Check This Out! (CTO!) Guide (Feb 2025)
Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!Check This Out! (CTO!) Guide (April 2025)
Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!Check This Out! (CTO!) Guide (May 2025)
Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!Check This Out! (CTO!) Guide (July 2025)
Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!Check This Out! (CTO!) Guide (November 2025)
Member: TysonPaul | Microsoft Community Hub Getting Started with Windows Admin Center Virtualization Mode Team Blog: ITOps Talk Author: OrinThomas Published: 11/23/2025 Summary: Windows Admin Center Virtualization Mode is a new, preview web-based tool for managing large Hyper-V virtualization environments. It centralizes compute, networking, and storage management for thousands of hosts within the same Active Directory domain. The article outlines installation prerequisites, step-by-step setup, and onboarding of Hyper-V hosts into resource groups. Users configure networking, storage, and compute properties, then manage hosts and virtual machines through a streamlined UI. The guide emphasizes certificate setup, domain requirements, and initial firewall adjustments for onboarding. Links to public preview and documentation are provided for further exploration. Microsoft Entra Domain Services: Deploy, Join a VM, and Use Classic AD Tools Team Blog: ITOps Talk Author: OrinThomas Published: 11/24/2025 Summary: Microsoft Entra Domain Services (Entra DS) enables managed Active Directory domain controller functionality in Azure, allowing you to domain-join Windows Server VMs, use Group Policy, and manage DNS without maintaining your own DC VMs. The article guides you through setting up a virtual network, deploying Entra DS, configuring DNS, joining a VM to the domain, and using classic AD and DNS management tools, streamlining identity and access management for cloud workloads while retaining familiar AD capabilities. Azure Governance @ Ignite 2025 Team Blog: Azure Governance and Management Author: jodiboone Published: 11/22/2025 Summary: Azure Governance at Ignite 2025 introduced significant updates, including the public preview of Service Groups for flexible resource hierarchies and low-privilege management. New integrations with Azure Monitoring and Resiliency were announced. Azure Policy enhancements feature Identity Based Exemptions and a revamped UX for improved compliance and policy lifecycle management. Machine Configuration now offers an extensibility framework for customizable Windows and Linux baselines aligned with CIS standards. These updates aim to simplify governance, boost security, and improve policy management for deploying secure applications in Azure environments. Empower Smarter AI Agent Investments Team Blog: Azure Governance and Management Author: Fernando_Vasconcellos Published: 11/05/2025 Summary: The article presents a series of modules designed to help technical and business leaders make cost-effective decisions throughout the AI agent lifecycle on Azure. Covering topics from use case selection and understanding cost drivers to forecasting ROI, adopting best practices, choosing development approaches, architecting scalable solutions, and ongoing optimization, the learning path offers actionable strategies for building, deploying, and managing AI agents. By aligning innovation with financial discipline, these modules ensure sustainable value, operational excellence, and long-term success for enterprise AI initiatives. Using Packet Capture for troubleshooting Azure Firewall flows Team Blog: Azure Network Security Author: ShabazShaik Published: 11/10/2025 Summary: The article introduces Azure Firewall’s new Packet Capture feature, now generally available, which enables detailed troubleshooting by capturing network packets traversing the firewall. It explains how packet capture aids in diagnosing connectivity issues, outlines setup steps, and demonstrates real-world scenarios including VNET-to-VNET, DNAT, outbound internet access, and application rule traffic. The captured data allows administrators to analyze bidirectional flows, correlate requests and responses, and pinpoint network or application issues. Overall, packet capture significantly enhances network visibility, security, and operational reliability within Azure environments. General Availability of JavaScript Challenge in Azure Front Door WAF Team Blog: Azure Network Security Author: andrewmathu Published: 11/11/2025 Summary: Microsoft has announced the general availability of the JavaScript Challenge feature for Azure Front Door’s Web Application Firewall (WAF). This feature adds an automated, browser-based anti-bot layer to distinguish legitimate users from malicious scripts, enhancing protection against modern bot attacks while maintaining user experience. The challenge is lightweight and invisible to users, can be flexibly applied to specific endpoints, and is easily configured via WAF policies. Existing preview configurations remain supported, and comprehensive documentation is available for setup and best practices. Announcing Public Preview of Window Server 2025 on Azure Kubernetes Service Team Blog: Containers Author: Akarsh Published: 11/18/2025 Summary: Microsoft has announced the public preview of Windows Server 2025 support on Azure Kubernetes Service (AKS), offering enhanced security, performance, and compatibility. Users can deploy Windows Server 2025 node pools alongside other OS options, run Windows Server 2022 containers on 2025 hosts, and benefit from improved portability. Nano Server now supports more applications and Feature on Demand, optimizing resource use. Additionally, Windows Server 2025 enables GPU acceleration for containerized workloads. Customers can test Windows Server 2025 in AKS and provide feedback to help shape future container offerings. AI and human potential: Advancing skills, innovation, and outcomes Team Blog: Microsoft Learn Author: ToddMinor Published: 11/21/2025 Summary: Organizations worldwide are partnering with Microsoft to upskill employees in AI, driving innovation, efficiency, and business growth across sectors. Through initiatives like AI Skills Navigator, companies such as Albertsons, Levi Strauss, Vodafone, and Danone are integrating AI into daily work, fostering resilient, future-ready teams. Real-world examples from banking, retail, energy, and technology highlight that true transformation starts with people, not just technology. Empowered employees use AI to reimagine work, enhance productivity, and deliver meaningful outcomes, proving that continuous learning and AI adoption are key to unlocking human and organizational potential. Powering career and business growth through AI-led, human-enhanced skilling experiences Team Blog: Microsoft Learn Author: jeanaj Published: 11/18/2025 Summary: The article introduces Microsoft’s AI Skills Navigator, a unified, AI-powered learning platform designed to help individuals and organizations rapidly build and validate essential AI and human skills for career and business growth. Integrating content and credentials from Microsoft, LinkedIn, and GitHub, it offers personalized, interactive, and shareable learning experiences. Strategic partnerships with LinkedIn, GitHub, and Pearson further expand access to verified credentials and tailored training. The initiative aims to address the challenge of keeping pace with AI-driven changes, making upskilling accessible, relevant, and collaborative for the global workforce. Azure NCv6 Public Preview: The new Unified Platform for Converged AI and Visual Computing Team Blog: Azure High Performance Computing (HPC) Author: rishabv90 Published: 11/24/2025 Summary: Microsoft has announced the Azure NCv6 series, now in public preview, featuring NVIDIA RTX PRO 6000 Blackwell GPUs and Intel Granite Rapids CPUs. The NCv6 offers a unified platform for converged AI and visual computing, supporting digital twins, LLM inference, agentic workflows, and high-fidelity rendering. With scalable sizing, massive memory, and fractional GPU options, it caters to diverse workloads in AI, simulation, media, and remote desktops. This platform delivers breakthrough performance, cost-effective infrastructure, and seamless upgrades, empowering enterprises to innovate in the era of converged AI and industrial digitalization. Azure ND GB300 v6 now Generally Available - Hyper-optimized for Generative and Agentic AI workloads Team Blog: Azure High Performance Computing (HPC) Author: Nitin_Nagarkatte Published: 11/19/2025 Summary: Microsoft has announced the general availability of Azure ND GB300 v6 virtual machines, featuring thousands of NVIDIA GB300 NVL72 Blackwell Ultra GPUs and next-gen InfiniBand networking. These VMs deliver major performance improvements for generative and agentic AI workloads, including frontier model training and large-scale inference. With record-breaking throughput, scalable architecture, and advanced management tools, ND GB300 v6 enables efficient deployment and scaling of trillion-parameter models, long-context, and multimodal AI tasks, reaffirming Microsoft’s leadership in AI infrastructure