Check This Out! (CTO!) Guide (October 2025)
Member: TysonPaul | Microsoft Community Hub Reimagining AI at scale: NVIDIA GB300 NVL72 on Azure Team Blog: Azure Infrastructure Author: gwaqar Published: 10/28/2025 Summary: Microsoft has deployed the NVIDIA GB300 NVL72 infrastructure on Azure, offering unprecedented AI compute density in a single rack with 72 Blackwell Ultra GPUs and 36 Grace CPUs. The system features advanced liquid cooling, smart rack management, robust security, and streamlined deployment for rapid scaling. Innovations include improved power and thermal management, integrated diagnostics, and flexible cooling for global data centers. The GB300 platform enables efficient, reliable scaling of high-density AI clusters, supporting demanding workloads like multitrillion-parameter model training and inference, and exemplifies Microsoft’s commitment to cutting-edge, resilient AI infrastructure. Managing Context Retention in Agentic AI Team Blog: Azure Infrastructure Author: RavinderGupta Published: 10/03/2025 Summary: **Summary:** The article discusses the challenge of context retention in agentic AI systems, which can lead to loss of history, inconsistent outputs, and poor scalability. Python, with libraries like LangChain and CrewAI, offers effective tools for managing context, memory, and state persistence. It provides step-by-step guidance and sample code for building context-aware agents, including multi-agent systems using SQLite for shared context. Best practices include using structured memory, optimizing storage, and monitoring performance. Mastering these techniques ensures robust, coherent, and scalable agentic AI solutions. Unlock cost savings with utilization-based storage recommendations in Azure Migrate Team Blog: Azure Migration and Modernization Author: ankitsurkar Published: 10/15/2025 Summary: Azure Migrate now offers storage utilization-based recommendations, enabling organizations to right-size storage workloads and reduce costs by focusing on actual usage rather than allocated capacity. This new feature addresses the common issue of overprovisioned storage—nearly 40% on average—leading to more accurate migration assessments, optimized resource planning, and faster ROI. Customers can deploy an on-premises appliance and review tailored recommendations to unlock significant savings and efficiency. For further guidance, users are encouraged to consult Azure Migrate documentation. Cut migration costs with B-Series and Cobalt 100 VM support in Azure Migrate Team Blog: Azure Migration and Modernization Author: ankitsurkar Published: 10/09/2025 Summary: Azure Migrate now supports B-Series and Cobalt 100 VMs, enabling cost-effective cloud migration for workloads with variable or ARM64-specific requirements. B-Series VMs offer burstable CPU power and lower costs, ideal for dev/test and low-traffic applications, while Cobalt 100 VMs provide optimized performance for ARM64 workloads without re-architecting. These options help organizations plan migrations more accurately, optimize resource use, and save significantly by selecting the right VM type for each workload’s needs. General Availability of CAPTCHA in Azure Front Door WAF Team Blog: Azure Network Security Author: andrewmathu Published: 10/28/2025 Summary: Microsoft has announced the general availability of CAPTCHA in Azure Front Door Web Application Firewall (WAF), enhancing protection against automated bot attacks. The feature introduces human verification challenges for suspicious traffic, ensuring only legitimate users can access applications. The GA release offers improved branding, stability, performance, and full production support under Microsoft’s SLA. Existing preview users need no changes, while new users can enable CAPTCHA in custom or managed rules. This update strengthens security for web applications facing threats like bots and credential stuffing, making CAPTCHA a recommended defense mechanism for all production workloads. Prescaling in Azure Firewall is now generally available Team Blog: Azure Network Security Author: surenjamiyanaa Published: 10/16/2025 Summary: Azure Firewall’s new prescaling feature is now generally available, allowing users to set minimum and maximum capacity units for their firewalls. This ensures predictable performance and proactive scaling ahead of anticipated traffic spikes, such as during sales events, migrations, or seasonal peaks. Users can monitor capacity trends and receive alerts for scaling events. Prescaling is enabled via the Azure Portal and is billed per capacity unit hour, with rates for standard and premium options. This feature provides greater control and confidence in managing firewall resources for