content: center; min-height: 100px; background-color: rgb(150,156,192);"&gt;
&lt;H2 class="lia-linked-item" style="margin: 0; font-size: 24px; text-align: center; color: #ffffff; font-weight: bold;"&gt;&lt;a id="community--1-go-to-market" class="lia-anchor"&gt;&lt;/a&gt;Go-To-Market&lt;/H2&gt;
&lt;/DIV&gt;
&lt;DIV style="padding: 20px 0;"&gt;
&lt;UL style="display: grid; row-gap: 10px;"&gt;
&lt;LI&gt;
&lt;P&gt;&lt;STRONG&gt;&lt;SPAN data-contrast="auto"&gt;Copilot Cowork is now generally available:&amp;nbsp;&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;SPAN data-contrast="auto"&gt;This&amp;nbsp;update&amp;nbsp;give&amp;nbsp;you new ways to deliver AI-powered collaboration and automation for your customers.&amp;nbsp;Powered by Copilot Credits-based consumption,&amp;nbsp;Copilot Cowork empowers you to&amp;nbsp;monetize ongoing usage while built-in admin controls support governance and visibility at scale. This&amp;nbsp;creates&amp;nbsp;a clear path to expand services, drive adoption, and grow recurring revenue. Read the&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://learn.microsoft.com/partner-center/announcements/2026-june?wt.mc_id=afpm6g3pfs#copilot-cowork-and-microsoft-scout-what-partners-need-to-know" target="_blank"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;Partner Center announcement&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt;&amp;nbsp;and view the&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://www.skilling-hub.com/collection/microskilling-cowork?wt.mc_id=1jkt1ncs8x" target="_blank"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;Cowork Microskilling&lt;/SPAN&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;&amp;nbsp;training&lt;/SPAN&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;&amp;nbsp;on Copilot Cowork&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt;&amp;nbsp;to&amp;nbsp;start building your consumption-led Copilot strategy now.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559738&amp;quot;:240,&amp;quot;335559739&amp;quot;:240,&amp;quot;335559740&amp;quot;:259}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;/LI&gt;
&lt;/UL&gt;
&lt;/DIV&gt;
&lt;/DIV&gt;
&lt;DIV style="max-width: 90%; margin: 0 auto; padding: 20px;"&gt;
&lt;DIV style="display: flex; align-items: center; justify-content: center; min-height: 100px; background-color: rgb(150,156,192);"&gt;
&lt;H2 class="lia-linked-item" style="margin: 0; font-size: 24px; text-align: center; color: #ffffff; font-weight: bold;"&gt;&lt;a id="community--1-customer-success" class="lia-anchor"&gt;&lt;/a&gt;&lt;STRONG&gt;Customer Success&lt;/STRONG&gt;&lt;/H2&gt;
&lt;/DIV&gt;
&lt;DIV style="padding: 20px 0;"&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;A href="https://partner.microsoft.com/case-studies/increment-school-data-security?wt.mc_id=if2thg5mux" target="_blank"&gt;&lt;STRONG&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;Increment strengthens school data security and AI readiness&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;SPAN data-contrast="none"&gt;&lt;STRONG&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;:&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt;Increment partnered with Australian public education systems to strengthen protection of sensitive student data and prepare for AI adoption. Using Microsoft security and compliance solutions, the team&amp;nbsp;established&amp;nbsp;scalable data governance practices across large, complex school environments. This work reduced risk, improved visibility into sensitive information, and created a foundation for secure use of tools like Microsoft 365 Copilot.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559739&amp;quot;:0,&amp;quot;335559740&amp;quot;:259,&amp;quot;469777462&amp;quot;:[142],&amp;quot;469777927&amp;quot;:[0],&amp;quot;469777928&amp;quot;:[1]}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559739&amp;quot;:0,&amp;quot;335559740&amp;quot;:259,&amp;quot;469777462&amp;quot;:[142],&amp;quot;469777927&amp;quot;:[0],&amp;quot;469777928&amp;quot;:[1]}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;A href="https://partner.microsoft.com/case-studies/ingram-micro-partner-modernization?wt.mc_id=3dwjj6gp4d" target="_blank"&gt;&lt;STRONG&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;Ingram Micro guides partners through cloud and AI modernization&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;SPAN data-contrast="none"&gt;&lt;STRONG&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;:&lt;/SPAN&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt;Ingram Micro works with partners to move customers from legacy infrastructure to Azure-based environments, creating a structured path from cloud migration to AI adoption. By combining technical&amp;nbsp;expertise, funding programs, and repeatable approaches, partners can reduce complexity,&amp;nbsp;optimize&amp;nbsp;costs, and deliver scalable, secure solutions that position customers for AI-powered workloads.&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559739&amp;quot;:0,&amp;quot;335559740&amp;quot;:259,&amp;quot;469777462&amp;quot;:[142],&amp;quot;469777927&amp;quot;:[0],&amp;quot;469777928&amp;quot;:[1]}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559739&amp;quot;:0,&amp;quot;335559740&amp;quot;:259,&amp;quot;469777462&amp;quot;:[142],&amp;quot;469777927&amp;quot;:[0],&amp;quot;469777928&amp;quot;:[1]}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;SPAN data-contrast="none"&gt;&lt;STRONG&gt;Sign up for the monthly Microsoft AI Cloud Partner Program newsletter:&lt;/STRONG&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN data-contrast="none"&gt;Encourage your teams to&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://info.microsoft.com/ww-landing-partner-newsletter" target="_blank"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;sign up for the newsletter&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="none"&gt;&amp;nbsp;to&amp;nbsp;stay informed on updates, incentives, and partner opportunities.&amp;nbsp;It’s&amp;nbsp;an easy way&amp;nbsp;to get the latest partner news delivered directly to your inbox.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559738&amp;quot;:240,&amp;quot;335559739&amp;quot;:240,&amp;quot;335559740&amp;quot;:259}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;/DIV&gt;
&lt;/DIV&gt;
&lt;P style="text-align: center; padding: 20px; font-size: 20px; font-weight: bold;"&gt;Follow the&lt;STRONG&gt;&amp;nbsp;&lt;A class="lia-internal-link" href="https://techcommunity.microsoft.com/tag/ai%20business%20solutions?nodeId=board%3APartnerNews&amp;amp;action=follow" target="_blank" rel="noopener" data-lia-auto-title="AI Business Solutions" data-lia-auto-title-active="0"&gt;AI Business Solutions&lt;/A&gt; tag&amp;nbsp;&lt;/STRONG&gt;to stay updated on monthly AI Business Solutions partner news!&lt;/P&gt;
&lt;img /&gt;</description>
      <pubDate>Fri, 10 Jul 2026 16:00:00 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/partner-news/july-update-what-s-new-for-partners-in-ai-business-solutions/ba-p/4535116</guid>
      <dc:creator>JillArmourMicrosoft</dc:creator>
      <dc:date>2026-07-10T16:00:00Z</dc:date>
    </item>
    <item>
      <title>Cross-Tenant Message Recall in Exchange Online</title>
      <link>https://techcommunity.microsoft.com/t5/exchange-team-blog/cross-tenant-message-recall-in-exchange-online/ba-p/4535800</link>
      <description>&lt;P&gt;Since we released cloud-based Message Recall in April 2023 (see &lt;A href="https://techcommunity.microsoft.com/t5/exchange-team-blog/cloud-based-message-recall-in-exchange-online/ba-p/3744714" target="_blank"&gt;Cloud-based Message Recall in Exchange Online&lt;/A&gt;), we’ve continued to expand where and how recall works – including &amp;nbsp;support for Outlook on the web and mobile, recipient recall notifications, a maximum recallable message age, and support for external round-trip routing (see &lt;A href="https://techcommunity.microsoft.com/blog/exchange/exchange-online-message-recall-updates/4226568" target="_blank"&gt;Exchange Online Message Recall Updates&lt;/A&gt;).&lt;/P&gt;
&lt;P&gt;Until now, all these capabilities shared one boundary: Message Recall only worked within a single tenant. Today, we’re pleased to announce one of our most requested cross-organization enhancements:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Cross-Tenant Message Recall, controlled by a tenant admin allow list&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;The intra-tenant boundary&lt;/H3&gt;
&lt;P&gt;By design due to privacy concerns, Message Recall operates within the Exchange Online service boundary, and until now it has been limited to intra-tenant messages – those where the sender and the recipients belong to the same Microsoft 365 tenant. When a sender tried to recall a message they had sent to recipients in a different tenant, the recall would fail, even between organizations that work closely together and trust one another.&lt;/P&gt;
&lt;P&gt;Customers told us this was a gap. Partners, subsidiaries, and affiliated organizations that collaborate daily across tenant boundaries wanted the same recall experience they already had inside their own tenant.&lt;/P&gt;
&lt;H3&gt;Introducing cross-tenant Message Recall&lt;/H3&gt;
&lt;P&gt;With Cross-Tenant Message Recall, a tenant admin can add other Microsoft 365 tenants to an allow list. Once a tenant is on the list, senders from those allow-listed tenants can recall messages they’ve sent to recipients in the receiving tenant – just as they would for an intra-tenant recall.&lt;/P&gt;
&lt;P&gt;Control sits with the &lt;STRONG&gt;receiving tenant&lt;/STRONG&gt; – the organization whose users received the messages. A cross-tenant recall is only honored when the receiving tenant’s admin has explicitly allow-listed the sender’s tenant. This keeps the receiving organization in full control of which external tenants are permitted to recall messages from its users’ mailboxes. The feature is disabled by default; no cross-tenant recall occurs until an admin adds at least one tenant to the allow list.&lt;/P&gt;
&lt;H3&gt;How it works&lt;/H3&gt;
&lt;P&gt;Consider two organizations that work together, Contoso and Fabrikam, both of whom are hosted in Microsoft 365:&lt;/P&gt;
&lt;OL&gt;
&lt;LI&gt;A Contoso admin adds Fabrikam’s tenant to Contoso’s cross-tenant recall allow list.&lt;/LI&gt;
&lt;LI&gt;A sender at Fabrikam recalls a message they previously sent to a recipient at Contoso.&lt;/LI&gt;
&lt;LI&gt;Because Contoso has allow-listed Fabrikam, the recall is honored and processed like a standard recall against the Contoso recipient’s mailbox.&lt;/LI&gt;
&lt;/OL&gt;
&lt;P&gt;If Fabrikam is &lt;EM&gt;not&lt;/EM&gt; on Contoso’s allow list, the recall fails and the Fabrikam sender will see in the recall status report that the message can’t be recalled across organizations. Allow-listing governs inbound recalls into the receiving tenant, so each organization decides independently which external tenants it trusts to recall messages from its mailboxes.&lt;/P&gt;
&lt;H2&gt;Configuring with Exchange Online PowerShell&lt;/H2&gt;
&lt;P&gt;Admins can configure these settings using Exchange Online PowerShell.&lt;/P&gt;
&lt;P&gt;Enable or disable cross-tenant message recall for the tenant. Setting this parameter to $True turns on the capability; $False (default) turns it off:&lt;/P&gt;
&lt;PRE class="lia-indent-padding-left-30px"&gt;Set-CrossTenantRecallConfiguration -CrossTenantRecallEnabled [$true | $false]&lt;/PRE&gt;
&lt;P&gt;Specify external tenants to add or remove from the allowed list. Add the tenant IDs of the organizations you trust to perform recalls:&lt;/P&gt;
&lt;PRE class="lia-indent-padding-left-30px"&gt;Set-CrossTenantRecallConfiguration -AllowedSenderTenantIds @{Add="&amp;lt;tenantId 1&amp;gt;","&amp;lt;tenantId 2&amp;gt;"}; {Remove="&amp;lt;tenantId 1&amp;gt;","&amp;lt;tenantId 2&amp;gt;"}&amp;nbsp;&lt;/PRE&gt;
&lt;H3&gt;What senders and recipients see&lt;/H3&gt;
&lt;P&gt;When a sender in an allow-listed tenant recalls a message, recipients in the receiving tenant experience the recall exactly as they would an intra-tenant recall. If the receiving tenant has enabled recipient recall notifications, those notifications apply to cross-tenant recalls as well. If the sender’s tenant is not on the receiving tenant’s allow list, the sender receives a notification that the message can’t be recalled across organizations.&lt;/P&gt;
&lt;H3&gt;Availability&lt;/H3&gt;
&lt;P&gt;Cross-Tenant Message Recall will start to deploy to worldwide, GCC, GCC High, DoD and Microsoft 365 operated by 21Vianet starting mid-August, completing by mid-September. We hope you’ll find this enhancement useful, and we look forward to your feedback.&lt;/P&gt;
&lt;P&gt;&lt;SPAN class="lia-text-color-12"&gt;Microsoft 365 Messaging Team&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Fri, 10 Jul 2026 15:38:58 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/exchange-team-blog/cross-tenant-message-recall-in-exchange-online/ba-p/4535800</guid>
      <dc:creator>The_Exchange_Team</dc:creator>
      <dc:date>2026-07-10T15:38:58Z</dc:date>
    </item>
    <item>
      <title>Title Plan Update - July 10, 2026</title>
      <link>https://techcommunity.microsoft.com/t5/ilt-communications-blog/title-plan-update-july-10-2026/ba-p/4535790</link>
      <description>&lt;img /&gt;
&lt;H4&gt;📁&lt;STRONG&gt;July 10, 2026 - Title Plan Now Available&lt;/STRONG&gt;&lt;/H4&gt;
&lt;H4&gt;Access the latest Instructor-Led Training (ILT) updates anytime at&amp;nbsp;&lt;A href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Faka.ms%2FCourseware_Title_Plan&amp;amp;data=05%7C02%7Cv-aslyman%40microsoft.com%7C17dfe1a6ad1f49c1839208de4a304d49%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C639029768499335587%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&amp;amp;sdata=T0XSvelxN%2BvWJR1Q%2F%2B791m03a4Trajflams4GR2%2FlK4%3D&amp;amp;reserved=0" target="_blank"&gt;http://aka.ms/Courseware_Title_Plan&lt;/A&gt;&amp;nbsp;to ensure you're always working from the most current version.&lt;/H4&gt;
&lt;P&gt;📌&amp;nbsp;&lt;EM&gt;Reminder: To help you stay informed more quickly and consistently, we’ve moved to a weekly publishing cadence for the title plan. This means each update may include fewer changes but ensures you’re always up to date.&lt;/EM&gt;&lt;/P&gt;</description>
      <pubDate>Fri, 10 Jul 2026 15:02:38 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/ilt-communications-blog/title-plan-update-july-10-2026/ba-p/4535790</guid>
      <dc:creator>anbordianu</dc:creator>
      <dc:date>2026-07-10T15:02:38Z</dc:date>
    </item>
    <item>
      <title>New MRCA test for External user meeting join</title>
      <link>https://techcommunity.microsoft.com/t5/microsoft-teams-support/new-mrca-test-for-external-user-meeting-join/ba-p/4535726</link>
      <description>&lt;P&gt;If you support Microsoft Teams, you’ve probably seen cases where an external user can’t join a meeting and the cause isn’t obvious at first glance. This test helps identify common configuration issues that may prevent external users from joining Teams meetings.&lt;/P&gt;
&lt;P&gt;This test checks:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Meeting policies&lt;/LI&gt;
&lt;LI&gt;Guest access settings&lt;/LI&gt;
&lt;LI&gt;External access settings&lt;/LI&gt;
&lt;LI&gt;Federation configuration&lt;/LI&gt;
&lt;LI&gt;Lobby settings&lt;/LI&gt;
&lt;LI&gt;Cross-tenant access settings&lt;/LI&gt;
&lt;LI&gt;Identity classification&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;The goal is to make it easier to pinpoint the setting or policy that’s blocking a successful meeting join experience for external users. We encourage you to try the test and add it to your troubleshooting toolkit.&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Get Started&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;To access the diagnostic, navigate to the&amp;nbsp;&lt;A href="https://testconnectivity.microsoft.com/tests/teams" target="_blank"&gt;Microsoft Remote Connectivity Analyzer&lt;/A&gt;, select&amp;nbsp;&lt;STRONG&gt;Microsoft Teams&lt;/STRONG&gt;, then click on External user meeting join.&lt;/P&gt;
&lt;img /&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Learn more&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;For a deeper look at why external participants can or can’t join a Microsoft Teams meeting, see &lt;A class="lia-internal-link lia-internal-url lia-internal-url-content-type-blog" href="https://techcommunity.microsoft.com/blog/microsoftteamssupport/why-external-participants-can%E2%80%94or-can%E2%80%99t%E2%80%94join-a-microsoft-teams-meeting/4517557" data-lia-auto-title="Why External Participants Can—or Can’t—Join a Microsoft Teams Meeting" data-lia-auto-title-active="0" target="_blank"&gt;Why External Participants Can—or Can’t—Join a Microsoft Teams Meeting&lt;/A&gt;. This article explains the different participant types and how meeting policy, organizer meeting options, and tenant-level settings work together to affect join behavior.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Thanks for taking a look and let us know how it helps.&lt;/P&gt;</description>
      <pubDate>Fri, 10 Jul 2026 13:06:17 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/microsoft-teams-support/new-mrca-test-for-external-user-meeting-join/ba-p/4535726</guid>
      <dc:creator>DJ1298</dc:creator>
      <dc:date>2026-07-10T13:06:17Z</dc:date>
    </item>
    <item>
      <title>New in Microsoft Marketplace: July 10, 2026</title>
      <link>https://techcommunity.microsoft.com/t5/marketplace-blog/new-in-microsoft-marketplace-july-10-2026/ba-p/4522360</link>
      <description>&lt;P&gt;Learn about 132 new offers that went live in Microsoft Marketplace, a single destination to find, try, and buy cloud solutions, AI apps, and agents to meet your business needs.&lt;/P&gt;
&lt;DIV class="styles_lia-table-wrapper__h6Xo9 styles_table-responsive__MW0lN"&gt;&lt;table border="0" style="width: 95%; border-width: 0px;"&gt;&lt;tbody&gt;&lt;tr&gt;&lt;th colspan="2" style="padding: 20px 0px 20px 0px;"&gt;
&lt;H3&gt;&lt;EM&gt;Get it now in our marketplace&lt;/EM&gt;&lt;/H3&gt;
&lt;/th&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/4minds.78865789-7ec4-42a0-8bc2-ea31d418153f-ae6d6e4f-e8c5-4836-ae0e-658351181a49/image3_logo.png" alt="" width="100" height="100" /&gt;
&lt;P aria-hidden="true"&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&lt;/P&gt;
&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/4minds.78865789-7ec4-42a0-8bc2-ea31d418153f" target="_blank" rel="noopener"&gt;4MINDS for Microsoft 365 Copilot&lt;/A&gt;: 4MINDS enables organizations to train custom AI models on their own documents and data, integrating them directly into Microsoft 365 Copilot. The 4MINDS Assistant agent delivers accurate, domain-specific answers within familiar apps like Excel and Word, enhancing finance, engineering, legal, HR, and operations workflows without leaving your Microsoft 365 environment.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/accessukltd1632117640699.5d6b9457-b523-43a1-b294-1850b328682b-dfe32964-b14a-4cf4-af3e-d7be8fee9ece/image2_logo.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/accessukltd1632117640699.5d6b9457-b523-43a1-b294-1850b328682b" target="_blank" rel="noopener"&gt;Access Rio Observations&lt;/A&gt;: Access Rio Observations is a mobile app built on Microsoft Azure for real-time patient data capture, syncing seamlessly with Rio EPR. It offers offline use, secure synchronization, and access to vital signs and alerts. Integrated with Access Evo and AI-powered analytics, it enhances accuracy, efficiency, and patient safety in emergency care.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/medicalaiinc1780552771505.628c56d2-9fb2-4724-a0c1-2e668300faa5-fb7ff4e8-392a-4783-aaec-49dd3de693db/image2_logo.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/medicalaiinc1780552771505.628c56d2-9fb2-4724-a0c1-2e668300faa5" target="_blank" rel="noopener"&gt;AiTiALVSD&lt;/A&gt;: AiTiALVSD is an AI-powered ECG solution that helps healthcare providers detect early heart failure signs using routine 12-lead ECGs. The solution delivers rapid risk scores, integrates seamlessly into workflows, and supports timely intervention.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/caishicolimited1780043271339.bigcat-e0b4011e-c8a2-4f9c-9b9a-b5ceb5d57598/image0_BigCatlogo350x350.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/caishicolimited1780043271339.bigcat" target="_blank" rel="noopener"&gt;BigCat&lt;/A&gt;: BigCat is an enterprise AI platform offering knowledge discovery, natural language analytics, AI agent automation, and multi-model integration. It enables building knowledge bases, data analysis, intelligent agent deployment, and secure AI model connections, enhancing productivity, decision-making, and unlocking business value in a scalable environment.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/xiontech.ba-agent-3-5ce3f8c2-91f7-4ec5-bf99-102907f1ed00/image6_baagenticon216.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/xiontech.ba-agent-3" target="_blank" rel="noopener"&gt;Business Analyst Assistant Agent&lt;/A&gt;: ba-agent is an AI-powered assistant that transforms Microsoft Teams conversations into clear, actionable product requirements. The assistant analyzes transcripts and chats to summarize discussions, extract key decisions, and reduce manual documentation. Designed for product managers and teams, it improves alignment, accelerates delivery, and integrates seamlessly with collaboration workflows.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/techmiencorp.codefinder_cip-3a4b08bc-2907-4062-8428-6e5176c59ea6/image5_techmienlogosquare300x300.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/techmiencorp.codefinder_cip" target="_blank" rel="noopener"&gt;CodeFind CIP&lt;/A&gt;: CodeFind CIP is an AI-powered platform for searching and classifying Canadian postsecondary educational programs using Classification of Instructional Programs (CIP) codes. CodeFind CIP offers natural language and hybrid search. The platform provides API integration and supports educational institutions, government, and workforce planners. It streamlines program mapping, data accuracy, and integration for education and research applications.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/techmiencorp.codefinder_noc-6d36984f-02d1-4f48-9a98-52e92a16642c/image0_techmienlogosquare300x300.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/techmiencorp.codefinder_noc" target="_blank" rel="noopener"&gt;CodeFind NOC&lt;/A&gt;: CodeFind NOC is an AI-powered tool for quickly identifying and validating Canada's National Occupational Classification codes and TEER categories. It supports workforce development, immigration, career guidance, and labor market analysis by providing accurate occupation details, hierarchies, and requirements, streamlining classification and enhancing planning for organizations and professionals.