Check This Out! (CTO!) Guide (November 2025)
Member: TysonPaul | Microsoft Community Hub Getting Started with Windows Admin Center Virtualization Mode Team Blog: ITOps Talk Author: OrinThomas Published: 11/23/2025 Summary: Windows Admin Center Virtualization Mode is a new, preview web-based tool for managing large Hyper-V virtualization environments. It centralizes compute, networking, and storage management for thousands of hosts within the same Active Directory domain. The article outlines installation prerequisites, step-by-step setup, and onboarding of Hyper-V hosts into resource groups. Users configure networking, storage, and compute properties, then manage hosts and virtual machines through a streamlined UI. The guide emphasizes certificate setup, domain requirements, and initial firewall adjustments for onboarding. Links to public preview and documentation are provided for further exploration. Microsoft Entra Domain Services: Deploy, Join a VM, and Use Classic AD Tools Team Blog: ITOps Talk Author: OrinThomas Published: 11/24/2025 Summary: Microsoft Entra Domain Services (Entra DS) enables managed Active Directory domain controller functionality in Azure, allowing you to domain-join Windows Server VMs, use Group Policy, and manage DNS without maintaining your own DC VMs. The article guides you through setting up a virtual network, deploying Entra DS, configuring DNS, joining a VM to the domain, and using classic AD and DNS management tools, streamlining identity and access management for cloud workloads while retaining familiar AD capabilities. Azure Governance @ Ignite 2025 Team Blog: Azure Governance and Management Author: jodiboone Published: 11/22/2025 Summary: Azure Governance at Ignite 2025 introduced significant updates, including the public preview of Service Groups for flexible resource hierarchies and low-privilege management. New integrations with Azure Monitoring and Resiliency were announced. Azure Policy enhancements feature Identity Based Exemptions and a revamped UX for improved compliance and policy lifecycle management. Machine Configuration now offers an extensibility framework for customizable Windows and Linux baselines aligned with CIS standards. These updates aim to simplify governance, boost security, and improve policy management for deploying secure applications in Azure environments. Empower Smarter AI Agent Investments Team Blog: Azure Governance and Management Author: Fernando_Vasconcellos Published: 11/05/2025 Summary: The article presents a series of modules designed to help technical and business leaders make cost-effective decisions throughout the AI agent lifecycle on Azure. Covering topics from use case selection and understanding cost drivers to forecasting ROI, adopting best practices, choosing development approaches, architecting scalable solutions, and ongoing optimization, the learning path offers actionable strategies for building, deploying, and managing AI agents. By aligning innovation with financial discipline, these modules ensure sustainable value, operational excellence, and long-term success for enterprise AI initiatives. Using Packet Capture for troubleshooting Azure Firewall flows Team Blog: Azure Network Security Author: ShabazShaik Published: 11/10/2025 Summary: The article introduces Azure Firewall’s new Packet Capture feature, now generally available, which enables detailed troubleshooting by capturing network packets traversing the firewall. It explains how packet capture aids in diagnosing connectivity issues, outlines setup steps, and demonstrates real-world scenarios including VNET-to-VNET, DNAT, outbound internet access, and application rule traffic. The captured data allows administrators to analyze bidirectional flows, correlate requests and responses, and pinpoint network or application issues. Overall, packet capture significantly enhances network visibility, security, and operational reliability within Azure environments. General Availability of JavaScript Challenge in Azure Front Door WAF Team Blog: Azure Network Security Author: andrewmathu Published: 11/11/2025 Summary: Microsoft has announced the general availability of the JavaScript Challenge feature for Azure Front Door’s Web Application Firewall (WAF). This feature adds an automated, browser-based anti-bot layer to distinguish legitimate users from malicious scripts, enhancing protection against modern bot attacks while maintaining user experience. The challenge is lightweight and invisible to users, can be flexibly applied to specific endpoints, and is easily configured via WAF policies. Existing preview configurations remain supported, and comprehensive documentation is available for setup and best practices. Announcing Public Preview of Window Server 2025 on Azure Kubernetes Service Team Blog: Containers Author: Akarsh Published: 11/18/2025 Summary: Microsoft has announced the public preview of Windows Server 2025 support on Azure Kubernetes Service (AKS), offering enhanced security, performance, and compatibility. Users can deploy Windows Server 2025 node pools alongside other OS options, run Windows Server 2022 containers on 2025 hosts, and benefit from improved portability. Nano Server now supports more applications and Feature on Demand, optimizing resource use. Additionally, Windows Server 2025 enables GPU acceleration for containerized workloads. Customers can test Windows Server 2025 in AKS and provide feedback to help shape future container offerings. AI and human potential: Advancing skills, innovation, and outcomes Team Blog: Microsoft Learn Author: ToddMinor Published: 11/21/2025 Summary: Organizations worldwide are partnering with Microsoft to upskill employees in AI, driving innovation, efficiency, and business growth across sectors. Through initiatives like AI Skills Navigator, companies such as Albertsons, Levi Strauss, Vodafone, and Danone are integrating AI into daily work, fostering resilient, future-ready teams. Real-world examples from banking, retail, energy, and technology highlight that true transformation starts with people, not just technology. Empowered employees use AI to reimagine work, enhance productivity, and deliver meaningful outcomes, proving that continuous learning and AI adoption are key to unlocking human and organizational potential. Powering career and business growth through AI-led, human-enhanced skilling experiences Team Blog: Microsoft Learn Author: jeanaj Published: 11/18/2025 Summary: The article introduces Microsoft’s AI Skills Navigator, a unified, AI-powered learning platform designed to help individuals and organizations rapidly build and validate essential AI and human skills for career and business growth. Integrating content and credentials from Microsoft, LinkedIn, and GitHub, it offers personalized, interactive, and shareable learning experiences. Strategic partnerships with LinkedIn, GitHub, and Pearson further expand access to verified credentials and tailored training. The initiative aims to address the challenge of keeping pace with AI-driven changes, making upskilling accessible, relevant, and collaborative for the global workforce. Azure NCv6 Public Preview: The new Unified Platform for Converged AI and Visual Computing Team Blog: Azure High Performance Computing (HPC) Author: rishabv90 Published: 11/24/2025 Summary: Microsoft has announced the Azure NCv6 series, now in public preview, featuring NVIDIA RTX PRO 6000 Blackwell GPUs and Intel Granite Rapids CPUs. The NCv6 offers a unified platform for converged AI and visual computing, supporting digital twins, LLM inference, agentic workflows, and high-fidelity rendering. With scalable sizing, massive memory, and fractional GPU options, it caters to diverse workloads in AI, simulation, media, and remote desktops. This platform delivers breakthrough performance, cost-effective infrastructure, and seamless upgrades, empowering enterprises to innovate in the era of converged AI and industrial digitalization. Azure ND GB300 v6 now Generally Available - Hyper-optimized for Generative and Agentic AI workloads Team Blog: Azure High Performance Computing (HPC) Author: Nitin_Nagarkatte Published: 11/19/2025 Summary: Microsoft has announced the general availability of Azure ND GB300 v6 virtual machines, featuring thousands of NVIDIA GB300 NVL72 Blackwell