business-critical scenarios. Beyond Basics: Practical scenarios with Azure Storage Actions Team Blog: Azure Storage Author: ShashankKumarShankar Published: 10/17/2025 Summary: Azure Storage Actions enables policy-driven automation for cloud data management, addressing challenges in scale, compliance, and cost. The article explores three practical scenarios: automating creative asset lifecycles, preserving machine learning training datasets for audits, and cleaning up obsolete AI embeddings. By leveraging blob metadata and tags, organizations can automate legal holds, archiving, immutability, and deletions—eliminating manual scripts and reducing operational overhead while improving compliance, data discoverability, and cost efficiency. Resources for getting started are provided. Introducing Cross Resource Metrics and Alerts Support for Azure Storage Team Blog: Azure Storage Author: dafalkne Published: 10/06/2025 Summary: Microsoft has introduced Cross Resource Metrics and Alerts for Azure Storage, enabling users to aggregate, visualize, and monitor metrics across multiple storage accounts within the same subscription and region. This feature supports blob, file, table, and queue metrics, allowing centralized monitoring and fleet-wide alerting from a single dashboard. Users can create unified charts and alerts for various accounts, improving operational efficiency and scalability for large environments. Setting up involves selecting multiple accounts in Azure Monitor, configuring metrics and filters, and establishing cross-resource alert rules to promptly address performance issues across the storage fleet. Windows 10 Extended Security Updates for Azure Virtual Desktop Team Blog: Azure Virtual Desktop Author: ivaylo_ivanov Published: 10/14/2025 Summary: Windows 10 will reach end of support on October 14, 2025. For Azure Virtual Desktop, existing session hosts running Windows 10 version 22H2 will receive Extended Security Updates (ESU) at no extra cost and automatically via Windows Update. New session hosts with Windows 10 can use marketplace images until 2026 (with Microsoft 365 Apps) or 2028 (without). Microsoft recommends upgrading to Windows 11 for continued support and security. Issues with Azure Virtual Desktop will be supported, but OS-related issues may require reproduction on Windows 11 before support is provided. Now in public preview: Ephemeral OS disk support on Azure Virtual Desktop Team Blog: Azure Virtual Desktop Author: Ron_Coleman Published: 10/15/2025 Summary: Azure Virtual Desktop has launched a public preview of Ephemeral OS disk support, enabling the operating system to be stored on a VM’s local storage for stateless workloads. This feature delivers faster provisioning, improved performance, and simplified management by eliminating reliance on remote storage and reducing latency. Ephemeral OS disks are ideal for environments needing rapid reimaging and scalability, as changes are not retained after sessions end. Available for pooled host pools with session host configuration, it integrates with Dynamic Autoscaling for efficient resource management. Documentation and setup guidance are provided for interested users. Identify Device state in EntraID/Defender with PowerShell Team Blog: Core Infrastructure and Security Author: edgarus71 Published: 10/22/2025 Summary: The article outlines a method to identify device states (enabled/disabled) in EntraID/Defender using PowerShell. It involves registering an app in EntraID to obtain credentials, encrypting the client secret with Windows DPAPI, and creating a device list text file. The provided PowerShell script authenticates via MS Graph API, checks each device’s status, and exports results to a CSV file. The solution emphasizes security by encrypting secrets and does not require complex configurations, making it suitable for bulk device status checks in EntraID environments. Solving Network Connectivity for MDE and MDI Team Blog: Core Infrastructure and Security Author: WillS1485 Published: 10/10/2025 Summary: The article discusses deploying a preconfigured Squid proxy solution to securely enable Microsoft Defender for Endpoint (MDE) and Microsoft Defender for Identity (MDI) connectivity in hybrid cloud environments. By configuring proxies at the application level, organizations can allow necessary communication to Azure endpoints while restricting broader internet access. The solution uses an automated script for setup on Ubuntu, ensuring only required traffic is permitted, simplifying incident response and deployment without extensive firewall changes. Configuration details for both MDE and MDI are provided, and the script is available on GitHub with a disclaimer about