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/cloudservesystemspvtltd1686297781203.compliance_genie-daf5c8c0-3caa-4641-96b7-58927e7f4d1f/image7_compliancegenielogo216.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/cloudservesystemspvtltd1686297781203.compliance_genie" target="_blank" rel="noopener"&gt;ComplianceGenie&lt;/A&gt;: ComplianceGenie is an AI-powered platform automating ISO/IEC 27001, SOC 2, GDPR, and HIPAA compliance for IT and software-as-a-service companies. It reduces audit preparation time, supports multiple frameworks, automates evidence collection, offers real-time monitoring, and provides audit-ready reports.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/covene.covene-cloudmonitor-7f9d8409-5d14-433d-9711-c653654a1ae8/image4_covenemarketplacelogo350.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/covene.covene-cloudmonitor" target="_blank" rel="noopener"&gt;Covene CloudMonitor&lt;/A&gt;: Covene CloudMonitor unifies Microsoft Azure cloud and AI spend monitoring, integrating Microsoft Azure OpenAI and other AI solutions. CloudMonitor offers cost analysis, anomaly detection, compliance alerts, and AI usage metrics. Built on Azure, it supports role-based access control (RBAC), audit trails, and AI-driven insights for efficient cloud and AI resource management.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/neostatsanalyticssolutionsllc1709294317283.neostats-data-ai-e259e2c0-5bb3-4a9c-bbdb-a60753e3c108/image0_NeostatsL.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/neostatsanalyticssolutionsllc1709294317283.neostats-data-ai" target="_blank" rel="noopener"&gt;Data &amp;amp; AI Consulting Services&lt;/A&gt;: NeoStats offers end-to-end consulting for Microsoft Azure, enabling modern data platforms for business intelligence, data science, and AI. Services include migration, platform modernization, predictive modeling, data governance, and real-time analytics.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/ezra360.document_management-d0a5ea0b-af39-4c8d-9641-efddf4e85ff7/image1_Logo.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/ezra360.document_management" target="_blank" rel="noopener"&gt;Ezra360 Document Management System&lt;/A&gt;: Ezra360's document management system helps organizations efficiently manage, store, and retrieve documents with advanced tools for organization, secure access, and compliance. It simplifies workflows through easy categorization, version control, and collaboration, improving productivity and control over document processes while addressing common file management challenges.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/ascendioninc1671661118553.ascendion_ai-driven_contact_center-8b1c7e70-e6fa-4a82-881a-605f789cead8/image0_ascendionicone.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/ascendioninc1671661118553.ascendion_ai-driven_contact_center" target="_blank" rel="noopener"&gt;Healthcare Agentic AI Contact Center&lt;/A&gt;: Ascendion's Agentic AI Contact Center, built on Microsoft Azure AI, enhances healthcare engagement by integrating with existing systems. It reduces call costs, improves handling time, and achieves first contact resolution. Designed for HIPAA compliance, it boosts efficiency, personalization, and regulatory adherence in healthcare operations.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/icronteknolojibiliimanonimirketi1675926440359.icron-procurement-planning-blending-optimization-362a6b2a-5d3a-4aac-9eb1-58856278b71c/image0_ICRON216x216px.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/icronteknolojibiliimanonimirketi1675926440359.icron-procurement-planning-blending-optimization" target="_blank" rel="noopener"&gt;ICRON Procurement Planning &amp;amp; Blending Optimization&lt;/A&gt;: ICRON Procurement Planning and Blending Optimization uses AI to optimize sourcing, blending, and supply chain decisions in process industries. It balances cost, quality, and sustainability by analyzing complex scenarios quickly. Proven to reduce costs, inventory, and run times, it enhances transparency and aligns procurement, production, and quality teams efficiently.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/interknowlogyik.ik_weather-2607e0ce-9b5c-4580-842b-76472239244b/image1_IKWeatherazure.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/interknowlogyik.ik_weather" target="_blank" rel="noopener"&gt;IK Weather Insights&lt;/A&gt;: IK Weather Insights is a cloud-native platform that modernizes live weather broadcasts with real-time data visualization, browser-based workflows, and scalable infrastructure on Microsoft Azure. It streamlines production, supports multi-market operations, and enhances responsiveness during severe weather.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/oticgroup1778352587921.iip-insurance-intelligence-platform-30e5dbad-5c12-429b-b6a0-84c0c6b944ab/image6_iiplogolarge.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/oticgroup1778352587921.iip-insurance-intelligence-platform" target="_blank" rel="noopener"&gt;Insurance Intelligence Platform&lt;/A&gt;: Insurance Intelligence Platform (IIP) is a Microsoft Azure Managed Application that automates insurance workflows like claims intake, policy servicing, underwriting, and document processing. It enhances communication, provides operational visibility, and ensures data security within your Azure environment. Ideal for insurers, brokers, and operations teams seeking AI-driven efficiency.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/jeenai.f667b06c-0ca9-4cd3-babe-d62dd3825521-0e75de83-414f-4a21-8d8d-af0b398a8d9c/image2_logo.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/jeenai.f667b06c-0ca9-4cd3-babe-d62dd3825521" target="_blank" rel="noopener"&gt;Jeen AI Platform&lt;/A&gt;: Jeen is an enterprise AI platform enabling secure, governed, and scalable AI adoption across industries like healthcare, finance, and government. It supports Microsoft Azure, on-premises, hybrid, or air-gapped deployments, ensuring control over data, models, and compliance while integrating AI into mission-critical workflows with enterprise-grade security and oversight.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/kritmatta_ai_agent_builder.kritmatta-saas-2c26f9a1-8f7b-458d-9c71-4e26033006c2/image4_logo216x2161781189801271.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/kritmatta_ai_agent_builder.kritmatta-saas" target="_blank" rel="noopener"&gt;Kritmatta AI Agent Builder&lt;/A&gt;: Kritmatta is an advanced platform to enable teams to create, manage, and scale intelligent AI agents. These agents autonomously coordinate tasks across various tools and environments, enhancing productivity within an integrated, agentic AI ecosystem.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/synergyadvisorsllc.micro-vigilant-sec-ops-agent-262c5e08-9fd0-47bf-9157-9d18098ff5bc/image1_secopsagent.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/synergyadvisorsllc.micro-vigilant-sec-ops-agent" target="_blank" rel="noopener"&gt;Micro-Vigilant SecOps Agent&lt;/A&gt;: Micro-Vigilant SecOps Agent enhances SOC performance by analyzing Microsoft Defender XDR incidents, workload, and response efficiency. It identifies unresolved cases, workload imbalances, and alert quality issues, providing actionable recommendations to optimize security operations, improve analyst productivity, and prioritize critical incidents through an interactive chatbot interface.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/simetrixconsult1776236207203.modern_timeline_pcf-c6338abf-35b6-4431-b53b-bef50302d09f/image2_logo216x216.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/simetrixconsult1776236207203.modern_timeline_pcf" target="_blank" rel="noopener"&gt;Modern Activity Timeline for Microsoft Dynamics 365&lt;/A&gt;: Modern Timeline enhances Microsoft Dynamics 365 and Power Apps by streamlining activity management directly within the timeline. It boosts productivity for sales, service, and field teams by enabling quick email replies, activity creation, and task completion without extra clicks or navigation.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/hexagonali-nl.smart_completions_smart_cloud_copy-d9824ece-1fd8-493b-80f5-bfb8dd879863/image5_AzureMarketplaceLogoLarge216x216WHITE.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/hexagonali-nl.smart_completions_smart_cloud_copy" target="_blank" rel="noopener"&gt;Octave OnSite Completions&lt;/A&gt;: Octave OnSite Completions is a comprehensive project management solution for planning, execution, and handover in construction and commissioning. It ensures traceability, accountability, and system integrity, supports large projects, and includes modules for completions, safety, risk, and turnaround management, meeting high industry standards efficiently.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/okai.okai-compliance-cb3ebdb1-86bc-42b5-9674-48e39c98ff37/image0_logomenor.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/okai.okai-compliance" target="_blank" rel="noopener"&gt;Okai Compliance&lt;/A&gt;: Monitor regulations and consultations from key Brazilian regulators in one searchable workspace. Okai is designed for regulatory compliance teams, centralizing monitoring, AI-assisted summaries, impact analysis, and task management. It supports financial and regulated markets by streamlining regulatory tracking, project workflows, deadlines, and collaboration, reducing manual effort and ensuring traceable, audit-ready compliance actions in one searchable workspace.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/omnia-voiceoy1781029370314.omnia-voice-teams-transcription-d0d9a3b4-7f51-47bc-9279-e899ce654cc1/image1_3.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/omnia-voiceoy1781029370314.omnia-voice-teams-transcription" target="_blank" rel="noopener"&gt;Omnia-Voice Teams Transcription&lt;/A&gt;: Omnia-Voice is an AI transcription and meeting intelligence platform for Microsoft Teams. It supports over 50 languages with automatic detection, requires no guest bots, uses secure data storage hosted in Europe to aid compliance with the GDPR, and delivers instant post-meeting summaries, transcripts, and action items directly into Teams channels for seamless collaboration.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/1779317061420.onseen-dev-6f3e9d30-e3d4-4ed7-9d90-d6a17248f370/image0_onseenicontransparent.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/1779317061420.onseen-dev" target="_blank" rel="noopener"&gt;Onseen DEV&lt;/A&gt;: Onseen DEV is a Japanese-to-English captioning app that supports multilingual online meetings. It displays translated subtitles in near-real-time to ease understanding, reduce communication gaps, and enhance collaboration in business, training, and technical discussions involving Japanese and English speakers.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/optimizesecurity1780555529243.optimize_365-780bde1d-95a4-47d2-92ac-ab6cdf6b975e/image0_216.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/optimizesecurity1780555529243.optimize_365" target="_blank" rel="noopener"&gt;Optimize365&lt;/A&gt;: Optimize365 is designed for managed service providers (MSPs) and managed security service providers (MSSPs) to manage Microsoft 365 security across clients. Optimize365 offers rapid security assessments, one-click remediation, automated change tracking, branded reports, AI readiness checks, and compliance mapping.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/saturaminc.qualdo_drx_private-b05138d3-80c7-4273-bea2-1c59d3563ff1/image1_QualdoBlue350x350.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/saturaminc.qualdo_drx_private" target="_blank" rel="noopener"&gt;Qualdo-DRX Private Realtime Data Observability for AI&lt;/A&gt;: Qualdo-DRX Private offers real-time data observability and incident detection within Microsoft Azure, monitoring over 75 metrics for reliability, quality, and drift. It ensures data stays secure in customer infrastructure, supports AI, RAG, and ML workflows, integrates with Microsoft tools, and meets compliance for robust, automated data governance and pipeline monitoring.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/enkaytech.query-d020e49d-37a6-4d23-a561-5caa12eaafc7/image4_1.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/enkaytech.query" target="_blank" rel="noopener"&gt;Query AI Chatbot for Your Documents&lt;/A&gt;: Query leverages Microsoft Azure AI and LLMs to deliver conversational, context-aware answers from enterprise documents using retrieval-augmented generation (RAG). It enables instant, accurate responses, intelligent multi-document search, and secure access, boosting productivity, decision-making, and knowledge accessibility across business platforms for AI-driven digital transformation.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/avepoint.resilience_m365_pkg-31fcc8a5-4da8-4deb-90c4-4ec79e2c5486/image1_216x216.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/avepoint.resilience_m365_pkg" target="_blank" rel="noopener"&gt;Resilience for Microsoft 365&lt;/A&gt;: AvePoint offers a secure, scalable solution for Microsoft 365 data protection and rapid recovery. It supports large-scale restores, covers multiple workloads, cleans redundant data, and extends protection to key apps. Prioritized restore minimizes downtime, ensuring compliance and resilience for modern incidents across Microsoft 365 environments.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/routinelabs.1185acdc-9f73-41b1-88d4-e201498e3f99-9acf8910-eef6-4293-845c-b421d23af3ec/image5_logo.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/routinelabs.1185acdc-9f73-41b1-88d4-e201498e3f99" target="_blank" rel="noopener"&gt;Routine&lt;/A&gt;: Routine automates repetitive administrative tasks within existing systems without new software or migration. It offers fast, reliable, rule-based workflows that adapt automatically, ensuring compliance and auditability. Routine enables human oversight for sensitive cases, integrates seamlessly across applications, and deploys quickly, boosting team efficiency without disrupting operations.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/afitechadvisoryllc.afita_atp2-04acab0d-8fe3-415d-85d0-604a91003f61/image3_afitalogo300.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/afitechadvisoryllc.afita_atp2" target="_blank" rel="noopener"&gt;SCALE AI Transformation Office&lt;/A&gt;: The AI Transformation Office (ATO) helps organizations scale AI by providing a centralized platform for managing, governing, and expanding AI initiatives. It offers dashboards, program management, training, and governance aligned with Microsoft Copilot and Azure AI, ensuring consistent execution and measurable business impact through a structured, ongoing AI transformation program.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/solum1623395434756.solum-saas-aims-fd3db822-babb-4745-b3a5-9f7ac516d06b/image3_solumlogo325.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/solum1623395434756.solum-saas-aims" target="_blank" rel="noopener"&gt;SOLUM AIMS Cloud Platform&lt;/A&gt;: SOLUM AIMS Cloud is a professional platform for managing and monitoring electronic shelf labels (ESL) in global retail stores. It automates pricing updates and ensures data accuracy, enhancing efficiency and control in retail pricing management.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/spassu_252688.spassu0005-234ec1bc-9bb6-41fb-b44d-4f7d7164f404/image5_logo.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/spassu_252688.spassu0005" target="_blank" rel="noopener"&gt;Spassu Code: Frontier&lt;/A&gt;: Spassu Code is an AI-assisted software development suite that streamlines the entire pipeline from requirements to pull request. It integrates with Microsoft Azure DevOps and GitHub, offers web and CLI interfaces, ensures human approval at critical points, provides governance, auditability, real-time streaming, and reduces rework by maintaining context and standardization.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/sproutsinc.sprouts-ai-saas-3849212f-1926-4afa-bb29-d5126452c14f/image1_sproutsailogo216x216.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/sproutsinc.sprouts-ai-saas" target="_blank" rel="noopener"&gt;Sprouts AI&lt;/A&gt;: Sprouts AI is a revenue intelligence platform integrated with Microsoft Dynamics 365 Sales, offering real-time account and opportunity insights. It enriches data, maps decision-makers, analyzes competitors, and identifies high-value accounts, helping B2B sales teams improve targeting, reduce manual research, and boost pipeline conversion efficiently.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/vectorlab.switchblade-tableau-to-fabric-7fe50d77-75fe-457d-81dd-ef7698e6dd78/image0_vllogo280.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/vectorlab.switchblade-tableau-to-fabric" target="_blank" rel="noopener"&gt;Switchblade Tableau to Microsoft Fabric&lt;/A&gt;: Switchblade by Vector Lab automates migrations from Tableau to Microsoft Fabric, cutting manual effort and speeding delivery. Switchblade analyzes dashboards, maps schemas, translates logic, and ensures compatibility, while also supporting unlimited data volume, enhancing consistency, and reducing migration risk for enterprises.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/taxcel.taxel_hub-8c09bdb6-e36f-4775-9025-01f03f76b1d3/image6_taxLogonovo.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/taxcel.taxel_hub" target="_blank" rel="noopener"&gt;Taxcel Hub&lt;/A&gt;: Available in Portuguese, Taxcel Hub is a cloud-based big data fiscal platform offering centralized storage, high-performance processing, interactive dashboards, and AI-driven insights. It automates tax data management, supports user control, integrates with external systems, and scales for large operations, aiding corporations, business process outsourcing organizations, and tax consultancies in strategic decision-making.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/unifize.unifize-ai-qms-dms-f125286b-bc2d-457a-abf6-f83fd0a04999/image4_UnifizeLogoLarge.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/unifize.unifize-ai-qms-dms" target="_blank" rel="noopener"&gt;Unifize AI Governed Layer for Quality &amp;amp; Document Management&lt;/A&gt;: Unifize is an AI-driven quality and document management platform for regulated industries that provides with full traceability, audit readiness, and hosting on Microsoft Azure. Unifize streamlines corrective and preventative action (CAPA), change control, and training, enabling faster compliance and expansion without re-implementation.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/kapinexprivatelimited1775802179809.sharepointlibrary-premium-3084c132-f766-4331-bcb2-8cfaf47f928f/image2_kap300x300.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/kapinexprivatelimited1775802179809.sharepointlibrary-premium" target="_blank" rel="noopener"&gt;Video Banner Web Part&lt;/A&gt;: KapiNex's Video Banner web part lets you add a full-width video hero banner to SharePoint Online pages, enabling autoplay, loop, and muted MP4 support. Customize title, description, call-to-action (CTA) buttons, alignment, overlay color, text, and banner height. The web part features edge-to-edge layout, advanced styling, and configuration tips for video sources and design.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/e-emphasystechnologiesinc1771352319722.intellidealer-0819aa4c-80bf-40d8-8f42-7cde6c6418fd/image4_intellidealer350x350.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/e-emphasystechnologiesinc1771352319722.intellidealer" target="_blank" rel="noopener"&gt;VitalEdge IntelliDealer&lt;/A&gt;: VitalEdge IntelliDealer is a modern dealership management system for equipment dealerships, integrating sales, parts, service, and inventory into one platform. It enhances efficiency with real-time data, simplifies operations, and supports hosting on Microsoft Azure and reporting via Microsoft Power BI. Designed for usability, it streamlines workflows and boosts dealership performance and growth.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/pentest-tools.vulnerability-scanners-for-web-apps-and-network-ec12d790-9815-4509-891d-d061b2e39e0a/image5_flaglogo.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/pentest-tools.vulnerability-scanners-for-web-apps-and-network" target="_blank" rel="noopener"&gt;Vulnerability Scanners for Web Apps and Network&lt;/A&gt;: Pentest-Tools.com offers over 20 vulnerability scanners for web applications and network security. It detects issues like XSS, SQL injection, and critical CVEs such as Log4Shell. This all-in-one platform combines web and infrastructure scanning, providing comprehensive security assessments by simulating external attacker probes to identify vulnerabilities.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/asquaretechnologies1752687834194.vyoma-payroll-test-a28bd472-c40e-4612-b5e4-d56f13dcf926/image3_AsqLogo280x280.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/asquaretechnologies1752687834194.vyoma-payroll-test" target="_blank" rel="noopener"&gt;Vyoma-Asqrt Payroll&lt;/A&gt;: Vyoma-ASQRT Payroll is a cloud-based HR solution that automates payroll tasks, ensuring accuracy and compliance. The user-friendly dashboard streamlines attendance, leave, and salary management. Ideal for HR and finance teams, it reduces errors, boosts productivity, and offers seamless, accessible payroll processing for organizations of all sizes.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/xilliobv1605778715406.xlr0010-52798ba7-45dd-4c74-883d-2fda1cee62ac/image0_XillioBeeldmerkRGB.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/xilliobv1605778715406.xlr0010" target="_blank" rel="noopener"&gt;Xillio Link Redirector&lt;/A&gt;: Xillio Link Redirector ensures business continuity after content migration by maintaining existing links to moved documents. It prevents broken links and user frustration, enabling seamless access to content in new systems. This continuity layer supports smooth transitions, reducing support issues.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;/tr&gt;&lt;tr&gt;&lt;th colspan="2" style="padding: 20px 0px 20px 0px;"&gt;
&lt;H3&gt;&lt;EM&gt;Easily deploy virtual machine images&lt;/EM&gt;&lt;/H3&gt;
