Check This Out! (CTO!) Guide (March 2026)
Member: TysonPaul | Microsoft Community Hub Automating Large‑Scale Data Management with Azure Storage Actions Team Blog: ITOps Talk Author: 1Nataraj Published: 02/25/2026 Summary: Azure Storage Actions is a fully managed, serverless automation platform that simplifies large-scale data management in Azure Blob and Data Lake Storage. It enables users to automate tasks such as tagging, tiering, deletion, and applying immutability based on customizable conditions—without custom code or infrastructure. Administrators can centrally define tasks and assign them across multiple storage accounts, with built-in preview, monitoring, and audit features. Use cases include compliance, cost optimization, and metadata management, making it ideal for organizations managing millions of items across vast storage estates. Azure Storage Actions is available in over 40 Azure regions. Migration, Modernization & Agentic Tools Team Blog: ITOps Talk Author: OrinThomas Published: 02/25/2026 Summary: The article discusses how agentic tools, such as those in Azure Copilot and GitHub Copilot, transform cloud migration and modernization from one-time projects into ongoing, autonomous systems. These tools dynamically discover environments, recommend modernization paths, automate migration steps, and continuously optimize workloads for cost, performance, security, and compliance. By embedding governance and leveraging real-time telemetry, agentic tools reduce manual effort, minimize errors, and ensure migrations are efficient, secure, and aligned with enterprise standards, providing continuous improvement post-migration. What’s new in FinOps toolkit 13 – January 2026 Team Blog: FinOps Author: Michael_Flanakin Published: 02/09/2026 Summary: The January 2026 update to the FinOps toolkit focuses on stability, usability, and community engagement. Key enhancements include improved documentation, new features like configurable Key Vault purge protection, and expanded support for Parquet format and compression in Cost Management exports via PowerShell. Security, reliability, and extensibility have been strengthened for FinOps hubs, with numerous bug fixes across Power BI reports, workbooks, and the Azure Optimization Engine. The release highlights ongoing community involvement, upcoming features like AI automation, and premium services to help organizations deploy and scale the toolkit effectively. Managed Identity on SQL Server On-Prem: The End of Stored Secrets Team Blog: Core Infrastructure and Security Author: RyadB Published: 02/23/2026 Summary: **Summary:** The article explains how SQL Server 2025 on-premises, when connected to Azure Arc, can use Managed Identity to access Azure resources without storing secrets like SAS tokens or keys. This approach eliminates risks of secret storage, rotation, and auditing complexity by leveraging Microsoft Entra ID for identity management and RBAC for permissions. The article details configuration steps, migration from stored credentials, troubleshooting, and current limitations, highlighting improved security and simplified management for on-prem SQL Server accessing Azure services. Running Text to Image and Text to Video with ComfyUI and Nvidia H100 GPU Team Blog: Core Infrastructure and Security Author: HoussemDellai Published: 02/27/2026 Summary: This article provides a step-by-step guide for setting up and running ComfyUI, a node-based interface for AI-powered text-to-image and text-to-video generation, on Azure VMs with Nvidia H100 GPUs. It details both automated (Terraform) and manual setup methods, including installing drivers, dependencies, and downloading required models. The guide explains accessing ComfyUI’s web portal, workflow configuration, and model management to create high-quality images and videos efficiently. It also includes important notes about GPU driver compatibility and offers links to official documentation and scripts for further reference. Unlock outbound traffic insights with Azure StandardV2 NAT Gateway flow logs Team Blog: Azure Networking Author: cozhang Published: 02/06/2026 Summary: The article introduces Azure’s StandardV2 NAT Gateway, highlighting its new features such as zone-redundancy, enhanced performance, dual-stack support, and, notably, flow logs. Flow logs provide detailed visibility into outbound traffic, enabling security auditing, compliance, usage analytics, and troubleshooting. The article explains how to enable and use flow logs to diagnose connectivity issues and optimize network architecture. It emphasizes the importance of flow logs for monitoring established outbound connections and offers troubleshooting steps for connection drops, recommending best practices for resilient Azure deployments. Centralized cluster performance metrics with ReFrame HPC and Azure Log Analytics Team Blog: Azure High Performance Computing (HPC) Author: jimpaine Published: 02/06/2026 Summary: The article outlines how to integrate ReFrame HPC, a flexible high-performance computing testing framework, with Azure Log Analytics for centralized