support. Cross Forest - Certificate Enrollment Team Blog: Ask the Directory Services Team Author: Manuel_Alvarez_V Published: 10/22/2025 Summary: The article explores Cross Forest Certificate Enrollment, crucial for secure authentication across multiple Active Directory forests. It outlines two main methods: the preferred Certificate Enrollment Policy (CEP) and Certificate Enrollment Service (CES) roles, which offer secure, scalable, and centralized management via HTTPS, and the legacy PKISync.ps1 PowerShell script, which is simpler but less secure and harder to manage. The blog details configurations, requirements, pros, cons, and best practices, concluding that CEP/CES is recommended for organizations of all sizes due to its superior efficiency and security over PKISync. Ready to accelerate your Zero Trust journey? Discover what’s next Team Blog: FastTrack Author: JulieHersum Published: 10/03/2025 Summary: The article emphasizes the importance of Zero Trust as a modern security standard and introduces Microsoft’s Zero Trust workshop as a practical tool for IT admins. It helps organizations assess security maturity across six pillars, identify and address gaps, and align teams for executive buy-in. The workshop provides actionable steps to turn strategy into results, making security a proactive advantage. Readers are encouraged to explore the workshop to accelerate their Zero Trust implementation and improve protection of identities, apps, and data. Public Preview: Audit and Enable Windows Recovery Environment (WinRE) for Azure Arc-enabled Servers Team Blog: Azure Arc Author: Aurnov_Chattopadhyay Published: 10/21/2025 Summary: Microsoft has announced a Public Preview of Azure Policies to audit and enable Windows Recovery Environment (WinRE) on Azure Arc-enabled Windows Servers. WinRE allows secure system recovery after critical failures. The Machine Configuration component in Azure Connected Machine agent checks WinRE status and enforces compliance. These policies are free for certain licensing plans and enable organizations to centrally manage and ensure recovery readiness across hybrid and multicloud environments, improving resilience for mission-critical workloads. Charges apply for other servers. Deployment is managed via Azure Policy assignments. Addressing Air Gap Requirements through Secure Azure Arc Onboarding Team Blog: Azure Arc Author: AkashKumarSingh Published: 10/06/2025 Summary: The article discusses how regulated industries can securely onboard Azure Arc in air-gapped environments, which are isolated from external networks for compliance and security. It outlines the challenges of maintaining isolation while enabling cloud management, and details architectural patterns—using combinations of firewalls, proxies, Private Link, and Arc Gateway—to achieve secure connectivity. Emphasizing zero trust principles, the article recommends rigorous monitoring, governance, and automation to balance operational agility with uncompromised security and regulatory compliance in hybrid and multi-cloud setups. Smarter Cloud, Smarter Spend: How Azure Powers Cost-Efficient Innovation Team Blog: FinOps Author: kyleikeda Published: 10/30/2025 Summary: The Forrester Total Economic Impact™ study, commissioned by Microsoft, highlights how organizations can achieve significant cost savings and operational benefits by migrating to Microsoft Azure and adopting AI. Key tools like Azure Hybrid Benefit, reservations, and cost management solutions drive 25–35% reductions in cloud spending, $8.7 million NPV over three years, and improved productivity. Strategic pricing and optimization enable predictable budgeting, reinvestment in innovation, and enhanced governance. Azure’s unified approach empowers businesses to modernize efficiently and accelerate AI adoption while controlling costs. Unlock Savings with Copilot Credit Pre-Purchase Plan Team Blog: FinOps Author: kyleikeda Published: 10/27/2025 Summary: The Copilot Credit Pre-Purchase Plan (P3) offers organizations a one-year, upfront payment option for Microsoft Copilot Credits, enabling predictable costs and up to 20% savings through volume discounts. Credits are automatically deducted as used across Copilot Studio, Dynamics 365 agents, and Copilot Chat. The plan provides flexibility to add more credits or switch to pay-as-you-go, and unused credits expire after a year. P3 is ideal for businesses with variable or growing usage, simplifying billing and budgeting while supporting scalable AI deployment. Purchase and management are handled via the Azure portal. How Azure NetApp Files Object REST API powers Azure and ISV Data and AI services – on YOUR data Team Blog: Azure Architecture Author: GeertVanTeylingen