Check This Out! (CTO!) Guide (March 2026)
Member: TysonPaul | Microsoft Community Hub Automating Large‑Scale Data Management with Azure Storage Actions Team Blog: ITOps Talk Author: 1Nataraj Published: 02/25/2026 Summary: Azure Storage Actions is a fully managed, serverless automation platform that simplifies large-scale data management in Azure Blob and Data Lake Storage. It enables users to automate tasks such as tagging, tiering, deletion, and applying immutability based on customizable conditions—without custom code or infrastructure. Administrators can centrally define tasks and assign them across multiple storage accounts, with built-in preview, monitoring, and audit features. Use cases include compliance, cost optimization, and metadata management, making it ideal for organizations managing millions of items across vast storage estates. Azure Storage Actions is available in over 40 Azure regions. Migration, Modernization & Agentic Tools Team Blog: ITOps Talk Author: OrinThomas Published: 02/25/2026 Summary: The article discusses how agentic tools, such as those in Azure Copilot and GitHub Copilot, transform cloud migration and modernization from one-time projects into ongoing, autonomous systems. These tools dynamically discover environments, recommend modernization paths, automate migration steps, and continuously optimize workloads for cost, performance, security, and compliance. By embedding governance and leveraging real-time telemetry, agentic tools reduce manual effort, minimize errors, and ensure migrations are efficient, secure, and aligned with enterprise standards, providing continuous improvement post-migration. What’s new in FinOps toolkit 13 – January 2026 Team Blog: FinOps Author: Michael_Flanakin Published: 02/09/2026 Summary: The January 2026 update to the FinOps toolkit focuses on stability, usability, and community engagement. Key enhancements include improved documentation, new features like configurable Key Vault purge protection, and expanded support for Parquet format and compression in Cost Management exports via PowerShell. Security, reliability, and extensibility have been strengthened for FinOps hubs, with numerous bug fixes across Power BI reports, workbooks, and the Azure Optimization Engine. The release highlights ongoing community involvement, upcoming features like AI automation, and premium services to help organizations deploy and scale the toolkit effectively. Managed Identity on SQL Server On-Prem: The End of Stored Secrets Team Blog: Core Infrastructure and Security Author: RyadB Published: 02/23/2026 Summary: **Summary:** The article explains how SQL Server 2025 on-premises, when connected to Azure Arc, can use Managed Identity to access Azure resources without storing secrets like SAS tokens or keys. This approach eliminates risks of secret storage, rotation, and auditing complexity by leveraging Microsoft Entra ID for identity management and RBAC for permissions. The article details configuration steps, migration from stored credentials, troubleshooting, and current limitations, highlighting improved security and simplified management for on-prem SQL Server accessing Azure services. Running Text to Image and Text to Video with ComfyUI and Nvidia H100 GPU Team Blog: Core Infrastructure and Security Author: HoussemDellai Published: 02/27/2026 Summary: This article provides a step-by-step guide for setting up and running ComfyUI, a node-based interface for AI-powered text-to-image and text-to-video generation, on Azure VMs with Nvidia H100 GPUs. It details both automated (Terraform) and manual setup methods, including installing drivers, dependencies, and downloading required models. The guide explains accessing ComfyUI’s web portal, workflow configuration, and model management to create high-quality images and videos efficiently. It also includes important notes about GPU driver compatibility and offers links to official documentation and scripts for further reference. Unlock outbound traffic insights with Azure StandardV2 NAT Gateway flow logs Team Blog: Azure Networking Author: cozhang Published: 02/06/2026 Summary: The article introduces Azure’s StandardV2 NAT Gateway, highlighting its new features such as zone-redundancy, enhanced performance, dual-stack support, and, notably, flow logs. Flow logs provide detailed visibility into outbound traffic, enabling security auditing, compliance, usage analytics, and troubleshooting. The article explains how to enable and use flow logs to diagnose connectivity issues and optimize network architecture. It emphasizes the importance of flow logs for monitoring established outbound connections and offers troubleshooting steps for connection drops, recommending best practices for resilient Azure deployments. Centralized cluster performance metrics with ReFrame HPC and Azure Log Analytics Team Blog: Azure High Performance Computing (HPC) Author: jimpaine Published: 02/06/2026 Summary: The article outlines how to integrate ReFrame HPC, a flexible high-performance computing testing framework, with Azure Log Analytics for centralized performance monitoring across diverse clusters and environments. It details deploying necessary Azure resources, configuring ReFrame for HTTP logging, and running performance tests with results sent to Log Analytics. This integration enables unified, standardized metrics collection, cross-cluster comparisons, trend analysis, and improved system visibility—supporting migration, development, and operational assurance in heterogeneous HPC environments. Azure Recognized as an NVIDIA Cloud Exemplar, Setting the Bar for AI Performance in the Cloud Team Blog: Azure High Performance Computing (HPC) Author: Fernando_Aznar Published: 02/18/2026 Summary: Microsoft Azure has been recognized as the first NVIDIA Exemplar Cloud for its world-class, end-to-end AI workload performance, now validated for both H100 and next-generation GB300 (Blackwell) systems. This designation reflects Azure’s optimized full-stack infrastructure—including compute, networking, and software integration—delivering predictable, efficient, and scalable AI training at production scale. Customers benefit from faster time-to-train, improved ROI, and confidence in Azure’s readiness for advanced AI workloads, ensuring consistent high performance from proof-of-concept to deployment without sacrificing cloud flexibility or manageability. Reference Architecture for Highly Available Multi-Region Azure Kubernetes Service (AKS) Team Blog: Azure Architecture Author: rgarofalo Published: 02/03/2026 Summary: The article presents a reference architecture for highly available, multi-region Azure Kubernetes Service (AKS) deployments. It compares active/active, active/passive, and deployment stamp models, detailing their trade-offs in availability, complexity, and cost. Key components include Azure Front Door for global traffic routing, geo-replicated data services, centralized monitoring, and consistent security controls. The architecture emphasizes resilience through fault isolation, automated recovery, and regular testing. It offers practical guidance for cloud architects to design AKS platforms that withstand regional outages, ensuring business continuity and scalable operations across Azure regions. Reactive Incident Response with Azure SRE Agent: From Alert to Resolution in Minutes Team Blog: Azure Architecture Author: Sabyasachi-Samaddar Published: 02/18/2026 Summary: **Summary:** The article details how Azure SRE Agent revolutionizes incident response by automating investigation and triage as soon as an alert fires, reducing resolution times from hours to minutes. Through two real-world scenarios—a SQL connectivity outage and a VM CPU spike—the agent autonomously diagnosed issues, proposed remediations, and required minimal human intervention. Custom Incident Response Plans and instructions enable context-aware, consistent, and rapid resolutions, with automated post-incident documentation. Key benefits include faster MTTR, reduced manual toil, and improved knowledge capture, though some technical challenges remain. Azure SRE Agent is currently in preview. Cross Forest Enrollment – PKISync.PS1 Team Blog: Ask the Directory Services Team Author: Manuel_Alvarez_V Published: 02/19/2026 Summary: The article explains how to use the PKISync.ps1 PowerShell script for cross-forest certificate enrollment in Active Directory environments. PKISync synchronizes PKI-related objects, such as certificate templates and CA configurations, from a source forest to a target forest, enabling certificate requests across forests. It details the setup requirements, including two-way forest trusts, LDAP referral configuration, and certificate publishing. Although PKISync is considered legacy, automating its use can facilitate simple cross-forest enrollment, but CEP/CES is recommended for modern, secure deployments. The article concludes with best practices and automation tips for PKISync. What’s New in Windows Group Policy Preferences Debug Logging Team Blog: Ask the Directory Services Team Author: TagoreN Published: 02/27/2026 Summary: The article outlines a new feature in Windows 11 24H2 and 25H2 (from February 2026 preview updates) that allows administrators to enable Group Policy Preferences (GPP) debug logging directly through Local Group Policy, not just domain-based GPOs. This simplifies troubleshooting by allowing detailed logging on client devices without domain reliance. The article explains how to configure logging, manage trace file locations, and set necessary permissions. Overall, this update enhances flexibility and efficiency for IT professionals managing and debugging GPP issues on Windows client devices. Public Preview: Restrict usage of user delegation SAS to an Entra ID identity Team Blog: Azure Storage Author: ellievail Published: 02/26/2026 Summary: Microsoft has announced the public preview of user-bound user delegation SAS for Azure Storage, enhancing security by restricting SAS token usage to a specific Microsoft Entra ID identity. This feature extends user delegation SAS, requiring the end user to authenticate with Entra ID to access storage resources. It supports cross-tenant scenarios and incurs no additional cost beyond standard storage transactions. User-bound SAS is available via REST APIs, SDKs, PowerShell, and CLI for all GPv2 storage accounts in public regions, with detailed steps provided for setup and role assignment. Azure Migrate: Now Supporting Premium SSD V2, Ultra and ZRS Disks as Targets Team Blog: Azure Storage Author: Lakshya_Jalan Published: 02/18/2026 Summary: Azure Migrate now supports Premium SSD v2, Ultra Disk, and ZRS Disks as migration targets, with Premium SSD v2 and ZRS generally available and Ultra Disk in public preview. This update enhances assessment and migration by enabling tailored recommendations based on workload performance needs, offering greater flexibility, performance, and resiliency. Users can now migrate demanding, mission-critical workloads to Azure using these advanced disk options, benefiting from features like zonal redundancy and customizable performance. The enhancements streamline migrations and ensure optimal resource alignment, supporting petabytes of data already migrated during the preview phase. Public Preview: Automatic zone balance for Virtual Machine Scale Sets Team Blog: Azure Compute Author: HilaryWang Published: 02/17/2026 Summary: Azure has introduced the public preview of automatic zone balance for Virtual Machine Scale Sets, which automatically monitors and redistributes VM instances across availability zones to maintain optimal resiliency. This feature addresses imbalances that can occur over time, minimizing the impact of zone failures without manual intervention. The system uses health checks, respects instance protection policies, and ensures workload capacity during rebalancing. Automatic instance repair is also enabled by default. Users can join the preview by enabling the feature and meeting specific prerequisites. This capability reduces operational overhead while enhancing workload reliability and zone-level resilience. Azure Automated Virtual Machine Recovery: Minimizing Downtime Team Blog: Azure Compute Author: Jon_Andoni_Baranda Published: 02/04/2026 Summary: Azure Automated Virtual Machine Recovery is a built-in Azure feature that minimizes VM downtime through fast, intelligent, and automated recovery processes. Without requiring customer setup, it continuously monitors VM health, rapidly detects failures, diagnoses issues, and applies the optimal recovery action, all without customer intervention. Leveraging detailed recovery event annotations, it provides deep visibility into incident timelines and helps optimize recovery strategies. Over the past 18 months, this system has halved average VM downtime, strengthening business continuity, reducing financial impact, and reinforcing customer trust in Azure’s reliable cloud platform. Support tip: Resolve device noncompliance with Mobile Threat Defense partner apps Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 02/02/2026 Summary: This article provides guidance for resolving device noncompliance issues when using Mobile Threat Defense (MTD) partner apps, like Microsoft Defender for Endpoint, with Microsoft Intune. It outlines troubleshooting steps for users to restore compliance—installing, activating, refreshing, or reinstalling the MTD app—and checking compliance status. It also details simplified remediation workflows for iOS/iPadOS and methods for resetting the MTD connection on Android if sign-out is blocked, helping users regain access to work or school resources and reducing support overhead. How to enable HTTPS support for Microsoft Connected Cache for Enterprise and Education Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 02/20/2026 Summary: Starting June 16, 2026, Intune will require HTTPS for Microsoft Connected Cache when delivering Win32 apps. To maintain caching benefits and reduce bandwidth, administrators must configure HTTPS on Connected Cache nodes using a CA-signed TLS certificate. The guide details generating a CSR on the node, signing and importing the certificate, and validating HTTPS on both Windows and Linux hosts. It also covers troubleshooting, maintenance, and renewal. Without HTTPS, devices will revert to using the CDN for Intune app downloads. Other content types remain unaffected. Early configuration ensures seamless transition and continued performance benefits. The Copilot resource guide to share with your employees Team Blog: FastTrack Author: JulieHersum Published: 02/19/2026 Summary: The article introduces the "Essential Copilot resource hubs for employees," a centralized guide designed to streamline Microsoft Copilot onboarding and support. It helps adoption leaders structure learning paths, IT admins share resources efficiently, and all employees access consistent guidance. The guide consolidates key Microsoft Copilot resources, making it easier for organizations to accelerate adoption and customize internal policies. Additional support is available through FastTrack and the Microsoft 365 Accelerator site, offering expert guidance, templates, and personalized assistance to boost Copilot deployment and change management efforts. Copilot adoption: Move your org from pilot to production with this guide Team Blog: FastTrack Author: JulieHersum Published: 02/19/2026 Summary: The article introduces a comprehensive guide for IT admins and Copilot adoption leads to streamline the rollout of Microsoft 365 Copilot. Organized around the adoption lifecycle (plan, build, operate), the guide highlights eight essential resource hubs, practical rollout steps, and audience-specific resources to ensure effective, governed adoption. It also promotes Microsoft FastTrack, which offers expert support, self-service resources, and personalized assistance to accelerate and scale Copilot deployment at no extra cost. Azure Virtual Desktop is now available in US Gov Texas in Azure Government Team Blog: Azure Virtual Desktop Author: Ron_Coleman Published: 02/04/2026 Summary: Azure Virtual Desktop is now available in the USGov Texas region of Azure Government, offering customers a new option for deploying secure and flexible virtual desktop environments. This expansion enables improved connection performance, reduced latency, and enhanced responsiveness by allowing host pool creation directly in the region. It supports mission needs, geographic distribution, and regulatory requirements, while maintaining Azure Government’s compliance and security standards. Customers can now leverage multiple regions for greater flexibility and performance in their virtual desktop deployments. RDP Shortpath (UDP) over Private Link is now generally available Team Blog: Azure Virtual Desktop Author: Rinku_Dalwani Published: 02/17/2026 Summary: Azure Virtual Desktop now supports UDP-based RDP Shortpath over Private Link, enabling direct, high-performance RDP connections between session hosts and clients using private IPs. This complements existing TCP connectivity, helping customers with strict private network boundaries. Administrators must explicitly enable UDP in Azure portal settings to use this feature. The opt-in model ensures secure and predictable transport, giving full control over UDP introduction. This enhancement is recommended for customers needing precise routing and policy enforcement in regulated environments, while standard AVD connectivity remains suitable for most deployments. Full configuration guidance is available in Azure documentation. Migrating Workloads from AWS to Azure: A Structured Approach for Cloud Architects Team Blog: Azure Migration and Modernization Author: rhack Published: 02/18/2026 Summary: The article outlines a structured, five-phase approach for migrating workloads from AWS to Azure, emphasizing a like-for-like architecture to minimize risk and maintain operational stability. Key phases include planning, preparation, execution, evaluation, and decommissioning, each requiring thorough documentation, stakeholder alignment, testing, and validation. The recommended migration