performance monitoring across diverse clusters and environments. It details deploying necessary Azure resources, configuring ReFrame for HTTP logging, and running performance tests with results sent to Log Analytics. This integration enables unified, standardized metrics collection, cross-cluster comparisons, trend analysis, and improved system visibility—supporting migration, development, and operational assurance in heterogeneous HPC environments. Azure Recognized as an NVIDIA Cloud Exemplar, Setting the Bar for AI Performance in the Cloud Team Blog: Azure High Performance Computing (HPC) Author: Fernando_Aznar Published: 02/18/2026 Summary: Microsoft Azure has been recognized as the first NVIDIA Exemplar Cloud for its world-class, end-to-end AI workload performance, now validated for both H100 and next-generation GB300 (Blackwell) systems. This designation reflects Azure’s optimized full-stack infrastructure—including compute, networking, and software integration—delivering predictable, efficient, and scalable AI training at production scale. Customers benefit from faster time-to-train, improved ROI, and confidence in Azure’s readiness for advanced AI workloads, ensuring consistent high performance from proof-of-concept to deployment without sacrificing cloud flexibility or manageability. Reference Architecture for Highly Available Multi-Region Azure Kubernetes Service (AKS) Team Blog: Azure Architecture Author: rgarofalo Published: 02/03/2026 Summary: The article presents a reference architecture for highly available, multi-region Azure Kubernetes Service (AKS) deployments. It compares active/active, active/passive, and deployment stamp models, detailing their trade-offs in availability, complexity, and cost. Key components include Azure Front Door for global traffic routing, geo-replicated data services, centralized monitoring, and consistent security controls. The architecture emphasizes resilience through fault isolation, automated recovery, and regular testing. It offers practical guidance for cloud architects to design AKS platforms that withstand regional outages, ensuring business continuity and scalable operations across Azure regions. Reactive Incident Response with Azure SRE Agent: From Alert to Resolution in Minutes Team Blog: Azure Architecture Author: Sabyasachi-Samaddar Published: 02/18/2026 Summary: **Summary:** The article details how Azure SRE Agent revolutionizes incident response by automating investigation and triage as soon as an alert fires, reducing resolution times from hours to minutes. Through two real-world scenarios—a SQL connectivity outage and a VM CPU spike—the agent autonomously diagnosed issues, proposed remediations, and required minimal human intervention. Custom Incident Response Plans and instructions enable context-aware, consistent, and rapid resolutions, with automated post-incident documentation. Key benefits include faster MTTR, reduced manual toil, and improved knowledge capture, though some technical challenges remain. Azure SRE Agent is currently in preview. Cross Forest Enrollment – PKISync.PS1 Team Blog: Ask the Directory Services Team Author: Manuel_Alvarez_V Published: 02/19/2026 Summary: The article explains how to use the PKISync.ps1 PowerShell script for cross-forest certificate enrollment in Active Directory environments. PKISync synchronizes PKI-related objects, such as certificate templates and CA configurations, from a source forest to a target forest, enabling certificate requests across forests. It details the setup requirements, including two-way forest trusts, LDAP referral configuration, and certificate publishing. Although PKISync is considered legacy, automating its use can facilitate simple cross-forest enrollment, but CEP/CES is recommended for modern, secure deployments. The article concludes with best practices and automation tips for PKISync. What’s New in Windows Group Policy Preferences Debug Logging Team Blog: Ask the Directory Services Team Author: TagoreN Published: 02/27/2026 Summary: The article outlines a new feature in Windows 11 24H2 and 25H2 (from February 2026 preview updates) that allows administrators to enable Group Policy Preferences (GPP) debug logging directly through Local Group Policy, not just domain-based GPOs. This simplifies troubleshooting by allowing detailed logging on client devices without domain reliance. The article explains how to configure logging, manage trace file locations, and set necessary permissions. Overall, this update enhances flexibility and efficiency for IT professionals managing and debugging GPP issues on Windows client devices. Public Preview: Restrict usage of user delegation SAS to an Entra ID identity Team Blog: Azure Storage Author: ellievail Published: 02/26/2026 Summary: Microsoft has announced the public preview of user-bound user delegation SAS for Azure Storage, enhancing security by restricting SAS token usage to a specific Microsoft Entra ID identity. This feature extends user delegation SAS, requiring the end user to authenticate with Entra ID to access storage resources. It supports