Preview of multiparty analytics with Azure Confidential Clean Rooms
Today, we are excited to announce the preview of multiparty analytics feature of Azure Confidential Clean Rooms, a fully managed service that allows customers and their partners to securely analyze privacy-sensitive datasets from multiple parties. It uses confidential compute enabled Apache Spark-based big-data analytics (Spark SQL) which helps protect their raw data from other collaborators and from the Azure operator by performing computations in a Trusted Execution Environment (TEE). Privacy-sensitive datasets include personally identifiable information (PII), protected health information (PHI) and cryptographic secrets. Organizations across industries are increasingly looking to supplement their data with data from business partners, to build a complete view of their business. For example, brands, publishers, and their partners need to collaborate using datasets containing Intellectual Property (IP) to improve the relevance of their campaigns. Confidential data clean rooms help solve this challenge by enabling organizations to share and analyze granular datasets in a secure environment that helps prevent raw data exfiltration—protecting intellectual property, preserving customer privacy, and addressing concerns around regulatory compliance. You can sign up for the preview here Key Features Fully Managed: Azure takes care of the infrastructure provisioning and scaling with no user intervention. This significantly reduces your onboarding effort allowing you to focus on the queries and insights, not on infra management. Confidential Spark SQL: Spark SQL allows you to query large datasets and run complex queries in a distributed computing environment. In the confidential computing enabled version, the Spark driver and executors are fully attested policy-governed enclaves running as virtual nodes on confidential Azure Container Instances (ACI) which helps prevent exfiltration of collaborators’ data during query execution. Governance: Helps manage membership to cleanrooms, enables and verifies approval for queries from relevant collaborators before executing them and verifies consent to access sensitive collaborator data. It also helps generate tamper-resistant audit trails containing salient clean room events. This is made possible with the help of an implementation of the Confidential Consortium Framework (CCF). Telemetry: Throughout every clean-room run, detailed logs are streamed out in real time to monitor performance, troubleshoot issues, and keep the analytics healthy — all without ever exposing the collaborators’ data at any time. Verifiable trust: Cryptographic remote attestation viz. full attestation based on confidential hardware reports allows independent verification of the TEE along with along with all components that are part of it, without just trusting the cloud provider, before sensitive data and decryption keys are made available to the TEE. Open-source containers: All Microsoft provided cleanroom containers and sidecars are open-sourced here and can be verified for provenance and integrity guarantees using GitHub artifact attestation. Use Cases Multi-party confidential big-data analytics unlocks value in scenarios where data sensitivity, regulatory pressure, or competitive concerns previously blocked collaboration. These are some early scenarios that can benefit from this. Media & Advertising Collaboration of advertiser CRM data with publisher data for audience targeting and segment activation. Collaboration of audience data with measurement partners for measurement and attribution. Banking & Finance Collaboration between banks and insurance firms to upsell relevant products to existing bank customers without sharing raw data from either side Collaboration with retailers to generate customized offers for bank customers, without exposing either party’s underlying data. Government & Public Sector Secure collaboration of data across government departments to deliver better citizen welfare outcomes. Secure collaboration between government and private enterprises on shared-interest workloads such as traffic monitoring and weather systems. Healthcare Enable healthcare firms — including biopharma organizations — to combine their data with third-party institutions to accelerate clinical development, like identifying eligible participants for a clinical trial, without exposing underlying patient data. Combine patient datasets across hospitals to study disease patterns or outcomes without exposing sensitive protected health information. Beyond Spark SQL Realizing other multi-party scenarios like custom analytics, ML training and inferencing on Azure Confidential Clean Rooms is in our roadmap. If you have such a scenario to be realized, you can fill in and submit the preview signup form with the details of your scenario and we’ll get back to you. Learn More · Signup for the preview of Azure Confidential Clean Rooms for Analytics · Confidential Consortium Framework (CCF) · Virtual Nodes on Azure Container Instances