Ultra GPUs and next-gen InfiniBand networking. These VMs deliver major performance improvements for generative and agentic AI workloads, including frontier model training and large-scale inference. With record-breaking throughput, scalable architecture, and advanced management tools, ND GB300 v6 enables efficient deployment and scaling of trillion-parameter models, long-context, and multimodal AI tasks, reaffirming Microsoft’s leadership in AI infrastructure and partnership with NVIDIA. Deriving expiry days and remaining retention days for blobs through blob inventory Team Blog: Azure PaaS Author: Harshi_mrinal Published: 11/11/2025 Summary: The article explains how to derive expiry days and remaining retention days for blobs in Azure Blob Storage and Data Lake Gen2 accounts using Blob Inventory reports. It outlines steps to set blob expiry, generate inventory CSV files, and use Azure Synapse SQL queries to list expiry times and retention days for soft-deleted blobs. The process helps organizations manage data lifecycle, optimize storage, and ensure compliance. Alternative methods such as PowerShell and Azure CLI are also suggested for similar tasks. Reference links for further learning are provided. Update Coverage Workbook in Microsoft Defender for Cloud to Include Defender for AI Plan status Team Blog: Core Infrastructure and Security Author: SantoshPargi Published: 11/03/2025 Summary: The article outlines two methods to track Defender for AI plan status in Microsoft Defender for Cloud. Option 1 involves updating the existing Coverage Workbook to display Defender for AI data, offering centralized visibility but needing manual maintenance. Option 2 uses Azure Resource Graph Explorer to run queries for AI plan status across subscriptions, providing flexibility and easier automation but separate from the workbook interface. The recommendation: update the Coverage Workbook for unified dashboards, or use Resource Graph Explorer for quick or automated checks. Platform SSO for macOS Team Blog: Core Infrastructure and Security Author: Farooque Published: 11/10/2025 Summary: Microsoft’s Platform SSO for macOS enables secure, passwordless authentication using Touch ID, smart cards, and passkeys, leveraging Apple’s SSO framework and integrating with Entra ID. Supporting macOS 13+, it streamlines device and app sign-in, offers centralized identity management, and requires no additional agent. Deployment involves Intune policies, device enrollment, and configuration of authentication methods. Administrators can customize login experiences and should align password policies and group assignments for compliance. Platform SSO improves security, user experience, and operational efficiency for organizations transitioning to modern authentication solutions. Announcing Network HUD: Operational Network Monitoring for Windows Server 2025 Team Blog: Networking Author: Basel_Kablawi Published: 11/18/2025 Summary: Network HUD is a new operational network monitoring tool for Windows Server 2025 clusters, offering real-time health checks and actionable insights to prevent networking issues. It detects adapter instability, driver incompatibility, storage inconsistencies, and misconfigured VLANs, reducing troubleshooting time. Integrating with physical switches via LLDP, Network HUD ensures host and network fabric alignment. Delivered as an Arc extension, it enables easy deployment and alerting through Windows Admin Center and PowerShell, helping administrators proactively maintain stable, high-performing server environments and avoid costly downtime. Announcing General Availability for AccelNet on Windows Server 2025 Team Blog: Networking Author: Basel_Kablawi Published: 11/18/2025 Summary: Microsoft has announced the general availability of Accelerated Networking (AccelNet) for Windows Server 2025 Datacenter. AccelNet uses SR-IOV technology to bypass the virtual switch, reducing CPU overhead and delivering predictable, low-latency performance for demanding workloads. It enables higher VM density per host and integrates seamlessly with Hyper-V and Failover Clustering. Deployment is simplified via Windows Admin Center and PowerShell, ensuring easy, scalable, and consistent configuration. AccelNet provides a consistent operational model across hybrid environments, benefiting scenarios like OLTP, in-memory caching, and dense virtualization. Azure Local 22H2 Clusters: End of Service and Feature Degradation Team Blog: Azure Arc Author: Arpita Duppala Published: 11/25/2025 Summary: Azure Local version 22H2 reached End of Service on May 31, 2025. Starting February 23, 2026, Microsoft will begin degrading features, including disabling Extended Security Updates (ESU) and Windows Server Subscription (WSS) benefits. Customers cannot renew or purchase ESU/WSS, risking security vulnerabilities and compliance issues. Microsoft will not restore degraded features or provide remediation for risks. To maintain support and security, customers are urged to upgrade to version 24H2 promptly to avoid service disruptions and compliance violations. Transforming City Operations: How Villa Park and DataON Deliver Real-Time Decisions with Edge RAG Team Blog: Azure Arc Author: moran_assaf Published: 11/18/2025 Summary: The article details how Villa Park, California, in partnership with DataON and Microsoft, leverages Edge Retrieval-Augmented Generation (Edge RAG) to modernize city operations. Using Azure Local infrastructure, Edge RAG enables fast, secure, and offline AI-powered workflows for zoning, compliance, and permitting, drastically reducing processing times. New features include advanced document parsing, multimodal search, SharePoint integration, and autonomous workflows. Villa Park serves as a model for smart city transformation, demonstrating how edge AI enhances operational resilience, data security, and efficiency, while allowing municipalities to maintain data sovereignty and tailor AI solutions to their needs. Announcing Cobalt 200: Azure’s next cloud-native CPU Team Blog: Azure Infrastructure Author: sebilgin Published: 11/18/2025 Summary: Microsoft has announced Azure Cobalt 200, its next-generation Arm-based CPU for cloud-native workloads, offering up to 50% better performance than Cobalt 100. Featuring 132 cores, advanced memory encryption, custom compression and cryptography accelerators, and built-in Azure Boost networking and storage capabilities, Cobalt 200 is designed for optimized efficiency, security, and workload compatibility. The CPU leverages extensive real-world benchmarking and AI-powered simulations to achieve optimal performance and energy savings. Cobalt 200 servers are now live in datacenters, with broader customer availability expected in 2026. Enabling Private Connectivity for Microsoft Fabric: A Practical Guide Team Blog: Azure Infrastructure Author: mohit-kanojia Published: 11/19/2025 Summary: The article outlines strategies for securely integrating Microsoft Fabric—a unified analytics SaaS platform—into large, security-sensitive enterprise environments with private-only, Zero-Trust architectures. It details how Fabric’s components (Lakehouse, Warehouse, Spark, Workspaces) can be accessed via private endpoints, managed private endpoints, VNet data gateways, and private DNS, ensuring no public exposure. The author shares a practical architecture using Azure’s hub-spoke model and highlights governance, automation with Terraform, and robust network controls, demonstrating that with careful planning, Fabric can operate securely within strict enterprise boundaries. Pure Storage Cloud, Azure Native evolves at Microsoft Ignite! Team Blog: Azure Storage Author: Aung_Oo Published: 11/19/2025 Summary: Microsoft has expanded its Azure Native Pure Storage Cloud integration, enabling customers to provision Pure Storage volumes to Azure Virtual Machines for both Linux and Windows applications. This partnership leverages Pure Storage’s enterprise-grade features, cost efficiency, and resilience, simplifying deployment and management via Azure Portal tools. Organizations have reported significant cost savings and improved performance, with benefits like advanced data management, rapid restores, and enhanced security. The service is available as a fully managed, Azure-native solution, now supporting both Azure VMware