cross-tenant scenarios and incurs no additional cost beyond standard storage transactions. User-bound SAS is available via REST APIs, SDKs, PowerShell, and CLI for all GPv2 storage accounts in public regions, with detailed steps provided for setup and role assignment. Azure Migrate: Now Supporting Premium SSD V2, Ultra and ZRS Disks as Targets Team Blog: Azure Storage Author: Lakshya_Jalan Published: 02/18/2026 Summary: Azure Migrate now supports Premium SSD v2, Ultra Disk, and ZRS Disks as migration targets, with Premium SSD v2 and ZRS generally available and Ultra Disk in public preview. This update enhances assessment and migration by enabling tailored recommendations based on workload performance needs, offering greater flexibility, performance, and resiliency. Users can now migrate demanding, mission-critical workloads to Azure using these advanced disk options, benefiting from features like zonal redundancy and customizable performance. The enhancements streamline migrations and ensure optimal resource alignment, supporting petabytes of data already migrated during the preview phase. Public Preview: Automatic zone balance for Virtual Machine Scale Sets Team Blog: Azure Compute Author: HilaryWang Published: 02/17/2026 Summary: Azure has introduced the public preview of automatic zone balance for Virtual Machine Scale Sets, which automatically monitors and redistributes VM instances across availability zones to maintain optimal resiliency. This feature addresses imbalances that can occur over time, minimizing the impact of zone failures without manual intervention. The system uses health checks, respects instance protection policies, and ensures workload capacity during rebalancing. Automatic instance repair is also enabled by default. Users can join the preview by enabling the feature and meeting specific prerequisites. This capability reduces operational overhead while enhancing workload reliability and zone-level resilience. Azure Automated Virtual Machine Recovery: Minimizing Downtime Team Blog: Azure Compute Author: Jon_Andoni_Baranda Published: 02/04/2026 Summary: Azure Automated Virtual Machine Recovery is a built-in Azure feature that minimizes VM downtime through fast, intelligent, and automated recovery processes. Without requiring customer setup, it continuously monitors VM health, rapidly detects failures, diagnoses issues, and applies the optimal recovery action, all without customer intervention. Leveraging detailed recovery event annotations, it provides deep visibility into incident timelines and helps optimize recovery strategies. Over the past 18 months, this system has halved average VM downtime, strengthening business continuity, reducing financial impact, and reinforcing customer trust in Azure’s reliable cloud platform. Support tip: Resolve device noncompliance with Mobile Threat Defense partner apps Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 02/02/2026 Summary: This article provides guidance for resolving device noncompliance issues when using Mobile Threat Defense (MTD) partner apps, like Microsoft Defender for Endpoint, with Microsoft Intune. It outlines troubleshooting steps for users to restore compliance—installing, activating, refreshing, or reinstalling the MTD app—and checking compliance status. It also details simplified remediation workflows for iOS/iPadOS and methods for resetting the MTD connection on Android if sign-out is blocked, helping users regain access to work or school resources and reducing support overhead. How to enable HTTPS support for Microsoft Connected Cache for Enterprise and Education Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 02/20/2026 Summary: Starting June 16, 2026, Intune will require HTTPS for Microsoft Connected Cache when delivering Win32 apps. To maintain caching benefits and reduce bandwidth, administrators must configure HTTPS on Connected Cache nodes using a CA-signed TLS certificate. The guide details generating a CSR on the node, signing and importing the certificate, and validating HTTPS on both Windows and Linux hosts. It also covers troubleshooting, maintenance, and renewal. Without HTTPS, devices will revert to using the CDN for Intune app downloads. Other content types remain unaffected. Early configuration ensures seamless transition and continued performance benefits. The Copilot resource guide to share with your employees Team Blog: FastTrack Author: JulieHersum Published: 02/19/2026 Summary: The article introduces the "Essential Copilot resource hubs for employees," a centralized guide designed to streamline Microsoft Copilot onboarding and support. It helps adoption leaders structure learning paths, IT admins share resources efficiently, and all employees access consistent guidance. The guide consolidates key Microsoft Copilot resources, making it easier for organizations to accelerate adoption and customize internal policies. Additional support is available through FastTrack and the Microsoft 365 Accelerator site, offering expert guidance, templates, and personalized assistance to boost Copilot deployment and change