Would Microsoft Teams SDK for Python (Preview) affect marketplace submission
Hi, I need to know if it's possible to publish a custom teams app and get validated to have the app in marketplace for public if it's developed using Teams SDK with python which is mentioned as still in preview. Teams SDK is now generally available for JavaScript and C#, supports Python in developer preview https://learn.microsoft.com/en-us/microsoftteams/platform/bots/overview https://learn.microsoft.com/en-us/microsoftteams/platform/resources/dev-preview/developer-preview-intro?tabs=new-teams-client https://github.com/microsoft/teams.py Thank you!Preview exited, now GA: Out of Office Scheduling
Description Set up a message to let others know you're on vacation or not available to reply. Your out of office status will also sync with your Outlook calendar, your presence and contact card information. Flighting status Rolling out this week on Desktop and Web. How to enable Two ways to access the Out of Office feature 1) Through "Profile" Click profile then Set status message Click Schedule out of office 2) Through "Settings" Click Settings General -> Out of Office -> Schedule Now, from within the Scheduler Include an Out of Office message Note – Text is required to be compatible with Outlook scheduling. Click Save Options Send replies outside my organization Include text to auto reply Send replies only during a time period Pick dates and times to begin and end the Out of office status message and presence state. Outlook You will be able to see your changes in Outlook as well as update them there. How to Disable Change the Turn on automatic reply setting in Teams radio button to off and save Change the Send automatic replies setting in Outlook to off and save Note: If you need information about enabling the public preview itself, see “Enable the public preview for Teams” below. Microsoft 365 workloads and dependencies Product, workload, or area Dependency (Yes/No) If yes, version requirements and other dependencies Exchange No Sharepoint, files No Skype for Business No Outlook add-in No Azure AD No OneDrive No Office No Supported clients and platforms Windows 10 macOS iOS Android Linux Chrome Firefox Safari Edge Internet Explorer Yes Yes - - Yes Yes Yes Yes Yes - Known issues None Known limitations As mentioned in the guide an Out of Office Message needs to be included for Teams to save the configuration and set your presence to Out of Office. Enable your Teams client for the public preview First, IT admins need to set an update policy that turns on Show preview features. Learn how at Public preview in Microsoft Teams - Microsoft Teams | Microsoft Docs. Users then choose to join the public preview individually. See Get early access to new Teams features - Office Support (microsoft.com) for instructions. Summary of public preview features For a history of features in the Office and Teams public previews, see Release Notes Current Channel (Preview) - Office release notes | Microsoft Docs. Send us your feedback Got feedback on features in the public preview or other areas of Teams? Let us know straight from Teams via Help > Give feedback. Thank you, Preview Team Jason Schumaker Quality & Customer Obsession, Microsoft TeamsSecuring Confidential VM Backups with Azure Recovery Services Vault and Private Endpoints
When working with Confidential VMs (CVMs) in Azure, ensuring secure backups is just as important as protecting workloads in use. Confidential VMs use hardware-based Trusted Execution Environments (TEEs) such as AMD SEV-SNP or Intel TDX to keep your data safe. But how do you securely back up this data without exposing it to the public internet? The answer lies in combining Azure Recovery Services Vault (RSV) with Private Endpoints. In this blog, we’ll walk through why this setup matters, how to configure it, and what challenges you should watch out for. Note: This blog specifically deals with CVMs encrypted with Confidential OS Encryption on the OS Disk. As of now, Azure Backup for CVMs is in Private Preview, so make sure to engage with your Microsoft Account Team or Product Team for access. Why Use Private Endpoints for RSV? By default, the Recovery Services vault communicates over public endpoints. With private endpoints, all traffic between your