and partnership with NVIDIA. Deriving expiry days and remaining retention days for blobs through blob inventory Team Blog: Azure PaaS Author: Harshi_mrinal Published: 11/11/2025 Summary: The article explains how to derive expiry days and remaining retention days for blobs in Azure Blob Storage and Data Lake Gen2 accounts using Blob Inventory reports. It outlines steps to set blob expiry, generate inventory CSV files, and use Azure Synapse SQL queries to list expiry times and retention days for soft-deleted blobs. The process helps organizations manage data lifecycle, optimize storage, and ensure compliance. Alternative methods such as PowerShell and Azure CLI are also suggested for similar tasks. Reference links for further learning are provided. Update Coverage Workbook in Microsoft Defender for Cloud to Include Defender for AI Plan status Team Blog: Core Infrastructure and Security Author: SantoshPargi Published: 11/03/2025 Summary: The article outlines two methods to track Defender for AI plan status in Microsoft Defender for Cloud. Option 1 involves updating the existing Coverage Workbook to display Defender for AI data, offering centralized visibility but needing manual maintenance. Option 2 uses Azure Resource Graph Explorer to run queries for AI plan status across subscriptions, providing flexibility and easier automation but separate from the workbook interface. The recommendation: update the Coverage Workbook for unified dashboards, or use Resource Graph Explorer for quick or automated checks. Platform SSO for macOS Team Blog: Core Infrastructure and Security Author: Farooque Published: 11/10/2025 Summary: Microsoft’s Platform SSO for macOS enables secure, passwordless authentication using Touch ID, smart cards, and passkeys, leveraging Apple’s SSO framework and integrating with Entra ID. Supporting macOS 13+, it streamlines device and app sign-in, offers centralized identity management, and requires no additional agent. Deployment involves Intune policies, device enrollment, and configuration of authentication methods. Administrators can customize login experiences and should align password policies and group assignments for compliance. Platform SSO improves security, user experience, and operational efficiency for organizations transitioning to modern authentication solutions. Announcing Network HUD: Operational Network Monitoring for Windows Server 2025 Team Blog: Networking Author: Basel_Kablawi Published: 11/18/2025 Summary: Network HUD is a new operational network monitoring tool for Windows Server 2025 clusters, offering real-time health checks and actionable insights to prevent networking issues. It detects adapter instability, driver incompatibility, storage inconsistencies, and misconfigured VLANs, reducing troubleshooting time. Integrating with physical switches via LLDP, Network HUD ensures host and network fabric alignment. Delivered as an Arc extension, it enables easy deployment and alerting through Windows Admin Center and PowerShell, helping administrators proactively maintain stable, high-performing server environments and avoid costly downtime. Announcing General Availability for AccelNet on Windows Server 2025 Team Blog: Networking Author: Basel_Kablawi Published: 11/18/2025 Summary: Microsoft has announced the general availability of Accelerated Networking (AccelNet) for Windows Server 2025 Datacenter. AccelNet uses SR-IOV technology to bypass the virtual switch, reducing CPU overhead and delivering predictable, low-latency performance for demanding workloads. It enables higher VM density per host and integrates seamlessly with Hyper-V and Failover Clustering. Deployment is simplified via Windows Admin Center and PowerShell, ensuring easy, scalable, and consistent configuration. AccelNet provides a consistent operational model across hybrid environments, benefiting scenarios like OLTP, in-memory caching, and dense virtualization. Azure Local 22H2 Clusters: End of Service and Feature Degradation Team Blog: Azure Arc Author: Arpita Duppala Published: 11/25/2025 Summary: Azure Local version 22H2 reached End of Service on May 31, 2025. Starting February 23, 2026, Microsoft will begin degrading features, including disabling Extended Security Updates (ESU) and Windows Server Subscription (WSS) benefits. Customers cannot renew or purchase ESU/WSS, risking security vulnerabilities and compliance issues. Microsoft will not restore degraded features or provide remediation for risks. To maintain support and security, customers are urged to upgrade to version 24H2 promptly to avoid service disruptions and compliance violations. Transforming City Operations: How Villa Park and DataON Deliver Real-Time Decisions with Edge RAG Team Blog: Azure Arc Author: moran_assaf Published: 11/18/2025 Summary: The article details how Villa Park, California, in partnership with DataON and Microsoft, leverages Edge Retrieval-Augmented Generation (Edge RAG) to modernize city operations. Using Azure Local infrastructure, Edge RAG enables fast, secure, and offline AI-powered workflows for zoning, compliance, and permitting, drastically reducing processing times. New features include advanced document parsing, multimodal search, SharePoint integration, and autonomous workflows. Villa Park serves as a model for smart city transformation, demonstrating how edge AI enhances operational resilience, data security, and efficiency, while allowing municipalities to maintain data sovereignty and tailor AI solutions to their needs. Announcing Cobalt 200: Azure’s next cloud-native CPU Team Blog: Azure Infrastructure Author: sebilgin Published: 11/18/2025 Summary: Microsoft has announced Azure Cobalt 200, its next-generation Arm-based CPU for cloud-native workloads, offering up to 50% better performance than Cobalt 100. Featuring 132 cores, advanced memory encryption, custom compression and cryptography accelerators, and built-in Azure Boost networking and storage capabilities, Cobalt 200 is designed for optimized efficiency, security, and workload compatibility. The CPU leverages extensive real-world benchmarking and AI-powered simulations to achieve optimal performance and energy savings. Cobalt 200 servers are now live in datacenters, with broader customer availability expected in 2026. Enabling Private Connectivity for Microsoft Fabric: A Practical Guide Team Blog: Azure Infrastructure Author: mohit-kanojia Published: 11/19/2025 Summary: The article outlines strategies for securely integrating Microsoft Fabric—a unified analytics SaaS platform—into large, security-sensitive enterprise environments with private-only, Zero-Trust architectures. It details how Fabric’s components (Lakehouse, Warehouse, Spark, Workspaces) can be accessed via private endpoints, managed private endpoints, VNet data gateways, and private DNS, ensuring no public exposure. The author shares a practical architecture using Azure’s hub-spoke model and highlights governance, automation with Terraform, and robust network controls, demonstrating that with careful planning, Fabric can operate securely within strict enterprise boundaries. Pure Storage Cloud, Azure Native evolves at Microsoft Ignite! Team Blog: Azure Storage Author: Aung_Oo Published: 11/19/2025 Summary: Microsoft has expanded its Azure Native Pure Storage Cloud integration, enabling customers to provision Pure Storage volumes to Azure Virtual Machines for both Linux and Windows applications. This partnership leverages Pure Storage’s enterprise-grade features, cost efficiency, and resilience, simplifying deployment and management via Azure Portal tools. Organizations have reported significant cost savings and improved performance, with benefits like advanced data management, rapid restores, and enhanced security. The service is available as a fully managed, Azure-native solution, now supporting both Azure VMware Solution and Azure VMs, with a 30-day free trial offered for new users. Reduce latency and enhance resilience with Azure Files zonal placement Team Blog: Azure Storage Author: hanagpal Published: 11/18/2025 Summary: Azure Files Premium LRS now supports zonal placement, allowing users to pin storage accounts to a specific Azure Availability Zone. This feature reduces latency by co-locating storage and compute resources, optimizes performance for latency-sensitive workloads, and enhances resilience by isolating failure domains. Zonal placement is available for both SMB and NFS shares and can be configured during storage account creation or update. It is ideal for databases, enterprise platforms, and business applications, and is currently available in select regions supporting Premium LRS and Availability Zones. Streamline Analytics Spend on Microsoft Fabric with Azure Reservations Team Blog: FinOps Author: kyleikeda Published: 11/24/2025 Summary: Microsoft Fabric is an integrated SaaS data platform offering unified analytics and AI, powered by OneLake. Organizations can optimize their analytics spend by purchasing Azure reservations for Fabric Capacity Units, which provide significant discounts for predictable workloads. Reservations simplify purchasing, offer flexible payment