Solution and Azure VMs, with a 30-day free trial offered for new users. Reduce latency and enhance resilience with Azure Files zonal placement Team Blog: Azure Storage Author: hanagpal Published: 11/18/2025 Summary: Azure Files Premium LRS now supports zonal placement, allowing users to pin storage accounts to a specific Azure Availability Zone. This feature reduces latency by co-locating storage and compute resources, optimizes performance for latency-sensitive workloads, and enhances resilience by isolating failure domains. Zonal placement is available for both SMB and NFS shares and can be configured during storage account creation or update. It is ideal for databases, enterprise platforms, and business applications, and is currently available in select regions supporting Premium LRS and Availability Zones. Streamline Analytics Spend on Microsoft Fabric with Azure Reservations Team Blog: FinOps Author: kyleikeda Published: 11/24/2025 Summary: Microsoft Fabric is an integrated SaaS data platform offering unified analytics and AI, powered by OneLake. Organizations can optimize their analytics spend by purchasing Azure reservations for Fabric Capacity Units, which provide significant discounts for predictable workloads. Reservations simplify purchasing, offer flexible payment options, and can be managed via the Azure Portal. Best practices include careful usage estimation, enabling auto-renewal, monitoring with Azure Cost Management, and choosing appropriate scopes. By leveraging reservations, businesses can maximize savings while maintaining performance and scalability. For more details, visit the Microsoft Marketplace or Azure Portal. Accelerating HPC and EDA with Powerful Azure NetApp Files Enhancements Team Blog: Azure Architecture Author: GeertVanTeylingen Published: 11/14/2025 Summary: Azure NetApp Files introduces major enhancements for High-Performance Computing (HPC) and Electronic Design Automation (EDA) workloads, offering breakthrough petabyte-scale storage, high throughput, and advanced data management. New features include large volume support (up to 7.2 PiB), cool access for cost savings, user/group quota reporting, robust backup and single-file restore, hybrid cloud data mobility, cache volumes for burst-to-cloud, and AI-ready object REST API integration. These innovations boost scalability, reliability, operational efficiency, and security, enabling teams to accelerate time-to-market, optimize costs, and confidently manage complex, data-intensive workloads in the cloud. Introducing Local Identity with Azure Key Vault in Build 2510 Team Blog: Azure Architecture Author: ShireenIsab Published: 11/07/2025 Summary: Microsoft has announced a public preview of local identity integration with Azure Key Vault in Build 2510, enabling Azure local clusters to operate without Active Directory, simplifying deployments and backup processes. Key Vault integration allows seamless backup of keys, with compatibility efforts underway with partners like Veeam, Commvault, Dell, and Lenovo. Additionally, private previews introduce a Management Toolkit for secure cluster administration and Internal DNS for simplified name resolution, both designed to work without Active Directory. Users are encouraged to upgrade, test features, and provide feedback via email. Migrate or modernize your applications using Azure Migrate Team Blog: Azure Migration and Modernization Author: Shikher Published: 11/10/2025 Summary: Azure Migrate is Microsoft’s free platform for migrating and modernizing applications to Azure, offering features like application-aware migration, multi-server dependency mapping, software and security insights, and code-level analysis integration. It enables holistic migration planning by grouping workloads into applications, providing ROI analysis, and supporting phased wave planning for execution. The platform integrates with tools like GitHub Copilot and CAST for code assessment, facilitating collaboration among IT, security, and development teams, and supports a wide range of workloads and migration strategies for a seamless cloud transition. Migration Agent - Unlocking transformation Team Blog: Azure Migration and Modernization Author: SShastri Published: 11/18/2025 Summary: The article highlights how IT modernization is an ongoing transformation, driven by cloud-native architectures and innovations like AI. Central to this journey is the new Migration Agent powered by Azure Migrate, which provides actionable insights, security assessments, and evidence-backed recommendations for migration. It automates infrastructure deployment, ensures governance, and supports wave-based migration planning. Integration with tools like GitHub Copilot and CAST Highlight accelerates modernization, making cloud migration a continuous, developer-driven process that enhances agility, security, and business alignment, positioning Azure as a strategic launchpad for digital transformation. Azure CLI and Azure PowerShell Ignite 2025 Announcement Team Blog: Azure Tools Author: Alex-wdy Published: 11/19/2025 Summary: At Microsoft Ignite 2025, Azure CLI and Azure PowerShell announced major updates focused on quality, security, and AI integration. Key enhancements include MFA enforcement, Python 3.13 compatibility, new "What-If" and "Export Bicep" features, expanded service and extension support, and improved endpoint discovery. MFA claims challenges and optional pagination for large datasets were also addressed. These updates aim to streamline user workflows, bolster security, and leverage AI for smarter cloud management. Full release notes and migration guides are available for users to ensure smooth upgrades. Gaining Confidence with Az CLI and Az PowerShell: Introducing What if & Export Bicep Team Blog: Azure Tools Author: stevenbucher Published: 11/21/2025 Summary: Azure CLI and Azure PowerShell now offer “What if” and “Export Bicep” features in private preview, letting users safely preview command impacts and export actions as Bicep templates before making changes. These tools reduce risk, boost confidence, and accelerate infrastructure-as-code adoption by validating scripts and converting commands into reusable templates. Supported for select commands, users can sign up for early access and provide feedback, improving productivity and minimizing deployment errors in Azure environments. Support tip: Aligning network policy with Microsoft Intune and Zero Trust Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 11/03/2025 Summary: The article discusses aligning network policies with Microsoft Intune and Zero Trust principles, emphasizing the limitations of traditional perimeter-based architectures in supporting cloud services and hybrid work. It outlines three models—endpoint, domain, and domain/IP enforced access—for managing outbound traffic, recommending automation and bypassing inspection for Microsoft traffic. Adopting cloud-native tools and Zero Trust controls improves security, reliability, and user experience. The article encourages modernizing network architecture to support cloud services and details Microsoft’s ongoing enhancements, such as moving Intune endpoints to Azure Front Door for better performance and security. Debunking the myth: Cloud-native Windows devices and access to on-premises resources Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 11/14/2025 Summary: The article debunks the myth that cloud-native Windows devices can’t access on-premises resources. It explains that, with minimal configuration, these devices can connect to file shares and legacy apps using NTLM or Kerberos authentication. By leveraging Microsoft Entra ID, Intune, and solutions like Windows Hello for Business and Zero Trust Network Access, organizations can maintain security and user experience while accessing on-premises resources. The article also recommends adopting modern identity and security frameworks and offers resources such as Microsoft’s Zero Trust Workshop for effective implementation. Reimagining VM Application Management for an AI-Powered, Secure Future Team Blog: Azure Compute Author: tanmay-gore Published: 11/18/2025 Summary: The article discusses the transformation of virtual machine (VM) application management amid increasing AI-driven automation and security demands. Traditional deployment