Published: 10/14/2025 Summary: The article introduces the Azure NetApp Files Object REST API, a new solution enabling direct, secure, S3-compatible access to enterprise data for Azure analytics and AI services. This eliminates costly data transfers and duplication, streamlines workflows, and enhances productivity while maintaining compliance and data security. Supporting multiple protocols, it empowers diverse use cases across industries—from real-time analytics to AI-powered insights—by integrating seamlessly with Microsoft Fabric, OneLake, Databricks, Power BI, and more, revolutionizing cloud operations and data management. Validating Scalable EDA Storage Performance: Azure NetApp Files and SPECstorage Solution 2020 Team Blog: Azure Architecture Author: GeertVanTeylingen Published: 10/10/2025 Summary: Azure NetApp Files is a cloud-native, enterprise-grade storage solution validated for Electronic Design Automation (EDA) workloads via the SPECstorage® Solution 2020 benchmark. It delivers unmatched performance, scalability, and low-latency access, supporting massive datasets and global collaboration. Benchmark results confirm linear scalability and sub-millisecond response times, enabling engineering teams to accelerate simulations, optimize costs, and streamline workflows without infrastructure bottlenecks. Trusted by leading semiconductor firms, Azure NetApp Files empowers rapid chip design, 24/7 productivity, and flexible resource management, positioning it as a reliable, future-ready platform for the evolving semiconductor industry. From the frontlines: Empowering call center agents with Windows 365 Frontline Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 10/31/2025 Summary: **Summary:** The article discusses how Windows 365 Frontline optimizes Cloud PC deployments for call center agents, enabling secure, flexible, and cost-effective computing for shift-based and part-time workers. It compares dedicated mode (personal, persistent desktops) and shared mode (ephemeral, pooled desktops), detailing use cases and best practices for Microsoft Intune configuration, security, and scaling. Windows 365 Frontline streamlines management, supports BYOD and remote scenarios, and improves operational efficiency while safeguarding data, making it ideal for dynamic call center environments. Microsoft Intune Advanced Analytics in action: Real-world scenarios for IT teams Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 10/08/2025 Summary: Microsoft Intune Advanced Analytics enhances device management for IT teams by providing deep insights into device health, user experience, and organizational trends. Building on Endpoint analytics, it offers advanced features like custom device scopes, resource performance and battery health monitoring, anomaly detection, and detailed device queries using KQL. These tools help IT admins proactively optimize device performance, support decisions on hardware refreshes or lifespan extensions, and troubleshoot issues in near real time. The article demonstrates practical scenarios for using Advanced Analytics to streamline IT operations and improve end-user satisfaction. Revolutionizing Reliability: Introducing the Azure Failure Prediction and Detection (AFPD) system Team Blog: Azure Compute Author: andrewb710 Published: 10/31/2025 Summary: The Azure Failure Prediction and Detection (AFPD) system, launched in 2024, unifies and enhances Azure’s reliability tools by integrating prediction, detection, mitigation, notification, and remediation for hardware and software failures. AFPD reduces reboots by over 36%, proactively maintains cloud health, and minimizes customer downtime across various workloads. It leverages advanced models and real-time telemetry, provides actionable notifications, and enables automated recovery through integrations like VM Watch and Project Flash endpoints, streamlining incident response and improving overall platform stability for Azure Compute and Storage customers. Streamline Cloud Spend with Azure Reserved VM Instances Team Blog: Azure Compute Author: kyleikeda Published: 10/29/2025 Summary: Azure Reserved Virtual Machine Instances (RIs) help organizations like Contoso reduce and predict cloud costs for GPU-heavy AI workloads. By committing to specific VM types and regions for 1 or 3 years, customers can save up to 72% compared to pay-as-you-go pricing. Contoso used Azure Advisor for recommendations, chose a Shared scope for broad coverage, enabled instance size flexibility, and set up monitoring with Cost Management. These strategies led to significant savings, performance stability, and budget predictability, making RIs a smart choice for predictable compute needs. Requesting