options, and can be managed via the Azure Portal. Best practices include careful usage estimation, enabling auto-renewal, monitoring with Azure Cost Management, and choosing appropriate scopes. By leveraging reservations, businesses can maximize savings while maintaining performance and scalability. For more details, visit the Microsoft Marketplace or Azure Portal. Accelerating HPC and EDA with Powerful Azure NetApp Files Enhancements Team Blog: Azure Architecture Author: GeertVanTeylingen Published: 11/14/2025 Summary: Azure NetApp Files introduces major enhancements for High-Performance Computing (HPC) and Electronic Design Automation (EDA) workloads, offering breakthrough petabyte-scale storage, high throughput, and advanced data management. New features include large volume support (up to 7.2 PiB), cool access for cost savings, user/group quota reporting, robust backup and single-file restore, hybrid cloud data mobility, cache volumes for burst-to-cloud, and AI-ready object REST API integration. These innovations boost scalability, reliability, operational efficiency, and security, enabling teams to accelerate time-to-market, optimize costs, and confidently manage complex, data-intensive workloads in the cloud. Introducing Local Identity with Azure Key Vault in Build 2510 Team Blog: Azure Architecture Author: ShireenIsab Published: 11/07/2025 Summary: Microsoft has announced a public preview of local identity integration with Azure Key Vault in Build 2510, enabling Azure local clusters to operate without Active Directory, simplifying deployments and backup processes. Key Vault integration allows seamless backup of keys, with compatibility efforts underway with partners like Veeam, Commvault, Dell, and Lenovo. Additionally, private previews introduce a Management Toolkit for secure cluster administration and Internal DNS for simplified name resolution, both designed to work without Active Directory. Users are encouraged to upgrade, test features, and provide feedback via email. Migrate or modernize your applications using Azure Migrate Team Blog: Azure Migration and Modernization Author: Shikher Published: 11/10/2025 Summary: Azure Migrate is Microsoft’s free platform for migrating and modernizing applications to Azure, offering features like application-aware migration, multi-server dependency mapping, software and security insights, and code-level analysis integration. It enables holistic migration planning by grouping workloads into applications, providing ROI analysis, and supporting phased wave planning for execution. The platform integrates with tools like GitHub Copilot and CAST for code assessment, facilitating collaboration among IT, security, and development teams, and supports a wide range of workloads and migration strategies for a seamless cloud transition. Migration Agent - Unlocking transformation Team Blog: Azure Migration and Modernization Author: SShastri Published: 11/18/2025 Summary: The article highlights how IT modernization is an ongoing transformation, driven by cloud-native architectures and innovations like AI. Central to this journey is the new Migration Agent powered by Azure Migrate, which provides actionable insights, security assessments, and evidence-backed recommendations for migration. It automates infrastructure deployment, ensures governance, and supports wave-based migration planning. Integration with tools like GitHub Copilot and CAST Highlight accelerates modernization, making cloud migration a continuous, developer-driven process that enhances agility, security, and business alignment, positioning Azure as a strategic launchpad for digital transformation. Azure CLI and Azure PowerShell Ignite 2025 Announcement Team Blog: Azure Tools Author: Alex-wdy Published: 11/19/2025 Summary: At Microsoft Ignite 2025, Azure CLI and Azure PowerShell announced major updates focused on quality, security, and AI integration. Key enhancements include MFA enforcement, Python 3.13 compatibility, new "What-If" and "Export Bicep" features, expanded service and extension support, and improved endpoint discovery. MFA claims challenges and optional pagination for large datasets were also addressed. These updates aim to streamline user workflows, bolster security, and leverage AI for smarter cloud management. Full release notes and migration guides are available for users to ensure smooth upgrades. Gaining Confidence with Az CLI and Az PowerShell: Introducing What if & Export Bicep Team Blog: Azure Tools Author: stevenbucher Published: 11/21/2025 Summary: Azure CLI and Azure PowerShell now offer “What if” and “Export Bicep” features in private preview, letting users safely preview command impacts and export actions as Bicep templates before making changes. These tools reduce risk, boost confidence, and accelerate infrastructure-as-code adoption by validating scripts and converting commands into reusable templates. Supported for select commands, users can sign up for early access and provide feedback, improving productivity and minimizing deployment errors in Azure environments. Support tip: Aligning network policy with Microsoft Intune and Zero Trust Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 11/03/2025 Summary: The article discusses aligning network policies with Microsoft Intune and Zero Trust principles, emphasizing the limitations of traditional perimeter-based architectures in supporting cloud services and hybrid work. It outlines three models—endpoint, domain, and domain/IP enforced access—for managing outbound traffic, recommending automation and bypassing inspection for Microsoft traffic. Adopting cloud-native tools and Zero Trust controls improves security, reliability, and user experience. The article encourages modernizing network architecture to support cloud services and details Microsoft’s ongoing enhancements, such as moving Intune endpoints to Azure Front Door for better performance and security. Debunking the myth: Cloud-native Windows devices and access to on-premises resources Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 11/14/2025 Summary: The article debunks the myth that cloud-native Windows devices can’t access on-premises resources. It explains that, with minimal configuration, these devices can connect to file shares and legacy apps using NTLM or Kerberos authentication. By leveraging Microsoft Entra ID, Intune, and solutions like Windows Hello for Business and Zero Trust Network Access, organizations can maintain security and user experience while accessing on-premises resources. The article also recommends adopting modern identity and security frameworks and offers resources such as Microsoft’s Zero Trust Workshop for effective implementation. Reimagining VM Application Management for an AI-Powered, Secure Future Team Blog: Azure Compute Author: tanmay-gore Published: 11/18/2025 Summary: The article discusses the transformation of virtual machine (VM) application management amid increasing AI-driven automation and security demands. Traditional deployment methods are inadequate for modern needs. Azure VM Applications offers a managed, end-to-end solution, enabling rapid, secure, and version-controlled deployment of diverse workloads. Key features include modular packaging, fast publishing, seamless CI/CD integration, regional replication, granular security controls, and unified monitoring. These capabilities improve resilience, compliance, and operational efficiency, allowing organizations to safely manage and scale VM applications for AI-powered workloads while streamlining software lifecycle management. Introducing Metadata Security Protocol (MSP): Elevating Platform Security for Azure VMs Team Blog: Azure Compute Author: Amjad_Shaik Published: 11/19/2025 Summary: Microsoft has announced the General Availability of Metadata Security Protocol (MSP) for Azure VMs, providing industry-first authentication and authorization for metadata service endpoints. MSP introduces a default-closed security model, enforcing access controls and zero-trust principles for Instance Metadata Service (IMDS) and WireServer. Key features include HMAC-based authentication, process-level RBAC, eBPF-powered request verification, and granular allowlisting. MSP significantly reduces attack surfaces such as SSRF and nested tenancy bypasses. Adoption involves auditing current access, creating an allowlist, and enforcing restrictions, enhancing defense-in-depth for sensitive VM metadata. Simplify container network metrics filtering in Azure Container Networking Services for AKS Team Blog: Azure Networking Author: KhushbuP Published: 11/08/2025 Summary: Azure Container Networking Services for AKS now offers container network metrics filtering in public preview, allowing users to control which metrics are collected at the pod level using Kubernetes custom resources. This feature reduces metrics bloat, lowers storage and ingestion costs, and improves dashboard clarity by filtering data before it reaches observability tools. Filters can be dynamically updated without downtime and target specific namespaces or pod labels, ensuring only relevant metrics are captured. Users can