methods are inadequate for modern needs. Azure VM Applications offers a managed, end-to-end solution, enabling rapid, secure, and version-controlled deployment of diverse workloads. Key features include modular packaging, fast publishing, seamless CI/CD integration, regional replication, granular security controls, and unified monitoring. These capabilities improve resilience, compliance, and operational efficiency, allowing organizations to safely manage and scale VM applications for AI-powered workloads while streamlining software lifecycle management. Introducing Metadata Security Protocol (MSP): Elevating Platform Security for Azure VMs Team Blog: Azure Compute Author: Amjad_Shaik Published: 11/19/2025 Summary: Microsoft has announced the General Availability of Metadata Security Protocol (MSP) for Azure VMs, providing industry-first authentication and authorization for metadata service endpoints. MSP introduces a default-closed security model, enforcing access controls and zero-trust principles for Instance Metadata Service (IMDS) and WireServer. Key features include HMAC-based authentication, process-level RBAC, eBPF-powered request verification, and granular allowlisting. MSP significantly reduces attack surfaces such as SSRF and nested tenancy bypasses. Adoption involves auditing current access, creating an allowlist, and enforcing restrictions, enhancing defense-in-depth for sensitive VM metadata. Simplify container network metrics filtering in Azure Container Networking Services for AKS Team Blog: Azure Networking Author: KhushbuP Published: 11/08/2025 Summary: Azure Container Networking Services for AKS now offers container network metrics filtering in public preview, allowing users to control which metrics are collected at the pod level using Kubernetes custom resources. This feature reduces metrics bloat, lowers storage and ingestion costs, and improves dashboard clarity by filtering data before it reaches observability tools. Filters can be dynamically updated without downtime and target specific namespaces or pod labels, ensuring only relevant metrics are captured. Users can enable this by defining filters with the ContainerNetworkMetric CRD and validating settings, streamlining network observability and cost management. Integrating Azure Application Gateway v2 with Azure API Management for secure and scalable API Team Blog: Azure Networking Author: ranjsharma Published: 11/18/2025 Summary: Integrating Azure Application Gateway v2 with Azure API Management secures and scales API access, combining WAF protection, advanced routing, and API governance features. The article details various deployment scenarios (public, private, hybrid), network/DNS requirements, security hardening (TLS, WAF, mTLS, private endpoints), and observability best practices. It covers Terraform deployment, CI/CD automation, diagnostics, cost optimization, troubleshooting, and a production readiness checklist. This integration enables robust security, scalability, and centralized API management for cloud, hybrid, and on-premises backends. Announcing new hybrid deployment options for Azure Virtual Desktop Team Blog: Azure Virtual Desktop Author: SteveDMSFT Published: 11/18/2025 Summary: Microsoft has announced a limited preview of Azure Virtual Desktop for hybrid environments, enabling organizations to run cloud-native virtual desktops and applications on existing on-premises infrastructure via Azure Arc. This expands support to various hypervisors and hardware, allowing businesses to leverage current investments while maintaining unified management. Key partners—ControlUp, LoginVSI, Nerdio, and Nutanix—are providing integration and support. The solution offers flexibility, optimized management, and a clear path to cloud migration, addressing performance, compliance, and data residency needs for hybrid IT environments. Interested organizations can enroll via Microsoft’s preview interest form.Check This Out! (CTO!) Guide (October 2025)
Member: TysonPaul | Microsoft Community Hub Reimagining AI at scale: NVIDIA GB300 NVL72 on Azure Team Blog: Azure Infrastructure Author: gwaqar Published: 10/28/2025 Summary: Microsoft has deployed the NVIDIA GB300 NVL72 infrastructure on Azure, offering unprecedented AI compute density in a single rack with 72 Blackwell Ultra GPUs and 36 Grace CPUs. The system features advanced liquid cooling, smart rack management, robust security, and streamlined deployment for rapid scaling. Innovations include improved power and thermal management, integrated diagnostics, and flexible cooling for global data centers. The GB300 platform enables efficient, reliable scaling of high-density AI clusters, supporting demanding workloads like multitrillion-parameter model training and inference, and exemplifies Microsoft’s commitment to cutting-edge, resilient AI infrastructure. Managing Context Retention in Agentic AI Team Blog: Azure Infrastructure Author: RavinderGupta Published: 10/03/2025 Summary: **Summary:** The article discusses the challenge of context retention in agentic AI systems, which can lead to loss of history, inconsistent outputs, and poor scalability. Python, with libraries like LangChain and CrewAI, offers effective tools for managing context, memory, and state persistence. It provides step-by-step guidance and sample code for building context-aware agents, including multi-agent systems using SQLite for shared context. Best practices include using structured memory, optimizing storage, and monitoring performance. Mastering these techniques ensures robust, coherent, and scalable agentic AI solutions. Unlock cost savings with utilization-based storage recommendations in Azure Migrate Team Blog: Azure Migration and Modernization Author: ankitsurkar Published: 10/15/2025 Summary: Azure Migrate now offers storage utilization-based recommendations, enabling organizations to right-size storage workloads and reduce costs by focusing on actual usage rather than allocated capacity. This new feature addresses the common issue of overprovisioned storage—nearly 40% on average—leading to more accurate migration assessments, optimized resource planning, and faster ROI. Customers can deploy an on-premises appliance and review tailored recommendations to unlock significant savings and efficiency. For further guidance, users are encouraged to consult Azure Migrate documentation. Cut migration costs with B-Series and Cobalt 100 VM support in Azure Migrate Team Blog: Azure Migration and Modernization Author: ankitsurkar Published: 10/09/2025 Summary: Azure Migrate now supports B-Series and Cobalt 100 VMs, enabling cost-effective cloud migration for workloads with variable or ARM64-specific requirements. B-Series VMs offer burstable CPU power and lower costs, ideal for dev/test and low-traffic applications, while Cobalt 100 VMs provide optimized performance for ARM64 workloads without re-architecting. These options help organizations plan migrations more accurately, optimize resource use, and save significantly by selecting the right VM type for each workload’s needs. General Availability of CAPTCHA in Azure Front Door WAF Team Blog: Azure Network Security Author: andrewmathu Published: 10/28/2025 Summary: Microsoft has announced the general availability of CAPTCHA in Azure Front Door Web Application Firewall (WAF), enhancing protection against automated bot attacks. The feature introduces human verification challenges for suspicious traffic, ensuring only legitimate users can access applications. The GA release offers improved branding, stability, performance, and full production support under Microsoft’s SLA. Existing preview users need no changes, while new users can enable CAPTCHA in custom or managed rules. This update strengthens security for web applications facing threats like bots and credential stuffing, making CAPTCHA a recommended defense mechanism for all production workloads. Prescaling in Azure Firewall is now generally available Team Blog: Azure Network Security Author: surenjamiyanaa Published: 10/16/2025 Summary: Azure Firewall’s new prescaling feature is now generally available, allowing users to set minimum and maximum capacity units for their firewalls. This ensures predictable performance and proactive scaling ahead of anticipated traffic spikes, such as during sales