strategy is blue/green deployment for risk mitigation. The workload team should lead the migration, supported by external Azure experts. Success depends on careful planning, phased execution, and post-migration optimization, with organizational knowledge-sharing encouraged for future improvements. Modernizing for the AI Era: Accelerating Application Transformation with Agentic Tools Team Blog: Azure Migration and Modernization Author: MarcoB Published: 02/12/2026 Summary: The article highlights the urgent need for organizations to modernize legacy applications to thrive in the AI era. Legacy systems drain resources and hinder innovation, but new agentic tools—such as GitHub Copilot, Azure Migrate, and Azure Copilot—use AI to automate and accelerate application transformation. These tools reduce manual effort, boost accuracy and safety, and make modernization accessible, empowering teams to focus on innovation. The result is faster, safer, and more consistent modernization, enabling organizations to continuously evolve their applications for intelligent, cloud-optimized environments. Practical steps and resources are provided to guide organizations in getting started. Secure DNS with DoH: Public Preview for Windows DNS Server Team Blog: Networking Author: JorgeCañas Published: 02/09/2026 Summary: Microsoft has launched a public preview of DNS over HTTPS (DoH) for Windows DNS Server, enabling encrypted and authenticated DNS queries within on-premises networks. This upgrade enhances security and privacy by preventing DNS traffic from being exposed or intercepted, aligning with Zero Trust principles and U.S. federal requirements. The DoH feature, included in the February 2026 update for Windows Server 2025, is disabled by default and currently intended for evaluation only. Existing DNS functionality remains unchanged, with new tools added for DoH management. Feedback is encouraged to improve the feature before general availability. Announcing Public Preview: Simplified Machine Provisioning for Azure Local Team Blog: Azure Arc Author: PragyaDwivedi Published: 02/26/2026 Summary: Microsoft has announced the Public Preview of Simplified Machine Provisioning for Azure Local, streamlining edge infrastructure deployment. The new process centralizes configuration in Azure, requiring minimal on-site expertise—staff only need to rack, power on hardware, and insert a prepared USB. Secure provisioning uses industry standards like FIDO Device Onboarding and Azure Arc Site for consistent, automated deployments across multiple locations. IT teams manage and monitor provisioning remotely, reducing errors and speeding up setup. Once complete, machines are ready for cluster creation and workload deployment, significantly simplifying and scaling Azure Local deployments. Azure CLI Windows MSI Upgrade Issue: Root Cause, Mitigation, and Performance Improvements Team Blog: Azure Tools Author: Alex-wdy Published: 02/03/2026 Summary: The article discusses a critical issue affecting Azure CLI upgrades on Windows using the MSI installer, where users upgrading from version 2.76.0 (or earlier) to 2.77.0 (or later) encountered startup crashes due to missing Python extension files. The root cause was a versioning conflict during upgrade, leading to incomplete installations. The article details recovery steps, recommends upgrading to version 2.83.0, and highlights improvements to the MSI upgrade process, making installations faster and more reliable by simplifying file replacement logic and eliminating slow version checks. Users are encouraged to upgrade and report issues if encountered. Navigating the 2025 holiday season: Insights into Azure’s DDoS defense Team Blog: Azure Network Security Author: Jdasari Published: 02/18/2026 Summary: During the 2025 holiday season, Azure observed a rise in burst-style DDoS attacks, with high-intensity, short-lived surges targeting packet processing and connection-handling layers. Most attacks were automated and brief, but the cumulative impact was operationally draining, especially for latency-sensitive sectors like gaming. Botnet-driven attacks rapidly shifted targets, exploiting inconsistent defenses. Azure DDoS Protection mitigated over 174,000 attacks, underscoring the need for always-on, automated, and layered security. Organizations are urged to standardize protections, proactively monitor, and adopt Zero Trust and multi-layered defense strategies to ensure resilience against evolving threats in 2026. A Practical Guide to Azure DDoS Protection Cost Optimization Team Blog: Azure Network Security Author: SaleemBseeu Published: 02/18/2026 Summary: The article provides strategies for optimizing Azure DDoS Protection costs. It explains the differences between DDoS Network Protection (best for large-scale, centralized management) and DDoS IP Protection (for few, specific endpoints). Key recommendations include consolidating protection plans to reduce base costs, selectively applying protection based on workload exposure, preventing unnecessary spend via regular reviews, and using cost management tools and tagging for visibility. The guide emphasizes aligning protection with actual risk and criticality, and offers scripts and checklists to support ongoing cost-efficient DDoS defense.Check This Out! (CTO!) Guide (February 2026)
Member: TysonPaul | Microsoft Community Hub Secure DNS with DoH: Public Preview for Windows DNS Server Team Blog: Networking Author: JorgeCañas Published: 02/09/2026 Summary: Microsoft has launched a public preview of DNS over HTTPS (DoH) for Windows DNS Server, available in the February 2026 update for Windows Server 2025. DoH encrypts DNS queries and responses, enhancing authentication and privacy while maintaining existing server functions. This move aligns with Zero Trust security principles and supports U.S. federal cybersecurity requirements. The feature is disabled by default, is not production-ready, and currently only encrypts client-to-server traffic. Feedback is encouraged during the preview phase, with future updates planned for upstream encryption support. Azure Blob Tiering: Clarity, Truths, and Practical Guidance for Architects Team Blog: Azure Infrastructure Author: nehatiwari1994 Published: 02/06/2026 Summary: The article explains Azure Blob Storage tiering for backup architects, debunking common misconceptions about tier performance and access. Hot, Cool, and Cold tiers are online and offer immediate data access; minimum retention is a billing rule, not a technical limit. Archive tier requires rehydration before restores. Restore speed depends on throughput architecture, not tier. Cost is influenced by both storage and access patterns. Effective tiering strategies and lifecycle policies are essential for scaling backup repositories from terabytes to petabytes, ensuring operational safety and cost control. The article offers practical design recommendations and clarifies Azure tier behaviors. AKS Tenant Migration: Considerations and Approach Team Blog: Azure Infrastructure Author: SoumyaShet05 Published: 02/05/2026 Summary: 321: No summary could be found for article: [AKS Tenant Migration: Considerations and Approach] [https://techcommunity.microsoft.com/blog/azureinfrastructureblog/aks-tenant-migration-considerations-and-approach/4415198]. What’s new in FinOps toolkit 13 – January 2026 Team Blog: FinOps Author: Michael_Flanakin Published: 02/09/2026 Summary: FinOps toolkit 13 (January 2026) delivers stability and usability improvements for cloud cost management, including enhanced documentation, Key Vault purge protection options, Power BI report fixes, and streamlined Cost Management exports via PowerShell with Parquet support. The release strengthens security, reliability, and extensibility for enterprise-scale deployments. Community engagement is emphasized with new office hours. Future plans include AI-driven automation, expanded recommendations, and premium support services. The toolkit remains open-source and continues to evolve with community contributions and ongoing enhancements across Microsoft Cloud environments. Reading GPSVC Like a Crime Novel Team Blog: Ask the Directory Services Team Author: Chris_Cartwright Published: 02/25/2026 Summary: The article, "Reading GPSVC Like a Crime Novel," explains how to troubleshoot Group Policy issues using the enhanced GPSVC debug log in modern Windows 11 versions. It details the two core phases of Group Policy processing, emphasizes the importance of following log threads, and highlights the benefit of new date and time stamps for better correlation with other events. The post also covers enabling verbose logging, interpreting log entries, and using additional tools like TSS for deeper analysis, ultimately making GPSVC logs more powerful for diagnosing Group Policy problems. What’s New in Windows Group Policy Preferences Debug Logging Team Blog: Ask the Directory Services Team Author: TagoreN Published: 02/27/2026 Summary: The article outlines enhancements to Windows Group Policy Preferences (GPP) debug logging in Windows 11 versions 24H2 and 25H2 (from February 2026 preview updates). Administrators can now enable verbose GPP debug logging directly via Local Group Policy, not just domain-based GPOs. This change simplifies troubleshooting, reduces reliance on domain controllers, and allows easier, flexible diagnostic workflows on client devices. The article explains how to configure logging settings, log locations, and necessary permissions, highlighting a significant quality-of-life improvement for IT professionals managing GPP issues. Azure Landing Zone and compliance for Banks (Indian Banks) Team Blog: Azure Migration and Modernization Author: srhulsus Published: 02/12/2026 Summary: **Summary:** Azure Landing Zone (ALZ) provides Indian banks with a secure, compliant, and auditable cloud foundation, aligning with RBI and global standards (ISO 27001, PCI-DSS, FFIEC). It features subscription isolation, centralized IAM, robust network and data security, mandatory encryption, continuous monitoring, and business continuity controls. ALZ ensures India data residency, policy automation, regulatory audit support, and secure exit management. The architecture is regulator-accepted and proven by major banks, supporting governance, risk, and compliance mandates for hosting sensitive, regulated banking workloads on Azure. Migrating Workloads from AWS to Azure: A Structured Approach for Cloud Architects Team Blog: Azure Migration and Modernization Author: rhack Published: 02/18/2026 Summary: The article outlines a structured, five-phase approach for migrating workloads from AWS to Azure, emphasizing a “like-for-like” architecture to minimize risk and complexity. Key phases include planning, preparation, execution, evaluation, and decommissioning, with blue/green deployment recommended for risk reduction. Success hinges on comprehensive documentation, stakeholder alignment, phased validation, and having the current workload team lead the migration. External partners can assist with planning but should not execute cutovers. Once stability on Azure is achieved, optimization can begin. Thorough preparation and collaboration are essential for a confident, disruption-free migration. How to enable HTTPS support for Microsoft Connected Cache for Enterprise and Education Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 02/20/2026 Summary: Starting June 16, 2026, Intune will require HTTPS for Microsoft Connected Cache nodes serving Win32 apps. To retain bandwidth savings and localize content, admins must configure HTTPS on their Connected Cache servers by preparing a TLS certificate, generating a CSR on the node, signing it with a CA, importing the certificate, and validating HTTPS. The process is similar for Windows and Linux hosts. Regular certificate monitoring and renewal are necessary. Without HTTPS, devices will fall back to CDN. Improvements and fixes are underway, and early setup ensures readiness for the upcoming enforcement. Support tip: Resolve device noncompliance with Mobile Threat Defense partner apps Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 02/02/2026 Summary: The article explains how to resolve device noncompliance issues in Microsoft Intune when using Mobile Threat Defense (MTD) partner apps like Microsoft Defender for Endpoint. It outlines steps for users to restore compliance, including installing or activating the MTD app, refreshing the app’s connection, or reinstalling it. It also details simplified remediation for iOS/iPadOS and steps to refresh the MTD connection on Android if sign-out is blocked. The guidance helps organizations ensure device compliance and secure access to work or school resources while reducing support overhead. Announcing Public Preview: Simplified Machine Provisioning for Azure Local Team Blog: Azure Arc Author: PragyaDwivedi Published: 02/26/2026 Summary: Microsoft has announced the public preview of Simplified Machine Provisioning for Azure Local, streamlining edge infrastructure deployment by shifting configuration to Azure. IT teams can now centrally define and automate provisioning using Azure Arc, with minimal onsite interaction—staff only need to rack, power on hardware, and use a prepared USB. Built on the FIDO Device Onboarding standard, this approach ensures secure, consistent device onboarding and management at scale, with end-to-end deployment visibility. This new process enables faster, less error-prone deployments, allowing organizations to efficiently provision and manage Azure Local infrastructure across multiple sites. Unlock outbound traffic insights with Azure StandardV2 NAT Gateway flow logs Team Blog: Azure Networking Author: cozhang Published: 02/06/2026 Summary: The article introduces the Azure StandardV2 NAT Gateway, highlighting new features such as zone-redundancy, enhanced throughput, dual-stack IP support, and the availability of flow logs. Flow logs provide detailed outbound traffic data, improving security, compliance, and troubleshooting. They help monitor traffic patterns, identify issues like connection drops, and optimize network architecture. The article explains enabling and using flow logs for diagnostics, emphasizing their value in validating connectivity and auditing outbound flows, and encourages users to leverage these insights for resilient Azure deployments. Migration, Modernization & Agentic Tools Team Blog: ITOps Talk Author: OrinThomas Published: 02/25/2026 Summary: The article discusses how agentic tools are transforming cloud migration and modernization by introducing autonomy, continuous optimization, and context-aware decision-making. Rather than a one-time process, migration becomes an ongoing, self-improving system with tools like Azure Copilot and GitHub Copilot. These tools automate environment discovery, recommend modernization paths, execute migrations, validate and optimize workloads, and ensure governance. They classify workloads, automate migration waves, and continuously enhance cost, performance, security, and compliance, reducing manual effort and errors while enabling safe, efficient, and policy-driven cloud transitions. Automating Large‑Scale Data Management with Azure Storage Actions Team Blog: ITOps Talk Author: 1Nataraj Published: 02/25/2026 Summary: Azure Storage Actions is a fully managed, serverless automation platform that enables customers to automate large-scale data management tasks—such as tiering, tagging, deletion, and applying immutability policies—across Azure Blob Storage and Data Lake Storage without custom code or infrastructure. It uses reusable, condition-based storage tasks and assignments, supporting compliance, cost optimization, and operational efficiency. The platform provides built-in monitoring, auditing, and preview features, making it suitable for scenarios requiring traceability. Common use cases include regulatory compliance, cost control, and metadata management across industries like finance, airlines, and manufacturing. Securing A Multi-Agent AI Solution Focused on User Context & the Complexities of On-Behalf-Of. Team Blog: Azure Architecture Author: Charles_Chukwudozie Published: 02/11/2026 Summary: The article outlines how an enterprise-grade multi-agent AI system was designed to securely preserve user identity and enforce access controls when AI agents interact with backend services like Databricks. By implementing Microsoft Entra ID’s On-Behalf-Of (OBO) flow, each AI agent operates strictly within the authenticated user’s permissions, maintaining RBAC policies and an audit trail. The solution uses a custom OAuth provider, per-user agent instances, and human-in-the-loop approval for sensitive operations, aligning with Zero Trust principles and ensuring robust AI governance for enterprise applications. Reference Architecture for Highly Available Multi-Region Azure Kubernetes Service (AKS) Team Blog: Azure Architecture Author: rgarofalo Published: 02/03/2026 Summary: This article presents a reference architecture for deploying Azure Kubernetes Service (AKS) across multiple Azure regions to maximize availability and resilience. It compares active/active, active/passive, and deployment stamp patterns, detailing trade-offs in availability, complexity, and cost. Key components include Azure Front Door for global routing, geo-replicated data services, centralized monitoring, and consistent security. The article emphasizes clear design choices, regular testing, and operational preparedness, highlighting that multi-region resilience requires coordinated patterns, not a simple switch, and should align with business RTO/RPO objectives and operational maturity. Public Preview: Restrict usage of user delegation SAS to an Entra ID identity Team Blog: Azure Storage Author: ellievail Published: 02/26/2026 Summary: Microsoft has announced the public preview of user-bound user delegation SAS for Azure Storage, enhancing security by restricting SAS token usage to a specific Microsoft Entra ID identity. This extension of user delegation SAS ensures only the designated user can access storage resources, reducing the risk of unintended access. The feature is available at no additional