Confidential VM and RSV flows over the secure Microsoft backbone instead of the public internet. This adds an extra layer of isolation and protection — a perfect match for sensitive workloads. What You’ll Need (Prerequisites) Before jumping in, make sure you have: An Azure Subscription and appropriate permissions (Owner/Contributor for RSV, DNS Zone Contributor for DNS). A Confidential VM on supported SKUs. A Recovery Services Vault in the same or a peered region. A Virtual Network and Subnet: Use a dedicated subnet for private endpoints. A private endpoint connection for Backup uses 11 private IPs (including Azure Backup storage). This may be higher in certain regions. Recommended subnet size: /25 to /27 to ensure sufficient private IP availability. Private DNS Zones: privatelink.backup.windowsazure.com (for the vault itself) privatelink.blob.core.windows.net (staging and recovery data) privatelink.queue.core.windows.net (backup operations queue) privatelink.table.core.windows.net (metadata storage) Azure Backup for CVMs supports only the 3-blob layout, which is now generally available. As a result, all new deployments on versions v5 and v6 SKUs will have 3-blob configuration by default instead of the previous 2-blob setup. Older deployments that did not enable the Preview Feature may need to be redeployed to align with this change. Azure Backup Private Preview Feature enabled on the subscription-level in collaboration with the Azure Product Team. Up-to-date Backup Extension on the VM. Step-by-Step: Configuring Backup with Private Endpoints Request Product Team Enablement: Work with Microsoft support/product team to enable the Azure Backup Private Preview Feature for your subscription. Create the Recovery Services Vault in the desired region. Add a Private Endpoint: Go to RSV → Networking → Private Endpoint connections. Select your VNet and subnet (ensure enough private IPs: /25 to /27 recommended). Link to the required private DNS zones. Enable Backup on the Confidential VM: Open the VM → Backup. Select the RSV. Choose or create an Enhanced policy (required for CVMs). Trigger the initial backup. Key Considerations for Confidential VM Backup Enhanced Policies Only: CVM backup supports only Enhanced policies. Backup support for CVM with confidential OS disk encryption using CMK is only available with Enhanced policies. Zone-Redundant Recovery Services Vault (ZRS): Consider deploying RSV as ZRS if you want to restore CVMs across zones. Restores from other zones are possible only via vault; snapshot restores are not supported across zones. CVM Backup with CMK Support: Currently available only under Private Preview on an enrollment basis. Key Vault and Managed HSM Permissions: When configuring via Azure Portal, access to Key Vault/Managed HSM is granted automatically. When using PowerShell, CLI, or REST API, access issues occur because Azure Backup requires explicit permissions. Fix: Assign Permissions to Azure Backup: For Key Vault: Grant Get, List, Backup key permissions (no secret permissions needed). For Managed HSM: Go to Managed HSM → Local RBAC → Add Role Assignment. Assign one of the following: Built-in Role: Managed HSM Crypto User Custom Role: Ensure dataActions include: Microsoft.KeyVault/managedHsm/keys/read/action Microsoft.KeyVault/managedHsm/keys/backup/action Set scope to the specific key (or All Keys). Assign role to Backup Management Service. Once permissions are configured, proceed with CVM backup setup as usual. Restore Options and Limitations When restoring a Confidential VM, Azure Backup provides several restore paths — each with certain caveats due to the confidential computing model: Restore to Original Location You can restore the CVM directly to the same subscription, resource group, and network configuration. Ideal for operational recovery after accidental deletion or corruption. Restore to Alternate Location You can restore the backup to a different resource group, virtual network, or availability zone. Limitations: Only supported when RSV is deployed as Zone-Redundant (ZRS). Snapshot restore is not supported when restoring to other zones. Disk-Level Restore Allows restoring specific managed disks (OS or data disks) from the backup vault. Restored disks can be used to recreate CVMs manually. Limitations: Replacement of OS Disk on the existing VM is not supported. Point-in-Time Restore (Enhanced Policy Only) Available for Enhanced Backup Policies with configurable retention settings. Restore Limitations Encryption Constraints: Restores for CVMs with CMK require the same Key Vault access and permissions to be valid at restore time. Private DNS Dependency: Incorrect or missing DNS resolution