events, migrations, or seasonal peaks. Users can monitor capacity trends and receive alerts for scaling events. Prescaling is enabled via the Azure Portal and is billed per capacity unit hour, with rates for standard and premium options. This feature provides greater control and confidence in managing firewall resources for business-critical scenarios. Beyond Basics: Practical scenarios with Azure Storage Actions Team Blog: Azure Storage Author: ShashankKumarShankar Published: 10/17/2025 Summary: Azure Storage Actions enables policy-driven automation for cloud data management, addressing challenges in scale, compliance, and cost. The article explores three practical scenarios: automating creative asset lifecycles, preserving machine learning training datasets for audits, and cleaning up obsolete AI embeddings. By leveraging blob metadata and tags, organizations can automate legal holds, archiving, immutability, and deletions—eliminating manual scripts and reducing operational overhead while improving compliance, data discoverability, and cost efficiency. Resources for getting started are provided. Introducing Cross Resource Metrics and Alerts Support for Azure Storage Team Blog: Azure Storage Author: dafalkne Published: 10/06/2025 Summary: Microsoft has introduced Cross Resource Metrics and Alerts for Azure Storage, enabling users to aggregate, visualize, and monitor metrics across multiple storage accounts within the same subscription and region. This feature supports blob, file, table, and queue metrics, allowing centralized monitoring and fleet-wide alerting from a single dashboard. Users can create unified charts and alerts for various accounts, improving operational efficiency and scalability for large environments. Setting up involves selecting multiple accounts in Azure Monitor, configuring metrics and filters, and establishing cross-resource alert rules to promptly address performance issues across the storage fleet. Windows 10 Extended Security Updates for Azure Virtual Desktop Team Blog: Azure Virtual Desktop Author: ivaylo_ivanov Published: 10/14/2025 Summary: Windows 10 will reach end of support on October 14, 2025. For Azure Virtual Desktop, existing session hosts running Windows 10 version 22H2 will receive Extended Security Updates (ESU) at no extra cost and automatically via Windows Update. New session hosts with Windows 10 can use marketplace images until 2026 (with Microsoft 365 Apps) or 2028 (without). Microsoft recommends upgrading to Windows 11 for continued support and security. Issues with Azure Virtual Desktop will be supported, but OS-related issues may require reproduction on Windows 11 before support is provided. Now in public preview: Ephemeral OS disk support on Azure Virtual Desktop Team Blog: Azure Virtual Desktop Author: Ron_Coleman Published: 10/15/2025 Summary: Azure Virtual Desktop has launched a public preview of Ephemeral OS disk support, enabling the operating system to be stored on a VM’s local storage for stateless workloads. This feature delivers faster provisioning, improved performance, and simplified management by eliminating reliance on remote storage and reducing latency. Ephemeral OS disks are ideal for environments needing rapid reimaging and scalability, as changes are not retained after sessions end. Available for pooled host pools with session host configuration, it integrates with Dynamic Autoscaling for efficient resource management. Documentation and setup guidance are provided for interested users. Identify Device state in EntraID/Defender with PowerShell Team Blog: Core Infrastructure and Security Author: edgarus71 Published: 10/22/2025 Summary: The article outlines a method to identify device states (enabled/disabled) in EntraID/Defender using PowerShell. It involves registering an app in EntraID to obtain credentials, encrypting the client secret with Windows DPAPI, and creating a device list text file. The provided PowerShell script authenticates via MS Graph API, checks each device’s status, and exports results to a CSV file. The solution emphasizes security by encrypting secrets and does not require complex configurations, making it suitable for bulk device status checks in EntraID environments. Solving Network Connectivity for MDE and MDI Team Blog: Core Infrastructure and Security Author: WillS1485 Published: 10/10/2025 Summary: The article discusses deploying a preconfigured Squid proxy solution to securely enable Microsoft Defender for Endpoint (MDE) and Microsoft Defender for Identity (MDI) connectivity in hybrid cloud environments. By configuring proxies at the application level, organizations can allow necessary communication to Azure endpoints while restricting broader internet access. The solution uses an automated script for setup on Ubuntu, ensuring only required traffic is permitted, simplifying incident response and deployment without extensive firewall changes. Configuration details for both MDE and MDI are provided, and the script is available on GitHub with a disclaimer about support. Cross Forest - Certificate Enrollment Team Blog: Ask the Directory Services Team Author: Manuel_Alvarez_V Published: 10/22/2025 Summary: The article explores Cross Forest Certificate Enrollment, crucial for secure authentication across multiple Active Directory forests. It outlines two main methods: the preferred Certificate Enrollment Policy (CEP) and Certificate Enrollment Service (CES) roles, which offer secure, scalable, and centralized management via HTTPS, and the legacy PKISync.ps1 PowerShell script, which is simpler but less secure and harder to manage. The blog details configurations, requirements, pros, cons, and best practices, concluding that CEP/CES is recommended for organizations of all sizes due to its superior efficiency and security over PKISync. Ready to accelerate your Zero Trust journey? Discover what’s next Team Blog: FastTrack Author: JulieHersum Published: 10/03/2025 Summary: The article emphasizes the importance of Zero Trust as a modern security standard and introduces Microsoft’s Zero Trust workshop as a practical tool for IT admins. It helps organizations assess security maturity across six pillars, identify and address gaps, and align teams for executive buy-in. The workshop provides actionable steps to turn strategy into results, making security a proactive advantage. Readers are encouraged to explore the workshop to accelerate their Zero Trust implementation and improve protection of identities, apps, and data. Public Preview: Audit and Enable Windows Recovery Environment (WinRE) for Azure Arc-enabled Servers Team Blog: Azure Arc Author: Aurnov_Chattopadhyay Published: 10/21/2025 Summary: Microsoft has announced a Public Preview of Azure Policies to audit and enable Windows Recovery Environment (WinRE) on Azure Arc-enabled Windows Servers. WinRE allows secure system recovery after critical failures. The Machine Configuration component in Azure Connected Machine agent checks WinRE status and enforces compliance. These policies are free for certain licensing plans and enable organizations to centrally manage and ensure recovery readiness across hybrid and multicloud environments, improving resilience for mission-critical workloads. Charges apply for other servers. Deployment is managed via Azure Policy assignments. Addressing Air Gap Requirements through Secure Azure Arc Onboarding Team Blog: Azure Arc Author: AkashKumarSingh Published: 10/06/2025 Summary: The article discusses how regulated industries can securely onboard Azure Arc in air-gapped environments, which are isolated from external networks for compliance and security. It outlines the challenges of maintaining isolation while enabling cloud management, and details architectural patterns—using combinations of firewalls, proxies, Private Link, and Arc Gateway—to achieve secure connectivity. Emphasizing zero trust principles, the article recommends rigorous monitoring, governance, and automation to balance operational agility with uncompromised security and regulatory compliance in hybrid and multi-cloud setups. Smarter Cloud, Smarter Spend: How Azure Powers Cost-Efficient Innovation Team Blog: FinOps Author: kyleikeda Published: 10/30/2025 Summary: The Forrester Total Economic Impact™ study, commissioned by Microsoft, highlights how organizations can