&lt;/th&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/articentgroupllc1635512619530.postgresql-18-suse-linux-enterprise-server-15-4e4c3d00-e452-4b21-a252-ac4dbe3478fc/image3_LargeLogo.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A style="text-decoration: none; color: #007bff;" href="https://marketplace.microsoft.com/marketplace/apps/articentgroupllc1635512619530.postgresql-18-suse-linux-enterprise-server-15" target="_blank" rel="noopener"&gt;Database for PostgreSQL 18 on SUSE Linux Enterprise Server 15&lt;/A&gt;&amp;nbsp;&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/athinfosystems1641442221349.cloudsync-2c95b520-f06e-48d0-bd37-5b011efa9fe3/image1_athlogo.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A style="text-decoration: none; color: #007bff;" href="https://marketplace.microsoft.com/marketplace/apps/athinfosystems1641442221349.cloudsync" target="_blank" rel="noopener"&gt;CloudSync and Data Sharing Tool&lt;/A&gt;&lt;BR /&gt;&lt;A style="text-decoration: none; color: #007bff;" href="https://marketplace.microsoft.com/marketplace/apps/athinfosystems1641442221349.dataplatform333" target="_blank" rel="noopener"&gt;Data Platform&lt;/A&gt;&lt;BR /&gt;&lt;A style="text-decoration: none; color: #007bff;" href="https://marketplace.microsoft.com/marketplace/apps/athinfosystems1641442221349.graphinsights" target="_blank" rel="noopener"&gt;Graph Insights and Analytics Tool&lt;/A&gt;&lt;BR /&gt;&lt;A style="text-decoration: none; color: #007bff;" href="https://marketplace.microsoft.com/marketplace/apps/athinfosystems1641442221349.jitsi2222" target="_blank" rel="noopener"&gt;Jitsi&lt;/A&gt;&lt;BR /&gt;&lt;A style="text-decoration: none; color: #007bff;" href="https://marketplace.microsoft.com/marketplace/apps/athinfosystems1641442221349.opencart3444" target="_blank" rel="noopener"&gt;OpenCart&lt;/A&gt;&lt;BR /&gt;&lt;A style="text-decoration: none; color: #007bff;" href="https://marketplace.microsoft.com/marketplace/apps/athinfosystems1641442221349.pritunlvpn444" target="_blank" rel="noopener"&gt;Pritunl VPN&lt;/A&gt;&lt;BR /&gt;&lt;A style="text-decoration: none; color: #007bff;" href="https://marketplace.microsoft.com/marketplace/apps/athinfosystems1641442221349.ubuntuserver56" target="_blank" rel="noopener"&gt;Ubuntu Server&lt;/A&gt;&lt;BR /&gt;&lt;A style="text-decoration: none; color: #007bff;" href="https://marketplace.microsoft.com/marketplace/apps/athinfosystems1641442221349.unifi345" target="_blank" rel="noopener"&gt;UniFi&lt;/A&gt;&amp;nbsp;&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/cloud-infrastructure-services.docker-ubuntu-26-04-6eec8d75-e886-4457-9ac2-56e9a40c1ca3/image1_docker216.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A style="text-decoration: none; color: #007bff;" href="https://marketplace.microsoft.com/marketplace/apps/cloud-infrastructure-services.docker-ubuntu-26-04" target="_blank" rel="noopener"&gt;Docker on Ubuntu 26.04 LTS&lt;/A&gt;&lt;BR /&gt;&lt;A style="text-decoration: none; color: #007bff;" href="https://marketplace.microsoft.com/marketplace/apps/cloud-infrastructure-services.ubuntu-desktop-xfce" target="_blank" rel="noopener"&gt;Ubuntu Desktop 26.04 LTS&lt;/A&gt;&amp;nbsp;&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/cloudimg1647283583153.sftp-server-ubuntu-24-04-91527290-b76c-4d51-bd5d-fa8f14ae65a3/image1_logolarge.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A style="text-decoration: none; color: #007bff;" href="https://marketplace.microsoft.com/marketplace/apps/cloudimg1647283583153.sftp-server-ubuntu-24-04" target="_blank" rel="noopener"&gt;SFTP Server on Ubuntu 24.04 LTS&lt;/A&gt;&amp;nbsp;&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/dcassociatesgroupinc.gitlab-ce-server-627252f8-4ac3-482b-bb6f-f05e7908514d/image2_dcacdiamond216.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A style="text-decoration: none; color: #007bff;" href="https://marketplace.microsoft.com/marketplace/apps/dcassociatesgroupinc.gitlab-ce-server" target="_blank" rel="noopener"&gt;GitLab CE on Ubuntu 24.04 LTS&lt;/A&gt;&lt;BR /&gt;&lt;A style="text-decoration: none; color: #007bff;" href="https://marketplace.microsoft.com/marketplace/apps/dcassociatesgroupinc.ubuntu-confidential-vm-focal" target="_blank" rel="noopener"&gt;Pre-Hardened Ubuntu 24.04 LTS Confidential VM&lt;/A&gt;&amp;nbsp;&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/kcloudhubllc1763357129530.anacondaaa-4281e4ae-27e7-46e2-a7fc-a853bb24d043/image0_kcloudlogo.txt.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A style="text-decoration: none; color: #007bff;" href="https://marketplace.microsoft.com/marketplace/apps/kcloudhubllc1763357129530.anacondaaa" target="_blank" rel="noopener"&gt;Anaconda&lt;/A&gt;&lt;BR /&gt;&lt;A style="text-decoration: none; color: #007bff;" href="https://marketplace.microsoft.com/marketplace/apps/kcloudhubllc1763357129530.nomad3333" target="_blank" rel="noopener"&gt;Nomad&lt;/A&gt;&lt;BR /&gt;&lt;A style="text-decoration: none; color: #007bff;" href="https://marketplace.microsoft.com/marketplace/apps/kcloudhubllc1763357129530.wagtail122" target="_blank" rel="noopener"&gt;Wagtail&lt;/A&gt;&amp;nbsp;&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/pcloudhostingllc1770894336819.craft-b54cec1a-d3df-4cb9-8896-0e7173407079/image2_pCloud216.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A style="text-decoration: none; color: #007bff;" href="https://marketplace.microsoft.com/marketplace/apps/pcloudhostingllc1770894336819.craft" target="_blank" rel="noopener"&gt;Craft CMS&lt;/A&gt;&amp;nbsp;&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/quantumaiinc1765274899639.qai-ckfcmlfmicrok8sjuju-8363d032-736f-48c4-b289-665b484bca78/image7_QuantumAiicon216x216.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A style="text-decoration: none; color: #007bff;" href="https://marketplace.microsoft.com/marketplace/apps/quantumaiinc1765274899639.qai-ckfcmlfmicrok8sjuju" target="_blank" rel="noopener"&gt;Kubeflow and MLFlow by QUANTUM AI&lt;/A&gt;&amp;nbsp;&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/sedetos.docker_on_ubuntu_26_04-89634426-139d-43f7-a682-fdb355af0412/image5_SedetosGlobalSolutionsLogo2.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A style="text-decoration: none; color: #007bff;" href="https://marketplace.microsoft.com/marketplace/apps/sedetos.docker_on_ubuntu_26_04" target="_blank" rel="noopener"&gt;Docker CE on Ubuntu 26.04 LTS for Containerized Applications and DevOps&lt;/A&gt;&amp;nbsp;&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/siemensindustrysoftwareulc1738257559104.nx_vm_canada-55242984-020c-4084-8a1a-e756cb8c3d70/image1_Siemens216x216.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A style="text-decoration: none; color: #007bff;" href="https://marketplace.microsoft.com/marketplace/apps/siemensindustrysoftwareulc1738257559104.nx_vm_canada" target="_blank" rel="noopener"&gt;Siemens NX VM (CA)&lt;/A&gt;&amp;nbsp;&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;/tr&gt;&lt;tr&gt;&lt;th colspan="2" style="padding: 20px 0px 20px 0px;"&gt;
&lt;H3&gt;&lt;EM&gt;Go further with workshops, proofs of concept, and implementations&lt;/EM&gt;&lt;/H3&gt;
&lt;/th&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/endavauklimited1625147006011.payment_engine-a3c1857b-efc5-4abc-adf7-bc69bb156265/image4_EndavaLogoMSMarketLarge.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/consulting-services/endavauklimited1625147006011.payment_engine" target="_blank" rel="noopener"&gt;Agile Payment Engine: Implementation&lt;/A&gt;: Endava’s Agile Payment Engine modernizes payment routing with a Microsoft Azure-native platform featuring intelligent multi-PSP routing to reduce costs. Agile Payment Engine provides pre-built adapters for rapid integration and a resilient, event-driven architecture. It ensures secure, scalable, compliant payment processing, accelerating legacy migration and enabling businesses to own and optimize their payment infrastructure.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/logicvinc1717228303427.logicv-ai-voice-agent-fc19cbfc-0418-4b9f-97a1-7c266bcc1ef6/image0_IconBarsRedWhite256.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/consulting-services/logicvinc1717228303427.logicv-ai-voice-agent" target="_blank" rel="noopener"&gt;AI Voice Agent – Intelligent Call Automation &amp;amp; Customer Engagement&lt;/A&gt;: Logic V’s AI Voice Agent modernizes business communications by automating call handling using natural language understanding. Integrating with Microsoft Teams and VoIP, it offers virtual agents for customer support, call routing, and appointment booking, reducing costs, improving response times, and enhancing customer experience across various industries.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/sonata-software-ltd.ai_driven_frontier_back_office_transformation-2a0eaede-7521-494a-9495-7332fad2de62/image2_sonata.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/consulting-services/sonata-software-ltd.ai_driven_frontier_back_office_transformation" target="_blank" rel="noopener"&gt;AI-Driven Frontier Back Office Transformation: Implementation&lt;/A&gt;: Sonata Software's AI-Driven Frontier Back Office Transformation modernizes finance, HR, legal, procurement, and IT operations using Microsoft AI, automation, and cloud technologies. It boosts productivity, reduces costs, accelerates decisions, and ensures compliance through AI-powered workflows, copilots, and governance, delivering significant efficiency gains and faster processing across enterprises.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/onevinnab1584524637695.onevinn-center-of-excellence-ai-f4c2c247-0fe2-4eaf-b2de-57e5d06ff730/image4_onevinn.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/consulting-services/onevinnab1584524637695.onevinn-center-of-excellence-ai" target="_blank" rel="noopener"&gt;Center of Excellence for AI&lt;/A&gt;: Onevinn's Center of Excellence for AI (CoEAI) helps organizations strategically build, govern, and scale AI using Microsoft Foundry and Copilot. It ensures secure, responsible AI adoption, accelerates innovation, aligns teams, and maximizes business value, enabling confident, enterprise-wide AI transformation with standardized governance and future-proof strategies.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/govms_4322625.coe_fabric_specialistservices-8e9330ef-952d-4560-88c6-6dcc1f9fa8fd/image1_LogoGovMSmarketplace.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/consulting-services/govms_4322625.coe_fabric_specialistservices" target="_blank" rel="noopener"&gt;Center of Excellence Services for Microsoft Fabric&lt;/A&gt;: Available in Spanish, the GOVms offer offers expert support for designing, implementing, and optimizing Microsoft Fabric data solutions. Services include architecture design, data integration, real-time intelligence, governance, and training. GOVms accelerates data transformation with scalable architectures, best practices, and enhanced adoption of Fabric capabilities.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/logicvinc1602177049987.copilot-ai-adoption-accelerator-b092963a-7f31-48c4-bc6a-5a9a3f528635/image1_Logomain.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/consulting-services/logicvinc1602177049987.copilot-ai-adoption-accelerator" target="_blank" rel="noopener"&gt;Copilot and AI Adoption Accelerator&lt;/A&gt;: Logic V’s Copilot and AI Adoption Accelerator helps organizations deploy Microsoft 365 Copilot effectively. It includes readiness assessment, use case identification, configuration, user training, and a value realization framework. The program ensures secure, compliant AI integration, boosting productivity, decision-making, and reducing manual effort across business functions.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/quadrantresourcellc.digital_credit_officer_ps-3373644a-6ff8-4ef0-9d62-d9c383fe94b8/image0_216X216.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/consulting-services/quadrantresourcellc.digital_credit_officer_ps" target="_blank" rel="noopener"&gt;Digital Credit Officer&lt;/A&gt;: Quadrant Technologies’ AI-Powered Credit Memo Generation automates commercial lending credit analysis for banks using Microsoft Azure AI. It processes loan documents, calculates financial metrics, benchmarks compliance, and generates audit-ready memos in seconds. Features include risk detection, stress testing, and integration with loan systems, boosting efficiency and accuracy.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/evros-technology_group.azure_arc_poc-f18b754f-1817-4c22-93d5-01ec0aff779f/image2_MSMarketplaceProfile.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/consulting-services/evros-technology_group.azure_arc_poc" target="_blank" rel="noopener"&gt;eir business Proof of Concept for Microsoft Azure Arc&lt;/A&gt;: eir business offers a proof of concept built on Microsoft Azure Arc to help organizations validate Azure Arc capabilities in their environment. The engagement includes planning, deployment, governance, monitoring, and reporting, enabling unified management across on-premises, multi-cloud, and edge resources, improving visibility, policy enforcement, and operational control.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/evros-technology_group.purview_implementation-ae145e40-3820-4272-a31b-4707e7b7a8ca/image7_MSMarketplaceProfile.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/consulting-services/evros-technology_group.purview_implementation" target="_blank" rel="noopener"&gt;eir business Implementation of Microsoft Purview&lt;/A&gt;: eir business offers an implementation of Microsoft Purview to enhance data governance, protection, and compliance across Microsoft 365. This service includes assessment, solution design, sensitivity labeling, data-loss prevention, retention policies, and auto-labeling, helping organizations reduce data risks, improve visibility, automate protection, and establish a roadmap for ongoing governance maturity.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/endavauklimited1625147006011.merchant_onboarding-ed11c30e-d0df-4c03-b32c-a804eedb9d84/image1_EndavaLogoMSMarketLarge.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/consulting-services/endavauklimited1625147006011.merchant_onboarding" target="_blank" rel="noopener"&gt;Endava Digital Merchant Experience &amp;amp; Onboarding&lt;/A&gt;: Endava’s Digital Merchant Experience &amp;amp; Onboarding Service modernizes merchant onboarding with automated workflows, real-time dashboards, and seamless single sign-on using Microsoft Entra ID. Deployed on Microsoft Azure, it integrates legacy systems, accelerates merchant acquisition, and secures access via role-based controls, enhancing payment platforms with scalable, data-driven insights and compliance automation.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/theinformationlabireland.fabricact-e57e8121-c644-4158-aaae-916ffc1aeae5/image2_TILLogo216.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/consulting-services/theinformationlabireland.fabricact" target="_blank" rel="noopener"&gt;Fabric ACT: Data &amp;amp; AI Managed Service&lt;/A&gt;: The Information Lab Ireland offers a Microsoft Fabric data service ensuring accurate, connected, trusted data. Services include diagnosis, design, and ongoing support. The Information Lab Ireland provides outcome-focused solutions furthering governance, AI readiness, and executive alignment for Irish businesses.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/scopewysegmbh1598454112651.scwy-w-cp007-azure-networking-70075142-b9ca-47ff-b01c-77128bb16230/image1_logo.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/consulting-services/scopewysegmbh1598454112651.scwy-w-cp007-azure-networking" target="_blank" rel="noopener"&gt;Hybrid Network Foundation: Azure Virtual WAN&lt;/A&gt;: scopewyse AG will implement a hybrid network solution built on Microsoft Azure virtual WANs, aligned with the Microsoft Cloud Accessibility Framework and the Zero Trust framework. Eliminate implicit trust, reduce attack surfaces via segmentation, and enable secure remote work without VPNs while gaining improved visibility and control across hybrid, multi-cloud environments.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/endavauklimited1625147006011.legacy_iso8583-49d82934-d31c-4867-b87e-c3c520916fb7/image1_EndavaLogoMSMarketLarge.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/consulting-services/endavauklimited1625147006011.legacy_iso8583" target="_blank" rel="noopener"&gt;Legacy Payments and ISO 8583 Integration&lt;/A&gt;: Endava delivers a secure ISO 8583 adapter built on Microsoft Azure to bridge modern JSON APIs with legacy banking systems. This solution ensures accurate message translation, secure TCP/IP connectivity, cryptographic protection via Azure Key Vault, and accelerated deployment using proprietary tools, enabling seamless integration between cloud-native payments and traditional financial infrastructure.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/endavauklimited1625147006011.mobile_payment_app-0c458e81-0bd7-4e22-9c41-6791fb46bee1/image0_EndavaLogoMSMarketLarge.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/consulting-services/endavauklimited1625147006011.mobile_payment_app" target="_blank" rel="noopener"&gt;Mobile Payment &amp;amp; App Accelerator&lt;/A&gt;: Endava’s Mobile Payment &amp;amp; App Acceleration service speeds secure mobile commerce on iOS and Android. It integrates brandable payment SDKs, secure card tokenization to reduce PCI scope, user onboarding, and push notifications for engagement. Built on Microsoft Azure, it ensures seamless, secure, and scalable mobile payment experiences.&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td style="padding: 15px;"&gt;&lt;IMG src="https://catalogartifact.azureedge.net/publicartifacts/algoscale.as_dwh-001e937c-35c5-4c07-8bb6-945bfbf9d55d/image3_Icon.png" alt="" width="100" height="100" /&gt;&lt;/td&gt;&lt;td style="padding: 15px;"&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/consulting-services/algoscale.as_dwh" target="_blank" rel="noopener"&gt;Modern Data Platform on Azure &amp;amp; Fabric: 4-Week Implementation&lt;/A&gt;: Algoscale modernizes data platforms on Microsoft Azure, Fabric, and Power BI. The implementation includes architecture assessment, lakehouse design, pipeline migration, and governed semantic models, delivering a unified, trusted data source with faster reporting, self-service analytics, and improved data quality for enterprises and mid-market firms.&lt;/td&gt;&lt;/tr&gt;&lt;/tbody&gt;&lt;colgroup&gt;&lt;col style="width: 15%" /&gt;&lt;/colgroup&gt;&lt;/table&gt;&lt;/DIV&gt;
&lt;H3&gt;&lt;EM&gt;Contact our partners&lt;/EM&gt;&lt;/H3&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/ixnsolutionsllc1781211676474.351x-insider-risk-platform" target="_blank" rel="noopener"&gt;351X Insider Risk &amp;amp; Personnel Reporting Platform&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/PUBID.altenbrand%7cAID.ad-merchantcentral-jarltech%7cPAPPID.83eb1682-5b38-4185-8ffb-2dcfa4ca4e8e" target="_blank" rel="noopener"&gt;AD merchantCENTRAL Supplier Jarltech&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/purple-identity.admiral_oracle_erp" target="_blank" rel="noopener"&gt;Admiral: Sync Microsoft Entra &amp;amp; Active Directory with Oracle ERP&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/purple-identity.admiral_servicenow" target="_blank" rel="noopener"&gt;Admiral: Sync Microsoft Entra &amp;amp; Active Directory with ServiceNow&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/purple-identity.admiral-salesforce" target="_blank" rel="noopener"&gt;Admiral: Sync Microsoft Entra and Active Directory with Salesforce&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/consulting-services/expertsinside.xi_ai_advisor" target="_blank" rel="noopener"&gt;AI Advisor Enterprise&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/consulting-services/software-one.ai_opportunity_advisor" target="_blank" rel="noopener"&gt;AI Opportunity Advisor Agent by SoftwareOne&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/dynamicstelephony.dt_ai_transcription_to_dynamics365" target="_blank" rel="noopener"&gt;AI Transcription to Dynamics 365&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/dynatechsystemspvtltd1605772324047.aimdm" target="_blank" rel="noopener"&gt;AI-Driven Master Data Management (MDM) on Microsoft Fabric&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/alfred-dashboard.alfred-saas" target="_blank" rel="noopener"&gt;alfred_ Personal AI Assistant&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/avanadeinc.avadeliverystatus" target="_blank" rel="noopener"&gt;Avanade Delivery Status Agent&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/consulting-services/synapx.appsassessment" target="_blank" rel="noopener"&gt;Azure AI Application Modernization: Assessment and Proof of Value&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/bklug.bklug-whatsapp-sales-agent" target="_blank" rel="noopener"&gt;bKlug e-Commerce for WhatsApp&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/cruciallogics.finops_workload_azure_cost_optimization" target="_blank" rel="noopener"&gt;CrucialLogics FinOps Workload&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/generalgenomicsinc1769634947507.curosygnal_contactme" target="_blank" rel="noopener"&gt;CuroSygnal&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/cloudsource1664978597240.cs-tech-4" target="_blank" rel="noopener"&gt;Data Analytics&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/datastreams.qualitystreamapplication" target="_blank" rel="noopener"&gt;DataStreams QualityStream Application&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/4695016.2026_15" target="_blank" rel="noopener"&gt;Digital Workplace 365 Platform&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/donethat.donethat" target="_blank" rel="noopener"&gt;DoneThat&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/dradis.dradis_ce_app" target="_blank" rel="noopener"&gt;Dradis Community Edition (CE)&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/byteplus.seedance_test" target="_blank" rel="noopener"&gt;Dreamina Seedance 2.0&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/dynamicon.dynamityelectronicinvoicingzugferd" target="_blank" rel="noopener"&gt;Dynamity Electronic Invoicing ZUGFeRD&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/easyentra.easyentra" target="_blank" rel="noopener"&gt;EasyEntra&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/PUBID.microsoftdynsmb%7cAID.expense_agent_preview%7cPAPPID.66efe10c-8033-403b-a86d-77c0887178ba" target="_blank" rel="noopener"&gt;Expense Agent (Preview)&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/dbtek.feedex" target="_blank" rel="noopener"&gt;FeedEx&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/habilelabsprivatelimited1686568085754.habilefinopsformicrosoft" target="_blank" rel="noopener"&gt;FinOps App for Azure and Microsoft Spending&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/ebicom.formula" target="_blank" rel="noopener"&gt;Formula&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/greycoatsoftwareinc1736955111421.lems3" target="_blank" rel="noopener"&gt;Greycoat Land and Environment Management System&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/hcl-technologies.hcltech_irp_guideline_comparison_agents" target="_blank" rel="noopener"&gt;HCLTech