management efforts. Copilot adoption: Move your org from pilot to production with this guide Team Blog: FastTrack Author: JulieHersum Published: 02/19/2026 Summary: The article introduces a comprehensive guide for IT admins and Copilot adoption leads to streamline the rollout of Microsoft 365 Copilot. Organized around the adoption lifecycle (plan, build, operate), the guide highlights eight essential resource hubs, practical rollout steps, and audience-specific resources to ensure effective, governed adoption. It also promotes Microsoft FastTrack, which offers expert support, self-service resources, and personalized assistance to accelerate and scale Copilot deployment at no extra cost. Azure Virtual Desktop is now available in US Gov Texas in Azure Government Team Blog: Azure Virtual Desktop Author: Ron_Coleman Published: 02/04/2026 Summary: Azure Virtual Desktop is now available in the USGov Texas region of Azure Government, offering customers a new option for deploying secure and flexible virtual desktop environments. This expansion enables improved connection performance, reduced latency, and enhanced responsiveness by allowing host pool creation directly in the region. It supports mission needs, geographic distribution, and regulatory requirements, while maintaining Azure Government’s compliance and security standards. Customers can now leverage multiple regions for greater flexibility and performance in their virtual desktop deployments. RDP Shortpath (UDP) over Private Link is now generally available Team Blog: Azure Virtual Desktop Author: Rinku_Dalwani Published: 02/17/2026 Summary: Azure Virtual Desktop now supports UDP-based RDP Shortpath over Private Link, enabling direct, high-performance RDP connections between session hosts and clients using private IPs. This complements existing TCP connectivity, helping customers with strict private network boundaries. Administrators must explicitly enable UDP in Azure portal settings to use this feature. The opt-in model ensures secure and predictable transport, giving full control over UDP introduction. This enhancement is recommended for customers needing precise routing and policy enforcement in regulated environments, while standard AVD connectivity remains suitable for most deployments. Full configuration guidance is available in Azure documentation. Migrating Workloads from AWS to Azure: A Structured Approach for Cloud Architects Team Blog: Azure Migration and Modernization Author: rhack Published: 02/18/2026 Summary: The article outlines a structured, five-phase approach for migrating workloads from AWS to Azure, emphasizing a like-for-like architecture to minimize risk and maintain operational stability. Key phases include planning, preparation, execution, evaluation, and decommissioning, each requiring thorough documentation, stakeholder alignment, testing, and validation. The recommended migration strategy is blue/green deployment for risk mitigation. The workload team should lead the migration, supported by external Azure experts. Success depends on careful planning, phased execution, and post-migration optimization, with organizational knowledge-sharing encouraged for future improvements. Modernizing for the AI Era: Accelerating Application Transformation with Agentic Tools Team Blog: Azure Migration and Modernization Author: MarcoB Published: 02/12/2026 Summary: The article highlights the urgent need for organizations to modernize legacy applications to thrive in the AI era. Legacy systems drain resources and hinder innovation, but new agentic tools—such as GitHub Copilot, Azure Migrate, and Azure Copilot—use AI to automate and accelerate application transformation. These tools reduce manual effort, boost accuracy and safety, and make modernization accessible, empowering teams to focus on innovation. The result is faster, safer, and more consistent modernization, enabling organizations to continuously evolve their applications for intelligent, cloud-optimized environments. Practical steps and resources are provided to guide organizations in getting started. Secure DNS with DoH: Public Preview for Windows DNS Server Team Blog: Networking Author: JorgeCañas Published: 02/09/2026 Summary: Microsoft has launched a public preview of DNS over HTTPS (DoH) for Windows DNS Server, enabling encrypted and authenticated DNS queries within on-premises networks. This upgrade enhances security and privacy by preventing DNS traffic from being exposed or intercepted, aligning with Zero Trust principles and U.S. federal requirements. The DoH feature, included in the February 2026 update for Windows Server 2025, is disabled by default and currently intended for evaluation only. Existing DNS functionality remains unchanged, with new tools added for DoH management. Feedback is encouraged to improve the feature before general availability. Announcing Public Preview: Simplified Machine Provisioning for Azure Local Team Blog: Azure Arc Author: PragyaDwivedi Published: 02/26/2026 Summary: Microsoft has announced the Public Preview of Simplified Machine Provisioning for Azure