enable this by defining filters with the ContainerNetworkMetric CRD and validating settings, streamlining network observability and cost management. Integrating Azure Application Gateway v2 with Azure API Management for secure and scalable API Team Blog: Azure Networking Author: ranjsharma Published: 11/18/2025 Summary: Integrating Azure Application Gateway v2 with Azure API Management secures and scales API access, combining WAF protection, advanced routing, and API governance features. The article details various deployment scenarios (public, private, hybrid), network/DNS requirements, security hardening (TLS, WAF, mTLS, private endpoints), and observability best practices. It covers Terraform deployment, CI/CD automation, diagnostics, cost optimization, troubleshooting, and a production readiness checklist. This integration enables robust security, scalability, and centralized API management for cloud, hybrid, and on-premises backends. Announcing new hybrid deployment options for Azure Virtual Desktop Team Blog: Azure Virtual Desktop Author: SteveDMSFT Published: 11/18/2025 Summary: Microsoft has announced a limited preview of Azure Virtual Desktop for hybrid environments, enabling organizations to run cloud-native virtual desktops and applications on existing on-premises infrastructure via Azure Arc. This expands support to various hypervisors and hardware, allowing businesses to leverage current investments while maintaining unified management. Key partners—ControlUp, LoginVSI, Nerdio, and Nutanix—are providing integration and support. The solution offers flexibility, optimized management, and a clear path to cloud migration, addressing performance, compliance, and data residency needs for hybrid IT environments. Interested organizations can enroll via Microsoft’s preview interest form.Check This Out! (CTO!) Guide (December 2025)
Member: TysonPaul | Microsoft Community Hub System Center 2025 Update Rollup 1 and more Team Blog: System Center Author: AakashMSFT Published: 12/11/2025 Summary: System Center 2025 Update Rollup 1 (UR1) is now available, delivering enhanced security with TLS v1.3, support for SQL Server 2025, and expanded monitoring for new Linux distributions. Key improvements include issue fixes and new features across Operations Manager, Data Protection Manager, Service Manager, and Orchestrator, such as selective Hyper-V disk backup, Exchange Subscription Edition support, and improved stability. Updates also ensure GB18030-2022 compliance for Chinese characters. Ongoing hotfixes for System Center 2022 maintain security and compatibility. An Update Rollup for Virtual Machine Manager 2025 is forthcoming. Automating Windows Server Licensing Benefits with Azure Arc Policy Team Blog: Core Infrastructure and Security Author: jpigott Published: 12/22/2025 Summary: The article explains how automating Windows Server licensing with Azure Arc Policy streamlines compliance and management across hybrid environments. By deploying the policy, organizations can automatically enable licensing benefits—such as Azure Update Manager and Windows Admin Center—for all eligible Arc-enabled Windows Servers. The policy evaluates license status, applies appropriate profiles for Software Assurance or Pay-As-You-Go, and enables remediation for non-compliant machines. This reduces manual effort, minimizes errors, and ensures consistent, scalable licensing compliance for large server estates. Deployment and remediation steps are provided using Azure Policy and PowerShell. Empower Your Cloud Identity: How to Convert User SOA from AD to Entra ID Team Blog: Core Infrastructure and Security Author: Farooque Published: 12/15/2025 Summary: The article explains how shifting the Source of Authority (SOA) for users from on-premises Active Directory (AD) to Microsoft Entra ID enables organizations to fully leverage cloud-based identity management, security, and governance. This change removes AD dependencies, streamlines HR provisioning, and reduces the attack surface. The technical process is simple—a single attribute change via API—but requires careful planning, especially as changes in Entra ID won’t sync back to AD. Organizations must consider scenarios for retaining on-premises access and follow a checklist for a successful migration to a cloud-first identity model. Private Preview: Azure Managed Prometheus on VM / VMSS Team Blog: Azure High Performance Computing (HPC) Author: Daramfon Published: 12/11/2025 Summary: Azure Managed Prometheus now supports monitoring for virtual machines (VMs) and virtual machine scale sets (VMSS), extending beyond container workloads. This private preview enables unified, scalable metric collection—including GPU and InfiniBand—for HPC scenarios. Metrics are stored in Azure Monitor, and users gain a fully managed Prometheus experience with scraping, PromQL, alerting, and dashboards via Azure Managed Grafana. Customers can monitor mixed environments (AKS, VMSS, VMs) without managing backend infrastructure. Access requires subscription allowlisting, with onboarding and feedback managed through a GitHub repository. Automating HPC Workflows with Copilot Agents Team Blog: Azure High Performance Computing (HPC) Author: xpillons Published: 12/03/2025 Summary: Copilot Agents use AI to automate the creation of Slurm job submission scripts for High Performance Computing (HPC) workflows, reducing manual effort, errors, and delays. By interpreting user-provided context and applying best practices, Copilot quickly generates precise scripts, enabling researchers to focus on analysis rather than troubleshooting. The system supports iterative improvement and validation, increasing reliability and scalability. Automation benefits include faster script generation, minimized errors, improved consistency, and greater accessibility for new users, making HPC workloads more efficient and user-friendly. Deploying Windows Servers in an Azure Availability Set Team Blog: ITOps Talk Author: OrinThomas Published: 12/08/2025 Summary: This guide explains how to deploy Windows Server virtual machines in an Azure Availability Set to enhance reliability for IIS workloads. It details creating a resource group, configuring VMs with Premium SSDs for high SLAs, and assigning them to availability sets at creation for fault and update domain protection. Security settings such as disabling inbound ports and boot diagnostics are recommended. The process is repeated for additional VMs within the same set and network. Future guidance will address load balancing with Azure Application Gateway and security against DDoS and OWASP threats. Anatomy of an Outage: How Microsoft focuses on Transparency during and post incident Team Blog: ITOps Talk Author: Rick Claus Published: 12/16/2025 Summary: The article details Microsoft Azure’s approach to outage transparency, emphasizing rapid detection, clear communication, and post-incident learning. It highlights Azure’s five communication pillars—speed, accuracy, discoverability, parity, and transparency—and the importance of Azure Service Health for tailored incident alerts. The process covers pre-incident monitoring, equitable real-time updates, and thorough, blame-free post-incident reviews. Microsoft’s transparency culture and tools like Service Health empower infrastructure teams to respond effectively to outages. The key recommendation: proactively configure Azure Service Health to ensure timely, actionable notifications for your organization’s critical workloads. Protect against React RSC CVE-2025-55182 with Azure Web Application Firewall (WAF) Team Blog: Azure Network Security Author: yuvalpery Published: 12/04/2025 Summary: On December 3, 2025, a critical remote code execution vulnerability (CVE-2025-55182) was disclosed in React Server Components, affecting several React versions. Attackers can exploit unsafe deserialization to execute arbitrary server code. Immediate upgrading to patched React releases is strongly advised. For additional protection, Azure Web Application Firewall (WAF) users should enable the latest Default Rule Set (DRS) 2.1 or implement provided custom WAF rules to block exploit patterns. The article details rule configurations for Azure Application Gateway, Containers, and Front Door, and recommends validating custom rules before production deployment. Application layer DDoS protection using the HTTP DDoS Ruleset in Azure WAF Team Blog: Azure Network Security Author: saikishor Published: 12/18/2025 Summary: The article discusses Azure Application Gateway WAF’s HTTP DDoS Ruleset, which provides adaptive, application-layer protection against sophisticated HTTP-based DDoS attacks, such as floods, API abuse, and slow HTTP attacks. By learning normal traffic baselines, using dynamic detection, and leveraging Microsoft’s global threat intelligence, the ruleset can automatically identify and block abnormal client behavior. Metrics and logs offer visibility into mitigated threats. Sensitivity settings balance detection and false positives. The solution is easy to enable and integrates with existing WAF policies, helping organizations proactively defend against evolving application-layer