cost in all public regions and supports cross-tenant scenarios. It integrates with existing Azure RBAC and is accessible via REST APIs, SDKs, PowerShell, and CLI. Setup involves assigning the correct roles, obtaining user IDs, and generating the SAS token. Azure Migrate: Now Supporting Premium SSD V2, Ultra and ZRS Disks as Targets Team Blog: Azure Storage Author: Lakshya_Jalan Published: 02/18/2026 Summary: 321: No summary could be found for article: [Azure Migrate: Now Supporting Premium SSD V2, Ultra and ZRS Disks as Targets] [https://techcommunity.microsoft.com/blog/azurestorageblog/azure-migrate-now-supporting-premium-ssd-v2-ultra-and-zrs-disks-as-targets/4495332]. Bringing AI fluency to every corner of the organization (even yours!) Team Blog: Microsoft Learn Author: AshleyMastersHall Published: 02/19/2026 Summary: The article emphasizes the importance of AI fluency for all roles within organizations, likening AI’s impact to the transformative effect of GPS on navigation. It defines AI fluency as understanding and effectively using generative AI in care tasks, now a critical skill for the modern workplace. The author provides practical, approachable steps to integrate AI into daily workflows, recommends starting small, and highlights Microsoft’s AI Skills Navigator as a resource. The core message: AI is already changing work, and building fluency—starting with familiar tasks—ensures continued relevance and success. Microsoft Credentials roundup: February 2026 edition Team Blog: Microsoft Learn Author: PujaA Published: 02/26/2026 Summary: Microsoft’s February 2026 Credentials roundup introduces four new AI-focused Certifications and six new Applied Skills, targeting both technical and business professionals. These credentials validate expertise in AI integration, Copilot, and agent solutions, enhancing career prospects in an AI-powered workplace. Applied Skills offer quick, practical assessments in real-world AI tasks. Several older Certifications and Applied Skills are being retired, reflecting Microsoft’s ongoing commitment to current, relevant skills. Additional AI-focused updates are planned for March 2026 and beyond, further expanding learning and credentialing opportunities in AI and cloud technologies. Public Preview: Automatic zone balance for Virtual Machine Scale Sets Team Blog: Azure Compute Author: HilaryWang Published: 02/17/2026 Summary: Azure has introduced the public preview of automatic zone balance for Virtual Machine Scale Sets, which ensures VMs are evenly distributed across availability zones with no manual intervention. This feature continuously monitors and rebalances VMs, minimizing the impact of zone failures and maintaining optimal resiliency. It uses a create-before-delete approach with health checks and built-in safety measures, reducing operational overhead and ensuring workload stability. Automatic instance repairs are enabled by default. To use this feature, register for the preview, meet prerequisites, and enable it via the Azure portal, CLI, PowerShell, or REST API. Azure Automated Virtual Machine Recovery: Minimizing Downtime Team Blog: Azure Compute Author: Jon_Andoni_Baranda Published: 02/04/2026 Summary: Azure Automated Virtual Machine Recovery is a built-in Azure feature designed to minimize VM downtime by automatically detecting, diagnosing, and mitigating failures within seconds, without customer intervention. It operates continuously, leveraging multiple detection mechanisms and optimized recovery paths, ensuring business continuity and consistent SLA compliance. Recovery Event Annotations provide deep visibility into the recovery process, helping identify bottlenecks and improve reliability. Over the past 18 months, this system has halved average VM downtime, empowering customers to confidently run resilient applications with reduced risk of service disruption and financial loss. No setup is required; all Azure VMs benefit automatically. Azure CLI Windows MSI Upgrade Issue: Root Cause, Mitigation, and Performance Improvements Team Blog: Azure Tools Author: Alex-wdy Published: 02/03/2026 Summary:Check This Out! (CTO!) Guide (January 2026)
Member: TysonPaul | Microsoft Community Hub From classroom to workforce: Helping higher ed faculty prepare students for what’s next Team Blog: Microsoft Learn Author: RWortmanMorris Published: 01/15/2026 Summary: Microsoft is partnering with higher education institutions to prepare students and faculty for an AI-driven workforce. Through tools like AI Skills Navigator, Microsoft Learn for Educators, and the Microsoft Student Ambassadors program, they offer free, flexible training, credentials, and community support to develop practical AI and digital skills. These initiatives help faculty integrate AI into teaching, empower students with job-ready skills, and provide recognized certifications valued by employers. Microsoft also provides free access to Microsoft 365 and LinkedIn Premium, aiming to support lifelong learning, teaching innovation, and successful career pathways in the evolving educational landscape. Azure Arc Portal Update: Simplifying Onboarding and Management at Scale Team Blog: Azure Migration and Modernization Author: MarcoB Published: 01/16/2026 Summary: The updated Azure Arc portal streamlines onboarding and management of hybrid and multi-cloud resources. Key improvements include a redesigned landing page, guided onboarding via interactive questionnaires, and unified machine onboarding flows for greater simplicity. Navigation is reorganized for better clarity, and dashboards now offer adaptive summaries and actionable insights, transforming management tasks into intuitive actions. These enhancements aim to make Azure Arc more accessible and scalable, enabling users to efficiently manage external resources and focus on delivering business value instead of dealing with complexity. Resolve-DnsName vs. nslookup in Windows Team Blog: Networking Author: JamesKehr Published: 01/08/2026 Summary: The article compares nslookup and Resolve-DnsName for DNS troubleshooting in Windows. Nslookup is widely used but operates independently of Windows DNS client resolver, potentially causing inaccurate results due to quirks like DNS suffix handling and lack of support for modern DNS features. Resolve-DnsName, a PowerShell cmdlet, integrates with Windows DNS-CR, providing accurate results, support for DNSSEC, secure DNS, and flexible parameters. For Windows-centric troubleshooting and automation, Resolve-DnsName is recommended, while nslookup remains useful for basic queries and diagnosing DNS client issues. Understanding their differences ensures reliable DNS troubleshooting. Data Center Quantized Congestion Notification: Scaling congestion control for RoCE RDMA in Azure Team Blog: Azure Networking Author: VamsiVadlamuri Published: 01/13/2026 Summary: Microsoft Azure uses Data Center Quantized Congestion Notification (DCQCN) to enable high-throughput, low-latency RDMA-based storage across its global data centers. DCQCN, combined with Priority Flow Control, dynamically manages congestion using ECN-based feedback, ensuring reliable performance even with diverse hardware and network conditions. Azure addressed interoperability challenges between NIC generations by tuning DCQCN parameters and optimizing feedback mechanisms. As a result, Azure achieves line-rate RDMA performance, significant CPU savings, reduced latency, and near-zero packet loss, making DCQCN essential for scalable and resilient cloud storage infrastructure. What is going on with RC4 in Kerberos? Team Blog: Ask the Directory Services Team Author: WillAftring Published: 01/26/2026 Summary: Microsoft is phasing out RC4 usage in Kerberos authentication due to security concerns, with major changes starting in January 2026. RC4 will be removed as a default encryption type, and new auditing tools will help identify dependencies. Enforcement begins April 2026, with rollback options until July 2026. While DES is already removed, RC4 remains supported for critical legacy needs if properly configured. Microsoft encourages users to migrate away from RC4 and offers resources and support for environments still dependent on it. Redis Keys Statistics Team Blog: Azure PaaS Author: LuisFilipe Published: 01/21/2026 Summary: The article explains how to gather Redis key statistics, focusing on Time-to-Live (TTL) and key size, to troubleshoot cache usage and performance. It provides two Bash+LUA script solutions: one for key statistics (counting keys by TTL and size thresholds), and another for listing key names meeting specified TTL and size criteria. The article highlights the importance of managing TTL and key sizes for optimal Redis performance and warns that running these scripts can impact Redis workloads due to their need to scan all keys. Usage instructions, parameters, and performance considerations are detailed. Azure Arc Server Jan 2026 Forum Recap Team Blog: Azure Arc Author: Aurnov_Chattopadhyay Published: 01/20/2026 Summary: The January 2026 Azure Arc Server Forum highlighted new machine management features in Azure Compute Hub, updates on Windows Server Hot Patch and its billing, a preview of TPM-based onboarding to Azure Arc, and a recap of major 2025 SQL Server announcements. Attendees are encouraged to stay updated with the latest Arc agent, provide feedback, and register for SQL Con 2026. The session’s recording is available on YouTube, and registration for future forums and newsletters is open, with the next session scheduled for February 19, 2026. Azure File Sync: Azure Arc Integration, Additional Regions, and Secure Syncing Team Blog: Azure Storage Author: grace_kim Published: 01/16/2026 Summary: Azure File Sync now integrates with Azure Arc, enabling simplified deployment and management of hybrid file services. The service expands to four new regions—Italy North, New Zealand North, Poland Central, and Spain Central—offering improved regional data residency and performance. Enhanced security is provided through managed identities, eliminating the need for manual credential management. From January 2026, File Sync will incur no per-server cost for Windows Server Software Assurance customers using Azure Arc and File Sync agent v22+. These updates streamline onboarding, ensure secure access, and support scalable, predictable hybrid storage solutions. Announcing Public Preview of User delegation SAS for Azure Tables, Azure Files, and Azure Queues Team Blog: Azure Storage Author: ellievail Published: 01/16/2026 Summary: Microsoft has announced the public preview of user delegation SAS (UD SAS) for Azure Tables, Azure Files, and Azure Queues in all regions, expanding secure access beyond Azure Blobs. UD SAS ties SAS tokens to user identities via Entra ID and RBAC, enabling more granular, delegated access to storage resources. There’s no additional cost, and it’s available through REST APIs, SDKs, PowerShell, and CLI. Eligible storage accounts can use UD SAS without special settings, and setup involves assigning RBAC roles, obtaining a user delegation key, creating the SAS token, and sharing it securely. Deploy PostgreSQL on Azure VMs with Azure NetApp Files: Production-Ready Infrastructure as Code Team Blog: Azure Architecture Author: GeertVanTeylingen Published: 01/15/2026 Summary: The article details how deploying PostgreSQL on Azure VMs with Azure NetApp Files is simplified using production-ready Infrastructure as Code (IaC) templates. These templates automate setup, optimize storage performance, and enhance security, eliminating manual configuration and reducing deployment time from hours to minutes. Teams can use Terraform, ARM templates, or PowerShell for flexible, repeatable workflows across development and production environments. Key benefits include consistent environments, enterprise-grade features, rapid provisioning, cost efficiency, and support for AI/ML workloads and database migrations. The solution ensures scalable, secure, and high-performance PostgreSQL deployments on Azure. Unlocking Advanced Data Analytics & AI with Azure NetApp Files object REST API Team Blog: Azure Architecture Author: GeertVanTeylingen Published: 01/15/2026 Summary: The article details how the Azure NetApp Files object REST API enables S3-compatible object access to enterprise file data stored on Azure NetApp Files, eliminating the need for data copying or restructuring. This dual-access approach allows analytics and AI platforms, including Azure Databricks and Microsoft OneLake, to operate directly on NFS/SMB datasets, preserving performance, security, and governance. Integration scenarios, technical implementation, and video guides are provided to help organizations streamline data architectures, minimize data movement, and accelerate real-time insights across analytics and AI workflows. Release of Bicep Azure Verified Modules for Platform Landing Zone Team Blog: Azure Tools Author: ztrocinski Published: 01/20/2026 Summary: **Summary:** Microsoft has released Azure Verified Modules (AVM) for Platform Landing Zones using Bicep, providing a modular, customizable, and officially supported approach to Infrastructure as Code (IaC). The framework features 19 independently managed modules, supports full configuration, and integrates Azure Deployment Stacks for improved resource lifecycle management. Bicep AVM replaces classic ALZ-Bicep, which will be deprecated by 2027. Key benefits include end-to-end customization, faster innovation, independent policy management, and modernized parameter files, making Azure deployments more flexible, maintainable, and aligned with enterprise best practices. Migration guidance will be provided for existing users. Improving Efficiency through Adaptive CPU Uncore Power Management Team Blog: Azure Compute Author: PulkitMisra Published: 01/21/2026 Summary: The article discusses Microsoft Azure’s adoption of adaptive CPU uncore power management, focusing on Efficiency Latency Control (ELC) co-designed with Intel for Xeon 6 processors. ELC enables dynamic adjustment of uncore frequency based on CPU utilization, improving power efficiency without sacrificing performance. Real-world tests show up to 11% power savings at moderate loads and 1.5× performance-per-watt improvements at low loads. This approach allows Azure to deploy more servers within existing datacenter power constraints, enhancing sustainability and responsiveness to evolving cloud workload demands through hardware–software co-design. Announcing General Availability of Azure Da/Ea/Fasv7-series VMs based on AMD ‘Turin’ processors Team Blog: Azure Compute Author: ArpitaChatterjee Published: 01/27/2026 Summary: Microsoft has announced the general availability of Azure’s new AMD-based Da/Ea/Fasv7-series Virtual Machines powered by 5th Gen AMD EPYC ‘Turin’ processors. These VMs offer improved CPU performance, scalability, memory capacity, network, and storage throughput, with up to 35% better price-performance than previous AMD v6 VMs. They cater to diverse workloads, including general, memory, and compute-intensive tasks, and feature enhanced security and flexible configurations. Available across multiple Azure regions, these VMs deliver significant workload-specific gains and are praised by customers and technology partners for performance and efficiency improvements. Determine Defender for Endpoint offboarding state for Linux devices Team Blog: Core Infrastructure and Security Author: edgarus71 Published: 01/21/2026 Summary: The article describes a method for quickly determining the Microsoft Defender for Endpoint onboarding or offboarding state on Linux devices. Since the Defender portal can take up to 7 days to update offboarding status, a provided Bash script checks key indicators such as the onboarding file, Defender package installation, and service status. The script outputs whether the device is "ONBOARDED" or "OFFBOARDED," streamlining endpoint management and troubleshooting. It can be deployed at scale via Linux management tools and also run remotely from the Live Response console for onboarded devices. Conditional Access for Agent Identities in Microsoft Entra Team Blog: Core Infrastructure and Security Author: Farooque Published: 01/27/2026 Summary: Microsoft Entra introduces Agent Identities for AI systems and extends Conditional Access to them, but with limited controls compared to human users. Currently, Conditional Access only allows blocking agent identities and assessing agent risk during token acquisition, without supporting MFA, device compliance, or session controls. This is due to agents’ machine-driven authentication methods. Despite limitations, Conditional Access helps prevent compromised agents, enforce separation of duties, and manage AI sprawl. Agent Blueprints are not governed by Conditional Access. Future enhancements are expected, but for now, CA remains a minimal, identity-focused security layer for AI agents. Announcing Azure CycleCloud Workspace for Slurm: Version 2025.12.01 Release Team Blog: Azure High Performance Computing (HPC) Author: xpillons Published: 01/07/2026 Summary: The 2025.12.01 release of Azure CycleCloud Workspace for Slurm introduces integrated Prometheus monitoring with managed Grafana dashboards, Entra ID Single Sign-On for secure authentication, support for ARM64 compute nodes, and compatibility with Ubuntu 24.04 and AlmaLinux 9. These enhancements streamline HPC cluster management, improve security, and offer real-time performance insights, empowering technical teams to build scalable and efficient environments. The update simplifies monitoring setup and user access, reinforcing Azure’s commitment to flexible, secure, and innovative HPC solutions for scientific and technical communities. Scaling physics-based digital twins: Neural Concept on Azure delivers a New Record in Industrial AI Team Blog: Azure High Performance Computing (HPC) Author: lmiroslaw Published: 01/12/2026 Summary: Neural Concept, leveraging Azure HPC infrastructure, achieved record-breaking accuracy and efficiency in automotive aerodynamic predictions using MIT’s DrivAerNet++ dataset. Their geometry-native Geometric Regressor outperformed all previous methods