Local, streamlining edge infrastructure deployment. The new process centralizes configuration in Azure, requiring minimal on-site expertise—staff only need to rack, power on hardware, and insert a prepared USB. Secure provisioning uses industry standards like FIDO Device Onboarding and Azure Arc Site for consistent, automated deployments across multiple locations. IT teams manage and monitor provisioning remotely, reducing errors and speeding up setup. Once complete, machines are ready for cluster creation and workload deployment, significantly simplifying and scaling Azure Local deployments. Azure CLI Windows MSI Upgrade Issue: Root Cause, Mitigation, and Performance Improvements Team Blog: Azure Tools Author: Alex-wdy Published: 02/03/2026 Summary: The article discusses a critical issue affecting Azure CLI upgrades on Windows using the MSI installer, where users upgrading from version 2.76.0 (or earlier) to 2.77.0 (or later) encountered startup crashes due to missing Python extension files. The root cause was a versioning conflict during upgrade, leading to incomplete installations. The article details recovery steps, recommends upgrading to version 2.83.0, and highlights improvements to the MSI upgrade process, making installations faster and more reliable by simplifying file replacement logic and eliminating slow version checks. Users are encouraged to upgrade and report issues if encountered. Navigating the 2025 holiday season: Insights into Azure’s DDoS defense Team Blog: Azure Network Security Author: Jdasari Published: 02/18/2026 Summary: During the 2025 holiday season, Azure observed a rise in burst-style DDoS attacks, with high-intensity, short-lived surges targeting packet processing and connection-handling layers. Most attacks were automated and brief, but the cumulative impact was operationally draining, especially for latency-sensitive sectors like gaming. Botnet-driven attacks rapidly shifted targets, exploiting inconsistent defenses. Azure DDoS Protection mitigated over 174,000 attacks, underscoring the need for always-on, automated, and layered security. Organizations are urged to standardize protections, proactively monitor, and adopt Zero Trust and multi-layered defense strategies to ensure resilience against evolving threats in 2026. A Practical Guide to Azure DDoS Protection Cost Optimization Team Blog: Azure Network Security Author: SaleemBseeu Published: 02/18/2026 Summary: The article provides strategies for optimizing Azure DDoS Protection costs. It explains the differences between DDoS Network Protection (best for large-scale, centralized management) and DDoS IP Protection (for few, specific endpoints). Key recommendations include consolidating protection plans to reduce base costs, selectively applying protection based on workload exposure, preventing unnecessary spend via regular reviews, and using cost management tools and tagging for visibility. The guide emphasizes aligning protection with actual risk and criticality, and offers scripts and checklists to support ongoing cost-efficient DDoS defense.Check This Out! (CTO!) Guide (February 2026)
Member: TysonPaul | Microsoft Community Hub Secure DNS with DoH: Public Preview for Windows DNS Server Team Blog: Networking Author: JorgeCañas Published: 02/09/2026 Summary: Microsoft has launched a public preview of DNS over HTTPS (DoH) for Windows DNS Server, available in the February 2026 update for Windows Server 2025. DoH encrypts DNS queries and responses, enhancing authentication and privacy while maintaining existing server functions. This move aligns with Zero Trust security principles and supports U.S. federal cybersecurity requirements. The feature is disabled by default, is not production-ready, and currently only encrypts client-to-server traffic. Feedback is encouraged during the preview phase, with future updates planned for upstream encryption support. Azure Blob Tiering: Clarity, Truths, and Practical Guidance for Architects Team Blog: Azure Infrastructure Author: nehatiwari1994 Published: 02/06/2026 Summary: The article explains Azure Blob Storage tiering for backup architects, debunking common misconceptions about tier performance and access. Hot, Cool, and Cold tiers are online and offer immediate data access; minimum retention is a billing rule, not a technical limit. Archive tier requires rehydration before restores. Restore speed depends on throughput architecture, not tier. Cost is influenced by both storage and access patterns. Effective tiering strategies and lifecycle policies are essential for scaling backup repositories from terabytes to petabytes, ensuring operational safety and cost control. The article offers practical design recommendations and clarifies Azure tier behaviors. AKS Tenant Migration: Considerations and Approach Team Blog: Azure Infrastructure Author: SoumyaShet05 Published: 02/05/2026 Summary: 321: No summary could be found for article: [AKS Tenant Migration: Considerations and Approach] [https://techcommunity.microsoft.com/blog/azureinfrastructureblog/aks-tenant-migration-considerations-and-approach/4415198]. What’s