for blob or backup endpoints can cause restore failures. Feature Availability: All restore capabilities mentioned above are still evolving under the Azure Backup Private Preview program. Security Benefits Network Isolation: All communication between CVMs, the Recovery Services Vault, and backup storage occurs over private IPs using private endpoints — no exposure to the public internet. End-to-End Encryption: Backup data is encrypted both at rest and in transit. Use Customer-Managed Keys (CMK) in Azure Key Vault or Managed HSM for greater control over encryption. Role-Based Access Control (RBAC): Fine-grained access management ensures only authorized users and services can trigger or restore backups. Managed Identities for Authentication: Reduces key management complexity and enhances security posture. Known Issues and Limitations DNS Misconfiguration: Missing or misconfigured private DNS zones for backup, blob, queue, or table endpoints often lead to failed backups or restores. Limited Regional Support: Confidential VM backups with private endpoints are currently available in selected Azure regions only. Extension Compatibility: Ensure that the latest Azure Backup extension version is installed on the CVM. Older versions may not support CVM encryption. Feature Dependencies: Azure Backup for CVMs (Private Preview) must be manually enabled at the subscription level by the Azure Product Team. Performance Overhead: Due to attestation and encryption validation, backup operations may experience slight latency. Best Practices Test Restore Scenarios Regularly: Validate both backup and restore processes to ensure end-to-end functionality. Subnet Planning: Reserve adequate IP addresses in your subnet (/25 or /27) to accommodate private endpoints. ZRS Deployment: Use Zone-Redundant Recovery Services Vault (ZRS) for better resiliency and zone-to-zone restore capability. Use Enhanced Backup Policies: Enhanced policies ensure point-in-time recovery and support for CMK-based encryption. DNS Hygiene: Keep private DNS zones properly configured and linked to ensure uninterrupted connectivity. Permission Management: Verify Key Vault and Managed HSM permissions before initiating backup/restore through PowerShell or REST API. Network Segmentation: Use dedicated subnets for private endpoints to avoid IP conflicts and simplify network management. Automate with IaC: Use Bicep or Terraform templates for repeatable, auditable deployments of RSVs, private endpoints, and DNS configurations. Monitor Health and Alerts: Enable Azure Monitor and Backup Center to track job statuses, failures, and performance. Engage Product Team Early: Contact the Microsoft Product Team early in your project to ensure required preview feature (Azure Backup for CVMs) is enabled in time. Final Thoughts Backing up Confidential VMs with Azure Recovery Services vault over private endpoints gives you the best of both worlds: confidential computing protections for your workloads and secure, compliant backups that never leave the private network. By carefully planning DNS, subnet sizing, enabling subscription features with product team help, and configuring permissions properly, you can avoid common pitfalls and strengthen your data protection strategy. Note: This blog specifically deals with CVMs encrypted with Confidential OS Encryption on the OS Disk. Tip: If you’re just getting started, reach out to the Azure Product Team to enable the required features, deploy a test CVM, link it to an RSV with private endpoints, and run a backup/restore cycle to validate your configuration end-to-end.Now in public preview: Automatic lowering of a user's Raised Hand after speaking
Description To reduce the number of stale raised hands in meetings, we now suggest users to lower their raised hand after we detect they spoke in the meeting. If users don't take any action on the suggestion notification, we'll automatically lower their hand. This should ensure smoother meeting facilitation for organizers and presenters. Flighting status Available to everyone in Public Preview channel. How to enable Users who raise their hand in a Teams meeting and speak in the meeting will see a notification informing them that their hand will automatically be lowered soon. They will be able to choose to keep their hand raised. If the user doesn't take action on the notification, their hand will automatically lower. This should ensure smoother meeting facilitation for organizers and presenters. Note 1: If you need information about enabling the public preview itself, see “Enable the public preview for Teams” below. Note 2: To be able to use this feature, user needs to be in Public Preview. Other