Guideline Comparison Agents&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/consulting-services/freschesolutionsinc.x-analysis" target="_blank" rel="noopener"&gt;IBM i Application &amp;amp; Data Assessment for Microsoft Azure Modernization&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/inf-cloud-platform.infiterra-subscription-commerce-platform-msps" target="_blank" rel="noopener"&gt;Infiterra Subscription Commerce Platform for MSPs&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/PUBID.axiansinfomagmbh1780311224027%7cAID.infoma_ch_aufgaben_und_ereignismeldungen%7cPAPPID.e6f572a2-8fe3-432d-a729-643eab674642" target="_blank" rel="noopener"&gt;Infoma Tasks and Reports (CH)&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/PUBID.axiansinfomagmbh1780311224027%7cAID.infoma_ch_erechnung%7cPAPPID.5c62bde1-ecec-4f33-82bf-b1a0c6420259" target="_blank" rel="noopener"&gt;Infoma e-Invoice (CH)&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/PUBID.axiansinfomagmbh1780311224027%7cAID.infoma_ch_oeffentliche_verwaltungen_und_kirchen%7cPAPPID.838ef48a-ab3c-4a4a-8f72-47a9a78ce6b6" target="_blank" rel="noopener"&gt;Infoma for Public Administrative Services and Churches (CH)&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/PUBID.axiansinfomagmbh1780311224027%7cAID.infoma_ch_inventar%7cPAPPID.c718b851-aefe-44f8-8205-547e2e51fedd" target="_blank" rel="noopener"&gt;Infoma Inventory (CH)&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/PUBID.alfapeople%7cAID.apd365forbclatamcollectiontracking%7cPAPPID.51ad1d4a-b4e2-41ad-a7b4-de07d179113f" target="_blank" rel="noopener"&gt;Latam Collection Tracking&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/lemonlime.lemonlime" target="_blank" rel="noopener"&gt;LemonLime&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/consulting-services/vodafoneromania1621516636426.vdfro_managed_security_mdb" target="_blank" rel="noopener"&gt;Managed Services for Security: 2-Hour Briefing&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/paayatechinc1648995367585.matteralert" target="_blank" rel="noopener"&gt;Matter Alert&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/mywaydigitalhealth1684313270105.myway_education" target="_blank" rel="noopener"&gt;MyWay Education&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/PUBID.navalscm%7cAID.navalscm%7cPAPPID.2f7dc5d9-5de4-4c9a-9f89-f4501c4828c7" target="_blank" rel="noopener"&gt;Naval SCM for Business Central&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/numi.numi_scm" target="_blank" rel="noopener"&gt;numi AI Demand Forecasting, Inventory Optimization, &amp;amp; Automated Purchasing&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/onwareinc1781197693095.onwarecontractadmin" target="_blank" rel="noopener"&gt;Onware Contract Administration&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/ifourtechnolabprivatelimited1715753920355.ifourtechnolab_qrfeedix" target="_blank" rel="noopener"&gt;QRFeedix&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/recoverytools.protonmail-export" target="_blank" rel="noopener"&gt;RecoveryTools For ProtonMail Export Tool&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/recoverytools.zimbra-to-gmail" target="_blank" rel="noopener"&gt;RecoveryTools For Zimbra to Gmail Migration Tool&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/PUBID.erpconnectconsultingllc1655482443679%7cAID.1635cb51-8afa-4b29-a79e-54b83764be9a%7cPAPPID.1635cb51-8afa-4b29-a79e-54b83764be9a" target="_blank" rel="noopener"&gt;RUX Advanced Surcharge&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/dassecurity.secnova_ai_siem_offer_2" target="_blank" rel="noopener"&gt;SecNova AI SIEM&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/spusa.securepoint-regulated-access" target="_blank" rel="noopener"&gt;SecurePoint Regulated Access&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/sentinari.seeitsayit" target="_blank" rel="noopener"&gt;Sentinari See It Say It&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/TYPE.connect%7cPUBID.centerstageinc1690983912338%7cAID.shopware%7cPAPPID.6da422af-7be8-4401-b9fb-183ee1a0fff7" target="_blank" rel="noopener"&gt;Shopware for Microsoft Dynamics 365 Business Central&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/sysinfotoolssoftwarepvtltd.dbx_viewer_software" target="_blank" rel="noopener"&gt;SysInfo DBX Viewer Software&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/sysinfotoolssoftwarepvtltd.nsf_viewer_tool" target="_blank" rel="noopener"&gt;SysInfo NSF Viewer Tool&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/consulting-services/telanalimited1751970125551.powerreview" target="_blank" rel="noopener"&gt;Telana PowerReview: Security Assessment&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/product/web-apps/PUBID.bc4allaps%7cAID.wrenchtime_pro_cmms%7cPAPPID.c911cdc2-9b89-4db8-8f0c-dd5902160c80" target="_blank" rel="noopener"&gt;WrenchTime Pro CMMS&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://marketplace.microsoft.com/marketplace/apps/wyverniq.wyverniqpaas" target="_blank" rel="noopener"&gt;WyvernIQ Autonomous Cyber Health Intelligence&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;This content was generated by Microsoft Azure OpenAI, then revised by human editors.&lt;/EM&gt;&lt;/P&gt;</description>
      <pubDate>Fri, 10 Jul 2026 16:46:23 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/marketplace-blog/new-in-microsoft-marketplace-july-10-2026/ba-p/4522360</guid>
      <dc:creator>Nikhil_Viswanathan</dc:creator>
      <dc:date>2026-07-10T16:46:23Z</dc:date>
    </item>
    <item>
      <title>When Arc Goes Silent: Turning Visibility Gaps into SOC Action</title>
      <link>https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/when-arc-goes-silent-turning-visibility-gaps-into-soc-action/ba-p/4535711</link>
      <description>&lt;P&gt;Hybrid blind spots rarely announce themselves. They appear when an&amp;nbsp;&lt;STRONG&gt;Azure Arc-enabled server&lt;/STRONG&gt;&amp;nbsp;drops out, health signals go stale, and the SOC loses confidence in monitoring coverage. This playbook uses&amp;nbsp;&lt;STRONG&gt;Microsoft Sentinel&lt;/STRONG&gt;&amp;nbsp;and&amp;nbsp;&lt;STRONG&gt;Logic Apps&lt;/STRONG&gt; to turn that noise into one clear daily signal the team can act on.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;The problem: too much noise, not enough assurance&amp;nbsp;&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;One unhealthy server, one alert, one more email—at scale, that does not help the SOC. What leaders need is assurance: where visibility is weakening, which systems matter, and when action is needed.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;The use case: daily assurance for hybrid monitoring coverage&amp;nbsp;&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;The use case is simple: identify Arc-enabled servers that stay unhealthy beyond a set threshold, such as&amp;nbsp;&lt;STRONG&gt;30 minutes&lt;/STRONG&gt;, and send one consolidated summary each day. For a&amp;nbsp;&lt;STRONG&gt;CISO&lt;/STRONG&gt;, this improves assurance. For a&amp;nbsp;&lt;STRONG&gt;SOC Manager&lt;/STRONG&gt;, it cuts noise and helps teams prioritize faster.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Solution overview: simple automation, stronger operational signal&amp;nbsp;&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;The workflow runs on a schedule, queries&amp;nbsp;&lt;STRONG&gt;Log Analytics&lt;/STRONG&gt;, filters Arc health issues, formats the results into a clean HTML report, and sends a single email through&amp;nbsp;&lt;STRONG&gt;Office 365 Outlook&lt;/STRONG&gt;. The outcome is not more telemetry—it is a better operational signal.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Prerequisites&lt;/STRONG&gt;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;One or more Azure Arc-enabled servers connected to Azure.&lt;/LI&gt;
&lt;LI&gt;Azure Monitor Agent installed and sending heartbeat data to a Log Analytics workspace.&lt;/LI&gt;
&lt;LI&gt;Microsoft Sentinel enabled on the target workspace if the playbook is being used as part of SOC operations.&lt;/LI&gt;
&lt;LI&gt;A Logic App with permissions to run the query and send email through Office 365 Outlook.&lt;/LI&gt;
&lt;LI&gt;A reviewed threshold, recipient list, and notification cadence aligned to your operating model.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;How the workflow creates decision-ready visibility&amp;nbsp;&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;In practice, this becomes a daily control: check Arc health, isolate persistent issues, and route one concise summary to the right teams. That gives the SOC a cleaner way to review monitoring gaps before they become bigger operational problems.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Why this matters to a CISO and SOC Manager&amp;nbsp;&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;For security leadership, this is about confidence. If Arc health degrades on systems tied to monitoring, policy, or data collection, the risk is not just technical—it is a visibility gap. This playbook helps surface that gap early and in a form teams can act on quickly.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Three practical scenarios where this playbook delivers value &lt;/STRONG&gt;&lt;STRONG&gt;&amp;nbsp;&lt;/STRONG&gt;&lt;/P&gt;
&lt;OL&gt;
&lt;LI&gt;&lt;STRONG&gt; Reduce SOC noise.&lt;/STRONG&gt;Replace scattered alerts with one daily summary.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt; Strengthen executive assurance.&lt;/STRONG&gt;Highlight persistent blind spots before they turn into escalations.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt; Improve team coordination.&lt;/STRONG&gt;Give security and infrastructure teams one shared view of the issue.&lt;/LI&gt;
&lt;/OL&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Sample KQL to identify persistent Arc monitoring gaps&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;This sample query uses the Heartbeat table to identify Azure Arc-connected machines whose latest heartbeat is older than the defined threshold. It is a practical starting point and can be tuned further based on the environment and data collection design.&lt;/P&gt;
&lt;LI-CODE lang="sql"&gt;let ThresholdTime = 30;
AzureActivity
| where TimeGenerated &amp;gt; ago(1d)
| where CategoryValue == "ResourceHealth"
| where parse_json(Properties).currentHealthStatus == "Unavailable"
| where ActivityStatusValue == "Active"
| extend ResourceType = Properties_d.resourceProviderValue
| where ResourceType == "MICROSOFT.HYBRIDCOMPUTE"
| extend StartTime = TimeGenerated
| extend ServerName = Properties_d.resource
| join kind=leftouter (
AzureActivity
| where ActivityStatusValue == "Resolved"
| extend ResourceType = Properties_d.resourceProviderValue
| where ResourceType == "MICROSOFT.HYBRIDCOMPUTE"
| extend EndTime = TimeGenerated
) on CorrelationId
| extend Minutes_OfflineTillResolve = datetime_diff('minute', EndTime, StartTime)
| project ServerName, StartTime, EndTime, CorrelationId, Minutes_OfflineTillResolve, Level, ActivityStatusValue1, ResourceGroup, OperationNameValue, SubscriptionId, ResourceProvider, Type, CategoryValue, ActivityStatusValue
| extend TotalMinutes_Offline = datetime_diff('minute', now(), StartTime)
| where TotalMinutes_Offline &amp;gt;= ThresholdTime and ActivityStatusValue1 !has "Resolved"
| order by TotalMinutes_Offline desc
&lt;/LI-CODE&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Operational flow &lt;/STRONG&gt;&lt;STRONG&gt;&amp;nbsp;&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;img /&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;ARM Template:&lt;/STRONG&gt; &lt;A href="https://github.com/Abhishek-Sharan/microsoft-security-operations-toolkit/blob/1e3aeff329e0d9b1d7caf2e4bfbc8476dfdb2ff2/Microsoft%20Sentinel/Automation/Playbooks/AzureArcServerMonitoring.playbook.json" target="_blank"&gt;microsoft-security-operations-toolkit/Microsoft Sentinel/Automation/Playbooks/AzureArcServerMonitoring.playbook.json at 1e3aeff329e0d9b1d7caf2e4bfbc8476dfdb2ff2 · Abhishek-Sharan/microsoft-security-operations-toolkit&lt;/A&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Customization Ideas:&lt;/STRONG&gt;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Adjust the heartbeat threshold based on server criticality or business hours.&lt;/LI&gt;
&lt;LI&gt;Route summaries to different teams based on subscription, resource group, or server tags.&lt;/LI&gt;
&lt;LI&gt;Send notifications to Microsoft Teams in addition to, or instead of, email.&lt;/LI&gt;
&lt;LI&gt;Enrich the output with owner, business service, or environment metadata.&lt;/LI&gt;
&lt;LI&gt;Trigger incident creation only for high-priority or repeated visibility gaps.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Closing perspective&amp;nbsp;&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;The best SOC automations do not just collect signals—they create clarity. This playbook helps security teams spot Arc-related monitoring gaps early, reduce noise, and act with more confidence.&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Fri, 10 Jul 2026 12:07:15 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/when-arc-goes-silent-turning-visibility-gaps-into-soc-action/ba-p/4535711</guid>
      <dc:creator>absharan</dc:creator>
      <dc:date>2026-07-10T12:07:15Z</dc:date>
    </item>
    <item>
      <title>Stop Hand-Building VMs at 2 AM: Automated Image Pipelines with Azure Image Builder and Compute Gallery</title>
      <link>https://techcommunity.microsoft.com/t5/itops-talk-blog/stop-hand-building-vms-at-2-am-automated-image-pipelines-with/ba-p/4534213</link>
      <description>&lt;P&gt;Hello Folks!&lt;/P&gt;
&lt;P&gt;If you have ever stood up a marketplace Ubuntu VM, SSH’d in, layered on your monitoring agent, security tooling, a couple of CA certs, and a hardening script, then captured the result and called it your “golden image,” I have bad news. That image was already drifting from the next one your coworker built before you finished naming the snapshot. At the Microsoft Azure Infra Summit 2026, Sandeep Raichura (PM for Azure Compute Gallery) and Kofi Forsen (PM for Azure VM Image Builder) rebuilt the whole workflow the right way. Source, customize, validate, distribute, deploy. No clicks. No tribal knowledge. No 2 AM heroics.&lt;/P&gt;
&lt;P&gt;📺 &lt;STRONG&gt;Watch the session:&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;DIV class="lia-embeded-content" contenteditable="false"&gt;&lt;IFRAME src="https://www.youtube.com/embed/JZFPGHtwnNI?si=EahhV8UihAjRAEnx" width="100%" title="YouTube video player" allowfullscreen="allowfullscreen" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" frameborder="0" style="aspect-ratio: 16/9; height: auto;" sandbox="allow-scripts allow-same-origin allow-forms"&gt;
&lt;/IFRAME&gt;&lt;/DIV&gt;
&lt;H2&gt;Why IT Pros Should Care&lt;/H2&gt;
&lt;P&gt;You carry the pager when a bad image rolls into ten regions. You explain why three teams have three different Ubuntu 22.04 baselines with three different agents. You find out at 2 AM that someone deleted “the old image” and the old image was the one production VMSS was still pulling.&lt;/P&gt;
&lt;P&gt;This session is in your lane. It covers:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Why hand-rolled images stop working the moment a second team needs one.&lt;/LI&gt;
&lt;LI&gt;How Azure VM Image Builder (AIB) turns image creation into declarative pipeline code.&lt;/LI&gt;
&lt;LI&gt;How Azure Compute Gallery handles versioning, replication, sharing, and accidental-deletion protection.&lt;/LI&gt;
&lt;LI&gt;How automatic image creation triggers chain a marketplace update through your golden image, into every downstream image, with zero manual steps.&lt;/LI&gt;
&lt;LI&gt;How VM Scale Sets close the loop with rolling upgrades and automatic OS upgrade.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;In short, this is the practitioner version of “do VM image management properly,” from the PMs who own both services.&lt;/P&gt;
&lt;H2&gt;What is Azure Image Builder and Azure Compute Gallery&lt;/H2&gt;
&lt;P&gt;The two services do different jobs and you really do need both.&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Azure VM Image Builder&lt;/STRONG&gt; is the build engine. You hand it a JSON template that declares:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;A source (marketplace image, managed image, VHD, or existing gallery version).&lt;/LI&gt;
&lt;LI&gt;Customizers (shell, PowerShell, Windows updates, file copies, restart steps).&lt;/LI&gt;
&lt;LI&gt;One or more distribute targets (usually a Compute Gallery image definition).&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;AIB spins up a temporary build VM, runs your customizers in order, validates, generalizes, captures, and publishes. Every build runs the exact same way. No SSH, no RDP, no “I forgot to install the monitoring agent this time.”&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Azure Compute Gallery&lt;/STRONG&gt; is the management layer for the resulting artifacts. Formerly Shared Image Gallery, it has three levels:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;Gallery.&lt;/STRONG&gt; The top-level container. Sharing policy lives here: RBAC, Direct Shared Gallery, or Community Gallery.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Image definition.&lt;/STRONG&gt; The metadata. OS type, generation, security type, publisher / offer / SKU. The SKU of an image family.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Image version.&lt;/STRONG&gt; The actual replicated artifact. Controls regions, replica counts, storage type (ZRS by default), end-of-life date, and the safety flags.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;AIB writes the artifact. Compute Gallery stores, versions, replicates, and shares it.&lt;/P&gt;
&lt;H2&gt;Building an automated image pipeline&lt;/H2&gt;
&lt;P&gt;The session walked through the five steps a real pipeline needs, with no manual intervention in the critical path:&lt;/P&gt;
&lt;OL&gt;
&lt;LI&gt;&lt;STRONG&gt;Source.&lt;/STRONG&gt; A marketplace image or any other base.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Customize.&lt;/STRONG&gt; Scripts that install agents, harden, configure, and validate. Stored in a storage account so AIB can pull them with the right managed identity.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Validate.&lt;/STRONG&gt; Built-in validation hooks plus your own smoke tests baked into the customizer. Fail fast. Do not silently continue.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Distribute.&lt;/STRONG&gt; Push the captured image to a Compute Gallery image definition. Pick your regions and replica counts here.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Version.&lt;/STRONG&gt; Compute Gallery handles semantic versioning, replication, and safety flags.&lt;/LI&gt;
&lt;/OL&gt;
&lt;P&gt;The trick that makes this a real pipeline is the two-template pattern Kofi demoed:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;A &lt;STRONG&gt;source template&lt;/STRONG&gt; builds the org-wide golden image from the marketplace base. Its source reference is set to latest for the marketplace SKU (for example, Canonical Ubuntu 22.04 latest).&lt;/LI&gt;
&lt;LI&gt;A &lt;STRONG&gt;distro template&lt;/STRONG&gt; layers user-group-specific tooling on top of the golden image. Its source reference is the golden image gallery version, also set to latest.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;Both templates get an &lt;STRONG&gt;automatic image creation trigger&lt;/STRONG&gt; attached. Triggers only fire when the template references latest. From that point on:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Canonical publishes a new Ubuntu 22.04. The source template’s trigger fires, AIB rebuilds your golden image, and a new version lands in the source gallery.&lt;/LI&gt;
&lt;LI&gt;That new golden image version fires the distro template’s trigger. AIB rebuilds every downstream distro image automatically.&lt;/LI&gt;
&lt;LI&gt;VM Scale Sets configured for automatic OS upgrade pick up the new image version and roll it out in batches, pausing if the Application Health probe goes red.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;You set it up once. After that you only come back when you want to change something on purpose.&lt;/P&gt;
&lt;H2&gt;Safety by design in Compute Gallery&lt;/H2&gt;
&lt;P&gt;A bad image at the top of this chain takes out thousands of VMs at the bottom. Sandeep was clear: safety is not optional, it is built in. The four features worth turning on every time:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;ZRS storage by default.&lt;/STRONG&gt; Image versions stored on zone-redundant storage so a zonal failure does not take the image down.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Exclude from latest.&lt;/STRONG&gt; Stage an image into a region without making it the default for new deployments. Flip the flag when you are ready to roll. You can set this globally on the version or per region.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Block deletion before end-of-life.&lt;/STRONG&gt; The image cannot be deleted until its end-of-life date. This is the flag that stops the 2 AM accidental delete.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Soft delete.&lt;/STRONG&gt; If everything else fails, soft delete gives you a recovery window to restore an image version that should not have been removed.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;Combine those four with a sane end-of-life date on every version and your blast radius drops dramatically.&lt;/P&gt;
&lt;H2&gt;Real-world scenarios&lt;/H2&gt;
&lt;P&gt;A few patterns that came up in the session and the Q&amp;amp;A:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;Multi-region fleets.&lt;/STRONG&gt; Define your target regions in the AIB template. AIB hands the artifact to Compute Gallery and Compute Gallery does the replication. Your scale sets in every region pull a local replica, not a cross-region copy.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Open-source publisher.&lt;/STRONG&gt; Use a Community Gallery so anyone in Azure can deploy your image. You provide a contact URL and email at the gallery level so consumers know where to file issues.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Partner sharing.&lt;/STRONG&gt; Use Direct Shared Gallery to grant specific subscriptions or tenants access without making the image public.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;VM Scale Sets with rolling upgrade.&lt;/STRONG&gt; Reference the image definition (not a specific version) when you create the scale set. The scale set tracks latest. Pair it with a rolling upgrade policy and the Application Health extension. AIB publishes, Compute Gallery replicates, the scale set rolls, and the rollout pauses itself if the Application Health probe goes red.&lt;/LI&gt;