new in FinOps toolkit 13 – January 2026 Team Blog: FinOps Author: Michael_Flanakin Published: 02/09/2026 Summary: FinOps toolkit 13 (January 2026) delivers stability and usability improvements for cloud cost management, including enhanced documentation, Key Vault purge protection options, Power BI report fixes, and streamlined Cost Management exports via PowerShell with Parquet support. The release strengthens security, reliability, and extensibility for enterprise-scale deployments. Community engagement is emphasized with new office hours. Future plans include AI-driven automation, expanded recommendations, and premium support services. The toolkit remains open-source and continues to evolve with community contributions and ongoing enhancements across Microsoft Cloud environments. Reading GPSVC Like a Crime Novel Team Blog: Ask the Directory Services Team Author: Chris_Cartwright Published: 02/25/2026 Summary: The article, "Reading GPSVC Like a Crime Novel," explains how to troubleshoot Group Policy issues using the enhanced GPSVC debug log in modern Windows 11 versions. It details the two core phases of Group Policy processing, emphasizes the importance of following log threads, and highlights the benefit of new date and time stamps for better correlation with other events. The post also covers enabling verbose logging, interpreting log entries, and using additional tools like TSS for deeper analysis, ultimately making GPSVC logs more powerful for diagnosing Group Policy problems. What’s New in Windows Group Policy Preferences Debug Logging Team Blog: Ask the Directory Services Team Author: TagoreN Published: 02/27/2026 Summary: The article outlines enhancements to Windows Group Policy Preferences (GPP) debug logging in Windows 11 versions 24H2 and 25H2 (from February 2026 preview updates). Administrators can now enable verbose GPP debug logging directly via Local Group Policy, not just domain-based GPOs. This change simplifies troubleshooting, reduces reliance on domain controllers, and allows easier, flexible diagnostic workflows on client devices. The article explains how to configure logging settings, log locations, and necessary permissions, highlighting a significant quality-of-life improvement for IT professionals managing GPP issues. Azure Landing Zone and compliance for Banks (Indian Banks) Team Blog: Azure Migration and Modernization Author: srhulsus Published: 02/12/2026 Summary: **Summary:** Azure Landing Zone (ALZ) provides Indian banks with a secure, compliant, and auditable cloud foundation, aligning with RBI and global standards (ISO 27001, PCI-DSS, FFIEC). It features subscription isolation, centralized IAM, robust network and data security, mandatory encryption, continuous monitoring, and business continuity controls. ALZ ensures India data residency, policy automation, regulatory audit support, and secure exit management. The architecture is regulator-accepted and proven by major banks, supporting governance, risk, and compliance mandates for hosting sensitive, regulated banking workloads on Azure. Migrating Workloads from AWS to Azure: A Structured Approach for Cloud Architects Team Blog: Azure Migration and Modernization Author: rhack Published: 02/18/2026 Summary: The article outlines a structured, five-phase approach for migrating workloads from AWS to Azure, emphasizing a “like-for-like” architecture to minimize risk and complexity. Key phases include planning, preparation, execution, evaluation, and decommissioning, with blue/green deployment recommended for risk reduction. Success hinges on comprehensive documentation, stakeholder alignment, phased validation, and having the current workload team lead the migration. External partners can assist with planning but should not execute cutovers. Once stability on Azure is achieved, optimization can begin. Thorough preparation and collaboration are essential for a confident, disruption-free migration. How to enable HTTPS support for Microsoft Connected Cache for Enterprise and Education Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 02/20/2026 Summary: Starting June 16, 2026, Intune will require HTTPS for Microsoft Connected Cache nodes serving Win32 apps. To retain bandwidth savings and localize content, admins must configure HTTPS on their Connected Cache servers by preparing a TLS certificate, generating a CSR on the node, signing it with a CA, importing the certificate, and validating HTTPS. The process is similar for Windows and Linux hosts. Regular certificate monitoring and renewal are necessary. Without HTTPS, devices will fall back to CDN. Improvements and fixes are underway, and early setup ensures readiness for the upcoming enforcement. Support tip: Resolve device noncompliance with Mobile Threat Defense partner apps Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 02/02/2026 Summary: The article explains how to resolve device noncompliance issues in Microsoft Intune when using Mobile Threat Defense (MTD) partner apps like Microsoft Defender for Endpoint. It outlines steps for users to restore compliance, including