in predicting surface pressure, wall shear stress, velocity fields, and drag coefficients. The workflow transformed 39TB of CFD data into a production-ready model within a week, enabling real-time predictions and significantly shortening design cycles. Customers have realized up to 30% faster development and $20M savings per 100,000 vehicles. This demonstrates the industrial impact of scalable, AI-driven engineering workflows in automotive design. Intune my Macs: Accelerating macOS proof of concepts with Microsoft Intune Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 01/22/2026 Summary: Intune my Macs is an open-source starter kit from Microsoft that streamlines macOS management proof of concepts using Intune. It deploys over 31 recommended enterprise configurations—including security, compliance, identity, and applications—via a single PowerShell script, operating in dry-run mode by default. The project helps organizations quickly evaluate and implement Intune for macOS, offers practical configuration examples, reduces setup time to minutes, and includes documentation and analysis tools. It’s ideal for learning, testing, and customizing Intune policies for macOS environments, saving significant time and effort. Silicon to Systems: How Microsoft Engineers AI Infrastructure from the Ground Up Team Blog: Azure Infrastructure Author: Alistair_Speirs Published: 01/27/2026 Summary: The article details how Microsoft engineers its AI infrastructure by designing custom silicon, servers, accelerators, and data centers as an integrated system optimized for performance, power efficiency, and cost. Highlighting custom chips like Cobalt 200 and the Maia AI Accelerator platform, Microsoft emphasizes purpose-built hardware, advanced cooling solutions, and end-to-end system integration. This approach ensures reliable, efficient AI workloads at global scale, powering services like Copilot and Teams. The engineering process involves close coordination between hardware and software development, from silicon design to datacenter deployment, prioritizing power and thermal management throughout. Deep dive into the Maia 200 architecture Team Blog: Azure Infrastructure Author: sdighe Published: 01/26/2026 Summary: Maia 200 is Microsoft’s first custom AI inference accelerator, designed for efficiency and scalability in Azure. It features advanced silicon, memory hierarchy, and data movement architecture, delivering 30% better performance per dollar than previous hardware. Optimized for narrow precision arithmetic and large language models, Maia 200 supports high-throughput, low-latency inference, and integrates seamlessly with Azure’s cloud infrastructure and developer tools. Its innovative interconnect and software stack enable reliable, scalable multi-tenant AI deployments, powering workloads like GPT-5.2 in Microsoft Foundry and 365 Copilot. Maia 200 sets a new standard for cloud-native, cost-effective AI inference.Check This Out! (CTO!) Guide (December 2025)
Member: TysonPaul | Microsoft Community Hub System Center 2025 Update Rollup 1 and more Team Blog: System Center Author: AakashMSFT Published: 12/11/2025 Summary: System Center 2025 Update Rollup 1 (UR1) is now available, delivering enhanced security with TLS v1.3, support for SQL Server 2025, and expanded monitoring for new Linux distributions. Key improvements include issue fixes and new features across Operations Manager, Data Protection Manager, Service Manager, and Orchestrator, such as selective Hyper-V disk backup, Exchange Subscription Edition support, and improved stability. Updates also ensure GB18030-2022 compliance for Chinese characters. Ongoing hotfixes for System Center 2022 maintain security and compatibility. An Update Rollup for Virtual Machine Manager 2025 is forthcoming. Automating Windows Server Licensing Benefits with Azure Arc Policy Team Blog: Core Infrastructure and Security Author: jpigott Published: 12/22/2025 Summary: The article explains how automating Windows Server licensing with Azure Arc Policy streamlines compliance and management across hybrid environments. By deploying the policy, organizations can automatically enable licensing benefits—such as Azure Update Manager and Windows Admin Center—for all eligible Arc-enabled Windows Servers. The policy evaluates license status, applies appropriate profiles for Software Assurance or Pay-As-You-Go, and enables remediation for non-compliant machines. This reduces manual effort, minimizes errors, and ensures consistent, scalable licensing compliance for large server estates. Deployment and remediation steps are provided using Azure Policy and PowerShell. Empower Your Cloud Identity: How to Convert User SOA from AD to Entra ID Team Blog: Core Infrastructure and Security Author: Farooque Published: 12/15/2025 Summary: The article explains how shifting the Source of Authority (SOA) for users from on-premises Active Directory (AD) to Microsoft Entra ID enables organizations to fully leverage cloud-based identity management, security, and governance. This change removes AD dependencies, streamlines HR provisioning, and reduces the attack surface. The technical process is simple—a single attribute change via API—but requires careful planning, especially as changes in Entra ID won’t sync back to AD. Organizations must consider scenarios for retaining on-premises access and follow a checklist for a successful migration to a cloud-first identity model. Private Preview: Azure Managed Prometheus on VM / VMSS Team Blog: Azure High Performance Computing (HPC) Author: Daramfon Published: 12/11/2025 Summary: Azure Managed Prometheus now supports monitoring for virtual machines (VMs) and virtual machine scale sets (VMSS), extending beyond container workloads. This private preview enables unified, scalable metric collection—including GPU and InfiniBand—for HPC scenarios. Metrics are stored in Azure Monitor, and users gain a fully managed Prometheus experience with scraping, PromQL, alerting, and dashboards via Azure Managed Grafana. Customers can monitor mixed environments (AKS, VMSS, VMs) without managing backend infrastructure. Access requires subscription allowlisting, with onboarding and feedback managed through a GitHub repository. Automating HPC Workflows with Copilot Agents Team Blog: Azure High Performance Computing (HPC) Author: xpillons Published: 12/03/2025 Summary: Copilot Agents use AI to automate the creation of Slurm job submission scripts for High Performance Computing (HPC) workflows, reducing manual effort, errors, and delays. By interpreting user-provided context and applying best practices, Copilot quickly generates precise scripts, enabling researchers to focus on analysis rather than troubleshooting. The system supports iterative improvement and validation, increasing reliability and scalability. Automation benefits include faster script generation, minimized errors, improved consistency, and greater accessibility for new users, making HPC workloads more efficient and user-friendly. Deploying Windows Servers in an Azure Availability Set Team Blog: ITOps Talk Author: OrinThomas Published: 12/08/2025 Summary: This guide explains how to deploy Windows Server virtual machines in an Azure Availability Set to enhance reliability for IIS workloads. It details creating a resource group, configuring VMs with Premium SSDs for high SLAs, and assigning them to availability sets at creation for fault and update domain protection. Security settings such as disabling inbound ports and boot diagnostics are recommended. The process is repeated for additional VMs within the same set and network. Future guidance will address load balancing with Azure Application Gateway and security against DDoS and OWASP threats. Anatomy of an Outage: How Microsoft focuses on Transparency during and post incident Team Blog: ITOps Talk Author: Rick Claus Published: 12/16/2025 Summary: The article details Microsoft Azure’s approach to outage transparency, emphasizing rapid detection, clear communication, and post-incident learning. It highlights Azure’s five communication pillars—speed, accuracy, discoverability, parity, and transparency—and the importance of Azure Service Health for tailored incident alerts. The process covers pre-incident monitoring, equitable real-time updates, and thorough, blame-free post-incident reviews. Microsoft’s transparency culture and tools like Service Health empower infrastructure teams to respond effectively to outages. The key recommendation: proactively configure Azure Service Health to ensure timely, actionable notifications for your organization’s critical workloads. Protect against React RSC CVE-2025-55182 with Azure Web Application Firewall (WAF) Team Blog: Azure Network Security Author: yuvalpery Published: 12/04/2025 Summary: On December 3, 2025, a critical remote code execution vulnerability (CVE-2025-55182) was disclosed in React Server Components, affecting several React versions. Attackers can exploit unsafe deserialization to execute arbitrary server code. Immediate upgrading to patched React releases is strongly advised. For additional protection, Azure Web Application Firewall (WAF) users should enable the latest Default Rule Set (DRS) 2.1 or implement provided custom WAF rules to block exploit patterns. The article details rule configurations for Azure Application Gateway, Containers, and Front Door, and recommends validating custom rules before production deployment. Application layer DDoS protection using the HTTP DDoS Ruleset in Azure WAF Team Blog: Azure Network Security Author: saikishor Published: 12/18/2025 Summary: The article discusses Azure Application Gateway WAF’s HTTP DDoS Ruleset, which provides adaptive, application-layer protection against sophisticated HTTP-based DDoS attacks, such as floods, API abuse, and slow HTTP attacks. By learning normal traffic baselines, using dynamic detection, and leveraging Microsoft’s global threat intelligence, the ruleset can automatically identify and block abnormal client behavior. Metrics and logs offer visibility into mitigated threats. Sensitivity settings balance detection and false positives. The solution is easy to enable and integrates with existing WAF policies, helping organizations proactively defend against evolving application-layer DDoS threats. Scaling Azure Compute for Performance Team Blog: Azure Compute Author: DanaCozmei Published: 12/02/2025 Summary: The article highlights Azure Compute’s new features unveiled at Ignite 2025, aimed at supporting demanding workloads like AI, analytics, and globally distributed apps. Key advancements include Direct Virtualization for low-latency GPU/NVMe access, large containers for accelerated AI/ML, VM Applications for streamlined global deployments, Scheduled Actions for automation, enhanced resiliency via Azure Compute Gallery, and flexible VMSS Instance Mix for capacity scaling. These innovations enable intelligent, adaptive infrastructure, simplifying operations and boosting performance, cost-efficiency, and reliability for customers driving next-generation cloud solutions. Windows on Arm runs more apps and games with new Prism update Team Blog: Windows OS Platform Author: Marc_Sweetgall Published: 12/05/2025 Summary: The latest Prism update boosts Windows on Arm devices by expanding support for more x86 instruction set extensions, including AVX and AVX2, enabling additional apps and games—especially creative tools—to run under emulation. This update allows previously incompatible software, such as Ableton Live 12, to install and operate smoothly. The improvements are available for all Windows on Arm devices running Windows 11, version 24H2 or later, with enhanced emulation for 64-bit apps by default and optional support for 32-bit apps. Microsoft remains committed to further enhancing Prism emulation capabilities. Announcing Support for S2D and SAN Coexistence Team Blog: Failover Clustering Author: Rob-Hindman Published: 12/04/2025 Summary: Microsoft has announced support for using Storage Spaces Direct (S2D) and SAN storage together in a single Windows Server 2022/2025 failover cluster. This allows customers to combine S2D Cluster Shared Volumes (CSVs) with SAN CSVs, enabling flexible migration, backup, and data management for workloads, including AI and ML. Both storage types can be validated and managed in one cluster, with specific formatting requirements for each. This update responds to customer feedback and enhances options for virtualization and data protection without VM disruption. Announcing Support for S2D Campus Cluster on Windows Server 2025 Team Blog: Failover Clustering Author: Rob-Hindman Published: 12/11/2025 Summary: Microsoft announced support for S2D Campus Cluster in Windows Server 2025, enabling resilient storage solutions across two racks within a campus, such as hospitals or schools. With the 2025-12 Security Update (KB5072033), features like Rack Level Nested Mirror (RLNM) enhance data resiliency, allowing survival of rack and node failures. The configuration offers tradeoffs between cost and performance, requires SSD/NVMe drives, and specific networking setups. Guidance and PowerShell scripts are provided for deployment. The article acknowledges MVP contributions and addresses FAQs about supported cluster sizes, volume limits, and infrastructure recommendations. Key Considerations for Modernizing and Migrating Custom Applications to Azure Team Blog: Azure Migration and Modernization Author: srhulsus Published: 12/12/2025 Summary: The article outlines essential steps for migrating and modernizing custom applications to Azure. Key considerations include assessing current applications, choosing suitable migration strategies, modernizing compute and databases, designing secure architectures, ensuring high availability, adopting DevOps, monitoring operations, managing costs, and conducting thorough testing. Azure’s cloud-native services and AI-driven tools, such as Azure Migrate and GitHub Copilot, streamline migration, optimize performance, enhance security, and accelerate modernization, helping organizations transition smoothly while improving reliability, scalability, and cost efficiency. Migrate from Amazon API Gateway to Azure API Management Team Blog: Azure Migration and Modernization Author: dan_lepow Published: 12/04/2025 Summary: The article provides a comprehensive guide for migrating from Amazon API Gateway to Azure API Management. It includes detailed feature mapping between AWS and Azure, covers infrastructure, API workloads, and configurations, and offers workarounds where direct equivalents are lacking. The guide outlines assessment and preparation steps, a phased migration process to minimize risk, and post-migration optimization. It features an architecture-focused example for healthcare APIs and references additional resources for migrating other AWS workloads to Azure. The guide aims to help teams plan, implement, and validate a seamless API migration. Azure Arc Server Forum: 2026 Updates Team Blog: Azure Arc Author: Aurnov_Chattopadhyay Published: 12/08/2025 Summary: The Azure Arc Server Forum enters its fourth year in 2026, with monthly sessions held every third Thursday (except July and December) featuring live demos, Q&A, and feedback opportunities on Windows, Linux, and SQL Server management across hybrid, multicloud, and edge environments. Participants receive a monthly newsletter with updates on new capabilities, agent improvements, and opportunities to influence the product roadmap. Forum recordings are available on YouTube within 2-3 weeks, and registration is open via the provided link. Azure Arc Monthly Forum Recap – November 2025 Team Blog: Azure Arc Author: yunishussein Published: 12/17/2025 Summary: The November 2025 Azure Arc Monthly Forum recap covers key previews and updates: Auto Agent Upgrade (public preview) enables automatic AZCM agent updates; Essential Machine Management (private preview) offers unified machine management; Machine Configuration – CIS Baseline Compliance (public preview) allows advanced baseline management via Azure Policy. FAQs clarify EMM coverage, Operations Center branding, training resources, and cost details. Security baseline updates and Linux support in guest configuration are planned. Feedback channels and documentation links are provided for each feature. Verified skills, real impact: Microsoft Credentials help you get AI-ready Team Blog: Microsoft Learn Author: ElisaGraceffo Published: 12/12/2025 Summary: AI is transforming business across all roles, making verified skills essential for individuals and organizations. Microsoft Credentials—including Certifications and Applied Skills—help validate and showcase AI expertise, boosting career growth and organizational readiness. Microsoft has expanded its credentials portfolio to include business-focused and technical AI skills, now accessible to a broader audience. EPAM Systems demonstrates how these credentials create competitive advantage. The new AI Skills Navigator streamlines skill development, helping users build personalized learning paths and ensuring teams are AI-ready in today’s rapidly evolving workplace. Secure, Seamless Access using Managed Identities with Azure Files SMB Team Blog: Azure Storage Author: Priyanka-Gangal Published: 12/15/2025 Summary: Azure Files SMB now supports Managed Identities in public preview, enabling secure, credential-free, identity-based access integrated with Microsoft Entra ID. This eliminates the need for storage account keys, aligns with Zero Trust principles, and provides built-in RBAC, compliance with FIPS, and multi-client support across Windows and Linux. Key benefits include enhanced security for CI/CD pipelines and AKS workloads, simplified compliance, and streamlined configuration. The feature is available at no additional cost and aims to help organizations achieve enterprise-grade security and governance for file share access across cloud-native and hybrid environments. Transforming Data migration using Azure Copilot Team Blog: Azure Storage Author: madhurinrao Published: 12/11/2025 Summary: Azure Copilot’s new Storage Migration Solutions Advisor streamlines data