&lt;/UL&gt;
&lt;H2&gt;Getting Started&lt;/H2&gt;
&lt;P&gt;Pick the highest-pain item and start there. You do not have to do this all at once.&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Stand up a Compute Gallery in one region. Create one image definition with proper publisher / offer / SKU metadata. Turn on soft delete at the gallery.&lt;/LI&gt;
&lt;LI&gt;Wrap an existing build script in an AIB image template. Use a marketplace image as the source. Distribute to your new gallery.&lt;/LI&gt;
&lt;LI&gt;Add excludeFromLatest, endOfLifeDate, and the block-deletion flags to your image version. Default to ZRS storage.&lt;/LI&gt;
&lt;LI&gt;Register the Microsoft.VirtualMachineImages and the triggers feature. Attach an automatic image creation trigger to the template. Set the source reference to latest.&lt;/LI&gt;
&lt;LI&gt;Build a second template that takes your golden image as its source. Attach a trigger to that one too.&lt;/LI&gt;
&lt;LI&gt;Create a VM Scale Set that references the image definition and enable automatic OS upgrade with rolling upgrades and the Application Health extension.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;That is the loop. Source updates flow through automatically. Bad images do not delete each other. Fleets roll forward in batches.&lt;/P&gt;
&lt;H2&gt;Resources&lt;/H2&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;A href="https://learn.microsoft.com/azure/virtual-machines/image-builder-overview" target="_blank"&gt;Azure VM Image Builder overview&lt;/A&gt;. The service concepts, supported OS, regions, and capabilities.&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://learn.microsoft.com/azure/virtual-machines/azure-compute-gallery" target="_blank"&gt;Azure Compute Gallery overview&lt;/A&gt;. Gallery, definition, version, replication, and sharing.&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://learn.microsoft.com/azure/virtual-machines/image-builder-best-practices" target="_blank"&gt;Azure VM Image Builder best practices&lt;/A&gt;. Identity, networking, customizers, and operational guidance from the product team.&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://learn.microsoft.com/azure/virtual-machines/image-builder-triggers-how-to" target="_blank"&gt;Automatic Image Creation with Image Builder triggers&lt;/A&gt;. Step-by-step to wire up source-image triggers.&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://learn.microsoft.com/azure/virtual-machines/image-version" target="_blank"&gt;Create an image definition and image version&lt;/A&gt;. Portal, CLI, PowerShell, and REST flows for publishing artifacts.&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade" target="_blank"&gt;Automatic OS image upgrades for VM Scale Sets&lt;/A&gt;. The closing leg of the pipeline.&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://learn.microsoft.com/azure/virtual-machines/share-gallery-community" target="_blank"&gt;Share images using Community Gallery&lt;/A&gt;. Public, non-commercial sharing for open-source publishers.&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://github.com/Azure/azvmimagebuilder" target="_blank"&gt;Azure Image Builder samples on GitHub&lt;/A&gt;. Reference templates, customization scripts, and end-to-end examples.&lt;/LI&gt;
&lt;/UL&gt;
&lt;H2&gt;Watch the rest of the Summit&lt;/H2&gt;
&lt;P&gt;This session was one of many at the Microsoft Azure Infrastructure Summit 2026. If you want the keynotes, the IaC deep dives, the AKS sessions, and the rest of the infra track, the full playlist is here:&lt;/P&gt;
&lt;P&gt;&lt;A href="https://www.youtube.com/playlist?list=PLjt5SKzX1iI8con7FJDB56G6hHqxGm7ki" target="_blank"&gt;Microsoft Azure Infra Summit 2026 playlist&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;Cheers!&lt;/P&gt;
&lt;P&gt;Pierre Roman&lt;/P&gt;</description>
      <pubDate>Fri, 10 Jul 2026 07:00:00 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/itops-talk-blog/stop-hand-building-vms-at-2-am-automated-image-pipelines-with/ba-p/4534213</guid>
      <dc:creator>Pierre_Roman</dc:creator>
      <dc:date>2026-07-10T07:00:00Z</dc:date>
    </item>
    <item>
      <title>Available today: OpenAI’s GPT-5.6 in Microsoft 365 Copilot</title>
      <link>https://techcommunity.microsoft.com/t5/microsoft-365-copilot-blog/available-today-openai-s-gpt-5-6-in-microsoft-365-copilot/ba-p/4533152</link>
      <description>&lt;P&gt;Starting today, OpenAI's GPT-5.6 family of models is available in Microsoft 365 Copilot—in Word, Excel, PowerPoint, Chat and Cowork. OpenAI and Microsoft partnered together to optimize GPT-5.6 for knowledge work across Microsoft 365 apps and make it the preferred model for Microsoft 365 Copilot. In addition to serving the models natively, Microsoft will also access OpenAI models directly through the API to bring GPT-5.6 to Microsoft 365 customers.&lt;/P&gt;
&lt;P&gt;Knowledge work is complex—multistep, ambiguous, and spread across tools and files. With stronger reasoning for agentic, multi-step work, GPT-5.6 helps Copilot take on more of that complexity more efficiently, moving faster from initial ideas to more complete work. Microsoft 365 Copilot is AI built for work, where frontier models like GPT-5.6 are an important part of a broader system designed to deliver business value—bringing together Work IQ, Microsoft 365 apps, and the enterprise-grade security, compliance, and privacy customers expect from Microsoft.&lt;/P&gt;
&lt;DIV style="position: relative; width: 100%; padding-bottom: 56.25%; height: 0; overflow: hidden;"&gt;&lt;IFRAME src="https://medius.microsoft.com/Embed/video-nc/c4406a99-0f83-45ff-9ec7-f0d5de44145d?r=791824160331" title="Cowork Model Selector" allowfullscreen="allowfullscreen" frameborder="0" style="position: absolute; top: 0; left: 0; width: 100%; height: 100%;" sandbox="allow-scripts allow-same-origin allow-forms"&gt;&lt;/IFRAME&gt;&lt;/DIV&gt;
&lt;H2&gt;&lt;SPAN data-contrast="none"&gt;Higher-quality work across apps you use every day&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559740&amp;quot;:278}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/H2&gt;
&lt;P&gt;&lt;SPAN data-contrast="none"&gt;GPT-5.6 helps Copilot raise the quality of everyday work in Word, Excel, and PowerPoint, moving from rough intent to stronger drafts, clearer analysis, and richer presentation drafts.&lt;/SPAN&gt;&lt;SPAN data-contrast="none"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559740&amp;quot;:278}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;&lt;SPAN data-contrast="auto"&gt;In Word&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;SPAN data-contrast="auto"&gt;, Copilot can help turn rough ideas into more complete drafts, organize content with stronger structure and flow, and refine writing into a more polished artifact.&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559740&amp;quot;:278}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;&lt;SPAN data-contrast="auto"&gt;In Excel&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;SPAN data-contrast="auto"&gt;, GPT-5.6 helps Copilot reason through more complex analysis and move from task to outcome with less manual assembly.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559740&amp;quot;:278}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;&lt;SPAN data-contrast="auto"&gt;In PowerPoint&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;SPAN data-contrast="auto"&gt;, Copilot can create richer presentation drafts with stronger slide content, better visual balance, and more flexibility across presentation styles.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559740&amp;quot;:278}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="none"&gt;Across these apps, GPT-5.6 helps Copilot take on more of the steps between idea and finished work, while keeping knowledge workers in control of the final outcome.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559740&amp;quot;:278}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;H3&gt;Reason through complex asks in Chat&lt;/H3&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;In Copilot Chat, GPT-5.6 helps Copilot reason through more complex asks—comparing options, structuring plans, troubleshooting problems, and working through ambiguity—to turn open-ended prompts into clearer, more actionable responses.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559740&amp;quot;:278}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;H3&gt;Get complex work done in Copilot Cowork&lt;/H3&gt;
&lt;P&gt;&lt;SPAN data-contrast="none"&gt;GPT-5.6 also strengthens agentic work in Copilot Cowork, carrying complex multi-step tasks from instruction to completed results. You describe the outcome, and Cowork plans, reasons across tools and files, and runs the work end-to-end, returning a finished deliverable, not just a draft or recommendation. &lt;/SPAN&gt;&lt;SPAN data-contrast="auto"&gt;With GPT-5.6, Cowork can execute efficiently and produce outputs that are more complete, polished, and usable from the start&lt;/SPAN&gt;&lt;SPAN data-contrast="none"&gt;. Paired with Work IQ, grounded in the systems your business runs on, Cowork brings the right context to each step so the work reflects your files, tools, and business context. You spend less time assembling the work and more time deciding what to do with it.&lt;/SPAN&gt;&amp;nbsp;&lt;/P&gt;
&lt;H3&gt;Get started today&lt;/H3&gt;
&lt;P&gt;&lt;SPAN data-contrast="none"&gt;The shift in how work gets done is real—and choosing the right model for the task at hand matters.&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="none"&gt;GPT-5.6 is rolling out to Copilot in Word, Excel, PowerPoint, Chat, and Copilot Cowork. Once available, Copilot may automatically use &lt;/SPAN&gt;&lt;SPAN data-contrast="auto"&gt;GPT-5.6 when it's best suited for the task. Where model selection is available, users can also choose GPT-5.6 directly from the model selector.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559739&amp;quot;:0,&amp;quot;335559740&amp;quot;:300}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;Availability may vary by region and tenant configuration; refer to &lt;/SPAN&gt;&lt;A href="https://go.microsoft.com/fwlink/p/?LinkId=2369720" target="_blank" rel="noopener"&gt;&lt;SPAN data-contrast="none"&gt;Microsoft Learn documentation,&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt; the &lt;/SPAN&gt;&lt;A href="https://www.microsoft.com/en-us/microsoft-365/roadmap?msockid=171b316f673c61533f86259f66e36080" target="_blank" rel="noopener"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;Microsoft 365 Roadmap&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt; and &lt;/SPAN&gt;&lt;A href="https://learn.microsoft.com/en-us/microsoft-365/copilot/release-notes?tabs=all" target="_blank" rel="noopener"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;Microsoft 365 Copilot release notes&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt; for the latest rollout status.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559739&amp;quot;:120,&amp;quot;335559740&amp;quot;:240}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;For more details on the model, see OpenAI’s GPT-5.6 announcement&lt;/SPAN&gt;&lt;SPAN data-contrast="auto"&gt; &lt;A class="lia-external-url" href="https://openai.com/index/gpt-5-6-preferred-model-microsoft-365-copilot/" target="_blank" rel="noopener"&gt;here&lt;/A&gt;.&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Fri, 10 Jul 2026 15:04:24 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/microsoft-365-copilot-blog/available-today-openai-s-gpt-5-6-in-microsoft-365-copilot/ba-p/4533152</guid>
      <dc:creator>xiasong</dc:creator>
      <dc:date>2026-07-10T15:04:24Z</dc:date>
    </item>
    <item>
      <title>Scale without friction: Grow Marketplace revenue without growing your team</title>
      <link>https://techcommunity.microsoft.com/t5/marketplace-blog/scale-without-friction-grow-marketplace-revenue-without-growing/ba-p/4526915</link>
      <description>&lt;P&gt;&lt;EM&gt;&lt;SPAN data-contrast="auto"&gt;This is a &lt;/SPAN&gt;&lt;A href="https://techcommunity.microsoft.com/tag/sell%20more%20with%20app%20advisor%20series?nodeId=board%3AMarketplace-Blog" target="_blank" rel="noopener"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;series &lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt;about how App Advisor can help software development companies streamline their build, publish, and growth through Marketplace; find the answers they need when they need them; and get curated, step-by-step guidance.&lt;/SPAN&gt;&lt;SPAN data-contrast="auto"&gt; &lt;/SPAN&gt;&lt;SPAN data-contrast="auto"&gt; &lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;335559685&amp;quot;:720}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/EM&gt;&lt;/P&gt;
&lt;P data-ccp-border-bottom="1px solid #000000" data-ccp-padding-bottom="1.3333333333333333px"&gt;_______________________________________________________________________________________________________________________________________________________________&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;As your business goals grow, expertise can become the bottleneck. Whether you're launching your first offer on Microsoft Marketplace or managing a portfolio of applications and AI agents, success can quickly become dependent on a handful of experts, consultants, or internal champions. &lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;Every layer of people you add has the potential to add friction. &lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;Teams wait for answers. Decisions stall. Opportunities slip. Skilled resources spend their time answering the same questions instead of driving strategic initiatives.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;134233117&amp;quot;:false,&amp;quot;134233118&amp;quot;:false,&amp;quot;201341983&amp;quot;:0,&amp;quot;335551550&amp;quot;:1,&amp;quot;335551620&amp;quot;:1,&amp;quot;335559685&amp;quot;:0,&amp;quot;335559737&amp;quot;:0,&amp;quot;335559738&amp;quot;:0,&amp;quot;335559739&amp;quot;:160,&amp;quot;335559740&amp;quot;:278}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;&lt;A class="lia-external-url" href="https://aka.ms/AppAdvisor" target="_blank" rel="noopener"&gt;App Advisor&lt;/A&gt; was built to help software companies streamline and scale easily, through AI-powered guidance, self-service enablement, and a scalable operating model. All without adding headcount or compromising expertise. &lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;134233117&amp;quot;:false,&amp;quot;134233118&amp;quot;:false,&amp;quot;201341983&amp;quot;:0,&amp;quot;335551550&amp;quot;:1,&amp;quot;335551620&amp;quot;:1,&amp;quot;335559685&amp;quot;:0,&amp;quot;335559737&amp;quot;:0,&amp;quot;335559738&amp;quot;:0,&amp;quot;335559739&amp;quot;:160,&amp;quot;335559740&amp;quot;:278}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;H1 aria-level="1"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-parastyle="heading 1"&gt;Growth &lt;/SPAN&gt;&lt;SPAN data-ccp-parastyle="heading 1"&gt;shouldn't&lt;/SPAN&gt;&lt;SPAN data-ccp-parastyle="heading 1"&gt; depend on finding the right expert&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;134245418&amp;quot;:true,&amp;quot;134245529&amp;quot;:true,&amp;quot;335559738&amp;quot;:360,&amp;quot;335559739&amp;quot;:80}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/H1&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;Marketplace knowledge can be scattered across documentation, support channels, partner contacts, and internal subject matter experts. As organizations grow, getting the right answer can take longer than making the decision itself.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;App Advisor delivers free, on-demand guidance tailored to where you are on your Marketplace journey instead of requiring specialized knowledge or access to a dedicated resource.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;For instance, choosing a Marketplace offer type can be difficult, demanding diving into resources and choices personalized to how your team built your solution. In App Advisor, you can decide in minutes by answering a few questions in an &lt;A class="lia-external-url" href="https://aka.ms/ChooseMyOffer" target="_blank" rel="noopener"&gt;interactive wizard to guide your offer type choice&lt;/A&gt;.&amp;nbsp; This can help you make a confident choice quickly and move forward. If you want to research more, guidance is available on page and within links.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;What can sometimes be a hurdle to publishing is now just a few answers away. Now, p&lt;SPAN data-contrast="auto"&gt;rogress isn't limited by expert availability.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;134233117&amp;quot;:false,&amp;quot;134233118&amp;quot;:false,&amp;quot;201341983&amp;quot;:0,&amp;quot;335551550&amp;quot;:1,&amp;quot;335551620&amp;quot;:1,&amp;quot;335559685&amp;quot;:0,&amp;quot;335559737&amp;quot;:0,&amp;quot;335559738&amp;quot;:0,&amp;quot;335559739&amp;quot;:160,&amp;quot;335559740&amp;quot;:278}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;H1 aria-level="1"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-parastyle="heading 1"&gt;Turn &lt;/SPAN&gt;&lt;SPAN data-ccp-parastyle="heading 1"&gt;expertise&lt;/SPAN&gt;&lt;SPAN data-ccp-parastyle="heading 1"&gt; into a scalable advantage&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;134245418&amp;quot;:true,&amp;quot;134245529&amp;quot;:true,&amp;quot;335559738&amp;quot;:360,&amp;quot;335559739&amp;quot;:80}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/H1&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;Traditionally, supporting more agents and apps meant hiring more people, which meant introducing more processes, workflows, and decision-makers. That model introduces more variables, making it difficult to scale.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;134233117&amp;quot;:false,&amp;quot;134233118&amp;quot;:false,&amp;quot;201341983&amp;quot;:0,&amp;quot;335551550&amp;quot;:1,&amp;quot;335551620&amp;quot;:1,&amp;quot;335559685&amp;quot;:0,&amp;quot;335559737&amp;quot;:0,&amp;quot;335559738&amp;quot;:0,&amp;quot;335559739&amp;quot;:160,&amp;quot;335559740&amp;quot;:278}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;App Advisor helps your team stay lean. You get embedded AI-powered guidance and expert-backed best practices directly in the experience, helping your team progress faster, discover relevant resources, and keep moving without constant human intervention.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;Within the grow stage, the &lt;A class="lia-external-url" href="https://aka.ms/ImproveMyListing" target="_blank" rel="noopener"&gt;Marketplace Listing Optimization &lt;/A&gt;&amp;nbsp;gives you tailored recommendations based on Microsoft editorial best practices at the speed of AI. Instead of waiting for manual reviews or guessing what "good" looks like, you can improve your listing at your pace and publish with greater confidence.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;134233117&amp;quot;:false,&amp;quot;134233118&amp;quot;:false,&amp;quot;201341983&amp;quot;:0,&amp;quot;335551550&amp;quot;:1,&amp;quot;335551620&amp;quot;:1,&amp;quot;335559685&amp;quot;:0,&amp;quot;335559737&amp;quot;:0,&amp;quot;335559738&amp;quot;:0,&amp;quot;335559739&amp;quot;:160,&amp;quot;335559740&amp;quot;:278}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;Expertise is available anytime, to anyone, at scale.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;134233117&amp;quot;:false,&amp;quot;134233118&amp;quot;:false,&amp;quot;201341983&amp;quot;:0,&amp;quot;335551550&amp;quot;:1,&amp;quot;335551620&amp;quot;:1,&amp;quot;335559685&amp;quot;:0,&amp;quot;335559737&amp;quot;:0,&amp;quot;335559738&amp;quot;:0,&amp;quot;335559739&amp;quot;:160,&amp;quot;335559740&amp;quot;:278}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;H1 aria-level="1"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-parastyle="heading 1"&gt;One platform for every stage of the Marketplace journey&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;134245418&amp;quot;:true,&amp;quot;134245529&amp;quot;:true,&amp;quot;335559738&amp;quot;:360,&amp;quot;335559739&amp;quot;:80}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/H1&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;Business growth isn't just about launching one application.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;Most software companies are managing multiple products, exploring AI opportunities, expanding go-to-market motions, and improving existing Marketplace offers; all at the same time.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;App Advisor supports the entire Marketplace lifecycle—Discover, Build, Publish, and Grow—giving every team a common framework while delivering recommendations tailored to their specific stage.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;Teams can:&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;SPAN data-contrast="auto"&gt;&lt;A class="lia-external-url" href="https://www.microsoft.com/software-development-companies/app-advisor/guidance/my-results?stage=discover&amp;amp;step=marketplace-value-calculator" target="_blank" rel="noopener"&gt;Calculate the ROI&lt;/A&gt; of selling on Marketplace,&lt;/SPAN&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;SPAN data-contrast="auto"&gt;Streamline dev with &lt;A class="lia-external-url" href="https://aka.ms/QuickStartToolkit" target="_blank" rel="noopener"&gt;click-to-deploy development patterns&lt;/A&gt;,&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;SPAN data-contrast="auto"&gt;&lt;A class="lia-external-url" href="https://aka.ms/ChooseMyOffer" target="_blank" rel="noopener"&gt;Choose the right offer type&lt;/A&gt; based on your technology and project,&lt;/SPAN&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;SPAN data-contrast="auto"&gt;Improve &lt;A class="lia-external-url" href="https://aka.ms/ImproveMyListing" target="_blank" rel="noopener"&gt;Marketplace listing quality and discoverability&lt;/A&gt; in seconds,&lt;/SPAN&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;SPAN data-contrast="auto"&gt;Navigate &lt;A class="lia-external-url" href="https://www.microsoft.com/software-development-companies/app-advisor/guidance/my-results?stage=publish" target="_blank" rel="noopener"&gt;publishing requirements for your offer type&lt;/A&gt; with confidence,&lt;/SPAN&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;SPAN data-contrast="auto"&gt;Access &lt;A class="lia-external-url" href="https://www.microsoft.com/software-development-companies/app-advisor/guidance/my-results?stage=grow&amp;amp;step=promote-and-track-your-offer&amp;amp;pane=go-to-market-guidance" target="_blank" rel="noopener"&gt;sales acceleration resources and Marketplace growth recommendations&lt;/A&gt;.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;Instead of creating different processes for different teams, App Advisor standardizes execution while remaining flexible enough to support organizations at every stage of maturity.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;H1 aria-level="1"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-parastyle="heading 1"&gt;Reduc&lt;/SPAN&gt;&lt;SPAN data-ccp-parastyle="heading 1"&gt;ing&lt;/SPAN&gt;&lt;SPAN data-ccp-parastyle="heading 1"&gt; dependenc&lt;/SPAN&gt;&lt;SPAN data-ccp-parastyle="heading 1"&gt;ies&lt;/SPAN&gt;&lt;SPAN data-ccp-parastyle="heading 1"&gt; to &lt;/SPAN&gt;&lt;SPAN data-ccp-parastyle="heading 1"&gt;accelerate &lt;/SPAN&gt;&lt;SPAN data-ccp-parastyle="heading 1"&gt;momentum&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;134245418&amp;quot;:true,&amp;quot;134245529&amp;quot;:true,&amp;quot;335559738&amp;quot;:360,&amp;quot;335559739&amp;quot;:80}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/H1&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;Partner Development Managers, Microsoft experts, and support teams remain incredibly valuable.&amp;nbsp; But rather than spending time answering basic questions, their greatest impact comes from solving strategic challenges. &lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;134233117&amp;quot;:false,&amp;quot;134233118&amp;quot;:false,&amp;quot;201341983&amp;quot;:0,&amp;quot;335551550&amp;quot;:1,&amp;quot;335551620&amp;quot;:1,&amp;quot;335559685&amp;quot;:0,&amp;quot;335559737&amp;quot;:0,&amp;quot;335559738&amp;quot;:0,&amp;quot;335559739&amp;quot;:160,&amp;quot;335559740&amp;quot;:278}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;By making end-to-end build-to-market expertise available through structured workflows, templates, AI-powered recommendations, and guided experiences, App Advisor frees up Microsoft resources to assist your team with their biggest challenges—not just the annoying and persistent ones.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;The benefits across the organization compound:&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;UL&gt;