DDoS threats. Scaling Azure Compute for Performance Team Blog: Azure Compute Author: DanaCozmei Published: 12/02/2025 Summary: The article highlights Azure Compute’s new features unveiled at Ignite 2025, aimed at supporting demanding workloads like AI, analytics, and globally distributed apps. Key advancements include Direct Virtualization for low-latency GPU/NVMe access, large containers for accelerated AI/ML, VM Applications for streamlined global deployments, Scheduled Actions for automation, enhanced resiliency via Azure Compute Gallery, and flexible VMSS Instance Mix for capacity scaling. These innovations enable intelligent, adaptive infrastructure, simplifying operations and boosting performance, cost-efficiency, and reliability for customers driving next-generation cloud solutions. Windows on Arm runs more apps and games with new Prism update Team Blog: Windows OS Platform Author: Marc_Sweetgall Published: 12/05/2025 Summary: The latest Prism update boosts Windows on Arm devices by expanding support for more x86 instruction set extensions, including AVX and AVX2, enabling additional apps and games—especially creative tools—to run under emulation. This update allows previously incompatible software, such as Ableton Live 12, to install and operate smoothly. The improvements are available for all Windows on Arm devices running Windows 11, version 24H2 or later, with enhanced emulation for 64-bit apps by default and optional support for 32-bit apps. Microsoft remains committed to further enhancing Prism emulation capabilities. Announcing Support for S2D and SAN Coexistence Team Blog: Failover Clustering Author: Rob-Hindman Published: 12/04/2025 Summary: Microsoft has announced support for using Storage Spaces Direct (S2D) and SAN storage together in a single Windows Server 2022/2025 failover cluster. This allows customers to combine S2D Cluster Shared Volumes (CSVs) with SAN CSVs, enabling flexible migration, backup, and data management for workloads, including AI and ML. Both storage types can be validated and managed in one cluster, with specific formatting requirements for each. This update responds to customer feedback and enhances options for virtualization and data protection without VM disruption. Announcing Support for S2D Campus Cluster on Windows Server 2025 Team Blog: Failover Clustering Author: Rob-Hindman Published: 12/11/2025 Summary: Microsoft announced support for S2D Campus Cluster in Windows Server 2025, enabling resilient storage solutions across two racks within a campus, such as hospitals or schools. With the 2025-12 Security Update (KB5072033), features like Rack Level Nested Mirror (RLNM) enhance data resiliency, allowing survival of rack and node failures. The configuration offers tradeoffs between cost and performance, requires SSD/NVMe drives, and specific networking setups. Guidance and PowerShell scripts are provided for deployment. The article acknowledges MVP contributions and addresses FAQs about supported cluster sizes, volume limits, and infrastructure recommendations. Key Considerations for Modernizing and Migrating Custom Applications to Azure Team Blog: Azure Migration and Modernization Author: srhulsus Published: 12/12/2025 Summary: The article outlines essential steps for migrating and modernizing custom applications to Azure. Key considerations include assessing current applications, choosing suitable migration strategies, modernizing compute and databases, designing secure architectures, ensuring high availability, adopting DevOps, monitoring operations, managing costs, and conducting thorough testing. Azure’s cloud-native services and AI-driven tools, such as Azure Migrate and GitHub Copilot, streamline migration, optimize performance, enhance security, and accelerate modernization, helping organizations transition smoothly while improving reliability, scalability, and cost efficiency. Migrate from Amazon API Gateway to Azure API Management Team Blog: Azure Migration and Modernization Author: dan_lepow Published: 12/04/2025 Summary: The article provides a comprehensive guide for migrating from Amazon API Gateway to Azure API Management. It includes detailed feature mapping between AWS and Azure, covers infrastructure, API workloads, and configurations, and offers workarounds where direct equivalents are lacking. The guide outlines assessment and preparation steps, a phased migration process to minimize risk, and post-migration optimization. It features an architecture-focused example for healthcare APIs and references additional resources for migrating other AWS workloads to Azure. The guide aims to help teams plan, implement, and validate a seamless API migration. Azure Arc Server Forum: 2026 Updates Team Blog: Azure Arc Author: Aurnov_Chattopadhyay Published: 12/08/2025 Summary: The Azure Arc Server Forum enters its fourth year in 2026, with monthly sessions held every third Thursday (except July and December) featuring live demos, Q&A, and feedback opportunities on Windows, Linux, and SQL Server management across hybrid, multicloud, and edge environments. Participants receive a monthly newsletter with updates on new capabilities, agent improvements, and opportunities to influence the product roadmap. Forum recordings are available on YouTube within 2-3 weeks, and registration is open via the provided link. Azure Arc Monthly Forum Recap – November 2025 Team Blog: Azure Arc Author: yunishussein Published: 12/17/2025 Summary: The November 2025 Azure Arc Monthly Forum recap covers key previews and updates: Auto Agent Upgrade (public preview) enables automatic AZCM agent updates; Essential Machine Management (private preview) offers unified machine management; Machine Configuration – CIS Baseline Compliance (public preview) allows advanced baseline management via Azure Policy. FAQs clarify EMM coverage, Operations Center branding, training resources, and cost details. Security baseline updates and Linux support in guest configuration are planned. Feedback channels and documentation links are provided for each feature. Verified skills, real impact: Microsoft Credentials help you get AI-ready Team Blog: Microsoft Learn Author: ElisaGraceffo Published: 12/12/2025 Summary: AI is transforming business across all roles, making verified skills essential for individuals and organizations. Microsoft Credentials—including Certifications and Applied Skills—help validate and showcase AI expertise, boosting career growth and organizational readiness. Microsoft has expanded its credentials portfolio to include business-focused and technical AI skills, now accessible to a broader audience. EPAM Systems demonstrates how these credentials create competitive advantage. The new AI Skills Navigator streamlines skill development, helping users build personalized learning paths and ensuring teams are AI-ready in today’s rapidly evolving workplace. Secure, Seamless Access using Managed Identities with Azure Files SMB Team Blog: Azure Storage Author: Priyanka-Gangal Published: 12/15/2025 Summary: Azure Files SMB now supports Managed Identities in public preview, enabling secure, credential-free, identity-based access integrated with Microsoft Entra ID. This eliminates the need for storage account keys, aligns with Zero Trust principles, and provides built-in RBAC, compliance with FIPS, and multi-client support across Windows and Linux. Key benefits include enhanced security for CI/CD pipelines and AKS workloads, simplified compliance, and streamlined configuration. The feature is available at no additional cost and aims to help organizations achieve enterprise-grade security and governance for file share access across cloud-native and hybrid environments. Transforming Data migration using Azure Copilot Team Blog: Azure Storage Author: madhurinrao Published: 12/11/2025 Summary: Azure Copilot’s new Storage Migration Solutions Advisor streamlines data migration to Azure by providing conversational, AI-driven guidance. It recommends optimal migration tools—both Microsoft-native and third-party—based on user-specific scenarios, such as data size, protocol, and bandwidth. This reduces complexity, speeds decision-making, and minimizes migration risks across on-premises, cloud-to-cloud, and hybrid environments. Users interact via prompts, receive tailored recommendations, and access relevant documentation, making migrations more efficient and less error-prone. Pro tips include running proof-of-concept migrations and leveraging Azure Storage Discovery for post-migration insights. Azure Policy: Required Actions for Docker Content Trust Deprecation in Azure Container Registry Team Blog: Azure Governance and Management Author: ShannonHicks Published: 12/17/2025 Summary: Azure Container Registry (ACR) is deprecating the Docker Content Trust (DCT) feature over three years, which will remove the trustPolicy property from APIs and affect related Azure Policy aliases. No built-in policies use these aliases, but custom policies referencing them must be updated or removed to avoid compliance issues. Policies using trustPolicy.status will break when the property is deleted. Users should identify