migration to Azure by providing conversational, AI-driven guidance. It recommends optimal migration tools—both Microsoft-native and third-party—based on user-specific scenarios, such as data size, protocol, and bandwidth. This reduces complexity, speeds decision-making, and minimizes migration risks across on-premises, cloud-to-cloud, and hybrid environments. Users interact via prompts, receive tailored recommendations, and access relevant documentation, making migrations more efficient and less error-prone. Pro tips include running proof-of-concept migrations and leveraging Azure Storage Discovery for post-migration insights. Azure Policy: Required Actions for Docker Content Trust Deprecation in Azure Container Registry Team Blog: Azure Governance and Management Author: ShannonHicks Published: 12/17/2025 Summary: Azure Container Registry (ACR) is deprecating the Docker Content Trust (DCT) feature over three years, which will remove the trustPolicy property from APIs and affect related Azure Policy aliases. No built-in policies use these aliases, but custom policies referencing them must be updated or removed to avoid compliance issues. Policies using trustPolicy.status will break when the property is deleted. Users should identify affected policies, update or remove them, test changes, and monitor Azure documentation for further updates on transitioning to the Notary Project. Announcing General Availability for Azure Resource Graph (ARG) GET/LIST API Team Blog: Azure Governance and Management Author: JaspreetKaur Published: 12/03/2025 Summary: The Azure Resource Graph (ARG) GET/LIST API is now generally available, offering a 10X increase in throttling quotas for resource lookups compared to standard ARG queries. This API enables scalable, high-performance GET and LIST operations, reducing read throttling and improving reliability for high-volume scenarios. By appending the “useResourceGraph=true” parameter, users can route requests to the optimized ARG backend. It’s ideal for retrieving or listing resources within a single scope and is currently supported for the resources and computeresources tables. The switch to ARG GET/LIST API is fully controlled by the caller. Microsoft Agent Pre-Purchase Plan: One Unified Path to Scale AI Agents Team Blog: FinOps Author: kyleikeda Published: 12/08/2025 Summary: The Microsoft Agent Pre-Purchase Plan (P3) offers organizations a unified, upfront payment model for deploying AI agents across both Microsoft Foundry and Copilot Studio, leveraging Work IQ, Fabric IQ, and Foundry IQ. P3 simplifies procurement, budget management, and access to over 32 agentic services, while delivering predictable savings and flexibility. With a single pool of credits, customers can efficiently scale intelligent, context-driven agents without platform limitations, streamlining AI adoption and governance. The plan is designed to support innovation, cost-effectiveness, and enterprise-wide AI deployment, as announced at Microsoft Ignite 2025. Network Detection and Response (NDR) in Financial Services Team Blog: Azure Networking Author: Marc de Droog Published: 12/18/2025 Summary: Financial Services organizations must comply with PCI DSS v4.0.1, which demands robust network monitoring and intrusion detection. Traditional tools often fall short; Network Detection and Response (NDR) solutions use advanced analytics to monitor, detect, and respond to threats in real-time, supporting key PCI requirements. In Azure, native tools (VTAP, Flow Logs, Traffic Analytics), third-party NDR platforms, Microsoft Sentinel (SIEM), and Defender for Cloud (compliance monitoring) together enable a layered, PCI-compliant defense. NDR provides deep visibility and automated incident response, enhancing both security and compliance for cardholder data environments in the cloud. Azure Networking 2025: Powering cloud innovation and AI at global scale Team Blog: Azure Networking Author: Sudha_Mahajan Published: 12/18/2025 Summary: In 2025, Azure Networking powered major cloud and AI innovations, notably enabling Microsoft’s Fairwater AI datacenter’s ultra-fast GPU interconnects. Key advancements included higher-capacity ExpressRoute and VPN gateways, simplified global connectivity via Virtual WAN, enhanced multicloud integration, and robust resiliency tools. Security was strengthened with DNS Security Policies and threat intelligence. AI-driven management tools like Azure Copilot made network operations more intelligent. These investments ensured Azure could meet unprecedented hybrid and AI workload demands, delivering secure, high-performance connectivity and setting the stage for self-optimizing, AI-powered networks in the future. How to Modernise a Microsoft Access Database (Forms + VBA) to Node.JS, OpenAPI and SQL Server Team Blog: Azure Architecture Author: anthkernan Published: 12/08/2025 Summary: The article details the modernization of Microsoft Access databases—traditionally reliant on forms and VBA—to scalable, standards-based architectures using Node.js, OpenAPI, SQL Server, and optionally MongoDB. Key steps included migrating data to SQL Server (via SSMA and Liquibase), generating RESTful APIs, translating business logic to Node.js, and recreating user interfaces with accessibility in mind. GitHub Copilot dramatically accelerated development, automating code, documentation, and testing. The approach reduced delivery time from months to weeks, preserved business functionality, and offers a blueprint for organizations seeking efficient, AI-powered legacy system upgrades. From Large Semi-Structured Docs to Actionable Data: Reusable Pipelines with ADI, AI Search & OpenAI Team Blog: Azure Architecture Author: anishganguli Published: 12/09/2025 Summary: The article outlines a robust, reusable pipeline for extracting actionable data from large, semi-structured documents—such as contracts, invoices, and compliance records—using Azure Document Intelligence, OpenAI, and AI Search. It details challenges like inconsistent layouts and cross-page dependencies, then presents a chunking, OCR, context-aware analysis, entity grouping, and extraction workflow. The solution emphasizes data stewardship, deterministic outputs, and rigorous evaluation for precision and reliability, supporting scalable downstream integration. Various deployment models and alternative approaches are discussed, making the architecture adaptable for enterprise compliance, analytics, and automation across industries.Check This Out! (CTO!) Guide (November 2025)
Member: TysonPaul | Microsoft Community Hub Getting Started with Windows Admin Center Virtualization Mode Team Blog: ITOps Talk Author: OrinThomas Published: 11/23/2025 Summary: Windows Admin Center Virtualization Mode is a new, preview web-based tool for managing large Hyper-V virtualization environments. It centralizes compute, networking, and storage management for thousands of hosts within the same Active Directory domain. The article outlines installation prerequisites, step-by-step setup, and onboarding of Hyper-V hosts into resource groups. Users configure networking, storage, and compute properties, then manage hosts and virtual machines through a streamlined UI. The guide emphasizes certificate setup, domain requirements, and initial firewall adjustments for onboarding. Links to public preview and documentation are provided for further exploration. Microsoft Entra Domain Services: Deploy, Join a VM, and Use Classic AD Tools Team Blog: ITOps Talk Author: OrinThomas Published: 11/24/2025 Summary: Microsoft Entra Domain Services (Entra DS) enables managed Active Directory domain controller functionality in Azure, allowing you to domain-join Windows Server VMs, use Group Policy, and manage DNS without maintaining your own DC VMs. The article guides you through setting up a virtual network, deploying Entra DS, configuring DNS, joining a VM to the domain, and using classic AD and DNS management tools, streamlining identity and access management for cloud workloads while retaining familiar AD capabilities. Azure Governance @ Ignite 2025 Team Blog: Azure Governance and Management Author: jodiboone Published: 11/22/2025 Summary: Azure Governance at Ignite 2025 introduced significant updates, including the public preview of Service Groups for flexible resource hierarchies and low-privilege management. New integrations with Azure Monitoring and Resiliency were announced. Azure Policy enhancements feature Identity Based Exemptions and a revamped UX for improved compliance and policy lifecycle management. Machine Configuration now offers an extensibility framework for customizable Windows and Linux baselines aligned with CIS standards. These updates aim to simplify governance, boost security, and improve policy management for deploying secure applications in Azure environments. Empower Smarter AI Agent Investments Team Blog: Azure Governance and Management Author: Fernando_Vasconcellos Published: 11/05/2025 Summary: The article presents a series of modules designed to help technical and business leaders make cost-effective decisions throughout the AI agent lifecycle on Azure. Covering topics from use case selection and understanding cost drivers to forecasting ROI, adopting best practices, choosing development approaches, architecting scalable solutions, and ongoing optimization, the learning path offers actionable strategies for building, deploying, and managing AI agents. By aligning innovation with financial discipline, these modules ensure sustainable value, operational excellence, and long-term success for enterprise AI initiatives. Using Packet Capture for troubleshooting Azure Firewall flows Team Blog: Azure Network Security Author: ShabazShaik Published: 11/10/2025 Summary: The article introduces Azure Firewall’s new Packet Capture feature, now generally available, which enables detailed troubleshooting by capturing network packets traversing the firewall. It explains how packet capture aids in diagnosing connectivity issues, outlines setup steps, and demonstrates real-world scenarios including VNET-to-VNET, DNAT, outbound internet access, and application rule traffic. The captured data allows administrators to analyze bidirectional flows, correlate requests and responses, and pinpoint network or application issues. Overall, packet capture significantly enhances network visibility, security, and operational reliability within Azure environments. General Availability of JavaScript Challenge in Azure Front Door WAF Team Blog: Azure Network Security Author: andrewmathu Published: 11/11/2025 Summary: Microsoft has announced the general availability of the JavaScript Challenge feature for Azure Front Door’s Web Application Firewall (WAF). This feature adds an automated, browser-based anti-bot layer to distinguish legitimate users from malicious scripts, enhancing protection against modern bot attacks while maintaining user experience. The challenge is lightweight and invisible to users, can be flexibly applied to specific endpoints, and is easily configured via WAF policies. Existing preview configurations remain supported, and comprehensive documentation is available for setup and best practices. Announcing Public Preview of Window Server 2025 on Azure Kubernetes Service Team Blog: Containers Author: Akarsh Published: 11/18/2025 Summary: Microsoft has announced the public preview of Windows Server 2025 support on Azure Kubernetes Service (AKS), offering enhanced security, performance, and compatibility. Users can deploy Windows Server 2025 node pools alongside other OS options, run Windows Server 2022 containers on 2025 hosts, and benefit from improved portability. Nano Server now supports more applications and Feature on Demand, optimizing resource use. Additionally, Windows Server 2025 enables GPU acceleration for containerized workloads. Customers can test Windows Server 2025 in AKS and provide feedback to help shape future container offerings. AI and human potential: Advancing skills, innovation, and outcomes Team Blog: Microsoft Learn Author: ToddMinor Published: 11/21/2025 Summary: Organizations worldwide are partnering with Microsoft to upskill employees in AI, driving innovation, efficiency, and business growth across sectors. Through initiatives like AI Skills Navigator, companies such as Albertsons, Levi Strauss, Vodafone, and Danone are integrating AI into daily work, fostering resilient, future-ready teams. Real-world examples from banking, retail, energy, and technology highlight that true transformation starts with people, not just technology. Empowered employees use AI to reimagine work, enhance productivity, and deliver meaningful outcomes, proving that continuous learning and AI adoption are key to unlocking human and organizational potential. Powering career and business growth through AI-led, human-enhanced skilling experiences Team Blog: Microsoft Learn Author: jeanaj Published: 11/18/2025 Summary: The article introduces Microsoft’s AI Skills Navigator, a unified, AI-powered learning platform designed to help individuals and organizations rapidly build and validate essential AI and human skills for career and business growth. Integrating content and credentials from Microsoft, LinkedIn, and GitHub, it offers personalized, interactive, and shareable learning experiences. Strategic partnerships with LinkedIn, GitHub, and Pearson further expand access to verified credentials and tailored training. The initiative aims to address the challenge of keeping pace with AI-driven changes, making upskilling accessible, relevant, and collaborative for the global workforce. Azure NCv6 Public Preview: The new Unified Platform for Converged AI and Visual Computing Team Blog: Azure High Performance Computing (HPC) Author: rishabv90 Published: 11/24/2025 Summary: Microsoft has announced the Azure NCv6 series, now in public preview, featuring NVIDIA RTX PRO 6000 Blackwell GPUs and Intel Granite Rapids CPUs. The NCv6 offers a unified platform for converged AI and visual computing, supporting digital twins, LLM inference, agentic workflows, and high-fidelity rendering. With scalable sizing, massive memory, and fractional GPU options, it caters to diverse workloads in AI, simulation, media, and remote desktops. This platform delivers breakthrough performance, cost-effective infrastructure, and seamless upgrades, empowering enterprises to innovate in the era of converged AI and industrial digitalization. Azure ND GB300 v6 now Generally Available - Hyper-optimized for Generative and Agentic AI workloads Team Blog: Azure High Performance Computing (HPC) Author: Nitin_Nagarkatte Published: 11/19/2025 Summary: Microsoft has announced the general availability of Azure ND GB300 v6 virtual machines, featuring thousands of NVIDIA GB300 NVL72 Blackwell Ultra GPUs and next-gen InfiniBand networking. These VMs deliver major performance improvements for generative and agentic AI workloads, including frontier model training and large-scale inference. With record-breaking throughput, scalable architecture, and advanced management tools, ND GB300 v6 enables efficient deployment and scaling of trillion-parameter models, long-context, and multimodal AI tasks, reaffirming Microsoft’s leadership in AI infrastructure and partnership with NVIDIA. Deriving expiry days and remaining retention days for blobs through blob inventory Team Blog: Azure PaaS Author: Harshi_mrinal Published: 11/11/2025 Summary: The article explains how to derive expiry days and remaining retention days for blobs in Azure Blob Storage and Data Lake Gen2 accounts using Blob Inventory reports. It outlines steps to set blob expiry, generate inventory CSV files, and use Azure Synapse SQL queries to list expiry times and retention days for soft-deleted blobs. The process helps organizations manage data lifecycle, optimize storage, and ensure compliance. Alternative methods such as PowerShell and Azure CLI are also suggested for similar tasks. Reference links for further learning are provided. Update Coverage Workbook in Microsoft Defender for Cloud to Include Defender for AI Plan status Team Blog: Core Infrastructure and Security Author: SantoshPargi Published: 11/03/2025 Summary: The article outlines two methods to track Defender for AI plan status in Microsoft Defender for Cloud. Option 1 involves updating the existing Coverage Workbook to display Defender for AI data, offering centralized visibility but needing manual maintenance. Option 2 uses Azure Resource Graph Explorer to run queries for AI plan status across subscriptions, providing flexibility and easier automation but separate from the workbook interface. The recommendation: update the Coverage Workbook for unified dashboards, or use Resource Graph Explorer for quick or automated checks. Platform SSO for macOS Team Blog: Core Infrastructure and Security Author: Farooque Published: 11/10/2025 Summary: Microsoft’s Platform SSO for macOS enables secure, passwordless authentication using Touch ID, smart cards, and passkeys, leveraging Apple’s SSO framework and integrating with Entra ID. Supporting macOS 13+, it streamlines device and app sign-in, offers centralized identity management, and requires no additional agent. Deployment involves Intune policies, device enrollment, and configuration of authentication methods. Administrators can customize login experiences and should align password policies and group assignments for compliance. Platform SSO improves security, user experience, and operational efficiency for organizations transitioning to modern authentication solutions. Announcing Network HUD: Operational Network Monitoring for Windows Server 2025 Team Blog: Networking Author: Basel_Kablawi Published: 11/18/2025 Summary: Network HUD is a new operational network monitoring tool for Windows Server 2025 clusters, offering real-time health checks and actionable insights to prevent networking issues. It detects adapter instability, driver incompatibility, storage inconsistencies, and misconfigured VLANs, reducing troubleshooting time. Integrating with physical switches via LLDP, Network HUD ensures host and network fabric alignment. Delivered as an Arc extension, it enables easy