meeting participants are not required to be in Public Preview. Supported clients and platforms Windows macOS iOS Android Linux Google Chrome Firefox Safari Microsoft Edge Yes Yes Known issues None Known limitations Users will not see the notification and their hand will not be automatically lowered if Noise suppression is turned off in their Teams devices settings. Please note that Noise suppression is automatically turned off when your device has high CPU usage in order to preserve resources. Enable your Teams client for the public preview First, IT admins need to set an update policy that turns on Show preview features. Learn how at Public preview in Microsoft Teams - Microsoft Teams | Microsoft Docs. Users then choose to join the public preview individually. Learn how at Get early access to new Teams features - Office Support (microsoft.com) Send us your feedback Got feedback on features in the public preview or other areas of Teams? Let us know straight from Teams via Help > Give feedback. This is on the bottom left of your client. Thank you, Preview Team Quality & Customer Obsession, Microsoft TeamsInbound Screening & PCI-DSS
PCI-DSS frowns on having credit card numbers and related information in systems not otherwise in scope. Yet we sometimes have law enforcement asking for us for researching by these very terms; they send these sometimes via E-mail. I wonder therefore whether Exchange can screen using DLP policies, with the intent of adding controls, such as masking or adding "no forwarding, no printing," and so on. Possible? Advisable?Now in public preview: Pop out shared content into a separate window
Description Microsoft Teams now supports the ability to pop out shared content (shared screen, PowerPoint Live and Whiteboard) into a separate window while in meetings. Flighting status Available to everyone in Public Preview channel. How to enable To pop out content from meeting stage and use more monitors/screens during meetings: Join a Teams meeting from a Teams desktop client (Windows or Mac) as an attendee or presenter . When content (shared screen, PowerPoint Live or Whiteboard) is shared by another presenter in the meeting, click the "Pop out" button in the meeting toolbar to pop out the content into a separate window. You can pop in the window with shared content by closing it (by pressing "X" button). When the presenter stops sharing content, you can also click on "Dismiss" button which appears below a message in the pop out window informing you that content sharing has ended. Note 1: If you need information about enabling the public preview itself, see “Enable the public preview for Teams” below. Note 2: To be able to use this feature, users need to be in Public Preview. Users not in Public Preview will not be able to pop out shared content into a separate window. Windows macOS iOS Android Linux Google Chrome Firefox Safari Microsoft Edge Internet Explorer Yes Yes Known issues None Known limitations Majority of modern devices with medium and high-end hardware will support popping out content into a shared window while in meetings. As Microsoft continues to fine tune the experience, there may be more support in the future for other types of devices with less performant hardware. Also, we will list the specific supported hardware configuration at GA. Enable your Teams client for the public preview First, IT admins need to set an update policy that turns on Show preview features. Learn how at Public preview in Microsoft Teams - Microsoft Teams | Microsoft Docs. Users then choose to join the public preview individually. Learn how at Get early access to new Teams features - Office Support (microsoft.com) Send us your feedback Got feedback on features in the public preview or other areas of Teams? Let us know straight from Teams via Help > Give feedback. This is on the bottom left of the your client. Thank you, Preview Team, Jan_Steberl Quality & Customer Obsession, Microsoft TeamsPostgreSQL 17 Preview on Azure Postgres Flexible Server
We recently announced the 𝗽𝗿𝗲𝘃𝗶𝗲𝘄 𝗼𝗳 𝗣𝗼𝘀𝘁𝗴𝗿𝗲𝗦𝗤𝗟 𝟭𝟳 on Azure Database for PostgreSQL - 𝗙𝗹𝗲𝘅𝗶𝗯𝗹𝗲 𝗦𝗲𝗿𝘃𝗲𝗿! This release brings exciting new features like improved query performance, dynamic logical replication, enhanced JSON functions, and more—all backed by Azure’s reliable managed services. Try out the preview now and share your feedback! For details, read the complete blog post👉 https://techcommunity.microsoft.com/t5/azure-database-for-postgresql/postgresql-17-preview-on-azure-postgres-flexible-server/bc-p/4263877#M474 We’d love to hear your thoughts—feel free to share feedback or questions in the comments! #PostgreSQL #AzurePostgres #PGConfNYC #Database #OpenSource