&lt;LI aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="8" data-list-defn-props="{&amp;quot;335552541&amp;quot;:1,&amp;quot;335559685&amp;quot;:720,&amp;quot;335559991&amp;quot;:360,&amp;quot;469769226&amp;quot;:&amp;quot;Symbol&amp;quot;,&amp;quot;469769242&amp;quot;:[8226],&amp;quot;469777803&amp;quot;:&amp;quot;left&amp;quot;,&amp;quot;469777804&amp;quot;:&amp;quot;&amp;quot;,&amp;quot;469777815&amp;quot;:&amp;quot;hybridMultilevel&amp;quot;}" data-aria-posinset="1" data-aria-level="1"&gt;&lt;SPAN data-contrast="auto"&gt;Bottlenecks disappear.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;UL&gt;
&lt;LI aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="8" data-list-defn-props="{&amp;quot;335552541&amp;quot;:1,&amp;quot;335559685&amp;quot;:720,&amp;quot;335559991&amp;quot;:360,&amp;quot;469769226&amp;quot;:&amp;quot;Symbol&amp;quot;,&amp;quot;469769242&amp;quot;:[8226],&amp;quot;469777803&amp;quot;:&amp;quot;left&amp;quot;,&amp;quot;469777804&amp;quot;:&amp;quot;&amp;quot;,&amp;quot;469777815&amp;quot;:&amp;quot;hybridMultilevel&amp;quot;}" data-aria-posinset="2" data-aria-level="1"&gt;&lt;SPAN data-contrast="auto"&gt;Teams get answers faster.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;UL&gt;
&lt;LI aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="8" data-list-defn-props="{&amp;quot;335552541&amp;quot;:1,&amp;quot;335559685&amp;quot;:720,&amp;quot;335559991&amp;quot;:360,&amp;quot;469769226&amp;quot;:&amp;quot;Symbol&amp;quot;,&amp;quot;469769242&amp;quot;:[8226],&amp;quot;469777803&amp;quot;:&amp;quot;left&amp;quot;,&amp;quot;469777804&amp;quot;:&amp;quot;&amp;quot;,&amp;quot;469777815&amp;quot;:&amp;quot;hybridMultilevel&amp;quot;}" data-aria-posinset="3" data-aria-level="1"&gt;&lt;SPAN data-contrast="auto"&gt;Everyone keeps moving forward.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;UL&gt;
&lt;LI aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="8" data-list-defn-props="{&amp;quot;335552541&amp;quot;:1,&amp;quot;335559685&amp;quot;:720,&amp;quot;335559991&amp;quot;:360,&amp;quot;469769226&amp;quot;:&amp;quot;Symbol&amp;quot;,&amp;quot;469769242&amp;quot;:[8226],&amp;quot;469777803&amp;quot;:&amp;quot;left&amp;quot;,&amp;quot;469777804&amp;quot;:&amp;quot;&amp;quot;,&amp;quot;469777815&amp;quot;:&amp;quot;hybridMultilevel&amp;quot;}" data-aria-posinset="4" data-aria-level="1"&gt;&lt;SPAN data-contrast="auto"&gt;Microsoft expertise becomes available at scale.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;By making the easier stuff easy to find, the quality of the relationship—and value of expertise—between your team and Microsoft resources improves dramatically. Building momentum becomes the default instead of the exception.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;H1 aria-level="1"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-parastyle="heading 1"&gt;Scale your reach&lt;/SPAN&gt;&lt;SPAN data-ccp-parastyle="heading 1"&gt;, &lt;/SPAN&gt;&lt;SPAN data-ccp-parastyle="heading 1"&gt;not just operations&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;134245418&amp;quot;:true,&amp;quot;134245529&amp;quot;:true,&amp;quot;335559738&amp;quot;:360,&amp;quot;335559739&amp;quot;:80}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/H1&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;Internal efficiency is only part of the story. The real opportunity comes from the Marketplace ecosystem itself.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;Marketplace gives software companies access to enterprise buyers across nearly every industry and geography, including approximately 98% of the Fortune 500, while connecting partners through a global co-sell ecosystem of more than 500,000 partners.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;Building that kind of distribution independently would require years of investment in sales, partnerships, and operations.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;Marketplace provides the reach. App Advisor helps you activate it.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;H1 aria-level="1"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-parastyle="heading 1"&gt;Looking ahead&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;134245418&amp;quot;:true,&amp;quot;134245529&amp;quot;:true,&amp;quot;335559738&amp;quot;:360,&amp;quot;335559739&amp;quot;:80}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/H1&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;The fastest-growing software companies aren't always the ones with the biggest teams. They're the ones that build systems capable of scaling knowledge, execution, and opportunity.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;App Advisor combines Marketplace expertise, AI-powered recommendations, self-service guidance, and structured workflows into a single experience designed to help software companies grow without growing operational complexity.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;Sustainable growth isn't about hiring more people to manage more friction. It's about removing the friction so growth can scale with you.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;Ready to get started? Find the exact right place to begin with &lt;/SPAN&gt;&lt;A class="lia-external-url" href="https://aka.ms/AppAdvisor" target="_blank" rel="noopener"&gt;App Advisor&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt;.&lt;/SPAN&gt;&lt;SPAN data-contrast="auto"&gt; &lt;/SPAN&gt;&lt;SPAN data-ccp-props="{}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Fri, 10 Jul 2026 16:49:56 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/marketplace-blog/scale-without-friction-grow-marketplace-revenue-without-growing/ba-p/4526915</guid>
      <dc:creator>Brady-B</dc:creator>
      <dc:date>2026-07-10T16:49:56Z</dc:date>
    </item>
    <item>
      <title>Secure Native Access to Azure Kubernetes Service (AKS) Private Clusters with Azure Bastion</title>
      <link>https://techcommunity.microsoft.com/t5/azure-network-security-blog/secure-native-access-to-azure-kubernetes-service-aks-private/ba-p/4535123</link>
      <description>&lt;P&gt;Written in Collaboration with&amp;nbsp;&lt;a href="javascript:void(0)" data-lia-user-mentions="" data-lia-user-uid="2965471" data-lia-user-login="AvirupChat" class="lia-mention lia-mention-user"&gt;AvirupChat​&lt;/a&gt;&amp;nbsp;&lt;a href="javascript:void(0)" data-lia-user-mentions="" data-lia-user-uid="1380424" data-lia-user-login="ShabazShaik" class="lia-mention lia-mention-user"&gt;ShabazShaik​&lt;/a&gt; &lt;a href="javascript:void(0)" data-lia-user-mentions="" data-lia-user-uid="786329" data-lia-user-login="Mohit_Kumar" class="lia-mention lia-mention-user"&gt;Mohit_Kumar​&lt;/a&gt; &lt;a href="javascript:void(0)" data-lia-user-mentions="" data-lia-user-uid="124214" data-lia-user-login="YuriDiogenes" class="lia-mention lia-mention-user"&gt;YuriDiogenes​&lt;/a&gt;&amp;nbsp;&lt;/P&gt;
&lt;H5&gt;&lt;SPAN class="lia-text-color-15"&gt;&lt;STRONG&gt;Introduction:&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;/H5&gt;
&lt;P&gt;As organizations move toward&amp;nbsp;containerized workloads such as Azure Kubernetes Service (AKS), secure access to cluster resources becomes critical. Making the Kubernetes API server private, therefore, significantly reduces the attack surface. However, it also changes how engineers perform routine management tasks. Operations as simple as running kubectl logs, describing resources, or troubleshooting workloads require connectivity to the virtual network hosting the cluster.&lt;/P&gt;
&lt;P&gt;This challenge becomes even more apparent during day-to-day operations. An engineer may have the necessary Kubernetes credentials and Azure RBAC permissions yet still be unable to access the cluster because the API server is reachable only from within the private network. Establishing VPN connectivity, using jump hosts, or deploying dedicated management workstations often becomes part of the operational workflow, adding complexity to what should be straightforward administrative tasks.&lt;/P&gt;
&lt;P&gt;This balance between maintaining strong network isolation and enabling efficient cluster management is exactly what Azure Bastion's native client tunneling support for private AKS clusters is designed to address.&lt;/P&gt;
&lt;P&gt;Many Azure customers already use Azure Bastion to securely access virtual machines without exposing them to the public internet. Native client tunneling now brings that same secure access model to AKS private clusters. This capability is in &lt;STRONG&gt;public preview&lt;/STRONG&gt; today. Before discussing how it works, it is worth understanding the operational challenges it is designed to solve and how it's done.&lt;/P&gt;
&lt;H5&gt;&lt;SPAN class="lia-text-color-15"&gt;&lt;STRONG&gt;Bastion for Azure Kubernetes Service (AKS) private clusters:&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;/H5&gt;
&lt;P&gt;At its core, Azure Bastion is designed to simplify secure access to private Azure resources. Since its launch, it has provided browser-based and native client RDP and SSH connectivity to Azure VMs without exposing management ports to the internet. No public IPs on your VMs. No inbound NSG rules for port 22 or 3389. Just TLS over port 443, routed through a fully managed service that Microsoft patches, scales, and secures on your behalf.&lt;/P&gt;
&lt;P&gt;When you establish a Bastion tunnel to your private AKS cluster, you are not signing in to an intermediary machine and running kubectl from there. You are opening an encrypted tunnel from your local machine, through Bastion, directly to the private API server endpoint. Your kubeconfig points to localhost on a dynamically assigned port, so local kubectl, helm, and scripts continue to work as they would against a public cluster.&lt;/P&gt;
&lt;P&gt;You get the developer experience of a public cluster with the security posture of a private one as shown in Figure 1.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;img /&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;SPAN class="lia-text-color-15"&gt;&lt;STRONG&gt;The high-level flow has three parts:&lt;/STRONG&gt;&lt;/SPAN&gt; The engineer authenticates to Azure, retrieves cluster credentials, and uses Azure Bastion to establish a managed tunnel into the private network. Local Kubernetes tools then use that tunnel to reach the private API server. This keeps the workflow familiar while removing the need for jump hosts or VPN-based access paths.&lt;/P&gt;
&lt;P&gt;However, this raises an important question - Does making access easier also make it easier for an attacker to connect?&lt;/P&gt;
&lt;P&gt;The short answer is no. In fact, Bastion tunneling strengthens the security posture in ways that are worth unpacking.&lt;/P&gt;
&lt;P&gt;First, the API server itself remains private. There is no public endpoint. There is no public IP address discoverable by scanners. The only network path to the API server runs through Azure's managed infrastructure. Authentication and authorization then depend on the AKS cluster configuration.&lt;/P&gt;
&lt;P&gt;Second, Bastion eliminates an entire class of infrastructure that itself becomes a security target. Jump box VMs, when not meticulously maintained, accumulate credentials, kubeconfig files, and browser sessions. They are machines that admins log into, which means they are machines that can be compromised. Bastion is not a machine you log into. It is an agentless, managed tunnel you pass through.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;And for public clusters, there is a related but distinct benefit. Many teams use API server authorized IP ranges to restrict which source IPs can reach their public API endpoint. This is a good practice, but it breaks down quickly when your team works remotely, uses dynamic IPs, or includes contractors. Adding Bastion's stable public IP to the authorized range gives you a consistent, managed access path without the operational toil of constantly updating IP allow lists.&lt;/P&gt;
&lt;P&gt;With the network path established through Bastion, the next question is how users are authenticated and authorized once they reach the AKS API server. That distinction matters: Bastion provides secure connectivity, while AKS access is governed by the authentication and authorization model configured on the cluster.&lt;/P&gt;
&lt;H5&gt;&lt;SPAN class="lia-text-color-15"&gt;&lt;STRONG&gt;Authentication and authorization options:&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;/H5&gt;
&lt;P&gt;When creating an AKS cluster, you can choose from three authentication and authorization modes, as shown in Figure below. That choice shapes everything about how access is granted, audited, and governed over the lifetime of the cluster.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;img /&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;⚠️Local accounts with Kubernetes RBAC&lt;/STRONG&gt; is the default if you change nothing. It uses a static certificate that never expires, is shared across all administrators, and has no connection to your corporate identity provider. There is no MFA. No Conditional Access.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Note: For most production environments, Microsoft recommends using Microsoft Entra ID integrated authentication rather than local accounts to enable centralized identity, MFA, and auditing.&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;☑️ Microsoft Entra ID with Kubernetes RBAC&lt;/STRONG&gt; moves authentication to Entra ID, which means users sign in with their corporate identity, MFA is enforced, and Conditional Access policies apply. Authorization is handled through native Kubernetes Role and ClusterRole bindings, which reference Entra ID users and groups as subjects. This works well for teams that manage cluster configuration through GitOps, because RBAC manifests live alongside other cluster YAML. The limitation is that these permissions are invisible in Azure IAM — they live only inside the cluster.&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;✅ Microsoft Entra ID with Azure RBAC&lt;/STRONG&gt; is the model we recommend for most production environments. Authentication still flows through Entra ID with full MFA and Conditional Access support. But authorization is handled by Azure RBAC role assignments on the AKS resource itself. Permissions are visible in Azure IAM, participate in access reviews, and integrate with Privileged Identity Management for just-in-time elevation. You can assign the built-in Azure Kubernetes Service RBAC Cluster Admin, Admin, Writer, or Reader roles at either cluster scope or namespace scope. A single subscription-level role assignment can grant access to every cluster in the subscription.&lt;/P&gt;
&lt;P&gt;The real value is the combination. Bastion provides the encrypted network tunnel. Entra ID provides the identity, MFA, and Conditional Access. Azure RBAC provides centralized, auditable authorization that your security team can review alongside every other Azure resource.&lt;/P&gt;
&lt;P&gt;For the exact steps to configure Entra ID authentication and Azure RBAC on your AKS cluster, see the &lt;A href="https://learn.microsoft.com/en-us/azure/aks/concepts-identity" target="_blank" rel="noopener"&gt;AKS identity documentation&lt;/A&gt;.&lt;/P&gt;
&lt;H5&gt;&lt;SPAN class="lia-text-color-15"&gt;&lt;STRONG&gt;End-to-end flow for connectivity to AKS via Bastion:&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;/H5&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;img /&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;BLOCKQUOTE&gt;
&lt;P&gt;&lt;STRONG&gt;&amp;nbsp;&lt;/STRONG&gt;&lt;EM&gt;az account set --subscription &amp;lt;subscription ID&amp;gt;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;Retrieve credentials to your AKS private cluster using the commands below:&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;az aks get-credentials --name &amp;lt;AKSClusterName&amp;gt; --resource-group &amp;lt;ResourceGroupName&amp;gt; &lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;Open the tunnel to your target AKS Cluster with the following command:&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;az aks bastion --name &amp;lt;aksClusterName&amp;gt; --resource-group &amp;lt;aksClusterResourceGroup&amp;gt; --bastion &amp;lt;bastionResourceId&amp;gt;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;Now the default authentication method is Device code authentication i.e., this authentication method prompts the device code for the user to sign in from a browser session. If you want CLI only authentication, you can run the following command next.&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;kubelogin convert-kubeconfig -l azurecli&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;Then go on with your AKS connectivity:&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;kubectl get nodes&lt;/EM&gt;&lt;/P&gt;
&lt;/BLOCKQUOTE&gt;
&lt;H5&gt;&lt;SPAN class="lia-text-color-15"&gt;&lt;STRONG&gt;How to Try It:&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;/H5&gt;
&lt;P&gt;If you are already running private AKS clusters, getting started is straightforward. You need a Standard or Premium Azure Bastion host deployed in the same VNet as your cluster (or in a peered VNet), with native client support enabled. The aks-preview and bastion CLI extensions handle the rest.&lt;/P&gt;
&lt;img /&gt;
&lt;P&gt;The detailed connection steps are documented on &lt;A href="https://learn.microsoft.com/en-us/azure/bastion/bastion-connect-to-aks-private-cluster" target="_blank" rel="noopener"&gt;Microsoft Learn&lt;/A&gt;.&lt;/P&gt;
&lt;H5&gt;&lt;SPAN class="lia-text-color-15"&gt;&lt;STRONG&gt;We Want Your Feedback&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;/H5&gt;
&lt;P&gt;Write a comment in this blog or open an issue on the &lt;A href="https://github.com/Azure/AKS/issues" target="_blank" rel="noopener"&gt;AKS GitHub repository &lt;/A&gt;or leave feedback directly on the &lt;A href="https://learn.microsoft.com/en-us/azure/bastion/bastion-connect-to-aks-private-cluster" target="_blank" rel="noopener"&gt;Microsoft Learn documentation page&lt;/A&gt;. We read everything, and it genuinely influences what we prioritize.&lt;/P&gt;</description>
      <pubDate>Sat, 11 Jul 2026 06:39:04 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/azure-network-security-blog/secure-native-access-to-azure-kubernetes-service-aks-private/ba-p/4535123</guid>
      <dc:creator>saikishor</dc:creator>
      <dc:date>2026-07-11T06:39:04Z</dc:date>
    </item>
    <item>
      <title>Microsoft Foundry Model Deployment Pricing Update</title>
      <link>https://techcommunity.microsoft.com/t5/microsoft-foundry-blog/microsoft-foundry-model-deployment-pricing-update/ba-p/4535385</link>
      <description>&lt;P&gt;Today, Microsoft Foundry is announcing updated pricing for model deployments in the EU Data Zone and in Regional deployments outside the US, effective September 1, 2026, alongside a new &lt;U&gt;&lt;A href="http://aka.ms/FoundryAgentsRun" target="_blank"&gt;APAC Data Zone&lt;/A&gt;&lt;/U&gt;. The reason is choice: Foundry keeps widening your options across cost, performance, and data residency, and because delivering AI within a specific geography or country at high availability costs more than serving from a shared global pool, the updated pricing reflects both that cost and the added value these options provide.&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Pricing Update starting September 1, 2026&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;Running AI in a specific geography or country, at high availability, costs more than running in a shared global pool. To reflect that, pricing for Data Zone and Regional deployments outside of the United States is increasing on September 1, 2026*. Global pricing stays the same and remains your most cost-efficient choice.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;U&gt;Table 1: Pricing Update starting September 1, 2026&lt;/U&gt;&lt;/P&gt;
&lt;DIV class="styles_lia-table-wrapper__h6Xo9 styles_table-responsive__MW0lN"&gt;&lt;table&gt;&lt;tbody&gt;&lt;tr&gt;&lt;td&gt;
&lt;P&gt;&lt;STRONG&gt;Deployment&lt;/STRONG&gt;&amp;nbsp;&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;&lt;STRONG&gt;Price vs. Global&lt;/STRONG&gt;&amp;nbsp;**&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;&lt;STRONG&gt;What’s changing&lt;/STRONG&gt;&amp;nbsp;&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;
&lt;P&gt;Global&amp;nbsp;&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;Same&amp;nbsp;&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;No change&amp;nbsp;&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;