installing or activating the MTD app, refreshing the app’s connection, or reinstalling it. It also details simplified remediation for iOS/iPadOS and steps to refresh the MTD connection on Android if sign-out is blocked. The guidance helps organizations ensure device compliance and secure access to work or school resources while reducing support overhead. Announcing Public Preview: Simplified Machine Provisioning for Azure Local Team Blog: Azure Arc Author: PragyaDwivedi Published: 02/26/2026 Summary: Microsoft has announced the public preview of Simplified Machine Provisioning for Azure Local, streamlining edge infrastructure deployment by shifting configuration to Azure. IT teams can now centrally define and automate provisioning using Azure Arc, with minimal onsite interaction—staff only need to rack, power on hardware, and use a prepared USB. Built on the FIDO Device Onboarding standard, this approach ensures secure, consistent device onboarding and management at scale, with end-to-end deployment visibility. This new process enables faster, less error-prone deployments, allowing organizations to efficiently provision and manage Azure Local infrastructure across multiple sites. Unlock outbound traffic insights with Azure StandardV2 NAT Gateway flow logs Team Blog: Azure Networking Author: cozhang Published: 02/06/2026 Summary: The article introduces the Azure StandardV2 NAT Gateway, highlighting new features such as zone-redundancy, enhanced throughput, dual-stack IP support, and the availability of flow logs. Flow logs provide detailed outbound traffic data, improving security, compliance, and troubleshooting. They help monitor traffic patterns, identify issues like connection drops, and optimize network architecture. The article explains enabling and using flow logs for diagnostics, emphasizing their value in validating connectivity and auditing outbound flows, and encourages users to leverage these insights for resilient Azure deployments. Migration, Modernization & Agentic Tools Team Blog: ITOps Talk Author: OrinThomas Published: 02/25/2026 Summary: The article discusses how agentic tools are transforming cloud migration and modernization by introducing autonomy, continuous optimization, and context-aware decision-making. Rather than a one-time process, migration becomes an ongoing, self-improving system with tools like Azure Copilot and GitHub Copilot. These tools automate environment discovery, recommend modernization paths, execute migrations, validate and optimize workloads, and ensure governance. They classify workloads, automate migration waves, and continuously enhance cost, performance, security, and compliance, reducing manual effort and errors while enabling safe, efficient, and policy-driven cloud transitions. Automating Large‑Scale Data Management with Azure Storage Actions Team Blog: ITOps Talk Author: 1Nataraj Published: 02/25/2026 Summary: Azure Storage Actions is a fully managed, serverless automation platform that enables customers to automate large-scale data management tasks—such as tiering, tagging, deletion, and applying immutability policies—across Azure Blob Storage and Data Lake Storage without custom code or infrastructure. It uses reusable, condition-based storage tasks and assignments, supporting compliance, cost optimization, and operational efficiency. The platform provides built-in monitoring, auditing, and preview features, making it suitable for scenarios requiring traceability. Common use cases include regulatory compliance, cost control, and metadata management across industries like finance, airlines, and manufacturing. Securing A Multi-Agent AI Solution Focused on User Context & the Complexities of On-Behalf-Of. Team Blog: Azure Architecture Author: Charles_Chukwudozie Published: 02/11/2026 Summary: The article outlines how an enterprise-grade multi-agent AI system was designed to securely preserve user identity and enforce access controls when AI agents interact with backend services like Databricks. By implementing Microsoft Entra ID’s On-Behalf-Of (OBO) flow, each AI agent operates strictly within the authenticated user’s permissions, maintaining RBAC policies and an audit trail. The solution uses a custom OAuth provider, per-user agent instances, and human-in-the-loop approval for sensitive operations, aligning with Zero Trust principles and ensuring robust AI governance for enterprise applications. Reference Architecture for Highly Available Multi-Region Azure Kubernetes Service (AKS) Team Blog: Azure Architecture Author: rgarofalo Published: 02/03/2026 Summary: This article presents a reference architecture for deploying Azure Kubernetes Service (AKS) across multiple Azure regions to maximize availability and resilience. It compares active/active, active/passive, and deployment stamp patterns, detailing trade-offs in availability, complexity, and cost. Key components include Azure Front Door for global routing, geo-replicated data services, centralized monitoring, and consistent security. The article emphasizes clear design choices, regular testing, and operational