achieve significant cost savings and operational benefits by migrating to Microsoft Azure and adopting AI. Key tools like Azure Hybrid Benefit, reservations, and cost management solutions drive 25–35% reductions in cloud spending, $8.7 million NPV over three years, and improved productivity. Strategic pricing and optimization enable predictable budgeting, reinvestment in innovation, and enhanced governance. Azure’s unified approach empowers businesses to modernize efficiently and accelerate AI adoption while controlling costs. Unlock Savings with Copilot Credit Pre-Purchase Plan Team Blog: FinOps Author: kyleikeda Published: 10/27/2025 Summary: The Copilot Credit Pre-Purchase Plan (P3) offers organizations a one-year, upfront payment option for Microsoft Copilot Credits, enabling predictable costs and up to 20% savings through volume discounts. Credits are automatically deducted as used across Copilot Studio, Dynamics 365 agents, and Copilot Chat. The plan provides flexibility to add more credits or switch to pay-as-you-go, and unused credits expire after a year. P3 is ideal for businesses with variable or growing usage, simplifying billing and budgeting while supporting scalable AI deployment. Purchase and management are handled via the Azure portal. How Azure NetApp Files Object REST API powers Azure and ISV Data and AI services – on YOUR data Team Blog: Azure Architecture Author: GeertVanTeylingen Published: 10/14/2025 Summary: The article introduces the Azure NetApp Files Object REST API, a new solution enabling direct, secure, S3-compatible access to enterprise data for Azure analytics and AI services. This eliminates costly data transfers and duplication, streamlines workflows, and enhances productivity while maintaining compliance and data security. Supporting multiple protocols, it empowers diverse use cases across industries—from real-time analytics to AI-powered insights—by integrating seamlessly with Microsoft Fabric, OneLake, Databricks, Power BI, and more, revolutionizing cloud operations and data management. Validating Scalable EDA Storage Performance: Azure NetApp Files and SPECstorage Solution 2020 Team Blog: Azure Architecture Author: GeertVanTeylingen Published: 10/10/2025 Summary: Azure NetApp Files is a cloud-native, enterprise-grade storage solution validated for Electronic Design Automation (EDA) workloads via the SPECstorage® Solution 2020 benchmark. It delivers unmatched performance, scalability, and low-latency access, supporting massive datasets and global collaboration. Benchmark results confirm linear scalability and sub-millisecond response times, enabling engineering teams to accelerate simulations, optimize costs, and streamline workflows without infrastructure bottlenecks. Trusted by leading semiconductor firms, Azure NetApp Files empowers rapid chip design, 24/7 productivity, and flexible resource management, positioning it as a reliable, future-ready platform for the evolving semiconductor industry. From the frontlines: Empowering call center agents with Windows 365 Frontline Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 10/31/2025 Summary: **Summary:** The article discusses how Windows 365 Frontline optimizes Cloud PC deployments for call center agents, enabling secure, flexible, and cost-effective computing for shift-based and part-time workers. It compares dedicated mode (personal, persistent desktops) and shared mode (ephemeral, pooled desktops), detailing use cases and best practices for Microsoft Intune configuration, security, and scaling. Windows 365 Frontline streamlines management, supports BYOD and remote scenarios, and improves operational efficiency while safeguarding data, making it ideal for dynamic call center environments. Microsoft Intune Advanced Analytics in action: Real-world scenarios for IT teams Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 10/08/2025 Summary: Microsoft Intune Advanced Analytics enhances device management for IT teams by providing deep insights into device health, user experience, and organizational trends. Building on Endpoint analytics, it offers advanced features like custom device scopes, resource performance and battery health monitoring, anomaly detection, and detailed device queries using KQL. These tools help IT admins proactively optimize device performance, support decisions on hardware refreshes or lifespan extensions, and troubleshoot issues in near real time. The article demonstrates practical scenarios for using Advanced Analytics to streamline IT operations and improve end-user satisfaction. Revolutionizing Reliability: Introducing the Azure Failure Prediction and Detection (AFPD) system Team Blog: Azure Compute Author: andrewb710 Published: 10/31/2025 Summary: The Azure Failure Prediction and Detection (AFPD) system, launched in 2024, unifies and enhances Azure’s reliability tools by integrating prediction, detection, mitigation, notification, and remediation for hardware and software failures. AFPD reduces reboots by over 36%, proactively maintains cloud health, and minimizes customer downtime across various workloads. It leverages advanced models and real-time telemetry, provides actionable notifications, and enables automated recovery through integrations like VM Watch and Project Flash endpoints, streamlining incident response and improving overall platform stability for Azure Compute and Storage customers. Streamline Cloud Spend with Azure Reserved VM Instances Team Blog: Azure Compute Author: kyleikeda Published: 10/29/2025 Summary: Azure Reserved Virtual Machine Instances (RIs) help organizations like Contoso reduce and predict cloud costs for GPU-heavy AI workloads. By committing to specific VM types and regions for 1 or 3 years, customers can save up to 72% compared to pay-as-you-go pricing. Contoso used Azure Advisor for recommendations, chose a Shared scope for broad coverage, enabled instance size flexibility, and set up monitoring with Cost Management. These strategies led to significant savings, performance stability, and budget predictability, making RIs a smart choice for predictable compute needs. Requesting and Installing an SSL Certificate for Internet Information Server (IIS) Team Blog: ITOps Talk Author: OrinThomas Published: 10/09/2025 Summary: The article outlines the process for requesting and installing an SSL certificate in Internet Information Server (IIS). Steps include generating a Certificate Signing Request (CSR) using the MMC Certificates snap-in, submitting the CSR to a Certification Authority, downloading the issued certificate, and installing it on the server. After installation, the SSL certificate is bound to the IIS website via HTTPS bindings. Finally, the setup is verified by browsing to the site and ensuring a secure connection without browser warnings, confirming successful SSL deployment. Strengthening Azure File Sync security with Managed Identities Team Blog: ITOps Talk Author: Pierre_Roman Published: 10/08/2025 Summary: The article explains how using Managed Identities with Azure File Sync enhances security and simplifies credential management. Traditionally, authentication relied on certificates or keys, which pose security and operational risks. Managed Identities eliminate the need for credentials, leveraging Azure Role-Based Access Control (RBAC) for fine-grained access. This approach supports both Azure and hybrid environments, streamlines onboarding, improves integration, and enables transparent auditing. New deployments now default to Managed Identity, promoting secure, manageable, and scalable enterprise file sync solutions within the Azure ecosystem. The article also provides steps for enabling Managed Identity on both Azure and non-Azure servers. AMBA-ALZ pattern: Learn about the latest and greatest enhancements! Team Blog: Azure Governance and Management Author: BrunoGabrielli Published: 10/08/2025 Summary: The article announces major enhancements to the AMBA-ALZ pattern on Azure, effective from October 2025. Key updates include the adoption of the Azure Service Health built-in policy for improved trust and feature parity, and the introduction of a new least privileged "Monitoring Policy Contributor" role for managed identities, reducing security risks by limiting permissions. Both changes streamline deployments and strengthen security. Guidance is provided for updating existing deployments, and users are encouraged to explore the improved features using various Azure deployment methods. The Complete Guide to Renewing an Expired Certificate in Microsoft HPC Pack 2019 (Single Head Node) Team Blog: Azure High Performance Computing (HPC) Author: vinilv Published: 10/30/2025 Summary: This article provides a step-by-step guide for renewing an expired certificate in a Microsoft HPC Pack 2019 single-head-node cluster. It covers checking the certificate status, creating a new self-signed certificate, distributing it to compute nodes, updating the head node, and modifying the SQL database thumbprint. Finally, administrators reboot the head node to restore secure cluster operations, ensuring continued communication and job scheduling without reinstalling HPC components.Check This Out! (CTO!) Guide (August 2025)