and Installing an SSL Certificate for Internet Information Server (IIS) Team Blog: ITOps Talk Author: OrinThomas Published: 10/09/2025 Summary: The article outlines the process for requesting and installing an SSL certificate in Internet Information Server (IIS). Steps include generating a Certificate Signing Request (CSR) using the MMC Certificates snap-in, submitting the CSR to a Certification Authority, downloading the issued certificate, and installing it on the server. After installation, the SSL certificate is bound to the IIS website via HTTPS bindings. Finally, the setup is verified by browsing to the site and ensuring a secure connection without browser warnings, confirming successful SSL deployment. Strengthening Azure File Sync security with Managed Identities Team Blog: ITOps Talk Author: Pierre_Roman Published: 10/08/2025 Summary: The article explains how using Managed Identities with Azure File Sync enhances security and simplifies credential management. Traditionally, authentication relied on certificates or keys, which pose security and operational risks. Managed Identities eliminate the need for credentials, leveraging Azure Role-Based Access Control (RBAC) for fine-grained access. This approach supports both Azure and hybrid environments, streamlines onboarding, improves integration, and enables transparent auditing. New deployments now default to Managed Identity, promoting secure, manageable, and scalable enterprise file sync solutions within the Azure ecosystem. The article also provides steps for enabling Managed Identity on both Azure and non-Azure servers. AMBA-ALZ pattern: Learn about the latest and greatest enhancements! Team Blog: Azure Governance and Management Author: BrunoGabrielli Published: 10/08/2025 Summary: The article announces major enhancements to the AMBA-ALZ pattern on Azure, effective from October 2025. Key updates include the adoption of the Azure Service Health built-in policy for improved trust and feature parity, and the introduction of a new least privileged "Monitoring Policy Contributor" role for managed identities, reducing security risks by limiting permissions. Both changes streamline deployments and strengthen security. Guidance is provided for updating existing deployments, and users are encouraged to explore the improved features using various Azure deployment methods. The Complete Guide to Renewing an Expired Certificate in Microsoft HPC Pack 2019 (Single Head Node) Team Blog: Azure High Performance Computing (HPC) Author: vinilv Published: 10/30/2025 Summary: This article provides a step-by-step guide for renewing an expired certificate in a Microsoft HPC Pack 2019 single-head-node cluster. It covers checking the certificate status, creating a new self-signed certificate, distributing it to compute nodes, updating the head node, and modifying the SQL database thumbprint. Finally, administrators reboot the head node to restore secure cluster operations, ensuring continued communication and job scheduling without reinstalling HPC components.Check This Out! (CTO!) Guide (August 2025)
Member: TysonPaul | Microsoft Community Hub Enhance Your Data Protection Strategy with Azure Elastic SAN’s Newest Backup Options Team Blog: Azure Storage Author: adarsh_v Published: 08/18/2025 Summary: Azure Elastic SAN now supports public preview integrations with Azure Backup and Commvault, providing automated, managed backup and recovery for Elastic SAN volumes. Azure Backup offers independent, crash-consistent snapshots, up to 450 daily restore points, simplified management, and seamless Azure integration. Commvault delivers enterprise-grade protection, snapshot-based backups, flexible recovery (including cross-region restores), and indefinite retention, supporting both Windows and Linux VMs. These solutions enhance data protection against loss, ransomware, and errors, ensuring secure, recoverable cloud storage for various organizational needs. Azure Backup suits single-volume scenarios, while Commvault is ideal for complex, multi-volume enterprise deployments. Finding the Right Page number in PDFs with AI Search Team Blog: Azure PaaS Author: samsarka Published: 08/11/2025 Summary: The article discusses how AI-powered search can accurately extract and associate page numbers with search results in large PDF documents using Azure Blob Storage and Azure AI Search. It details technical steps such as configuring storage permissions, applying OCR skillsets, setting up parent-child index projections, and defining search index schemas. By rendering each PDF page as an image and processing it with OCR, the system enables precise, page-level content retrieval, facilitating better navigation, citation, and trust