&lt;P&gt;APAC Data Zone (new)&amp;nbsp;&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;20% higher&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;Newly available&amp;nbsp;&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;
&lt;P&gt;EU Data Zone&amp;nbsp;&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;20% higher&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;Increasing&amp;nbsp;&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;
&lt;P&gt;US Data Zone&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;10% higher&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;No change&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;
&lt;P&gt;Regional — US&amp;nbsp;&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;10% higher&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;No change&amp;nbsp;&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;
&lt;P&gt;Regional — outside the US&amp;nbsp;&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;25% – 50% higher&amp;nbsp;&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;Increasing&amp;nbsp;&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;/tbody&gt;&lt;/table&gt;&lt;/DIV&gt;
&lt;P&gt;Tabel 2: Regional pricing effective September 1, 2026 (price relative to Global)&amp;nbsp;&lt;/P&gt;
&lt;DIV class="styles_lia-table-wrapper__h6Xo9 styles_table-responsive__MW0lN"&gt;&lt;table&gt;&lt;tbody&gt;&lt;tr&gt;&lt;td&gt;
&lt;P&gt;&lt;STRONG&gt;New price vs. Global&lt;/STRONG&gt;&amp;nbsp;&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;&lt;STRONG&gt;Regions&lt;/STRONG&gt;&amp;nbsp;&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;
&lt;P&gt;&lt;STRONG&gt;+25%&lt;/STRONG&gt;&amp;nbsp;&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;Australia, India, Indonesia***, Malaysia***, New Zealand***&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;
&lt;P&gt;&lt;STRONG&gt;+30%&lt;/STRONG&gt;&amp;nbsp;&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;Austria***, Belgium***, Canada, Denmark***, Germany, Italy, Mexico, Poland, South Africa, Spain, Sweden, Switzerland, UAE&amp;nbsp;&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;
&lt;P&gt;&lt;STRONG&gt;+35%&lt;/STRONG&gt;&amp;nbsp;&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;Japan, Korea, Taiwan***&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;
&lt;P&gt;&lt;STRONG&gt;+40%&lt;/STRONG&gt;&amp;nbsp;&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;France, Hong Kong, Israel***, Norway, Qatar, UK&amp;nbsp;&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;
&lt;P&gt;&lt;STRONG&gt;+50%&lt;/STRONG&gt;&amp;nbsp;&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;Brazil, EU North, EU West, Singapore&amp;nbsp;&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;/tbody&gt;&lt;/table&gt;&lt;/DIV&gt;
&lt;P&gt;&lt;EM&gt;*How the change applies:&lt;/EM&gt;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;EM&gt;Standard (pay as you go): the planned premiums apply only to models launched on or after September 1, 2026. Customers who stay on their current models see no price increase; the higher EU Data Zone and Regional premiums apply only when they move to a model launched on or after September 1, 2026. &lt;/EM&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;EM&gt;Provisioned Throughput (PTU): the increase applies to all customers with EU Data Zone or Regional PTUs outside of the US.&lt;/EM&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&lt;EM&gt;**&lt;/EM&gt; &lt;EM&gt;For Data Zone and Regional deployments, price premiums are relative to Global pricing. Please see &lt;/EM&gt;&lt;A href="https://azure.microsoft.com/en-us/products/ai-foundry/models/openai/#pricing" target="_blank"&gt;&lt;EM&gt;Azure pricing page&lt;/EM&gt;&lt;/A&gt;&lt;EM&gt; for most current rates.&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;&amp;nbsp;***Newly available regions at this price (no prior rate).&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;For exact, current rates by model and deployment type, see the &lt;/EM&gt;&lt;A href="https://azure.microsoft.com/en-us/products/ai-foundry/models/openai/#pricing" target="_blank"&gt;&lt;EM&gt;Azure pricing page&lt;/EM&gt;&lt;/A&gt;&lt;EM&gt;. &lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;Learn more about Foundry model deployment types and regions &lt;/EM&gt;&lt;A href="https://learn.microsoft.com/en-us/azure/foundry/concepts/deployments-overview" target="_blank"&gt;&lt;EM&gt;here&lt;/EM&gt;&lt;/A&gt;&lt;EM&gt;.&amp;nbsp;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;More Options across cost, performance, and data residency &lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;Foundry’s core differentiator is choice. Foundry aims to be your platform of choice providing a single suite of offers that span not only models, performance tiers but also data processing requirements. This enables you to have control over your data all within the same, common code.&lt;/P&gt;
&lt;P&gt;Here is where your requests can run:&amp;nbsp;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;Global&lt;/STRONG&gt; — processing runs wherever Microsoft’s global infrastructure has capacity, built for agility and cost-efficiency.&lt;/LI&gt;
&lt;/UL&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;Data Zone (US, EU, and now &lt;A href="http://aka.ms/FoundryAgentsRun" target="_blank"&gt;APAC&lt;/A&gt; &lt;/STRONG&gt;— processing stays within the selected geography to support regional data residency requirements.&lt;/LI&gt;
&lt;/UL&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;Regional&lt;/STRONG&gt; — processing stays in-country for the strictest requirements.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;How you run is a differentiator too. Choose &lt;STRONG&gt;Standard&lt;/STRONG&gt; for flexible, agile, and economical scaling, &lt;STRONG&gt;Priority Processing &lt;/STRONG&gt;for low-latency real-time apps, &lt;STRONG&gt;Provisioned Throughput&lt;/STRONG&gt; (PTU) for predictable performance at scale, or &lt;STRONG&gt;Batch &lt;/STRONG&gt;for high-volume jobs at the lowest cost of the four options. You can mix and match per workload.&amp;nbsp;The &lt;A href="https://www.youtube.com/watch?v=eCS00D0UHdo" target="_blank"&gt;instant model deployment experience&lt;/A&gt; is designed to reduce the setups friction so developers can go from model selection to first inference faster.&lt;/P&gt;
&lt;P&gt;Foundry also keeps getting more efficient. &lt;STRONG&gt;&lt;A href="https://www.youtube.com/watch?v=_HrL3TubGbI" target="_blank"&gt;The model router in Foundry Models&lt;/A&gt;&lt;/STRONG&gt; matches each request to the most appropriate model, balancing quality, latency, and cost. &lt;A href="https://learn.microsoft.com/en-us/azure/foundry/openai/how-to/prompt-caching" target="_blank"&gt;&lt;STRONG&gt;Prompt Caching&lt;/STRONG&gt;&lt;/A&gt; cuts redundant computation for recurring and long context interactions. &lt;A href="https://learn.microsoft.com/en-us/azure/foundry/openai/how-to/spillover-traffic-management?tabs=portal" target="_blank"&gt;&lt;STRONG&gt;PTU Spillover&lt;/STRONG&gt;&lt;/A&gt; and &lt;A href="https://www.youtube.com/watch?v=tYD_NYaHik4" target="_blank"&gt;&lt;STRONG&gt;quota optimization&lt;/STRONG&gt;&lt;/A&gt; preserve service continuity through usage spikes. Together, these capabilities are designed to improve token efficiency, reduce compute cost, and shift more tuning into the platform rather than manual work.&lt;/P&gt;
&lt;P&gt;Learn &lt;A href="https://www.youtube.com/watch?v=U1f3aXZMyVQ" target="_blank"&gt;how to optimize model deployment and performance in Microsoft Foundry&lt;/A&gt;.&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Choosing where AI processing happens&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;Where your AI requests are processed can affect both latency and compliance. Many organizations have data residency requirements that shape where they can run AI. Data Zone and Regional deployments let you keep processing within a chosen geography or country while using the same models and tooling available elsewhere on Azure. You remain responsible for determining whether a given configuration meets your regulatory obligations; Foundry provides deployment options that can support those requirements.&lt;/P&gt;
&lt;P&gt;As Hongsoo Kim, Chief Data and AI Officer at Toss, put it, Foundry keeps &lt;EM&gt;“data processing regionally anchored while accessing advanced AI models at scale”- &lt;/EM&gt;giving the confidence to &lt;EM&gt;“accelerate AI innovation responsibly.”&lt;/EM&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Build your next AI workload on Foundry&amp;nbsp;&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;Whatever the workload calls for — lowest cost, low latency, an SLA, or strict data residency — there’s a Foundry deployment that fits. &lt;STRONG&gt;Start building today in &lt;/STRONG&gt;&lt;A href="https://ai.azure.com/catalog" target="_blank"&gt;&lt;STRONG&gt;Microsoft Foundry&lt;/STRONG&gt;&lt;/A&gt;&lt;STRONG&gt;. &amp;nbsp;&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;&amp;nbsp;&lt;/STRONG&gt;&lt;/P&gt;</description>
      <pubDate>Thu, 09 Jul 2026 17:22:45 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/microsoft-foundry-blog/microsoft-foundry-model-deployment-pricing-update/ba-p/4535385</guid>
      <dc:creator>Chris Hoder</dc:creator>
      <dc:date>2026-07-09T17:22:45Z</dc:date>
    </item>
    <item>
      <title>The Copilot specialization is receiving key updates—including an audit</title>
      <link>https://techcommunity.microsoft.com/t5/specialization-updates/the-copilot-specialization-is-receiving-key-updates-including-an/ba-p/4535122</link>
      <description>&lt;P&gt;Microsoft is updating the Microsoft Copilot specialization to better align with market demand. Beginning July 2026, the specialization will be renamed Microsoft 365 Copilot specialization and will introduce updates across performance, skilling, and validation requirements. &amp;nbsp;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;The performance requirement&lt;/STRONG&gt; will be shifted to account only for paid monthly active usage (MAU) growth.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;The skilling requirements&lt;/STRONG&gt; will be refreshed. We are removing the Microsoft 365 Certified: Administrator Expert (MS-102) certification and adding the Agentic AI Business Solutions Architect (AB-100) and AI Agent Builder Associate (AB-620) certifications to address the retirement of the Create custom agents with Microsoft Copilot Studio (APL-7008) applied skill. Please note that the Prepare security and compliance to support Copilot (APL-4002) applied skill is also retiring, and the Implement information protection in Microsoft 365 (SC-401) certification will be required.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;The customer references requirement&lt;/STRONG&gt; will be replaced with a third-party capabilities audit. This audit update is part of a shift to an independent, objective validation process and helps ensure that partners meet a consistent, verifiable standard for Microsoft 365 Copilot capability. The badge you’ll earn with this specialization is a visual indicator to customers that your expertise has been verified by Microsoft—and that your capabilities align to customer needs.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;These updates empower partners to invest in the capabilities customers value most. Work toward earning your specialization today to demonstrate your deep technical expertise.&lt;/P&gt;
&lt;P&gt;Review the &lt;A class="lia-external-url" href="https://partner.microsoft.com/partnership/specialization/microsoft-copilot?wt.mc_id=7fr6rqckgo#tab-4" target="_blank"&gt;updated requirements&lt;/A&gt; for the Microsoft 365 Copilot specialization, including the audit checklist.&lt;/P&gt;</description>
      <pubDate>Thu, 09 Jul 2026 17:20:59 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/specialization-updates/the-copilot-specialization-is-receiving-key-updates-including-an/ba-p/4535122</guid>
      <dc:creator>JS5</dc:creator>
      <dc:date>2026-07-09T17:20:59Z</dc:date>
    </item>
    <item>
      <title>Build a patch strategy for today’s threat pace with Microsoft</title>
      <link>https://techcommunity.microsoft.com/t5/intune-customer-success/build-a-patch-strategy-for-today-s-threat-pace-with-microsoft/ba-p/4535115</link>
      <description>&lt;P&gt;AI-accelerated vulnerability discovery and remediation are changing how organizations manage risk. As discussed in Pavan Davuluri’s recent &lt;A class="lia-external-url" href="https://blogs.windows.com/windowsexperience/2026/07/09/evolving-windows-vulnerability-management-to-meet-the-speed-of-ai-powered-discovery" target="_blank" rel="noopener"&gt;blog&lt;/A&gt;,&lt;STRONG&gt; &lt;/STRONG&gt;Microsoft is investing across the vulnerability lifecycle to help organizations identify, validate, and respond faster.&lt;/P&gt;
&lt;P&gt;For IT and security teams, one challenge lies downstream: deploying fixes quickly across endpoints to reduce exposure. Each update needs to be evaluated, piloted, monitored, and enforced across a mixed fleet of devices and apps. Some parts of the estate can move quickly; others cannot because of compliance requirements, approved change windows, and business-critical dependencies.&lt;/P&gt;
&lt;P&gt;As organizations adopt AI tools and agents across their environment, maintaining a current and hardened endpoint estate becomes increasingly important. In this context, patching becomes an ongoing operational discipline that combines OS, app, and driver updates with compliance enforcement, access control, and security baseline hardening.&lt;/P&gt;
&lt;P&gt;To keep pace, organizations need a patch strategy that helps in 3 stages:&lt;/P&gt;
&lt;OL&gt;
&lt;LI&gt;&lt;STRONG&gt;Mitigate&lt;/STRONG&gt;: automate updates that can move quickly&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Assess&lt;/STRONG&gt;: prioritize risk based on exposure and severity&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Contain&lt;/STRONG&gt;: enforce compliance and limit exposure&lt;/LI&gt;
&lt;/OL&gt;
&lt;P&gt;Operationalizing a patch strategy requires coordinated capabilities across endpoint management and security tools. Microsoft Intune brings these capabilities together in a single admin center, alongside the broader Microsoft security ecosystem, and is available with qualifying Microsoft 365 subscriptions&lt;SUP&gt;1&lt;/SUP&gt;.&lt;/P&gt;
&lt;P&gt;In this post, we show how organizations can use these capabilities to build a patch strategy that helps reduce the time between update release and deployment across their endpoint estate.&lt;/P&gt;
&lt;H3&gt;&lt;STRONG&gt;1. &lt;/STRONG&gt;&lt;STRONG&gt;Mitigate:&lt;/STRONG&gt; automate updates that can move quickly&lt;/H3&gt;
&lt;P&gt;A patch strategy is not about pushing every update everywhere at once. It’s about identifying the parts of your estate that can move quickly, then using automation, rings, monitoring, and enforcement to help those updates move with confidence. Regulations, approved change windows, validation needs, and business dependencies will shape what’s possible, but the strategy starts by separating repeatable update work from the exceptions that need deeper review.&lt;/P&gt;
&lt;P&gt;For OS, app, and driver updates that can move quickly, modern tools can help shorten the time between update release and deployment; without manual rollouts, ticket-driven packaging, or reboot disruption.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Operationalize in Intune&lt;/STRONG&gt;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;A class="lia-external-url" href="https://learn.microsoft.com/windows/deployment/windows-autopatch/manage/windows-autopatch-groups-policies" target="_blank" rel="noopener"&gt;Windows Autopatch&lt;/A&gt; orchestrates ring-based update rollouts to reduce manual effort and keep Windows devices current. To help monitor risk, the Autopatch report visualizes how quickly devices apply updates based on the configured deployment cadence. In this report, devices are categorized as current within three days of update release, at risk between three and seven days, and at critical risk beyond seven days, based on the reporting model used by Windows Autopatch. Learn more about &lt;A class="lia-external-url" href="https://learn.microsoft.com/windows/deployment/windows-autopatch/manage/windows-autopatch-groups-policies" target="_blank" rel="noopener"&gt;ring-based rollout updates&lt;/A&gt; or how to &lt;A class="lia-internal-link lia-internal-url lia-internal-url-content-type-blog" href="https://techcommunity.microsoft.com/blog/windows-itpro-blog/protect-your-estate-reassess-your-windows-update-policies/4515228" target="_blank" rel="noopener" data-lia-auto-title="reassess Windows OS updates" data-lia-auto-title-active="0"&gt;reassess Windows OS updates&lt;/A&gt; using this report.&lt;BR /&gt;&lt;BR /&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A class="lia-external-url" href="https://learn.microsoft.com/windows/deployment/windows-autopatch/manage/windows-autopatch-hotpatch-updates" target="_blank" rel="noopener"&gt;Hotpatch&lt;/A&gt; (enabled by default for 24H2+ in Intune) applies critical updates without requiring a reboot, helping reduce security gaps while keeping users productive.&lt;BR /&gt;&lt;BR /&gt;&lt;div data-video-id="https://www.youtube.com/watch?v=QdjSkbKXoJw/1783549162389" data-video-remote-vid="https://www.youtube.com/watch?v=QdjSkbKXoJw/1783549162389" class="lia-video-container lia-media-is-center lia-media-size-medium"&gt;&lt;iframe src="https://cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fwww.youtube.com%2Fembed%2FQdjSkbKXoJw%3Ffeature%3Doembed&amp;amp;display_name=YouTube&amp;amp;url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DQdjSkbKXoJw&amp;amp;image=https%3A%2F%2Fi.ytimg.com%2Fvi%2FQdjSkbKXoJw%2Fhqdefault.jpg&amp;amp;type=text%2Fhtml&amp;amp;schema=youtube" allowfullscreen="" style="max-width: 100%"&gt;&lt;/iframe&gt;&lt;span class="lia-media-caption-text"&gt;
&lt;P&gt;&lt;EM&gt;Figure 1: Watch the latest Microsoft Mechanics episode to see how Windows Autopatch and Hotpatch help organizations accelerate update deployment, reduce operational overhead, and keep devices secure.&lt;/EM&gt;&lt;/P&gt;
&lt;/div&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A class="lia-external-url" href="https://learn.microsoft.com/intune/app-management/deployment/enterprise-app-management" target="_blank" rel="noopener"&gt;Intune Enterprise App Management&lt;/A&gt; (EAM) supports keeping Windows apps current through auto-updates, including the &lt;A class="lia-external-url" href="https://learn.microsoft.com/intune/app-management/deployment/update-enterprise-supersedence" target="_blank" rel="noopener"&gt;guided upgrade supersedence&lt;/A&gt; reporting, which surfaces outdated versions or version changes. EAM auto-updates are now generally available; details are included in the &lt;A class="lia-external-url" href="http://aka.ms/IntuneWN2606" target="_blank" rel="noopener"&gt;June Intune What’s new blog&lt;/A&gt;.&lt;BR /&gt;&lt;BR /&gt;&lt;div data-video-id="https://www.youtube.com/watch?v=iI-sJ6kz_vg/1783549052628" data-video-remote-vid="https://www.youtube.com/watch?v=iI-sJ6kz_vg/1783549052628" class="lia-video-container lia-media-is-center lia-media-size-medium"&gt;&lt;iframe src="https://cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fwww.youtube.com%2Fembed%2FiI-sJ6kz_vg%3Ffeature%3Doembed&amp;amp;display_name=YouTube&amp;amp;url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DiI-sJ6kz_vg&amp;amp;image=https%3A%2F%2Fi.ytimg.com%2Fvi%2FiI-sJ6kz_vg%2Fhqdefault.jpg&amp;amp;type=text%2Fhtml&amp;amp;schema=youtube" allowfullscreen="" style="max-width: 100%"&gt;&lt;/iframe&gt;&lt;span class="lia-media-caption-text"&gt;
&lt;P&gt;&lt;EM&gt;Figure 2: Watch how Intune helps you move from update release to deployment to accelerate responses to vulnerabilities with Windows app management.&lt;/EM&gt;&lt;/P&gt;
&lt;/div&gt;
&lt;P class="lia-clear-both"&gt;&amp;nbsp;&lt;/P&gt;
&lt;/LI&gt;
&lt;LI&gt;&lt;A class="lia-external-url" href="https://learn.microsoft.com/intune/app-management/deployment/enhanced-app-inventory" target="_blank" rel="noopener"&gt;The enhanced application inventory&lt;/A&gt; in the All apps page shows the app version installed on each managed Windows device, refreshed multiple times per day on most active devices, helping teams target app-specific vulnerabilities and confirming when fixes have been applied.&lt;BR /&gt;&lt;BR /&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A class="lia-external-url" href="https://learn.microsoft.com/intune/copilot/agents/vulnerability-remediation-agent" target="_blank" rel="noopener"&gt;The Vulnerability Remediation Agent&lt;/A&gt; in Security Copilot uses data from Defender Vulnerability Management to prioritize Common Vulnerabilities and Exposures (CVEs) across Intune-managed Windows devices and apps, and provides recommended remediation actions within Intune. The Vulnerability Remediation Agent is&lt;STRONG&gt; &lt;/STRONG&gt;currently in public preview, &lt;A class="lia-external-url" href="http://aka.ms/Intune/VRA-blog" target="_blank" rel="noopener"&gt;read the blog to learn more&lt;/A&gt;.&lt;BR /&gt;&lt;BR /&gt;&lt;div data-video-id="https://www.youtube.com/watch?v=-xhy3yXGVGM/1783549191510" data-video-remote-vid="https://www.youtube.com/watch?v=-xhy3yXGVGM/1783549191510" class="lia-video-container lia-media-is-center lia-media-size-medium"&gt;&lt;iframe src="https://cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fwww.youtube.com%2Fembed%2F-xhy3yXGVGM%3Ffeature%3Doembed&amp;amp;display_name=YouTube&amp;amp;url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D-xhy3yXGVGM&amp;amp;image=https%3A%2F%2Fi.ytimg.com%2Fvi%2F-xhy3yXGVGM%2Fhqdefault.jpg&amp;amp;type=text%2Fhtml&amp;amp;schema=youtube" allowfullscreen="" style="max-width: 100%"&gt;&lt;/iframe&gt;&lt;span class="lia-media-caption-text"&gt;
&lt;P&gt;&lt;EM&gt;Figure 3: Watch this video to see how the Vulnerability Remediation Agent in Security Copilot, within Microsoft Intune, helps make agentic security easier to adopt and use.&lt;/EM&gt;&lt;/P&gt;
&lt;/div&gt;
&lt;P class="lia-clear-both"&gt;&amp;nbsp;&lt;/P&gt;