Member: TysonPaul | Microsoft Community Hub Enhance Your Data Protection Strategy with Azure Elastic SAN’s Newest Backup Options Team Blog: Azure Storage Author: adarsh_v Published: 08/18/2025 Summary: Azure Elastic SAN now supports public preview integrations with Azure Backup and Commvault, providing automated, managed backup and recovery for Elastic SAN volumes. Azure Backup offers independent, crash-consistent snapshots, up to 450 daily restore points, simplified management, and seamless Azure integration. Commvault delivers enterprise-grade protection, snapshot-based backups, flexible recovery (including cross-region restores), and indefinite retention, supporting both Windows and Linux VMs. These solutions enhance data protection against loss, ransomware, and errors, ensuring secure, recoverable cloud storage for various organizational needs. Azure Backup suits single-volume scenarios, while Commvault is ideal for complex, multi-volume enterprise deployments. Finding the Right Page number in PDFs with AI Search Team Blog: Azure PaaS Author: samsarka Published: 08/11/2025 Summary: The article discusses how AI-powered search can accurately extract and associate page numbers with search results in large PDF documents using Azure Blob Storage and Azure AI Search. It details technical steps such as configuring storage permissions, applying OCR skillsets, setting up parent-child index projections, and defining search index schemas. By rendering each PDF page as an image and processing it with OCR, the system enables precise, page-level content retrieval, facilitating better navigation, citation, and trust in AI-generated responses for users searching within complex documents. Protect against SharePoint CVE-2025-53770 with Azure Web Application Firewall (WAF) Team Blog: Azure Network Security Author: yuvalpery Published: 08/11/2025 Summary: Microsoft disclosed CVE-2025-53770, a critical vulnerability in on-premises SharePoint Server (2010, 2013, 2016, 2019, SE) allowing unauthenticated remote code execution via authentication bypass and deserialization flaws. Patches are available for 2016, 2019, and SE, but not for 2010 or 2013. Organizations should immediately apply updates, restrict access to unsupported versions, and implement custom Azure Web Application Firewall (WAF) rules to detect and block attack patterns targeting vulnerable SharePoint endpoints, as detailed in Microsoft’s official guidance. Azure CNI Overlay for Application Gateway for Containers and Application Gateway Ingress Controller Team Blog: Azure Networking Author: jonw Published: 08/29/2025 Summary: Microsoft has announced the general availability of Azure CNI Overlay for Application Gateway for Containers and AGIC. This integration enhances IP scalability and performance for AKS clusters by enabling direct pod-to-pod routing without encapsulation overhead. It addresses key challenges like IP exhaustion and load balancing for containerized applications. The solution supports over 1 million IPs across clusters in the same VNet and ensures feature parity with kubenet, which is being retired. Customers can now upgrade AKS networking to Azure CNI Overlay while maintaining business continuity and leveraging a high-performance ingress solution. Announcing more Azure VMware Solution enhancements Team Blog: Azure Migration and Modernization Author: christopheherrbach Published: 08/25/2025 Summary: Microsoft announced several enhancements to Azure VMware Solution (AVS) at VMware Explore in Las Vegas, including expansion to 35 global regions with eight more planned by year-end. AVS now offers improved support for VMware Cloud Foundation, DISA IL5 authorization for government use, flexible Azure NetApp Files storage options, and expanded Azure Elastic SAN support for all node types. These updates make AVS a robust choice for migrating and optimizing VMware workloads in Azure, with resources available for learning and skill-building through the Azure VMware Solution 2025 Learn Challenge. Container Networking with Azure Application Gateway for Containers (AGC): Overlay vs. Flat AKS Team Blog: Azure Infrastructure Author: lakshaymalik Published: 08/31/2025 Summary: Azure Application Gateway for Containers (AGC) integrates with AKS using two networking models: Overlay (Azure CNI Overlay) and Flat (Azure CNI Pod/Node Subnet). Overlay conserves VNet IPs by assigning pods overlay CIDRs, while Flat gives pods VNet-routable IPs for direct access. AGC auto-detects the model, requires a /24 subnet, supports network policies, and leverages Layer-7 routing and security features. Deployment uses Gateway API resources without changes for either model. Overlay requires ALB Controller v1.7.9+. AGC enables flexible, secure, and scalable ingress for AKS, integrating with Azure’s security and monitoring tools. Designing for Certainty: How Azure Capacity Reservations Safeguard Mission‑Critical Workloads Team Blog: Azure Governance and Management Author: Goutham_Bandapati Published: 08/25/2025 Summary: Azure Capacity Reservations allow organizations to secure specific VM resources in designated regions or zones, ensuring availability for mission-critical workloads during demand spikes. Unlike Reserved Instances, which offer cost savings for steady usage but don’t guarantee resource access, Capacity Reservations guarantee placement but incur costs even if idle. Combining both approaches—reserving capacity for reliability and using Reserved Instances for savings—mitigates risk, optimizes costs, and enhances resilience against unpredictable cloud demand, especially for regulated, latency-sensitive, or high-stakes workloads. This strategy is essential across all major clouds to transform capacity from a risk into a managed asset. Upcoming Changes to Instance Size Flexibility Ratios for Azure Reservations: What You Need to Know Team Blog: Azure Compute Author: kyleikeda Published: 08/04/2025 Summary: On September 4, Azure will update instance size flexibility ratios for reservations covering select Virtual Machines, Azure Redis Cache, and Dedicated Hosts. These changes, aimed at optimizing reservation discounts, may impact reservation coverage—potentially increasing or decreasing the number of units covered—without changing prices. Users should review impacted SKUs and monitor reservation utilization after the update to manage costs effectively. Recommendations include adjusting usage, exchanging reservations, or utilizing Azure Advisor for cost-saving strategies. Guidance is available in the Azure Portal and Microsoft documentation. SQL Server enabled by Azure Arc is now generally available in the US Government Virginia region Team Blog: Azure Arc Author: AbdullahMSFT Published: 08/14/2025 Summary: SQL Server enabled by Azure Arc is now generally available in the US Government Virginia region, allowing government agencies to manage on-premises SQL Server instances through the Azure Government portal securely and compliantly. Key features include onboarding SQL Server instances, inventory management, extended security updates, and licensing management. Some advanced features, like failover clustering and certain services, were initially unavailable but have since been enabled, including Always On availability groups and SQL Server services. This launch marks a significant step for hybrid data management in the government cloud, with further enhancements planned. Mobile Plans moves