deployment and alerting through Windows Admin Center and PowerShell, helping administrators proactively maintain stable, high-performing server environments and avoid costly downtime. Announcing General Availability for AccelNet on Windows Server 2025 Team Blog: Networking Author: Basel_Kablawi Published: 11/18/2025 Summary: Microsoft has announced the general availability of Accelerated Networking (AccelNet) for Windows Server 2025 Datacenter. AccelNet uses SR-IOV technology to bypass the virtual switch, reducing CPU overhead and delivering predictable, low-latency performance for demanding workloads. It enables higher VM density per host and integrates seamlessly with Hyper-V and Failover Clustering. Deployment is simplified via Windows Admin Center and PowerShell, ensuring easy, scalable, and consistent configuration. AccelNet provides a consistent operational model across hybrid environments, benefiting scenarios like OLTP, in-memory caching, and dense virtualization. Azure Local 22H2 Clusters: End of Service and Feature Degradation Team Blog: Azure Arc Author: Arpita Duppala Published: 11/25/2025 Summary: Azure Local version 22H2 reached End of Service on May 31, 2025. Starting February 23, 2026, Microsoft will begin degrading features, including disabling Extended Security Updates (ESU) and Windows Server Subscription (WSS) benefits. Customers cannot renew or purchase ESU/WSS, risking security vulnerabilities and compliance issues. Microsoft will not restore degraded features or provide remediation for risks. To maintain support and security, customers are urged to upgrade to version 24H2 promptly to avoid service disruptions and compliance violations. Transforming City Operations: How Villa Park and DataON Deliver Real-Time Decisions with Edge RAG Team Blog: Azure Arc Author: moran_assaf Published: 11/18/2025 Summary: The article details how Villa Park, California, in partnership with DataON and Microsoft, leverages Edge Retrieval-Augmented Generation (Edge RAG) to modernize city operations. Using Azure Local infrastructure, Edge RAG enables fast, secure, and offline AI-powered workflows for zoning, compliance, and permitting, drastically reducing processing times. New features include advanced document parsing, multimodal search, SharePoint integration, and autonomous workflows. Villa Park serves as a model for smart city transformation, demonstrating how edge AI enhances operational resilience, data security, and efficiency, while allowing municipalities to maintain data sovereignty and tailor AI solutions to their needs. Announcing Cobalt 200: Azure’s next cloud-native CPU Team Blog: Azure Infrastructure Author: sebilgin Published: 11/18/2025 Summary: Microsoft has announced Azure Cobalt 200, its next-generation Arm-based CPU for cloud-native workloads, offering up to 50% better performance than Cobalt 100. Featuring 132 cores, advanced memory encryption, custom compression and cryptography accelerators, and built-in Azure Boost networking and storage capabilities, Cobalt 200 is designed for optimized efficiency, security, and workload compatibility. The CPU leverages extensive real-world benchmarking and AI-powered simulations to achieve optimal performance and energy savings. Cobalt 200 servers are now live in datacenters, with broader customer availability expected in 2026. Enabling Private Connectivity for Microsoft Fabric: A Practical Guide Team Blog: Azure Infrastructure Author: mohit-kanojia Published: 11/19/2025 Summary: The article outlines strategies for securely integrating Microsoft Fabric—a unified analytics SaaS platform—into large, security-sensitive enterprise environments with private-only, Zero-Trust architectures. It details how Fabric’s components (Lakehouse, Warehouse, Spark, Workspaces) can be accessed via private endpoints, managed private endpoints, VNet data gateways, and private DNS, ensuring no public exposure. The author shares a practical architecture using Azure’s hub-spoke model and highlights governance, automation with Terraform, and robust network controls, demonstrating that with careful planning, Fabric can operate securely within strict enterprise boundaries. Pure Storage Cloud, Azure Native evolves at Microsoft Ignite! Team Blog: Azure Storage Author: Aung_Oo Published: 11/19/2025 Summary: Microsoft has expanded its Azure Native Pure Storage Cloud integration, enabling customers to provision Pure Storage volumes to Azure Virtual Machines for both Linux and Windows applications. This partnership leverages Pure Storage’s enterprise-grade features, cost efficiency, and resilience, simplifying deployment and management via Azure Portal tools. Organizations have reported significant cost savings and improved performance, with benefits like advanced data management, rapid restores, and enhanced security. The service is available as a fully managed, Azure-native solution, now supporting both Azure VMware Solution and Azure VMs, with a 30-day free trial offered for new users. Reduce latency and enhance resilience with Azure Files zonal placement Team Blog: Azure Storage Author: hanagpal Published: 11/18/2025 Summary: Azure Files Premium LRS now supports zonal placement, allowing users to pin storage accounts to a specific Azure Availability Zone. This feature reduces latency by co-locating storage and compute resources, optimizes performance for latency-sensitive workloads, and enhances resilience by isolating failure domains. Zonal placement is available for both SMB and NFS shares and can be configured during storage account creation or update. It is ideal for databases, enterprise platforms, and business applications, and is currently available in select regions supporting Premium LRS and Availability Zones. Streamline Analytics Spend on Microsoft Fabric with Azure Reservations Team Blog: FinOps Author: kyleikeda Published: 11/24/2025 Summary: Microsoft Fabric is an integrated SaaS data platform offering unified analytics and AI, powered by OneLake. Organizations can optimize their analytics spend by purchasing Azure reservations for Fabric Capacity Units, which provide significant discounts for predictable workloads. Reservations simplify purchasing, offer flexible payment options, and can be managed via the Azure Portal. Best practices include careful usage estimation, enabling auto-renewal, monitoring with Azure Cost Management, and choosing appropriate scopes. By leveraging reservations, businesses can maximize savings while maintaining performance and scalability. For more details, visit the Microsoft Marketplace or Azure Portal. Accelerating HPC and EDA with Powerful Azure NetApp Files Enhancements Team Blog: Azure Architecture Author: GeertVanTeylingen Published: 11/14/2025 Summary: Azure NetApp Files introduces major enhancements for High-Performance Computing (HPC) and Electronic Design Automation (EDA) workloads, offering breakthrough petabyte-scale storage, high throughput, and advanced data management. New features include large volume support (up to 7.2 PiB), cool access for cost savings, user/group quota reporting, robust backup and single-file restore, hybrid cloud data mobility, cache volumes for burst-to-cloud, and AI-ready object REST API integration. These innovations boost scalability, reliability, operational efficiency, and security, enabling teams to accelerate time-to-market, optimize costs, and confidently manage complex, data-intensive workloads in the cloud. Introducing Local Identity with Azure Key Vault in Build 2510 Team Blog: Azure Architecture Author: ShireenIsab Published: 11/07/2025 Summary: Microsoft has announced a public preview of local identity integration with Azure Key Vault in Build 2510, enabling Azure local clusters to operate without Active Directory, simplifying deployments and backup processes. Key Vault integration allows seamless backup of keys, with compatibility efforts underway with partners like Veeam, Commvault, Dell, and Lenovo. Additionally, private previews introduce a Management Toolkit for secure cluster administration and Internal DNS for simplified name resolution, both designed to work without Active Directory. Users are encouraged to upgrade, test features, and provide feedback via email. Migrate or modernize your applications using Azure Migrate Team Blog: Azure Migration and Modernization Author: Shikher Published: 11/10/2025 Summary: Azure Migrate is Microsoft’s free platform for migrating and modernizing applications to Azure, offering features like application-aware migration, multi-server dependency mapping, software and security insights, and code-level analysis integration. It enables holistic migration planning by grouping workloads into applications, providing ROI analysis, and supporting phased wave planning for execution. The platform integrates with tools like GitHub Copilot and CAST for code assessment, facilitating collaboration among IT, security, and development teams, and supports a wide range of workloads and migration strategies for a seamless cloud transition. Migration Agent - Unlocking transformation Team Blog: Azure Migration and Modernization Author: SShastri Published: 11/18/2025 Summary: The article highlights how IT modernization is an ongoing transformation, driven by cloud-native architectures and innovations like AI. Central to this journey is the new Migration Agent powered by Azure Migrate, which provides actionable insights, security assessments, and evidence-backed recommendations for migration. It automates infrastructure deployment, ensures governance, and supports wave-based migration planning. Integration with tools like GitHub Copilot and CAST Highlight accelerates modernization, making cloud migration a continuous, developer-driven process that enhances agility, security, and business alignment, positioning Azure as a strategic launchpad for digital transformation. Azure CLI and Azure PowerShell Ignite 2025 Announcement Team Blog: Azure Tools Author: Alex-wdy Published: 11/19/2025 Summary: At Microsoft Ignite 2025, Azure CLI and Azure PowerShell announced major updates focused on quality, security, and AI integration. Key enhancements include MFA enforcement, Python 3.13 compatibility, new "What-If" and "Export Bicep" features, expanded service and extension support, and improved endpoint discovery. MFA claims challenges and optional pagination for large datasets were also addressed. These updates aim to streamline user workflows, bolster security, and leverage AI for smarter cloud management. Full release notes and migration guides are available for users to ensure smooth upgrades. Gaining Confidence with Az CLI and Az PowerShell: Introducing What if & Export Bicep Team Blog: Azure Tools Author: stevenbucher Published: 11/21/2025 Summary: Azure CLI and Azure PowerShell now offer “What if” and “Export Bicep” features in private preview, letting users safely preview command impacts and export actions as Bicep templates before making changes. These tools reduce risk, boost confidence, and accelerate infrastructure-as-code adoption by validating scripts and converting commands into reusable templates. Supported for select commands, users can sign up for early access and provide feedback, improving productivity and minimizing deployment errors in Azure environments. Support tip: Aligning network policy with Microsoft Intune and Zero Trust Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 11/03/2025 Summary: The article discusses aligning network policies with Microsoft Intune and Zero Trust principles, emphasizing the limitations of traditional perimeter-based architectures in supporting cloud services and hybrid work. It outlines three models—endpoint, domain, and domain/IP enforced access—for managing outbound traffic, recommending automation and bypassing inspection for Microsoft traffic. Adopting cloud-native tools and Zero Trust controls improves security, reliability, and user experience. The article encourages modernizing network architecture to support cloud services and details Microsoft’s ongoing enhancements, such as moving Intune endpoints to Azure Front Door for better performance and security. Debunking the myth: Cloud-native Windows devices and access to on-premises resources Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 11/14/2025 Summary: The article debunks the myth that cloud-native Windows devices can’t access on-premises resources. It explains that, with minimal configuration, these devices can connect to file shares and legacy apps using NTLM or Kerberos authentication. By leveraging Microsoft Entra ID, Intune, and solutions like Windows Hello for Business and Zero Trust Network Access, organizations can maintain security and user experience while accessing on-premises resources. The article also recommends adopting modern identity and security frameworks and offers resources such as Microsoft’s Zero Trust Workshop for effective implementation. Reimagining VM Application Management for an AI-Powered, Secure Future Team Blog: Azure Compute Author: tanmay-gore Published: 11/18/2025 Summary: The article discusses the transformation of virtual machine (VM) application management amid increasing AI-driven automation and security demands. Traditional deployment methods are inadequate for modern needs. Azure VM Applications offers a managed, end-to-end solution, enabling rapid, secure, and version-controlled deployment of diverse workloads. Key features include modular packaging, fast publishing, seamless CI/CD integration, regional replication, granular security controls, and unified monitoring. These capabilities improve resilience, compliance, and operational efficiency, allowing organizations to safely manage and scale VM applications for AI-powered workloads while streamlining software lifecycle management. Introducing Metadata Security Protocol (MSP): Elevating Platform Security for Azure VMs Team Blog: Azure Compute Author: Amjad_Shaik Published: 11/19/2025 Summary: Microsoft has announced the General Availability of Metadata Security Protocol (MSP) for Azure VMs, providing industry-first authentication and authorization for metadata service endpoints. MSP introduces a default-closed security model, enforcing access controls and zero-trust principles for Instance Metadata Service (IMDS) and WireServer. Key features include HMAC-based authentication, process-level RBAC, eBPF-powered request verification, and granular allowlisting. MSP significantly reduces attack surfaces such as SSRF and nested tenancy bypasses. Adoption involves auditing current access, creating an allowlist, and enforcing restrictions, enhancing defense-in-depth for sensitive VM metadata. Simplify container network metrics filtering in Azure Container Networking Services for AKS Team Blog: Azure Networking Author: KhushbuP Published: 11/08/2025 Summary: Azure Container Networking Services for AKS now offers container network metrics filtering in public preview, allowing users to control which metrics are collected at the pod level using Kubernetes custom resources. This feature reduces metrics bloat, lowers storage and ingestion costs, and improves dashboard clarity by filtering data before it reaches observability tools. Filters can be dynamically updated without downtime and target specific namespaces or pod labels, ensuring only relevant metrics are captured. Users can enable this by defining filters with the ContainerNetworkMetric CRD and validating settings, streamlining network observability and cost management. Integrating Azure Application Gateway v2 with Azure API Management for secure and scalable API Team Blog: Azure Networking Author: ranjsharma Published: 11/18/2025 Summary: Integrating Azure Application Gateway v2 with Azure API Management secures and scales API access, combining WAF protection, advanced routing, and API governance features. The article details various deployment scenarios (public, private, hybrid), network/DNS requirements, security hardening (TLS, WAF, mTLS, private endpoints), and observability best practices. It covers Terraform deployment, CI/CD automation, diagnostics, cost optimization, troubleshooting, and a production readiness checklist. This integration enables robust security, scalability, and centralized API management for cloud, hybrid, and on-premises backends. Announcing new hybrid deployment options for Azure Virtual Desktop Team Blog: Azure Virtual Desktop Author: SteveDMSFT Published: 11/18/2025 Summary: Microsoft has announced a limited preview of Azure Virtual Desktop for hybrid environments, enabling organizations to run cloud-native virtual desktops and applications on existing on-premises infrastructure via Azure Arc. This expands support to various hypervisors and hardware, allowing businesses to leverage current investments while maintaining unified management. Key partners—ControlUp, LoginVSI, Nerdio, and Nutanix—are providing integration and support. The solution offers flexibility, optimized management, and a clear path to cloud migration, addressing performance, compliance, and data residency needs for hybrid IT environments. Interested organizations can enroll via Microsoft’s preview interest form.Check This Out! (CTO!) Guide (October 2025)