in AI-generated responses for users searching within complex documents. Protect against SharePoint CVE-2025-53770 with Azure Web Application Firewall (WAF) Team Blog: Azure Network Security Author: yuvalpery Published: 08/11/2025 Summary: Microsoft disclosed CVE-2025-53770, a critical vulnerability in on-premises SharePoint Server (2010, 2013, 2016, 2019, SE) allowing unauthenticated remote code execution via authentication bypass and deserialization flaws. Patches are available for 2016, 2019, and SE, but not for 2010 or 2013. Organizations should immediately apply updates, restrict access to unsupported versions, and implement custom Azure Web Application Firewall (WAF) rules to detect and block attack patterns targeting vulnerable SharePoint endpoints, as detailed in Microsoft’s official guidance. Azure CNI Overlay for Application Gateway for Containers and Application Gateway Ingress Controller Team Blog: Azure Networking Author: jonw Published: 08/29/2025 Summary: Microsoft has announced the general availability of Azure CNI Overlay for Application Gateway for Containers and AGIC. This integration enhances IP scalability and performance for AKS clusters by enabling direct pod-to-pod routing without encapsulation overhead. It addresses key challenges like IP exhaustion and load balancing for containerized applications. The solution supports over 1 million IPs across clusters in the same VNet and ensures feature parity with kubenet, which is being retired. Customers can now upgrade AKS networking to Azure CNI Overlay while maintaining business continuity and leveraging a high-performance ingress solution. Announcing more Azure VMware Solution enhancements Team Blog: Azure Migration and Modernization Author: christopheherrbach Published: 08/25/2025 Summary: Microsoft announced several enhancements to Azure VMware Solution (AVS) at VMware Explore in Las Vegas, including expansion to 35 global regions with eight more planned by year-end. AVS now offers improved support for VMware Cloud Foundation, DISA IL5 authorization for government use, flexible Azure NetApp Files storage options, and expanded Azure Elastic SAN support for all node types. These updates make AVS a robust choice for migrating and optimizing VMware workloads in Azure, with resources available for learning and skill-building through the Azure VMware Solution 2025 Learn Challenge. Container Networking with Azure Application Gateway for Containers (AGC): Overlay vs. Flat AKS Team Blog: Azure Infrastructure Author: lakshaymalik Published: 08/31/2025 Summary: Azure Application Gateway for Containers (AGC) integrates with AKS using two networking models: Overlay (Azure CNI Overlay) and Flat (Azure CNI Pod/Node Subnet). Overlay conserves VNet IPs by assigning pods overlay CIDRs, while Flat gives pods VNet-routable IPs for direct access. AGC auto-detects the model, requires a /24 subnet, supports network policies, and leverages Layer-7 routing and security features. Deployment uses Gateway API resources without changes for either model. Overlay requires ALB Controller v1.7.9+. AGC enables flexible, secure, and scalable ingress for AKS, integrating with Azure’s security and monitoring tools. Designing for Certainty: How Azure Capacity Reservations Safeguard Mission‑Critical Workloads Team Blog: Azure Governance and Management Author: Goutham_Bandapati Published: 08/25/2025 Summary: Azure Capacity Reservations allow organizations to secure specific VM resources in designated regions or zones, ensuring availability for mission-critical workloads during demand spikes. Unlike Reserved Instances, which offer cost savings for steady usage but don’t guarantee resource access, Capacity Reservations guarantee placement but incur costs even if idle. Combining both approaches—reserving capacity for reliability and using Reserved Instances for savings—mitigates risk, optimizes costs, and enhances resilience against unpredictable cloud demand, especially for regulated, latency-sensitive, or high-stakes workloads. This strategy is essential across all major clouds to transform capacity from a risk into a managed asset. Upcoming Changes to Instance Size Flexibility Ratios for Azure Reservations: What You Need to Know Team Blog: Azure Compute Author: kyleikeda Published: 08/04/2025 Summary: On September 4, Azure will update instance size flexibility ratios for reservations covering select Virtual Machines, Azure Redis Cache, and Dedicated Hosts. These changes, aimed at optimizing reservation discounts, may impact reservation coverage—potentially increasing or decreasing the number of units covered—without changing prices. Users should review impacted SKUs and monitor reservation utilization