affected policies, update or remove them, test changes, and monitor Azure documentation for further updates on transitioning to the Notary Project. Announcing General Availability for Azure Resource Graph (ARG) GET/LIST API Team Blog: Azure Governance and Management Author: JaspreetKaur Published: 12/03/2025 Summary: The Azure Resource Graph (ARG) GET/LIST API is now generally available, offering a 10X increase in throttling quotas for resource lookups compared to standard ARG queries. This API enables scalable, high-performance GET and LIST operations, reducing read throttling and improving reliability for high-volume scenarios. By appending the “useResourceGraph=true” parameter, users can route requests to the optimized ARG backend. It’s ideal for retrieving or listing resources within a single scope and is currently supported for the resources and computeresources tables. The switch to ARG GET/LIST API is fully controlled by the caller. Microsoft Agent Pre-Purchase Plan: One Unified Path to Scale AI Agents Team Blog: FinOps Author: kyleikeda Published: 12/08/2025 Summary: The Microsoft Agent Pre-Purchase Plan (P3) offers organizations a unified, upfront payment model for deploying AI agents across both Microsoft Foundry and Copilot Studio, leveraging Work IQ, Fabric IQ, and Foundry IQ. P3 simplifies procurement, budget management, and access to over 32 agentic services, while delivering predictable savings and flexibility. With a single pool of credits, customers can efficiently scale intelligent, context-driven agents without platform limitations, streamlining AI adoption and governance. The plan is designed to support innovation, cost-effectiveness, and enterprise-wide AI deployment, as announced at Microsoft Ignite 2025. Network Detection and Response (NDR) in Financial Services Team Blog: Azure Networking Author: Marc de Droog Published: 12/18/2025 Summary: Financial Services organizations must comply with PCI DSS v4.0.1, which demands robust network monitoring and intrusion detection. Traditional tools often fall short; Network Detection and Response (NDR) solutions use advanced analytics to monitor, detect, and respond to threats in real-time, supporting key PCI requirements. In Azure, native tools (VTAP, Flow Logs, Traffic Analytics), third-party NDR platforms, Microsoft Sentinel (SIEM), and Defender for Cloud (compliance monitoring) together enable a layered, PCI-compliant defense. NDR provides deep visibility and automated incident response, enhancing both security and compliance for cardholder data environments in the cloud. Azure Networking 2025: Powering cloud innovation and AI at global scale Team Blog: Azure Networking Author: Sudha_Mahajan Published: 12/18/2025 Summary: In 2025, Azure Networking powered major cloud and AI innovations, notably enabling Microsoft’s Fairwater AI datacenter’s ultra-fast GPU interconnects. Key advancements included higher-capacity ExpressRoute and VPN gateways, simplified global connectivity via Virtual WAN, enhanced multicloud integration, and robust resiliency tools. Security was strengthened with DNS Security Policies and threat intelligence. AI-driven management tools like Azure Copilot made network operations more intelligent. These investments ensured Azure could meet unprecedented hybrid and AI workload demands, delivering secure, high-performance connectivity and setting the stage for self-optimizing, AI-powered networks in the future. How to Modernise a Microsoft Access Database (Forms + VBA) to Node.JS, OpenAPI and SQL Server Team Blog: Azure Architecture Author: anthkernan Published: 12/08/2025 Summary: The article details the modernization of Microsoft Access databases—traditionally reliant on forms and VBA—to scalable, standards-based architectures using Node.js, OpenAPI, SQL Server, and optionally MongoDB. Key steps included migrating data to SQL Server (via SSMA and Liquibase), generating RESTful APIs, translating business logic to Node.js, and recreating user interfaces with accessibility in mind. GitHub Copilot dramatically accelerated development, automating code, documentation, and testing. The approach reduced delivery time from months to weeks, preserved business functionality, and offers a blueprint for organizations seeking efficient, AI-powered legacy system upgrades. From Large Semi-Structured Docs to Actionable Data: Reusable Pipelines with ADI, AI Search & OpenAI Team Blog: Azure Architecture Author: anishganguli Published: 12/09/2025 Summary: The article outlines a robust, reusable pipeline for extracting actionable data from large, semi-structured documents—such as contracts, invoices, and compliance records—using Azure Document Intelligence, OpenAI, and AI Search. It details challenges like inconsistent layouts and cross-page dependencies, then presents a chunking, OCR, context-aware analysis, entity grouping, and extraction workflow. The solution emphasizes data stewardship, deterministic outputs, and rigorous evaluation for precision and reliability, supporting scalable downstream integration. Various deployment models and alternative approaches are discussed, making the architecture adaptable for enterprise compliance, analytics, and automation across industries.Check This Out! (CTO!) Guide (March 2026)
Member: TysonPaul | Microsoft Community Hub Automating Large‑Scale Data Management with Azure Storage Actions Team Blog: ITOps Talk Author: 1Nataraj Published: 02/25/2026 Summary: Azure Storage Actions is a fully managed, serverless automation platform that simplifies large-scale data management in Azure Blob and Data Lake Storage. It enables users to automate tasks such as tagging, tiering, deletion, and applying immutability based on customizable conditions—without custom code or infrastructure. Administrators can centrally define tasks and assign them across multiple storage accounts, with built-in preview, monitoring, and audit features. Use cases include compliance, cost optimization, and metadata management, making it ideal for organizations managing millions of items across vast storage estates. Azure Storage Actions is available in over 40 Azure regions. Migration, Modernization & Agentic Tools Team Blog: ITOps Talk Author: OrinThomas Published: 02/25/2026 Summary: The article discusses how agentic tools, such as those in Azure Copilot and GitHub Copilot, transform cloud migration and modernization from one-time projects into ongoing, autonomous systems. These tools dynamically discover environments, recommend modernization paths, automate migration steps, and continuously optimize workloads for cost, performance, security, and compliance. By embedding governance and leveraging real-time telemetry, agentic tools reduce manual effort, minimize errors, and ensure migrations are efficient, secure, and aligned with enterprise standards, providing continuous improvement post-migration. What’s new in FinOps toolkit 13 – January 2026 Team Blog: FinOps Author: Michael_Flanakin Published: 02/09/2026 Summary: The January 2026 update to the FinOps toolkit focuses on stability, usability, and community engagement. Key enhancements include improved documentation, new features like configurable Key Vault purge protection, and expanded support for Parquet format and compression in Cost Management exports via PowerShell. Security, reliability, and extensibility have been strengthened for FinOps hubs, with numerous bug fixes across Power BI reports, workbooks, and the Azure Optimization Engine. The release highlights ongoing community involvement, upcoming features like AI automation, and premium services to help organizations deploy and scale the toolkit effectively. Managed Identity on SQL Server On-Prem: The End of Stored Secrets Team Blog: Core Infrastructure and Security Author: RyadB Published: 02/23/2026 Summary: **Summary:** The article explains how SQL Server 2025 on-premises, when connected to Azure Arc, can use Managed Identity to access Azure resources without storing secrets like SAS tokens or keys. This approach eliminates risks of secret storage, rotation, and auditing complexity by leveraging Microsoft Entra ID for identity management and RBAC for permissions. The article details configuration steps, migration from stored credentials, troubleshooting, and current limitations, highlighting improved security and simplified management for on-prem SQL Server accessing Azure services. Running Text to Image and Text to Video with ComfyUI and Nvidia H100 GPU Team Blog: Core Infrastructure and Security Author: HoussemDellai Published: 02/27/2026 Summary: This article provides a step-by-step guide for setting up and running ComfyUI, a node-based interface for AI-powered text-to-image and text-to-video generation, on Azure VMs with Nvidia H100 GPUs. It details both automated (Terraform) and manual setup methods, including installing drivers, dependencies, and downloading required models. The guide explains accessing ComfyUI’s web portal, workflow configuration, and model management to create high-quality images and videos efficiently. It also includes important notes about GPU driver compatibility and offers links to official documentation