Member: TysonPaul | Microsoft Community Hub Reimagining AI at scale: NVIDIA GB300 NVL72 on Azure Team Blog: Azure Infrastructure Author: gwaqar Published: 10/28/2025 Summary: Microsoft has deployed the NVIDIA GB300 NVL72 infrastructure on Azure, offering unprecedented AI compute density in a single rack with 72 Blackwell Ultra GPUs and 36 Grace CPUs. The system features advanced liquid cooling, smart rack management, robust security, and streamlined deployment for rapid scaling. Innovations include improved power and thermal management, integrated diagnostics, and flexible cooling for global data centers. The GB300 platform enables efficient, reliable scaling of high-density AI clusters, supporting demanding workloads like multitrillion-parameter model training and inference, and exemplifies Microsoft’s commitment to cutting-edge, resilient AI infrastructure. Managing Context Retention in Agentic AI Team Blog: Azure Infrastructure Author: RavinderGupta Published: 10/03/2025 Summary: **Summary:** The article discusses the challenge of context retention in agentic AI systems, which can lead to loss of history, inconsistent outputs, and poor scalability. Python, with libraries like LangChain and CrewAI, offers effective tools for managing context, memory, and state persistence. It provides step-by-step guidance and sample code for building context-aware agents, including multi-agent systems using SQLite for shared context. Best practices include using structured memory, optimizing storage, and monitoring performance. Mastering these techniques ensures robust, coherent, and scalable agentic AI solutions. Unlock cost savings with utilization-based storage recommendations in Azure Migrate Team Blog: Azure Migration and Modernization Author: ankitsurkar Published: 10/15/2025 Summary: Azure Migrate now offers storage utilization-based recommendations, enabling organizations to right-size storage workloads and reduce costs by focusing on actual usage rather than allocated capacity. This new feature addresses the common issue of overprovisioned storage—nearly 40% on average—leading to more accurate migration assessments, optimized resource planning, and faster ROI. Customers can deploy an on-premises appliance and review tailored recommendations to unlock significant savings and efficiency. For further guidance, users are encouraged to consult Azure Migrate documentation. Cut migration costs with B-Series and Cobalt 100 VM support in Azure Migrate Team Blog: Azure Migration and Modernization Author: ankitsurkar Published: 10/09/2025 Summary: Azure Migrate now supports B-Series and Cobalt 100 VMs, enabling cost-effective cloud migration for workloads with variable or ARM64-specific requirements. B-Series VMs offer burstable CPU power and lower costs, ideal for dev/test and low-traffic applications, while Cobalt 100 VMs provide optimized performance for ARM64 workloads without re-architecting. These options help organizations plan migrations more accurately, optimize resource use, and save significantly by selecting the right VM type for each workload’s needs. General Availability of CAPTCHA in Azure Front Door WAF Team Blog: Azure Network Security Author: andrewmathu Published: 10/28/2025 Summary: Microsoft has announced the general availability of CAPTCHA in Azure Front Door Web Application Firewall (WAF), enhancing protection against automated bot attacks. The feature introduces human verification challenges for suspicious traffic, ensuring only legitimate users can access applications. The GA release offers improved branding, stability, performance, and full production support under Microsoft’s SLA. Existing preview users need no changes, while new users can enable CAPTCHA in custom or managed rules. This update strengthens security for web applications facing threats like bots and credential stuffing, making CAPTCHA a recommended defense mechanism for all production workloads. Prescaling in Azure Firewall is now generally available Team Blog: Azure Network Security Author: surenjamiyanaa Published: 10/16/2025 Summary: Azure Firewall’s new prescaling feature is now generally available, allowing users to set minimum and maximum capacity units for their firewalls. This ensures predictable performance and proactive scaling ahead of anticipated traffic spikes, such as during sales events, migrations, or seasonal peaks. Users can monitor capacity trends and receive alerts for scaling events. Prescaling is enabled via the Azure Portal and is billed per capacity unit hour, with rates for standard and premium options. This feature provides greater control and confidence in managing firewall resources for business-critical scenarios. Beyond Basics: Practical scenarios with Azure Storage Actions Team Blog: Azure Storage Author: ShashankKumarShankar Published: 10/17/2025 Summary: Azure Storage Actions enables policy-driven automation for cloud data management, addressing challenges in scale, compliance, and cost. The article explores three practical scenarios: automating creative asset lifecycles, preserving machine learning training datasets for audits, and cleaning up obsolete AI embeddings. By leveraging blob metadata and tags, organizations can automate legal holds, archiving, immutability, and deletions—eliminating manual scripts and reducing operational overhead while improving compliance, data discoverability, and cost efficiency. Resources for getting started are provided. Introducing Cross Resource Metrics and Alerts Support for Azure Storage Team Blog: Azure Storage Author: dafalkne Published: 10/06/2025 Summary: Microsoft has introduced Cross Resource Metrics and Alerts for Azure Storage, enabling users to aggregate, visualize, and monitor metrics across multiple storage accounts within the same subscription and region. This feature supports blob, file, table, and queue metrics, allowing centralized monitoring and fleet-wide alerting from a single dashboard. Users can create unified charts and alerts for various accounts, improving operational efficiency and scalability for large environments. Setting up involves selecting multiple accounts in Azure Monitor, configuring metrics and filters, and establishing cross-resource alert rules to promptly address performance issues across the storage fleet. Windows 10 Extended Security Updates for Azure Virtual Desktop Team Blog: Azure Virtual Desktop Author: ivaylo_ivanov Published: 10/14/2025 Summary: Windows 10 will reach end of support on October 14, 2025. For Azure Virtual Desktop, existing session hosts running Windows 10 version 22H2 will receive Extended Security Updates (ESU) at no extra cost and automatically via Windows Update. New session hosts with Windows 10 can use marketplace images until 2026 (with Microsoft 365 Apps) or 2028 (without). Microsoft recommends upgrading to Windows 11 for continued support and security. Issues with Azure Virtual Desktop will be supported, but OS-related issues may require reproduction on Windows 11 before support is provided. Now in public preview: Ephemeral OS disk support on Azure Virtual Desktop Team Blog: Azure Virtual Desktop Author: Ron_Coleman Published: 10/15/2025 Summary: Azure Virtual Desktop has launched a public preview of Ephemeral OS disk support, enabling the operating system to be stored on a VM’s local storage for stateless workloads. This feature delivers faster provisioning, improved performance, and simplified management by eliminating reliance on remote storage and reducing latency. Ephemeral OS disks are ideal for environments needing rapid reimaging and scalability, as changes are not retained after sessions end. Available for pooled host pools with session host configuration, it integrates with Dynamic Autoscaling for efficient resource management. Documentation and setup guidance are provided for interested users. Identify Device state in EntraID/Defender with PowerShell Team Blog: Core Infrastructure and Security Author: edgarus71 Published: 10/22/2025 Summary: The article outlines a method to identify device states (enabled/disabled) in EntraID/Defender using PowerShell. It involves registering an app in EntraID to obtain credentials, encrypting the client secret with Windows DPAPI, and creating a device list text file. The provided PowerShell script authenticates via MS Graph API, checks each device’s status, and exports results to a CSV file. The solution emphasizes security by encrypting secrets and does not require complex configurations, making it suitable for bulk device status checks in EntraID environments. Solving Network Connectivity for MDE and MDI Team Blog: Core Infrastructure and Security Author: WillS1485 Published: 10/10/2025 Summary: The article discusses deploying a preconfigured Squid proxy solution to securely enable Microsoft Defender for Endpoint (MDE) and Microsoft Defender for Identity (MDI) connectivity in hybrid cloud environments. By configuring proxies at the application level, organizations can allow necessary communication to Azure endpoints while restricting broader internet access. The solution uses an automated script for setup on Ubuntu, ensuring only required traffic is permitted, simplifying incident response and deployment without extensive firewall changes. Configuration details for both MDE and MDI are provided, and the script is available on GitHub with a disclaimer about support. Cross Forest - Certificate Enrollment Team Blog: Ask the Directory Services Team Author: Manuel_Alvarez_V Published: 10/22/2025 Summary: The article explores Cross Forest Certificate Enrollment, crucial for secure authentication across multiple Active Directory forests. It outlines two main methods: the preferred Certificate Enrollment Policy (CEP) and Certificate Enrollment Service (CES) roles, which offer secure, scalable, and centralized management via HTTPS, and the legacy PKISync.ps1 PowerShell script, which is simpler but less secure and harder to manage. The blog details configurations, requirements, pros, cons, and best practices, concluding that CEP/CES is recommended for organizations of all sizes due to its superior efficiency and security over PKISync. Ready to accelerate your Zero Trust journey? Discover what’s next Team Blog: FastTrack Author: JulieHersum Published: 10/03/2025 Summary: The article emphasizes the importance of Zero Trust as a modern security standard and introduces Microsoft’s Zero Trust workshop as a practical tool for IT admins. It helps organizations assess security maturity across six pillars, identify and address gaps, and align teams for executive buy-in. The workshop provides actionable steps to turn strategy into results, making security a proactive advantage. Readers are encouraged to explore the workshop to accelerate their Zero Trust implementation and improve protection of identities, apps, and data. Public Preview: Audit and Enable Windows Recovery Environment (WinRE) for Azure Arc-enabled Servers Team Blog: Azure Arc Author: Aurnov_Chattopadhyay Published: 10/21/2025 Summary: Microsoft has announced a Public Preview of Azure Policies to audit and enable Windows Recovery Environment (WinRE) on Azure Arc-enabled Windows Servers. WinRE allows secure system recovery after critical failures. The Machine Configuration component in Azure Connected Machine agent checks WinRE status and enforces compliance. These policies are free for certain licensing plans and enable organizations to centrally manage and ensure recovery readiness across hybrid and multicloud environments, improving resilience for mission-critical workloads. Charges apply for other servers. Deployment is managed via Azure Policy assignments. Addressing Air Gap Requirements through Secure Azure Arc Onboarding Team Blog: Azure Arc Author: AkashKumarSingh Published: 10/06/2025 Summary: The article discusses how regulated industries can securely onboard Azure Arc in air-gapped environments, which are isolated from external networks for compliance and security. It outlines the challenges of maintaining isolation while enabling cloud management, and details architectural patterns—using combinations of firewalls, proxies, Private Link, and Arc Gateway—to achieve secure connectivity. Emphasizing zero trust principles, the article recommends rigorous monitoring, governance, and automation to balance operational agility with uncompromised security and regulatory compliance in hybrid and multi-cloud setups. Smarter Cloud, Smarter Spend: How Azure Powers Cost-Efficient Innovation Team Blog: FinOps Author: kyleikeda Published: 10/30/2025 Summary: The Forrester Total Economic Impact™ study, commissioned by Microsoft, highlights how organizations can achieve significant cost savings and operational benefits by migrating to Microsoft Azure and adopting AI. Key tools like Azure Hybrid Benefit, reservations, and cost management solutions drive 25–35% reductions in cloud spending, $8.7 million NPV over three years, and improved productivity. Strategic pricing and optimization enable predictable budgeting, reinvestment in innovation, and enhanced governance. Azure’s unified approach empowers businesses to modernize efficiently and accelerate AI adoption while controlling costs. Unlock Savings with Copilot Credit Pre-Purchase Plan Team Blog: FinOps Author: kyleikeda Published: 10/27/2025 Summary: The Copilot Credit Pre-Purchase Plan (P3) offers organizations a one-year, upfront payment option for Microsoft Copilot Credits, enabling predictable costs and up to 20% savings through volume discounts. Credits are automatically deducted as used across Copilot Studio, Dynamics 365 agents, and Copilot Chat. The plan provides flexibility to add more credits or switch to pay-as-you-go, and unused credits expire after a year. P3 is ideal for businesses with variable or growing usage, simplifying billing and budgeting while supporting scalable AI deployment. Purchase and management are handled via the Azure portal. How Azure NetApp Files Object REST API powers Azure and ISV Data and AI services – on YOUR data Team Blog: Azure Architecture Author: GeertVanTeylingen Published: 10/14/2025 Summary: The article introduces the Azure NetApp Files Object REST API, a new solution enabling direct, secure, S3-compatible access to enterprise data for Azure analytics and AI services. This eliminates costly data transfers and duplication, streamlines workflows, and enhances productivity while maintaining compliance and data security. Supporting multiple protocols, it empowers diverse use cases across industries—from real-time analytics to AI-powered insights—by integrating seamlessly with Microsoft Fabric, OneLake, Databricks, Power BI, and more, revolutionizing cloud operations and data management. Validating Scalable EDA Storage Performance: Azure NetApp Files and SPECstorage Solution 2020 Team Blog: Azure Architecture Author: GeertVanTeylingen Published: 10/10/2025 Summary: Azure NetApp Files is a cloud-native, enterprise-grade storage solution validated for Electronic Design Automation (EDA) workloads via the SPECstorage® Solution 2020 benchmark. It delivers unmatched performance, scalability, and low-latency access, supporting massive datasets and global collaboration. Benchmark results confirm linear scalability and sub-millisecond response times, enabling engineering teams to accelerate simulations, optimize costs, and streamline workflows without infrastructure bottlenecks. Trusted by leading semiconductor firms, Azure NetApp Files empowers rapid chip design, 24/7 productivity, and flexible resource management, positioning it as a reliable, future-ready platform for the evolving semiconductor industry. From the frontlines: Empowering call center agents with Windows 365 Frontline Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 10/31/2025 Summary: **Summary:** The article discusses how Windows 365 Frontline optimizes Cloud PC deployments for call center agents, enabling secure, flexible, and cost-effective computing for shift-based and part-time workers. It compares dedicated mode (personal, persistent desktops) and shared mode (ephemeral, pooled desktops), detailing use cases and best practices for Microsoft Intune configuration, security, and scaling. Windows 365 Frontline streamlines management, supports BYOD and remote scenarios, and improves operational efficiency while safeguarding data, making it ideal for dynamic call center environments. Microsoft Intune Advanced Analytics in action: Real-world scenarios for IT teams Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 10/08/2025 Summary: Microsoft Intune Advanced Analytics enhances device management for IT teams by providing deep insights into device health, user experience, and organizational trends. Building on Endpoint analytics, it offers advanced features like custom device scopes, resource performance and battery health monitoring, anomaly detection, and detailed device queries using KQL. These tools help IT admins proactively optimize device performance, support decisions on hardware refreshes or lifespan extensions, and troubleshoot issues in near real time. The article demonstrates practical scenarios for using Advanced Analytics to streamline IT operations and improve end-user satisfaction. Revolutionizing Reliability: Introducing the Azure Failure Prediction and Detection (AFPD) system Team Blog: Azure Compute Author: andrewb710 Published: 10/31/2025 Summary: The Azure Failure Prediction and Detection (AFPD) system, launched in 2024, unifies and enhances Azure’s reliability tools by integrating prediction, detection, mitigation, notification, and remediation for hardware and software failures. AFPD reduces reboots by over 36%, proactively maintains cloud health, and minimizes customer downtime across various workloads. It leverages advanced models and real-time telemetry, provides actionable notifications, and enables automated recovery through integrations like VM Watch and Project Flash endpoints, streamlining incident response and improving overall platform stability for Azure Compute and Storage customers. Streamline Cloud Spend with Azure Reserved VM Instances Team Blog: Azure Compute Author: kyleikeda Published: 10/29/2025 Summary: Azure Reserved Virtual Machine Instances (RIs) help organizations like Contoso reduce and predict cloud costs for GPU-heavy AI workloads. By committing to specific VM types and regions for 1 or 3 years, customers can save up to 72% compared to pay-as-you-go pricing. Contoso used Azure Advisor for recommendations, chose a Shared scope for broad coverage, enabled instance size flexibility, and set up monitoring with Cost Management. These strategies led to significant savings, performance stability, and budget predictability, making RIs a smart choice for predictable compute needs. Requesting and Installing an SSL Certificate for Internet Information Server (IIS) Team Blog: ITOps Talk Author: OrinThomas Published: 10/09/2025 Summary: The article outlines the process for requesting and installing an SSL certificate in Internet Information Server (IIS). Steps include generating a Certificate Signing Request (CSR) using the MMC Certificates snap-in, submitting the CSR to a Certification Authority, downloading the issued certificate, and installing it on the server. After installation, the SSL certificate is bound to the IIS website via HTTPS bindings. Finally, the setup is verified by browsing to the site and ensuring a secure connection without browser warnings, confirming successful SSL deployment. Strengthening Azure File Sync security with Managed Identities Team Blog: ITOps Talk Author: Pierre_Roman Published: 10/08/2025 Summary: The article explains how using Managed Identities with Azure File Sync enhances security and simplifies credential management. Traditionally, authentication relied on certificates or keys, which pose security and operational risks. Managed Identities eliminate the need for credentials, leveraging Azure Role-Based Access Control (RBAC) for fine-grained access. This approach supports both Azure and hybrid environments, streamlines onboarding, improves integration, and enables transparent auditing. New deployments now default to Managed Identity, promoting secure, manageable, and scalable enterprise file sync solutions within the Azure ecosystem. The article also provides steps for enabling Managed Identity on both Azure and non-Azure servers. AMBA-ALZ pattern: Learn about the latest and greatest enhancements! Team Blog: Azure Governance and Management Author: BrunoGabrielli Published: 10/08/2025 Summary: The article announces major enhancements to the AMBA-ALZ pattern on Azure, effective from October 2025. Key updates include the adoption of the Azure Service Health built-in policy for improved trust and feature parity, and the introduction of a new least privileged "Monitoring Policy Contributor" role for managed identities, reducing security risks by limiting permissions. Both changes streamline deployments and strengthen security. Guidance is provided for updating existing deployments, and users are encouraged to explore the improved features using various Azure deployment methods. The Complete Guide to Renewing an Expired Certificate in Microsoft HPC Pack 2019 (Single Head Node) Team Blog: Azure High Performance Computing (HPC) Author: vinilv Published: 10/30/2025 Summary: This article provides a step-by-step guide for renewing an expired certificate in a Microsoft HPC Pack 2019 single-head-node cluster. It covers checking the certificate status, creating a new self-signed certificate, distributing it to compute nodes, updating the head node, and modifying the SQL database thumbprint. Finally, administrators reboot the head node to restore secure cluster operations, ensuring continued communication and job scheduling without reinstalling HPC components.Check This Out! (CTO!) Guide (August 2025)