to the web Team Blog: Windows OS Platform Author: HunterM Published: 08/28/2025 Summary: Microsoft is retiring the Windows Mobile Plans app to simplify mobile data activation on PCs. Users will now buy and manage cellular plans directly through mobile operator websites and Windows Settings, eliminating the need for a separate app. eSIM activation will be streamlined and secure, with device IDs shared via Windows Settings. The transition begins in the second half of 2025, with full retirement by February 2026. Existing cellular functions remain unaffected. Operators gain more control over the activation process, and Microsoft is supporting them through the transition for a seamless user experience. System Center 2022 Update Rollup 3 Team Blog: System Center Author: AakashMSFT Published: 08/25/2025 Summary: System Center 2022 Update Rollup 3 (UR3) delivers stability, security, and compatibility improvements across Operations Manager, Service Manager, Virtual Machine Manager, and Orchestrator. Key updates include expanded guest OS support (Windows Server 2025, multiple Linux distributions), HTTPS-by-default for storage providers, enhanced console stability, restored Teams notifications, improved platform stability on new CPUs/OS builds, .NET 8 and gMSA support for Orchestrator, and TLS 1.3 enablement. UR3 incorporates previous fixes from UR2 and can be installed even if UR2 failed, reflecting Microsoft’s ongoing commitment to regular quality updates. Windows Server 2025 Software Defined Datacenter: Networking Deployment Series (4/6) Team Blog: Networking Author: cindywan Published: 08/28/2025 Summary: Part 4 of the Windows Server 2025 Networking Deployment Series details how Contoso Medical Center secures its Software Defined Datacenter using SDN features. By leveraging Network Security Groups (NSGs), tag-based segmentation, and Default Network Policies (DNP), Contoso enforces Zero Trust, automates VM protection, and ensures consistent security from creation. These capabilities simplify policy management, enhance compliance, and protect critical healthcare workloads without manual firewall rules. The article also previews upcoming topics on Accelerated Networking and SDN Multisite, and encourages readers to try these features using Windows Admin Center and SDNExpress v2. Certifications refresh: AI-focused and fundamentals updates Team Blog: Microsoft Learn Author: GretchenLaBelle Published: 08/28/2025 Summary: Microsoft Learn is updating its certification and training offerings to focus on AI, Microsoft 365, Copilot, and agents, reflecting the growing integration of AI in business. New certifications will validate foundational and expert AI skills, while beginner-level courses for various functional roles are being introduced. Microsoft will retire select Fundamentals Certifications (MS-900, MB-910, MB-920) after December 31, 2025, but earned certifications remain valid. Applied Skills micro-credentials are also available, with a chance to win a 50% exam voucher. More details on new AI-focused certifications will be announced soon. Unlocking Flexibility with Azure Files Provisioned V2 Team Blog: ITOps Talk Author: Pierre_Roman Published: 08/14/2025 Summary: Azure Files Provisioned V2 introduces a flexible billing model, letting users independently provision storage, IOPS, and throughput for predictable costs and enhanced performance. Unlike previous models, it eliminates per-operation fees and enables scaling up to 50,000 IOPS and 5 GiB/sec throughput per share. This simplifies management, supports larger workloads, and often lowers costs by 30–50% for active use cases. Provisioned V2 streamlines planning and budgeting, making Azure Files more cloud-friendly and enterprise-ready while addressing common pain points in cloud file storage. From the frontlines: Managing common kiosk scenarios in your business Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 08/28/2025 Summary: The article by Saurabh Sarkar discusses managing Windows kiosk devices using Microsoft Intune to boost productivity in sectors like airlines and restaurants. It outlines how Intune enables centralized configuration, security, and compliance for kiosk devices, highlighting a pizza restaurant scenario using Windows Autopilot and Edge kiosk mode. Key features include auto logon, restricted browser access, and automated Wi-Fi connectivity. The post emphasizes best practices for deploying, managing, and securing frontline devices, and references further resources for effective kiosk management. Provider-Managed Azure Subscriptions: Cost Control and Commitment Clarity Team Blog: FinOps Author: Dirk_Brinkmann Published: 08/29/2025 Summary: The article discusses scenarios where enterprise customers allow service providers to manage Azure subscriptions using the provider’s tenant, while billing remains with the customer. This arrangement enables customers to maintain full control over pricing, cost allocation, and Azure Consumption Commitment (MACC) utilization, with complete cost visibility. Service providers manage resources but have limited access to pricing and billing details. Clear governance, billing policies, and RBAC configurations are essential for effective management, ensuring decoupled operational control and cost ownership between customers and service providers. Governing Copilot agents: Your next step starts here Team Blog: FastTrack Author: JulieHersum Published: 08/21/2025 Summary: Rob Howard’s article outlines a practical governance framework for managing Microsoft 365 Copilot AI agents. It emphasizes three pillars: security controls via Microsoft Purview, management controls through admin centers, and agent usage reporting for compliance. The article introduces governance zones—sandbox, controlled, and trusted—for phased Copilot deployment based on risk and data sensitivity. Additional resources include a readiness checklist, deployment examples, tool integration links, and previews of upcoming guidance. The article is part of Microsoft’s FastTrack initiative, providing IT admins with ongoing support and resources for effective Copilot governance. Transforming Enterprise AKS: Multi-Tenancy at Scale with Agentic AI and Semantic Kernel Team Blog: Core Infrastructure and Security Author: jianshn Published: 08/29/2025 Summary: The article details how to deploy Agentic AI using Semantic Kernel on Azure Kubernetes Service (AKS) with a scalable, secure multi-tenant architecture. By isolating tenants through AKS namespaces, dedicated node pools, managed identities, and RBAC/ABAC for Azure Blob Storage, the solution ensures strong data and compute separation, minimizing cross-tenant risks and optimizing resource use. The post provides step-by-step implementation guidance, including credential scoping and deployment of AI agents, enabling enterprise-grade multi-tenancy for AI workloads with operational flexibility, cost efficiency, and security. Announcing MSGraph Provider Public Preview and the Microsoft Terraform VSCode Extension Team Blog: Azure Tools Author: stevenjma Published: 08/14/2025 Summary: Microsoft has announced the public preview of the Terraform MSGraph provider and the new Microsoft Terraform VSCode extension. The MSGraph provider enables managing Entra and M365 Graph APIs, offering broader and more immediate support for Microsoft cloud resources compared to the AzureAD provider. The VSCode extension consolidates AzureRM, AzAPI, and MSGraph support, adds features like exporting Azure resources as Terraform code, and enhances coding with IntelliSense and code samples. These tools aim to streamline infrastructure-as-code workflows, simplify resource management, and accelerate automation for Terraform practitioners in the Microsoft ecosystem.Check This Out! (CTO!) Guide (April 2025)
Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!Check This Out! (CTO!) Guide (March 2025)
Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!Check This Out! (CTO!) Guide (Feb 2025)
Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!Check This Out! (CTO!) Guide (May 2025)
Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!Check This Out! (CTO!) Guide (June 2025)
Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!Check This Out! (CTO!) Guide (July 2025)
Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!