and scripts for further reference. Unlock outbound traffic insights with Azure StandardV2 NAT Gateway flow logs Team Blog: Azure Networking Author: cozhang Published: 02/06/2026 Summary: The article introduces Azure’s StandardV2 NAT Gateway, highlighting its new features such as zone-redundancy, enhanced performance, dual-stack support, and, notably, flow logs. Flow logs provide detailed visibility into outbound traffic, enabling security auditing, compliance, usage analytics, and troubleshooting. The article explains how to enable and use flow logs to diagnose connectivity issues and optimize network architecture. It emphasizes the importance of flow logs for monitoring established outbound connections and offers troubleshooting steps for connection drops, recommending best practices for resilient Azure deployments. Centralized cluster performance metrics with ReFrame HPC and Azure Log Analytics Team Blog: Azure High Performance Computing (HPC) Author: jimpaine Published: 02/06/2026 Summary: The article outlines how to integrate ReFrame HPC, a flexible high-performance computing testing framework, with Azure Log Analytics for centralized performance monitoring across diverse clusters and environments. It details deploying necessary Azure resources, configuring ReFrame for HTTP logging, and running performance tests with results sent to Log Analytics. This integration enables unified, standardized metrics collection, cross-cluster comparisons, trend analysis, and improved system visibility—supporting migration, development, and operational assurance in heterogeneous HPC environments. Azure Recognized as an NVIDIA Cloud Exemplar, Setting the Bar for AI Performance in the Cloud Team Blog: Azure High Performance Computing (HPC) Author: Fernando_Aznar Published: 02/18/2026 Summary: Microsoft Azure has been recognized as the first NVIDIA Exemplar Cloud for its world-class, end-to-end AI workload performance, now validated for both H100 and next-generation GB300 (Blackwell) systems. This designation reflects Azure’s optimized full-stack infrastructure—including compute, networking, and software integration—delivering predictable, efficient, and scalable AI training at production scale. Customers benefit from faster time-to-train, improved ROI, and confidence in Azure’s readiness for advanced AI workloads, ensuring consistent high performance from proof-of-concept to deployment without sacrificing cloud flexibility or manageability. Reference Architecture for Highly Available Multi-Region Azure Kubernetes Service (AKS) Team Blog: Azure Architecture Author: rgarofalo Published: 02/03/2026 Summary: The article presents a reference architecture for highly available, multi-region Azure Kubernetes Service (AKS) deployments. It compares active/active, active/passive, and deployment stamp models, detailing their trade-offs in availability, complexity, and cost. Key components include Azure Front Door for global traffic routing, geo-replicated data services, centralized monitoring, and consistent security controls. The architecture emphasizes resilience through fault isolation, automated recovery, and regular testing. It offers practical guidance for cloud architects to design AKS platforms that withstand regional outages, ensuring business continuity and scalable operations across Azure regions. Reactive Incident Response with Azure SRE Agent: From Alert to Resolution in Minutes Team Blog: Azure Architecture Author: Sabyasachi-Samaddar Published: 02/18/2026 Summary: **Summary:** The article details how Azure SRE Agent revolutionizes incident response by automating investigation and triage as soon as an alert fires, reducing resolution times from hours to minutes. Through two real-world scenarios—a SQL connectivity outage and a VM CPU spike—the agent autonomously diagnosed issues, proposed remediations, and required minimal human intervention. Custom Incident Response Plans and instructions enable context-aware, consistent, and rapid resolutions, with automated post-incident documentation. Key benefits include faster MTTR, reduced manual toil, and improved knowledge capture, though some technical challenges remain. Azure SRE Agent is currently in preview. Cross Forest Enrollment – PKISync.PS1 Team Blog: Ask the Directory Services Team Author: Manuel_Alvarez_V Published: 02/19/2026 Summary: The article explains how to use the PKISync.ps1 PowerShell script for cross-forest certificate enrollment in Active Directory environments. PKISync synchronizes PKI-related objects, such as certificate templates and CA configurations, from a source forest to a target forest, enabling certificate requests across forests. It details the setup requirements, including two-way forest trusts, LDAP referral configuration, and certificate publishing. Although PKISync is considered legacy, automating its use can facilitate simple cross-forest enrollment, but CEP/CES is recommended for modern, secure deployments. The article concludes with best practices and automation tips for PKISync. What’s New in Windows Group Policy Preferences Debug Logging Team Blog: Ask the Directory Services Team Author: TagoreN Published: 02/27/2026 Summary: The article outlines a new feature in Windows 11 24H2 and 25H2 (from February 2026 preview updates) that allows administrators to enable Group Policy Preferences (GPP) debug logging directly through Local Group Policy, not just domain-based GPOs. This simplifies troubleshooting by allowing detailed logging on client devices without domain reliance. The article explains how to configure logging, manage trace file locations, and set necessary permissions. Overall, this update enhances flexibility and efficiency for IT professionals managing and debugging GPP issues on Windows client devices. Public Preview: Restrict usage of user delegation SAS to an Entra ID identity Team Blog: Azure Storage Author: ellievail Published: 02/26/2026 Summary: Microsoft has announced the public preview of user-bound user delegation SAS for Azure Storage, enhancing security by restricting SAS token usage to a specific Microsoft Entra ID identity. This feature extends user delegation SAS, requiring the end user to authenticate with Entra ID to access storage resources. It supports cross-tenant scenarios and incurs no additional cost beyond standard storage transactions. User-bound SAS is available via REST APIs, SDKs, PowerShell, and CLI for all GPv2 storage accounts in public regions, with detailed steps provided for setup and role assignment. Azure Migrate: Now Supporting Premium SSD V2, Ultra and ZRS Disks as Targets Team Blog: Azure Storage Author: Lakshya_Jalan Published: 02/18/2026 Summary: Azure Migrate now supports Premium SSD v2, Ultra Disk, and ZRS Disks as migration targets, with Premium SSD v2 and ZRS generally available and Ultra Disk in public preview. This update enhances assessment and migration by enabling tailored recommendations based on workload performance needs, offering greater flexibility, performance, and resiliency. Users can now migrate demanding, mission-critical workloads to Azure using these advanced disk options, benefiting from features like zonal redundancy and customizable performance. The enhancements streamline migrations and ensure optimal resource alignment, supporting petabytes of data already migrated during the preview phase. Public Preview: Automatic zone balance for Virtual Machine Scale Sets Team Blog: Azure Compute Author: HilaryWang Published: 02/17/2026 Summary: Azure has introduced the public preview of automatic zone balance for Virtual Machine Scale Sets, which automatically monitors and redistributes VM instances across availability zones to maintain optimal resiliency. This feature addresses imbalances that can occur over time, minimizing the impact of zone failures without manual intervention. The system uses health checks, respects instance protection policies, and ensures workload capacity during rebalancing. Automatic instance repair is also enabled by default. Users can join the preview by enabling the feature and meeting specific prerequisites. This capability reduces operational overhead while enhancing workload reliability and zone-level resilience. Azure Automated Virtual Machine Recovery: Minimizing Downtime Team Blog: Azure Compute Author: Jon_Andoni_Baranda Published: 02/04/2026 Summary: Azure Automated Virtual Machine Recovery is a built-in Azure feature that minimizes VM downtime through fast, intelligent, and automated recovery processes. Without requiring customer setup, it continuously monitors VM health, rapidly detects failures, diagnoses issues, and applies the optimal recovery action, all without customer intervention. Leveraging detailed recovery event annotations, it provides deep visibility into incident timelines and helps optimize recovery strategies. Over the past 18 months, this system has halved average VM downtime, strengthening business continuity, reducing financial impact, and reinforcing customer trust in Azure’s reliable cloud platform. Support tip: Resolve device noncompliance with Mobile Threat Defense partner apps Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 