after the update to manage costs effectively. Recommendations include adjusting usage, exchanging reservations, or utilizing Azure Advisor for cost-saving strategies. Guidance is available in the Azure Portal and Microsoft documentation. SQL Server enabled by Azure Arc is now generally available in the US Government Virginia region Team Blog: Azure Arc Author: AbdullahMSFT Published: 08/14/2025 Summary: SQL Server enabled by Azure Arc is now generally available in the US Government Virginia region, allowing government agencies to manage on-premises SQL Server instances through the Azure Government portal securely and compliantly. Key features include onboarding SQL Server instances, inventory management, extended security updates, and licensing management. Some advanced features, like failover clustering and certain services, were initially unavailable but have since been enabled, including Always On availability groups and SQL Server services. This launch marks a significant step for hybrid data management in the government cloud, with further enhancements planned. Mobile Plans moves to the web Team Blog: Windows OS Platform Author: HunterM Published: 08/28/2025 Summary: Microsoft is retiring the Windows Mobile Plans app to simplify mobile data activation on PCs. Users will now buy and manage cellular plans directly through mobile operator websites and Windows Settings, eliminating the need for a separate app. eSIM activation will be streamlined and secure, with device IDs shared via Windows Settings. The transition begins in the second half of 2025, with full retirement by February 2026. Existing cellular functions remain unaffected. Operators gain more control over the activation process, and Microsoft is supporting them through the transition for a seamless user experience. System Center 2022 Update Rollup 3 Team Blog: System Center Author: AakashMSFT Published: 08/25/2025 Summary: System Center 2022 Update Rollup 3 (UR3) delivers stability, security, and compatibility improvements across Operations Manager, Service Manager, Virtual Machine Manager, and Orchestrator. Key updates include expanded guest OS support (Windows Server 2025, multiple Linux distributions), HTTPS-by-default for storage providers, enhanced console stability, restored Teams notifications, improved platform stability on new CPUs/OS builds, .NET 8 and gMSA support for Orchestrator, and TLS 1.3 enablement. UR3 incorporates previous fixes from UR2 and can be installed even if UR2 failed, reflecting Microsoft’s ongoing commitment to regular quality updates. Windows Server 2025 Software Defined Datacenter: Networking Deployment Series (4/6) Team Blog: Networking Author: cindywan Published: 08/28/2025 Summary: Part 4 of the Windows Server 2025 Networking Deployment Series details how Contoso Medical Center secures its Software Defined Datacenter using SDN features. By leveraging Network Security Groups (NSGs), tag-based segmentation, and Default Network Policies (DNP), Contoso enforces Zero Trust, automates VM protection, and ensures consistent security from creation. These capabilities simplify policy management, enhance compliance, and protect critical healthcare workloads without manual firewall rules. The article also previews upcoming topics on Accelerated Networking and SDN Multisite, and encourages readers to try these features using Windows Admin Center and SDNExpress v2. Certifications refresh: AI-focused and fundamentals updates Team Blog: Microsoft Learn Author: GretchenLaBelle Published: 08/28/2025 Summary: Microsoft Learn is updating its certification and training offerings to focus on AI, Microsoft 365, Copilot, and agents, reflecting the growing integration of AI in business. New certifications will validate foundational and expert AI skills, while beginner-level courses for various functional roles are being introduced. Microsoft will retire select Fundamentals Certifications (MS-900, MB-910, MB-920) after December 31, 2025, but earned certifications remain valid. Applied Skills micro-credentials are also available, with a chance to win a 50% exam voucher. More details on new AI-focused certifications will be announced soon. Unlocking Flexibility with Azure Files Provisioned V2 Team Blog: ITOps Talk Author: Pierre_Roman Published: 08/14/2025 Summary: Azure Files Provisioned V2 introduces a flexible billing model, letting users independently provision storage, IOPS, and throughput for predictable costs and enhanced performance. Unlike previous models, it eliminates per-operation fees and enables scaling up to 50,000 IOPS and 5 GiB/sec throughput per share. This simplifies management, supports larger workloads, and often lowers costs by 30–50% for active