&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&lt;STRONG&gt;Extend across your endpoint estate&lt;/STRONG&gt;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;Apple devices&lt;/STRONG&gt; can be configured for &lt;A class="lia-external-url" href="https://learn.microsoft.com/intune/device-updates/apple/planning-guide-macos" target="_blank" rel="noopener"&gt;automatic OS updates on managed devices&lt;/A&gt;, including enforcing updates to the latest version and deploying Background Security Improvement patches through the settings catalog. App updates can be managed by configuring &lt;A class="lia-external-url" href="https://learn.microsoft.com/intune/app-management/deployment/manage-vpp-apple" target="_blank" rel="noopener"&gt;volume-purchased App Store apps&lt;/A&gt; to update automatically and &lt;A class="lia-external-url" href="https://learn.microsoft.com/intune/app-management/deployment/add-dmg-macos" target="_blank" rel="noopener"&gt;deploy updated app packages&lt;/A&gt; to keep apps current across macOS, iPhone, and iPad devices.&lt;BR /&gt;&lt;BR /&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Android devices&lt;/STRONG&gt; can be managed using &lt;A class="lia-external-url" href="https://learn.microsoft.com/intune/device-updates/android/planning-guide" target="_blank" rel="noopener"&gt;built-in update policies in Intune&lt;/A&gt;, including configuring install windows and freeze periods. For corporate Android fleets, Intune also integrates with OEM firmware management solutions - including&amp;nbsp;&lt;A class="lia-external-url" href="https://learn.microsoft.com/intune/device-updates/android/setup-zebra-lifeguard" target="_blank" rel="noopener"&gt;Zebra LifeGuard Over-the-Air&lt;/A&gt; and &lt;A class="lia-external-url" href="https://learn.microsoft.com/intune/device-updates/android/manage-fota" target="_blank" rel="noopener"&gt;Samsung E-FOTA&lt;/A&gt; - to enable more granular update control. &lt;A class="lia-external-url" href="https://learn.microsoft.com/intune/app-management/deployment/add-managed-google-play" target="_blank" rel="noopener"&gt;Managed Google Play also supports configurable app auto-update modes&lt;/A&gt;, allowing admins to define whether updates install automatically, on Wi-Fi only, or manually.&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;&lt;STRONG&gt;2. &lt;/STRONG&gt;&lt;STRONG&gt;Assess: &lt;/STRONG&gt;prioritize risk based on exposure and severity&lt;/H3&gt;
&lt;P&gt;The first step is reducing exposure across the parts of your estate that can move quickly. But not every system, application, or vulnerability can be addressed through broad update deployment. Teams also need a way to determine which risks require immediate action and which ones can be addressed over time.&lt;/P&gt;
&lt;P class=""&gt;A calendar-based approach can treat every CVE equally. However, it doesn’t account for severity, exposure, or business impact. As AI accelerates vulnerability discovery, this can lead to effort being spent on lower-risk updates while higher-risk updates remain unaddressed.&lt;/P&gt;
&lt;P&gt;Risk-based service level objectives (SLOs) help bring prioritization to address this challenge. Instead of patching on a fixed schedule, IT and security teams can align response timeframes by severity, moving quickly on actively exploited or critical vulnerabilities, and applying a more measured approach where risk or impact is lower.&lt;/P&gt;
&lt;P&gt;This stage creates a clearer prioritization of remediation and helps bridge the view between the security teams that identify threats and the IT teams that act on them.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Operationalize in Intune and Microsoft Defender&lt;/STRONG&gt;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;The &lt;A class="lia-external-url" href="https://aka.ms/Intune" target="_blank" rel="noopener"&gt;security update status dashboard in Intune&lt;/A&gt; provides an aggregated view of update compliance across Windows clients, Windows servers, and Microsoft 365 Apps. It shows overall counts of devices in different states across Intune-endpoints and helps teams identify where remediation should be focused. These status categories reflect how quickly devices apply updates based on a configured deployment cadence and internal SLOs.&lt;BR /&gt;&lt;BR /&gt;&lt;img&gt;
&lt;P&gt;&lt;EM&gt;Figure 4: Security update dashboard showing patch status for Windows clients, servers, and Microsoft 365 apps.&lt;/EM&gt;&lt;/P&gt;
&lt;/img&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A class="lia-external-url" href="https://learn.microsoft.com/defender-vulnerability-management/defender-vulnerability-management" target="_blank" rel="noopener"&gt;Microsoft Defender Vulnerability Management&lt;/A&gt; surfaces CVEs, affected devices, vulnerable software, and recommended remediation actions, offering a shared view of risk and progress across IT and security teams.&lt;BR /&gt;&lt;BR /&gt;&lt;/LI&gt;
&lt;LI&gt;Translate Defender recommendations into targeted Intune actions described in the mitigate section, such as updating software or moving devices through expedited remediation workflows so teams can focus on vulnerabilities that are actively exploited or most likely to affect an organization.&lt;BR /&gt;&lt;BR /&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&lt;STRONG&gt;Extend across your endpoint estate&lt;/STRONG&gt;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;For Apple devices&lt;/STRONG&gt;, use the &lt;A class="lia-external-url" href="https://learn.microsoft.com/intune/device-updates/apple/monitor-reports" target="_blank" rel="noopener"&gt;Apple software update report&lt;/A&gt; in Intune to monitor update status across macOS, iOS, and iPadOS.&lt;BR /&gt;&lt;BR /&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;For Android, &lt;/STRONG&gt;&lt;A class="lia-external-url" href="https://learn.microsoft.com/intune/device-security/compliance/monitor-policy" target="_blank" rel="noopener"&gt;compliance reporting&lt;/A&gt; surfaces devices that fall behind on OS version or security patch level.&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;&lt;STRONG&gt;3. &lt;/STRONG&gt;&lt;STRONG&gt;Contain&lt;/STRONG&gt;: enforce patch compliance and limit exposure&lt;/H3&gt;
&lt;P&gt;Even with automated deployments and prioritized triage, gaps can remain. Some devices are unsupported, fall behind, operate on slower deployment rings, and others can’t be patched quickly. A patch strategy needs to focus on including containment for those surfaces.&lt;/P&gt;
&lt;P&gt;Compliance controls, conditional access, and device hardening act as an always-on safety net that limits risks that can fall through gaps. Compliance policies and Conditional Access can use a patch state as a signal for resource access, preventing non-compliant devices from accessing corporate resources. Security baselines reduce the attack surface by limiting risky defaults and common attack patterns. Together, these controls shift enforcement from a periodic activity to a continuous condition across a fleet.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Operationalize in Intune and Defender&lt;/STRONG&gt;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Use &lt;A class="lia-external-url" href="https://learn.microsoft.com/intune/device-security/compliance/overview" target="_blank" rel="noopener"&gt;compliance policies&lt;/A&gt; in Intune to define what "current" means, including minimum OS build, required update levels, risk status, and encryption state.&lt;BR /&gt;&lt;BR /&gt;&lt;/LI&gt;
&lt;LI&gt;Use &lt;A class="lia-external-url" href="https://learn.microsoft.com/intune/device-security/conditional-access-integration/overview" target="_blank" rel="noopener"&gt;Conditional Access&lt;/A&gt; (managed in Microsoft Entra, accessible from the Intune admin center) to control access to company resources based on user and device health. Combined with threat signals from Microsoft Defender, these policies help prevent non-compliant devices from accessing corporate resources.&lt;BR /&gt;&lt;BR /&gt;&lt;/LI&gt;
&lt;LI&gt;Use Microsoft Defender Vulnerability Management and &lt;A class="lia-external-url" href="https://learn.microsoft.com/security-exposure-management/microsoft-security-exposure-management" target="_blank" rel="noopener"&gt;Microsoft Security Exposure Management&lt;/A&gt; insights to identify exposed assets, prioritize remediation, and apply recommended protections where patching must move more slowly.&lt;BR /&gt;&lt;BR /&gt;&lt;/LI&gt;
&lt;LI&gt;Apply Intune &lt;A class="lia-external-url" href="https://learn.microsoft.com/intune/device-security/security-baselines/overview" target="_blank" rel="noopener"&gt;security baselines&lt;/A&gt; to establish Microsoft-recommended configurations on Windows devices, such as disabling risky defaults, blocking common attack techniques, and reducing configuration drift. Watch this &lt;A class="lia-external-url" href="https://www.youtube.com/watch?v=V-QBO2cJn4E" target="_blank" rel="noopener"&gt;demo on security baselines&lt;/A&gt; being applied in the &lt;A class="lia-external-url" href="https://zerotrust.microsoft.com/" target="_blank" rel="noopener"&gt;Zero Trust workshop&lt;/A&gt;.&lt;BR /&gt;&lt;BR /&gt;&lt;/LI&gt;
&lt;LI&gt;Use &lt;A class="lia-external-url" href="https://learn.microsoft.com/intune/device-configuration/endpoint-security/attack-surface-reduction" target="_blank" rel="noopener"&gt;attack surface reduction policies in Intune&lt;/A&gt; to deploy Microsoft Defender for Endpoint protections, such as ASR rules and network protection, that help block common attack techniques on devices that can't be patched right away.&lt;BR /&gt;&lt;BR /&gt;&lt;div data-video-id="https://www.youtube.com/watch?v=9TFhIRHma1E&amp;amp;t/1783554817508" data-video-remote-vid="https://www.youtube.com/watch?v=9TFhIRHma1E&amp;amp;t/1783554817508" class="lia-video-container lia-media-is-center lia-media-size-medium"&gt;&lt;iframe src="https://cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fwww.youtube.com%2Fembed%2F9TFhIRHma1E%3Ffeature%3Doembed&amp;amp;display_name=YouTube&amp;amp;url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D9TFhIRHma1E&amp;amp;image=https%3A%2F%2Fi.ytimg.com%2Fvi%2F9TFhIRHma1E%2Fhqdefault.jpg&amp;amp;type=text%2Fhtml&amp;amp;schema=youtube" allowfullscreen="" style="max-width: 100%"&gt;&lt;/iframe&gt;&lt;span class="lia-media-caption-text"&gt;
&lt;P&gt;&lt;EM&gt;Figure 5: Watch this Demo on how you can manage devices and implement Conditional Access with Intune.&lt;/EM&gt;&lt;/P&gt;
&lt;/div&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Extend across your endpoint estate&lt;/STRONG&gt;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Compliance policies and Conditional Access controls apply across Windows, macOS, iOS/iPadOS, and Android.&lt;BR /&gt;&lt;BR /&gt;&lt;/LI&gt;
&lt;LI&gt;Intune &lt;A class="lia-external-url" href="https://learn.microsoft.com/intune/app-management/protection/overview" target="_blank" rel="noopener"&gt;app protection policies&lt;/A&gt; extend compliance requirements and data protections to managed apps used for work on personal devices and add an additional layer of data protection on corporate devices.&lt;BR /&gt;&lt;BR /&gt;&lt;/LI&gt;
&lt;LI&gt;Use the &lt;A class="lia-external-url" href="https://learn.microsoft.com/intune/device-configuration/settings-catalog" target="_blank" rel="noopener"&gt;settings catalog&lt;/A&gt; and configuration profiles to apply the same hardening intent on macOS, iOS/iPadOS, and Android, reducing configuration drift across platforms.&lt;BR /&gt;&lt;BR /&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;Stay ahead with a patch strategy&lt;/H3&gt;
&lt;P&gt;As vulnerability discovery and response continue to accelerate, organizations need an operational strategy that balances speed, risk, and resilience. By automating updates where possible, prioritizing remediation based on exposure, and limiting exposure through compliance and security controls, teams can reduce risk across their endpoint estate.&lt;/P&gt;
&lt;P&gt;Intune helps simplify this approach by bringing these capabilities together alongside the rest of your Microsoft security tools and ecosystem.&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;A class="lia-external-url" href="https://security.microsoft.com/securenow" target="_blank" rel="noopener"&gt;Get started with Microsoft Secure Now&lt;/A&gt; to assess risk across your digital estate.&lt;/LI&gt;
&lt;LI&gt;Explore the &lt;A class="lia-internal-link lia-internal-url lia-internal-url-content-type-blog" href="https://techcommunity.microsoft.com/blog/intunecustomersuccess/as-vulnerability-discovery-moves-at-ai-speed-keeping-current-is-foundational-to-/4513766" target="_blank" rel="noopener" data-lia-auto-title="new security update status dashboard" data-lia-auto-title-active="0"&gt;new security update status dashboard&lt;/A&gt; in Intune.&lt;/LI&gt;
&lt;LI&gt;Harden the admin plane and review the &lt;A class="lia-internal-link lia-internal-url lia-internal-url-content-type-blog" href="https://techcommunity.microsoft.com/blog/intunecustomersuccess/best-practices-for-securing-microsoft-intune/4502117" target="_blank" rel="noopener" data-lia-auto-title="best practices for securing Microsoft Intune" data-lia-auto-title-active="0"&gt;best practices for securing Microsoft Intune&lt;/A&gt;.&lt;/LI&gt;
&lt;/UL&gt;
&lt;HR style="border: 0; border-top: 1px solid #e5e5e5; margin: 32px 0 20px 0;" /&gt;
&lt;DIV style="font-size: 13px; line-height: 1.6; color: #666666;"&gt;
&lt;P&gt;&lt;SUP&gt;1&lt;/SUP&gt; &lt;STRONG&gt;Licensing and requirements&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;Feature availability and included capabilities vary by Microsoft 365 subscription plan and feature. Some Microsoft capabilities referenced in this post may require specific licenses or additional enablement.&lt;/P&gt;
&lt;P&gt;Advanced Microsoft Intune capabilities are now included &lt;A class="lia-internal-link lia-internal-url lia-internal-url-content-type-blog" href="https://techcommunity.microsoft.com/blog/microsoftintuneblog/advanced-microsoft-intune-capabilities-now-available-in-microsoft-365-e3-and-e5/4529335" target="_blank" rel="noopener" data-lia-auto-title="in Microsoft 365 E5, with select capabilities available in Microsoft 365 E3" data-lia-auto-title-active="0"&gt;in Microsoft 365 E5, with select capabilities available in Microsoft 365 E3&lt;/A&gt; as part of updates effective July 1, 2026. Existing customers will receive a 30-day notice in the Microsoft Admin Center prior to availability, with access beginning by August 2026.&lt;/P&gt;
&lt;P&gt;Microsoft Security Copilot and related AI capabilities may require separate licensing, &lt;A class="lia-external-url" href="https://aka.ms/SecurityCopilotPricing" target="_blank" rel="noopener"&gt;learn more here&lt;/A&gt;.&lt;/P&gt;
&lt;/DIV&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;Stay up to date! Bookmark the &lt;/EM&gt;&lt;A class="lia-internal-link lia-internal-url lia-internal-url-content-type-blog" href="https://techcommunity.microsoft.com/category/microsoftintune/blog/microsoftintuneblog" target="_blank" rel="noopener" data-lia-auto-title="Microsoft Intune Blog" data-lia-auto-title-active="0"&gt;Microsoft Intune Blog&lt;/A&gt;&lt;EM&gt; and follow us on LinkedIn or&amp;nbsp;&lt;A class="lia-external-url" href="https://aka.ms/MSIntune" target="_blank" rel="noopener"&gt;@MSIntune&lt;/A&gt; and &lt;A class="lia-external-url" href="https://aka.ms/IntuneSuppTeam" target="_blank" rel="noopener"&gt;@IntuneSuppTeam&lt;/A&gt; on X to continue the conversation.&lt;/EM&gt;&lt;/P&gt;</description>
      <pubDate>Fri, 10 Jul 2026 17:18:27 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/intune-customer-success/build-a-patch-strategy-for-today-s-threat-pace-with-microsoft/ba-p/4535115</guid>
      <dc:creator>Intune_Support_Team</dc:creator>
      <dc:date>2026-07-10T17:18:27Z</dc:date>
    </item>
    <item>
      <title>This is the moment to shape what’s next for your hosting business</title>
      <link>https://techcommunity.microsoft.com/t5/partner-news/this-is-the-moment-to-shape-what-s-next-for-your-hosting/ba-p/4535070</link>
      <description>&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;For hosting partners, today’s market shifts are more than a challenge—they’re&amp;nbsp;an opportunity to modernize with intention and grow into&amp;nbsp;what’s&amp;nbsp;next. Customers are looking for partners who can deliver continuity today and a credible modernization path for tomorrow.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559739&amp;quot;:0,&amp;quot;335559740&amp;quot;:276}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559739&amp;quot;:0,&amp;quot;335559740&amp;quot;:276}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-contrast="auto"&gt;By acting early, you put yourself in a stronger position to preserve what works, modernize at a sustainable pace, and expand into higher‑value services—without disrupting existing relationships.&lt;/SPAN&gt;&amp;nbsp;&lt;BR /&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559739&amp;quot;:0,&amp;quot;335559740&amp;quot;:276}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;&lt;SPAN data-contrast="auto"&gt;Here’s&amp;nbsp;a clear path forward:&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559739&amp;quot;:0,&amp;quot;335559740&amp;quot;:276}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;/P&gt;
&lt;UL&gt;
&lt;LI aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{&amp;quot;335552541&amp;quot;:1,&amp;quot;335559685&amp;quot;:720,&amp;quot;335559991&amp;quot;:360,&amp;quot;469769226&amp;quot;:&amp;quot;Symbol&amp;quot;,&amp;quot;469769242&amp;quot;:[8226],&amp;quot;469777803&amp;quot;:&amp;quot;left&amp;quot;,&amp;quot;469777804&amp;quot;:&amp;quot;&amp;quot;,&amp;quot;469777815&amp;quot;:&amp;quot;hybridMultilevel&amp;quot;}" data-aria-posinset="1" data-aria-level="1"&gt;&lt;SPAN data-contrast="auto"&gt;Start with clarity.&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN data-contrast="auto"&gt;Check out the&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://assetsprod.microsoft.com/dco-partner-one-pager.pdf?wt.mc_id=8r9bx2v5oq" target="_blank"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;one‑pager&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt;, “Turn hosting market disruption into a growth opportunity,” to align your organization on why now&amp;nbsp;is the time&amp;nbsp;to shift from traditional hosting to a services-led model.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559739&amp;quot;:0,&amp;quot;335559740&amp;quot;:276}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;UL&gt;
&lt;LI aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{&amp;quot;335552541&amp;quot;:1,&amp;quot;335559685&amp;quot;:720,&amp;quot;335559991&amp;quot;:360,&amp;quot;469769226&amp;quot;:&amp;quot;Symbol&amp;quot;,&amp;quot;469769242&amp;quot;:[8226],&amp;quot;469777803&amp;quot;:&amp;quot;left&amp;quot;,&amp;quot;469777804&amp;quot;:&amp;quot;&amp;quot;,&amp;quot;469777815&amp;quot;:&amp;quot;hybridMultilevel&amp;quot;}" data-aria-posinset="2" data-aria-level="1"&gt;&lt;SPAN data-contrast="auto"&gt;Plan with confidence.&lt;/SPAN&gt;&lt;SPAN data-contrast="auto"&gt;&amp;nbsp;The&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://assetsprod.microsoft.com/dco-initiative-ebook.pdf?wt.mc_id=79our8xnwz" target="_blank"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;e‑book,&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt;&amp;nbsp;Navigating the Next Era of Hosting, breaks down the Microsoft Adaptive Cloud strategy: how to run workloads where they make sense, manage them as a single environment, and grow into differentiated services.&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559739&amp;quot;:0,&amp;quot;335559740&amp;quot;:276}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;UL&gt;
&lt;LI aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{&amp;quot;335552541&amp;quot;:1,&amp;quot;335559685&amp;quot;:720,&amp;quot;335559991&amp;quot;:360,&amp;quot;469769226&amp;quot;:&amp;quot;Symbol&amp;quot;,&amp;quot;469769242&amp;quot;:[8226],&amp;quot;469777803&amp;quot;:&amp;quot;left&amp;quot;,&amp;quot;469777804&amp;quot;:&amp;quot;&amp;quot;,&amp;quot;469777815&amp;quot;:&amp;quot;hybridMultilevel&amp;quot;}" data-aria-posinset="3" data-aria-level="1"&gt;&lt;SPAN data-contrast="auto"&gt;Transform with support.&lt;/SPAN&gt;&lt;SPAN data-contrast="auto"&gt;&amp;nbsp;Go from planning to action with the&amp;nbsp;Microsoft&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://partner.microsoft.com/DCO?wt.mc_id=6cbynl7brb" target="_blank"&gt;&lt;SPAN data-contrast="none"&gt;&lt;SPAN data-ccp-charstyle="Hyperlink"&gt;Datacenter Optimization (DCO) site&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt;, which includes ongoing transition guidance, tools, FAQs, the Hybrid Cloud Partners podcast, and more.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559739&amp;quot;:0,&amp;quot;335559740&amp;quot;:276}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559739&amp;quot;:0,&amp;quot;335559740&amp;quot;:276}"&gt;&lt;SPAN data-contrast="auto"&gt;Get started with&amp;nbsp;&lt;/SPAN&gt;&lt;A class="lia-external-url" href="https://assetsprod.microsoft.com/dco-partner-one-pager.pdf?wt.mc_id=8r9bx2v5oq" target="_blank"&gt;the one-pager&lt;/A&gt;&lt;SPAN data-contrast="auto"&gt;.&lt;/SPAN&gt;&lt;SPAN data-ccp-props="{&amp;quot;201341983&amp;quot;:0,&amp;quot;335559739&amp;quot;:0,&amp;quot;335559740&amp;quot;:259,&amp;quot;469777462&amp;quot;:[142],&amp;quot;469777927&amp;quot;:[0],&amp;quot;469777928&amp;quot;:[1]}"&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Thu, 09 Jul 2026 17:00:00 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/partner-news/this-is-the-moment-to-shape-what-s-next-for-your-hosting/ba-p/4535070</guid>
      <dc:creator>JillArmourMicrosoft</dc:creator>
      <dc:date>2026-07-09T17:00:00Z</dc:date>
    </item>
    <item>
      <title>LiveKd v5.65, ProcDump v12.01, and ZoomIt v12.11</title>
      <link>https://techcommunity.microsoft.com/t5/sysinternals-blog/livekd-v5-65-procdump-v12-01-and-zoomit-v12-11/ba-p/4535408</link>
      <description>&lt;DIV&gt;
&lt;P&gt;&lt;A href="https://learn.microsoft.com/sysinternals/downloads/livekd" target="_self"&gt;LiveKd v5.65&lt;/A&gt;&lt;/P&gt;
&lt;DIV&gt;This update to LiveKd, a utility that allows running the kernel debugger on a live system, protects generated dump files from non-admin readers.&lt;/DIV&gt;
&lt;DIV&gt;&amp;nbsp;&lt;/DIV&gt;
&lt;P&gt;&lt;A href="https://learn.microsoft.com/sysinternals/downloads/procdump" target="_self"&gt;ProcDump v12.01&lt;/A&gt;&lt;/P&gt;
&lt;DIV&gt;This update to ProcDump, a command-line utility for generating memory dumps from running processes, adds bug fixes.&lt;/DIV&gt;
&lt;DIV&gt;&amp;nbsp;&lt;/DIV&gt;
&lt;P&gt;&lt;A href="https://learn.microsoft.com/sysinternals/downloads/zoomit" target="_self"&gt;ZoomIt v12.11&lt;/A&gt;&lt;/P&gt;
&lt;DIV&gt;This update to ZoomIt, a screen magnification and annotation tool, adds JPEG and WEBP snip support.&lt;/DIV&gt;
&lt;DIV&gt;&amp;nbsp;&lt;/DIV&gt;
&lt;/DIV&gt;</description>
      <pubDate>Thu, 09 Jul 2026 16:59:28 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/sysinternals-blog/livekd-v5-65-procdump-v12-01-and-zoomit-v12-11/ba-p/4535408</guid>
      <dc:creator>Alex_Mihaiuc</dc:creator>
      <dc:date>2026-07-09T16:59:28Z</dc:date>
    </item>
  </channel>
</rss>