Member: TysonPaul | Microsoft Community Hub Enhance Your Data Protection Strategy with Azure Elastic SAN’s Newest Backup Options Team Blog: Azure Storage Author: adarsh_v Published: 08/18/2025 Summary: Azure Elastic SAN now supports public preview integrations with Azure Backup and Commvault, providing automated, managed backup and recovery for Elastic SAN volumes. Azure Backup offers independent, crash-consistent snapshots, up to 450 daily restore points, simplified management, and seamless Azure integration. Commvault delivers enterprise-grade protection, snapshot-based backups, flexible recovery (including cross-region restores), and indefinite retention, supporting both Windows and Linux VMs. These solutions enhance data protection against loss, ransomware, and errors, ensuring secure, recoverable cloud storage for various organizational needs. Azure Backup suits single-volume scenarios, while Commvault is ideal for complex, multi-volume enterprise deployments. Finding the Right Page number in PDFs with AI Search Team Blog: Azure PaaS Author: samsarka Published: 08/11/2025 Summary: The article discusses how AI-powered search can accurately extract and associate page numbers with search results in large PDF documents using Azure Blob Storage and Azure AI Search. It details technical steps such as configuring storage permissions, applying OCR skillsets, setting up parent-child index projections, and defining search index schemas. By rendering each PDF page as an image and processing it with OCR, the system enables precise, page-level content retrieval, facilitating better navigation, citation, and trust in AI-generated responses for users searching within complex documents. Protect against SharePoint CVE-2025-53770 with Azure Web Application Firewall (WAF) Team Blog: Azure Network Security Author: yuvalpery Published: 08/11/2025 Summary: Microsoft disclosed CVE-2025-53770, a critical vulnerability in on-premises SharePoint Server (2010, 2013, 2016, 2019, SE) allowing unauthenticated remote code execution via authentication bypass and deserialization flaws. Patches are available for 2016, 2019, and SE, but not for 2010 or 2013. Organizations should immediately apply updates, restrict access to unsupported versions, and implement custom Azure Web Application Firewall (WAF) rules to detect and block attack patterns targeting vulnerable SharePoint endpoints, as detailed in Microsoft’s official guidance. Azure CNI Overlay for Application Gateway for Containers and Application Gateway Ingress Controller Team Blog: Azure Networking Author: jonw Published: 08/29/2025 Summary: Microsoft has announced the general availability of Azure CNI Overlay for Application Gateway for Containers and AGIC. This integration enhances IP scalability and performance for AKS clusters by enabling direct pod-to-pod routing without encapsulation overhead. It addresses key challenges like IP exhaustion and load balancing for containerized applications. The solution supports over 1 million IPs across clusters in the same VNet and ensures feature parity with kubenet, which is being retired. Customers can now upgrade AKS networking to Azure CNI Overlay while maintaining business continuity and leveraging a high-performance ingress solution. Announcing more Azure VMware Solution enhancements Team Blog: Azure Migration and Modernization Author: christopheherrbach Published: 08/25/2025 Summary: Microsoft announced several enhancements to Azure VMware Solution (AVS) at VMware Explore in Las Vegas, including expansion to 35 global regions with eight more planned by year-end. AVS now offers improved support for VMware Cloud Foundation, DISA IL5 authorization for government use, flexible Azure NetApp Files storage options, and expanded Azure Elastic SAN support for all node types. These updates make AVS a robust choice for migrating and optimizing VMware workloads in Azure, with resources available for learning and skill-building through the Azure VMware Solution 2025 Learn Challenge. Container Networking with Azure Application Gateway for Containers (AGC): Overlay vs. Flat AKS Team Blog: Azure Infrastructure Author: lakshaymalik Published: 08/31/2025 Summary: Azure Application Gateway for Containers (AGC) integrates with AKS using two networking models: Overlay (Azure CNI Overlay) and Flat (Azure CNI Pod/Node Subnet). Overlay conserves VNet IPs by assigning pods overlay CIDRs, while Flat gives pods VNet-routable IPs for direct access. AGC auto-detects the model, requires a /24 subnet, supports network policies, and leverages Layer-7 routing and security features. Deployment uses Gateway API resources without changes for either model. Overlay requires ALB Controller v1.7.9+. AGC enables flexible, secure, and scalable ingress for AKS, integrating with Azure’s security and monitoring tools. Designing for Certainty: How Azure Capacity Reservations Safeguard Mission‑Critical Workloads Team Blog: Azure Governance and Management Author: Goutham_Bandapati Published: 08/25/2025 Summary: Azure Capacity Reservations allow organizations to secure specific VM resources in designated regions or zones, ensuring availability for mission-critical workloads during demand spikes. Unlike Reserved Instances, which offer cost savings for steady usage but don’t guarantee resource access, Capacity Reservations guarantee placement but incur costs even if idle. Combining both approaches—reserving capacity for reliability and using Reserved Instances for savings—mitigates risk, optimizes costs, and enhances resilience against unpredictable cloud demand, especially for regulated, latency-sensitive, or high-stakes workloads. This strategy is essential across all major clouds to transform capacity from a risk into a managed asset. Upcoming Changes to Instance Size Flexibility Ratios for Azure Reservations: What You Need to Know Team Blog: Azure Compute Author: kyleikeda Published: 08/04/2025 Summary: On September 4, Azure will update instance size flexibility ratios for reservations covering select Virtual Machines, Azure Redis Cache, and Dedicated Hosts. These changes, aimed at optimizing reservation discounts, may impact reservation coverage—potentially increasing or decreasing the number of units covered—without changing prices. Users should review impacted SKUs and monitor reservation utilization after the update to manage costs effectively. Recommendations include adjusting usage, exchanging reservations, or utilizing Azure Advisor for cost-saving strategies. Guidance is available in the Azure Portal and Microsoft documentation. SQL Server enabled by Azure Arc is now generally available in the US Government Virginia region Team Blog: Azure Arc Author: AbdullahMSFT Published: 08/14/2025 Summary: SQL Server enabled by Azure Arc is now generally available in the US Government Virginia region, allowing government agencies to manage on-premises SQL Server instances through the Azure Government portal securely and compliantly. Key features include onboarding SQL Server instances, inventory management, extended security updates, and licensing management. Some advanced features, like failover clustering and certain services, were initially unavailable but have since been enabled, including Always On availability groups and SQL Server services. This launch marks a significant step for hybrid data management in the government cloud, with further enhancements planned. Mobile Plans moves to the web Team Blog: Windows OS Platform Author: HunterM Published: 08/28/2025 Summary: Microsoft is retiring the Windows Mobile Plans app to simplify mobile data activation on PCs. Users will now buy and manage cellular plans directly through mobile operator websites and Windows Settings, eliminating the need for a separate app. eSIM activation will be streamlined and secure, with device IDs shared via Windows Settings. The transition begins in the second half of 2025, with full retirement by February 2026. Existing cellular functions remain unaffected. Operators gain more control over the activation process, and Microsoft is supporting them through the transition for a seamless user experience. System Center 2022 Update Rollup 3 Team Blog: System Center Author: AakashMSFT Published: 08/25/2025 Summary: System Center 2022 Update Rollup 3 (UR3) delivers stability, security, and compatibility improvements across Operations Manager, Service Manager, Virtual Machine Manager, and Orchestrator. Key updates include expanded guest OS support (Windows Server 2025, multiple Linux distributions), HTTPS-by-default for storage providers, enhanced console stability, restored Teams notifications, improved platform stability on new CPUs/OS builds, .NET 8 and gMSA support for Orchestrator, and TLS 1.3 enablement. UR3 incorporates previous fixes from UR2 and can be installed even if UR2 failed, reflecting Microsoft’s ongoing commitment to regular quality updates. Windows Server 2025 Software Defined Datacenter: Networking Deployment Series (4/6) Team Blog: Networking Author: cindywan Published: 08/28/2025 Summary: Part 4 of the Windows Server 2025 Networking Deployment Series details how Contoso Medical Center secures its Software Defined Datacenter using SDN features. By leveraging Network Security Groups (NSGs), tag-based segmentation, and Default Network Policies (DNP), Contoso enforces Zero Trust, automates VM protection, and ensures consistent security from creation. These capabilities simplify policy management, enhance compliance, and protect critical healthcare workloads without manual firewall rules. The article also previews upcoming topics on Accelerated Networking and SDN Multisite, and encourages readers to try these features using Windows Admin Center and SDNExpress v2. Certifications refresh: AI-focused and fundamentals updates Team Blog: Microsoft Learn Author: GretchenLaBelle Published: 08/28/2025 Summary: Microsoft Learn is updating its certification and training offerings to focus on AI, Microsoft 365, Copilot, and agents, reflecting the growing integration of AI in business. New certifications will validate foundational and expert AI skills, while beginner-level courses for various functional roles are being introduced. Microsoft will retire select Fundamentals Certifications (MS-900, MB-910, MB-920) after December 31, 2025, but earned certifications remain valid. Applied Skills micro-credentials are also available, with a chance to win a 50% exam voucher. More details on new AI-focused certifications will be announced soon. Unlocking Flexibility with Azure Files Provisioned V2 Team Blog: ITOps Talk Author: Pierre_Roman Published: 08/14/2025 Summary: Azure Files Provisioned V2 introduces a flexible billing model, letting users independently provision storage, IOPS, and throughput for predictable costs and enhanced performance. Unlike previous models, it eliminates per-operation fees and enables scaling up to 50,000 IOPS and 5 GiB/sec throughput per share. This simplifies management, supports larger workloads, and often lowers costs by 30–50% for active use cases. Provisioned V2 streamlines planning and budgeting, making Azure Files more cloud-friendly and enterprise-ready while addressing common pain points in cloud file storage. From the frontlines: Managing common kiosk scenarios in your business Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 08/28/2025 Summary: The article by Saurabh Sarkar discusses managing Windows kiosk devices using Microsoft Intune to boost productivity in sectors like airlines and restaurants. It outlines how Intune enables centralized configuration, security, and compliance for kiosk devices, highlighting a pizza restaurant scenario using Windows Autopilot and Edge kiosk mode. Key features include auto logon, restricted browser access, and automated Wi-Fi connectivity. The post emphasizes best practices for deploying, managing, and securing frontline devices, and references further resources for effective kiosk management. Provider-Managed Azure Subscriptions: Cost Control and Commitment Clarity Team Blog: FinOps Author: Dirk_Brinkmann Published: 08/29/2025 Summary: The article discusses scenarios where enterprise customers allow service providers to manage Azure subscriptions using the provider’s tenant, while billing remains with the customer. This arrangement enables customers to maintain full control over pricing, cost allocation, and Azure Consumption Commitment (MACC) utilization, with complete cost visibility. Service providers manage resources but have limited access to pricing and billing details. Clear governance, billing policies, and RBAC configurations are essential for effective management, ensuring decoupled operational control and cost ownership between customers and service providers. Governing Copilot agents: Your next step starts here Team Blog: FastTrack Author: JulieHersum Published: 08/21/2025 Summary: Rob Howard’s article outlines a practical governance framework for managing Microsoft 365 Copilot AI agents. It emphasizes three pillars: security controls via Microsoft Purview, management controls through admin centers, and agent usage reporting for compliance. The article introduces governance zones—sandbox, controlled, and trusted—for phased Copilot deployment based on risk and data sensitivity. Additional resources include a readiness checklist, deployment examples, tool integration links, and previews of upcoming guidance. The article is part of Microsoft’s FastTrack initiative, providing IT admins with ongoing support and resources for effective Copilot governance. Transforming Enterprise AKS: Multi-Tenancy at Scale with Agentic AI and Semantic Kernel Team Blog: Core Infrastructure and Security Author: jianshn Published: 08/29/2025 Summary: The article details how to deploy Agentic AI using Semantic Kernel on Azure Kubernetes Service (AKS) with a scalable, secure multi-tenant architecture. By isolating tenants through AKS namespaces, dedicated node pools, managed identities, and RBAC/ABAC for Azure Blob Storage, the solution ensures strong data and compute separation, minimizing cross-tenant risks and optimizing resource use. The post provides step-by-step implementation guidance, including credential scoping and deployment of AI agents, enabling enterprise-grade multi-tenancy for AI workloads with operational flexibility, cost efficiency, and security. Announcing MSGraph Provider Public Preview and the Microsoft Terraform VSCode Extension Team Blog: Azure Tools Author: stevenjma Published: 08/14/2025 Summary: Microsoft has announced the public preview of the Terraform MSGraph provider and the new Microsoft Terraform VSCode extension. The MSGraph provider enables managing Entra and M365 Graph APIs, offering broader and more immediate support for Microsoft cloud resources compared to the AzureAD provider. The VSCode extension consolidates AzureRM, AzAPI, and MSGraph support, adds features like exporting Azure resources as Terraform code, and enhances coding with IntelliSense and code samples. These tools aim to streamline infrastructure-as-code workflows, simplify resource management, and accelerate automation for Terraform practitioners in the Microsoft ecosystem.Check This Out! (CTO!) Guide (April 2025)
Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!Check This Out! (CTO!) Guide (March 2025)
Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!Check This Out! (CTO!) Guide (Feb 2025)
Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!