preparedness, highlighting that multi-region resilience requires coordinated patterns, not a simple switch, and should align with business RTO/RPO objectives and operational maturity. Public Preview: Restrict usage of user delegation SAS to an Entra ID identity Team Blog: Azure Storage Author: ellievail Published: 02/26/2026 Summary: Microsoft has announced the public preview of user-bound user delegation SAS for Azure Storage, enhancing security by restricting SAS token usage to a specific Microsoft Entra ID identity. This extension of user delegation SAS ensures only the designated user can access storage resources, reducing the risk of unintended access. The feature is available at no additional cost in all public regions and supports cross-tenant scenarios. It integrates with existing Azure RBAC and is accessible via REST APIs, SDKs, PowerShell, and CLI. Setup involves assigning the correct roles, obtaining user IDs, and generating the SAS token. Azure Migrate: Now Supporting Premium SSD V2, Ultra and ZRS Disks as Targets Team Blog: Azure Storage Author: Lakshya_Jalan Published: 02/18/2026 Summary: 321: No summary could be found for article: [Azure Migrate: Now Supporting Premium SSD V2, Ultra and ZRS Disks as Targets] [https://techcommunity.microsoft.com/blog/azurestorageblog/azure-migrate-now-supporting-premium-ssd-v2-ultra-and-zrs-disks-as-targets/4495332]. Bringing AI fluency to every corner of the organization (even yours!) Team Blog: Microsoft Learn Author: AshleyMastersHall Published: 02/19/2026 Summary: The article emphasizes the importance of AI fluency for all roles within organizations, likening AI’s impact to the transformative effect of GPS on navigation. It defines AI fluency as understanding and effectively using generative AI in care tasks, now a critical skill for the modern workplace. The author provides practical, approachable steps to integrate AI into daily workflows, recommends starting small, and highlights Microsoft’s AI Skills Navigator as a resource. The core message: AI is already changing work, and building fluency—starting with familiar tasks—ensures continued relevance and success. Microsoft Credentials roundup: February 2026 edition Team Blog: Microsoft Learn Author: PujaA Published: 02/26/2026 Summary: Microsoft’s February 2026 Credentials roundup introduces four new AI-focused Certifications and six new Applied Skills, targeting both technical and business professionals. These credentials validate expertise in AI integration, Copilot, and agent solutions, enhancing career prospects in an AI-powered workplace. Applied Skills offer quick, practical assessments in real-world AI tasks. Several older Certifications and Applied Skills are being retired, reflecting Microsoft’s ongoing commitment to current, relevant skills. Additional AI-focused updates are planned for March 2026 and beyond, further expanding learning and credentialing opportunities in AI and cloud technologies. Public Preview: Automatic zone balance for Virtual Machine Scale Sets Team Blog: Azure Compute Author: HilaryWang Published: 02/17/2026 Summary: Azure has introduced the public preview of automatic zone balance for Virtual Machine Scale Sets, which ensures VMs are evenly distributed across availability zones with no manual intervention. This feature continuously monitors and rebalances VMs, minimizing the impact of zone failures and maintaining optimal resiliency. It uses a create-before-delete approach with health checks and built-in safety measures, reducing operational overhead and ensuring workload stability. Automatic instance repairs are enabled by default. To use this feature, register for the preview, meet prerequisites, and enable it via the Azure portal, CLI, PowerShell, or REST API. Azure Automated Virtual Machine Recovery: Minimizing Downtime Team Blog: Azure Compute Author: Jon_Andoni_Baranda Published: 02/04/2026 Summary: Azure Automated Virtual Machine Recovery is a built-in Azure feature designed to minimize VM downtime by automatically detecting, diagnosing, and mitigating failures within seconds, without customer intervention. It operates continuously, leveraging multiple detection mechanisms and optimized recovery paths, ensuring business continuity and consistent SLA compliance. Recovery Event Annotations provide deep visibility into the recovery process, helping identify bottlenecks and improve reliability. Over the past 18 months, this system has halved average VM downtime, empowering customers to confidently run resilient applications with reduced risk of service disruption and financial loss. No setup is required; all Azure VMs benefit automatically. Azure CLI Windows MSI Upgrade Issue: Root Cause, Mitigation, and Performance Improvements Team Blog: Azure Tools Author: Alex-wdy Published: 02/03/2026 Summary:Check This Out! (CTO!) Guide (July 2025)
Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!Check This Out! (CTO!) Guide (May 2025)
Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!Check This Out! (CTO!) Guide (Feb 2025)
Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!