use cases. Provisioned V2 streamlines planning and budgeting, making Azure Files more cloud-friendly and enterprise-ready while addressing common pain points in cloud file storage. From the frontlines: Managing common kiosk scenarios in your business Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 08/28/2025 Summary: The article by Saurabh Sarkar discusses managing Windows kiosk devices using Microsoft Intune to boost productivity in sectors like airlines and restaurants. It outlines how Intune enables centralized configuration, security, and compliance for kiosk devices, highlighting a pizza restaurant scenario using Windows Autopilot and Edge kiosk mode. Key features include auto logon, restricted browser access, and automated Wi-Fi connectivity. The post emphasizes best practices for deploying, managing, and securing frontline devices, and references further resources for effective kiosk management. Provider-Managed Azure Subscriptions: Cost Control and Commitment Clarity Team Blog: FinOps Author: Dirk_Brinkmann Published: 08/29/2025 Summary: The article discusses scenarios where enterprise customers allow service providers to manage Azure subscriptions using the provider’s tenant, while billing remains with the customer. This arrangement enables customers to maintain full control over pricing, cost allocation, and Azure Consumption Commitment (MACC) utilization, with complete cost visibility. Service providers manage resources but have limited access to pricing and billing details. Clear governance, billing policies, and RBAC configurations are essential for effective management, ensuring decoupled operational control and cost ownership between customers and service providers. Governing Copilot agents: Your next step starts here Team Blog: FastTrack Author: JulieHersum Published: 08/21/2025 Summary: Rob Howard’s article outlines a practical governance framework for managing Microsoft 365 Copilot AI agents. It emphasizes three pillars: security controls via Microsoft Purview, management controls through admin centers, and agent usage reporting for compliance. The article introduces governance zones—sandbox, controlled, and trusted—for phased Copilot deployment based on risk and data sensitivity. Additional resources include a readiness checklist, deployment examples, tool integration links, and previews of upcoming guidance. The article is part of Microsoft’s FastTrack initiative, providing IT admins with ongoing support and resources for effective Copilot governance. Transforming Enterprise AKS: Multi-Tenancy at Scale with Agentic AI and Semantic Kernel Team Blog: Core Infrastructure and Security Author: jianshn Published: 08/29/2025 Summary: The article details how to deploy Agentic AI using Semantic Kernel on Azure Kubernetes Service (AKS) with a scalable, secure multi-tenant architecture. By isolating tenants through AKS namespaces, dedicated node pools, managed identities, and RBAC/ABAC for Azure Blob Storage, the solution ensures strong data and compute separation, minimizing cross-tenant risks and optimizing resource use. The post provides step-by-step implementation guidance, including credential scoping and deployment of AI agents, enabling enterprise-grade multi-tenancy for AI workloads with operational flexibility, cost efficiency, and security. Announcing MSGraph Provider Public Preview and the Microsoft Terraform VSCode Extension Team Blog: Azure Tools Author: stevenjma Published: 08/14/2025 Summary: Microsoft has announced the public preview of the Terraform MSGraph provider and the new Microsoft Terraform VSCode extension. The MSGraph provider enables managing Entra and M365 Graph APIs, offering broader and more immediate support for Microsoft cloud resources compared to the AzureAD provider. The VSCode extension consolidates AzureRM, AzAPI, and MSGraph support, adds features like exporting Azure resources as Terraform code, and enhances coding with IntelliSense and code samples. These tools aim to streamline infrastructure-as-code workflows, simplify resource management, and accelerate automation for Terraform practitioners in the Microsoft ecosystem.Check This Out! (CTO!) Guide (April 2025)
Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!Check This Out! (CTO!) Guide (March 2025)
Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!Check This Out! (CTO!) Guide (Feb 2025)
Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!Check This Out! (CTO!) Guide (May 2025)
Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!Check This Out! (CTO!) Guide (June 2025)
Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!Check This Out! (CTO!) Guide (July 2025)
Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!