02/02/2026 Summary: This article provides guidance for resolving device noncompliance issues when using Mobile Threat Defense (MTD) partner apps, like Microsoft Defender for Endpoint, with Microsoft Intune. It outlines troubleshooting steps for users to restore compliance—installing, activating, refreshing, or reinstalling the MTD app—and checking compliance status. It also details simplified remediation workflows for iOS/iPadOS and methods for resetting the MTD connection on Android if sign-out is blocked, helping users regain access to work or school resources and reducing support overhead. How to enable HTTPS support for Microsoft Connected Cache for Enterprise and Education Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 02/20/2026 Summary: Starting June 16, 2026, Intune will require HTTPS for Microsoft Connected Cache when delivering Win32 apps. To maintain caching benefits and reduce bandwidth, administrators must configure HTTPS on Connected Cache nodes using a CA-signed TLS certificate. The guide details generating a CSR on the node, signing and importing the certificate, and validating HTTPS on both Windows and Linux hosts. It also covers troubleshooting, maintenance, and renewal. Without HTTPS, devices will revert to using the CDN for Intune app downloads. Other content types remain unaffected. Early configuration ensures seamless transition and continued performance benefits. The Copilot resource guide to share with your employees Team Blog: FastTrack Author: JulieHersum Published: 02/19/2026 Summary: The article introduces the "Essential Copilot resource hubs for employees," a centralized guide designed to streamline Microsoft Copilot onboarding and support. It helps adoption leaders structure learning paths, IT admins share resources efficiently, and all employees access consistent guidance. The guide consolidates key Microsoft Copilot resources, making it easier for organizations to accelerate adoption and customize internal policies. Additional support is available through FastTrack and the Microsoft 365 Accelerator site, offering expert guidance, templates, and personalized assistance to boost Copilot deployment and change management efforts. Copilot adoption: Move your org from pilot to production with this guide Team Blog: FastTrack Author: JulieHersum Published: 02/19/2026 Summary: The article introduces a comprehensive guide for IT admins and Copilot adoption leads to streamline the rollout of Microsoft 365 Copilot. Organized around the adoption lifecycle (plan, build, operate), the guide highlights eight essential resource hubs, practical rollout steps, and audience-specific resources to ensure effective, governed adoption. It also promotes Microsoft FastTrack, which offers expert support, self-service resources, and personalized assistance to accelerate and scale Copilot deployment at no extra cost. Azure Virtual Desktop is now available in US Gov Texas in Azure Government Team Blog: Azure Virtual Desktop Author: Ron_Coleman Published: 02/04/2026 Summary: Azure Virtual Desktop is now available in the USGov Texas region of Azure Government, offering customers a new option for deploying secure and flexible virtual desktop environments. This expansion enables improved connection performance, reduced latency, and enhanced responsiveness by allowing host pool creation directly in the region. It supports mission needs, geographic distribution, and regulatory requirements, while maintaining Azure Government’s compliance and security standards. Customers can now leverage multiple regions for greater flexibility and performance in their virtual desktop deployments. RDP Shortpath (UDP) over Private Link is now generally available Team Blog: Azure Virtual Desktop Author: Rinku_Dalwani Published: 02/17/2026 Summary: Azure Virtual Desktop now supports UDP-based RDP Shortpath over Private Link, enabling direct, high-performance RDP connections between session hosts and clients using private IPs. This complements existing TCP connectivity, helping customers with strict private network boundaries. Administrators must explicitly enable UDP in Azure portal settings to use this feature. The opt-in model ensures secure and predictable transport, giving full control over UDP introduction. This enhancement is recommended for customers needing precise routing and policy enforcement in regulated environments, while standard AVD connectivity remains suitable for most deployments. Full configuration guidance is available in Azure documentation. Migrating Workloads from AWS to Azure: A Structured Approach for Cloud Architects Team Blog: Azure Migration and Modernization Author: rhack Published: 02/18/2026 Summary: The article outlines a structured, five-phase approach for migrating workloads from AWS to Azure, emphasizing a like-for-like architecture to minimize risk and maintain operational stability. Key phases include planning, preparation, execution, evaluation, and decommissioning, each requiring thorough documentation, stakeholder alignment, testing, and validation. The recommended migration strategy is blue/green deployment for risk mitigation. The workload team should lead the migration, supported by external Azure experts. Success depends on careful planning, phased execution, and post-migration optimization, with organizational knowledge-sharing encouraged for future improvements. Modernizing for the AI Era: Accelerating Application Transformation with Agentic Tools Team Blog: Azure Migration and Modernization Author: MarcoB Published: 02/12/2026 Summary: The article highlights the urgent need for organizations to modernize legacy applications to thrive in the AI era. Legacy systems drain resources and hinder innovation, but new agentic tools—such as GitHub Copilot, Azure Migrate, and Azure Copilot—use AI to automate and accelerate application transformation. These tools reduce manual effort, boost accuracy and safety, and make modernization accessible, empowering teams to focus on innovation. The result is faster, safer, and more consistent modernization, enabling organizations to continuously evolve their applications for intelligent, cloud-optimized environments. Practical steps and resources are provided to guide organizations in getting started. Secure DNS with DoH: Public Preview for Windows DNS Server Team Blog: Networking Author: JorgeCañas Published: 02/09/2026 Summary: Microsoft has launched a public preview of DNS over HTTPS (DoH) for Windows DNS Server, enabling encrypted and authenticated DNS queries within on-premises networks. This upgrade enhances security and privacy by preventing DNS traffic from being exposed or intercepted, aligning with Zero Trust principles and U.S. federal requirements. The DoH feature, included in the February 2026 update for Windows Server 2025, is disabled by default and currently intended for evaluation only. Existing DNS functionality remains unchanged, with new tools added for DoH management. Feedback is encouraged to improve the feature before general availability. Announcing Public Preview: Simplified Machine Provisioning for Azure Local Team Blog: Azure Arc Author: PragyaDwivedi Published: 02/26/2026 Summary: Microsoft has announced the Public Preview of Simplified Machine Provisioning for Azure Local, streamlining edge infrastructure deployment. The new process centralizes configuration in Azure, requiring minimal on-site expertise—staff only need to rack, power on hardware, and insert a prepared USB. Secure provisioning uses industry standards like FIDO Device Onboarding and Azure Arc Site for consistent, automated deployments across multiple locations. IT teams manage and monitor provisioning remotely, reducing errors and speeding up setup. Once complete, machines are ready for cluster creation and workload deployment, significantly simplifying and scaling Azure Local deployments. Azure CLI Windows MSI Upgrade Issue: Root Cause, Mitigation, and Performance Improvements Team Blog: Azure Tools Author: Alex-wdy Published: 02/03/2026 Summary: The article discusses a critical issue affecting Azure CLI upgrades on Windows using the MSI installer, where users upgrading from version 2.76.0 (or earlier) to 2.77.0 (or later) encountered startup crashes due to missing Python extension files. The root cause was a versioning conflict during upgrade, leading to incomplete installations. The article details recovery steps, recommends upgrading to version 2.83.0, and highlights improvements to the MSI upgrade process, making installations faster and more reliable by simplifying file replacement logic and eliminating slow version checks. Users are encouraged to upgrade and report issues if encountered. Navigating the 2025 holiday season: Insights into Azure’s DDoS defense Team Blog: Azure Network Security Author: Jdasari Published: 02/18/2026 Summary: During the 2025 holiday season, Azure observed a rise in burst-style DDoS attacks, with high-intensity, short-lived surges targeting packet processing and connection-handling layers. Most attacks were automated and brief, but the cumulative impact was operationally draining, especially for latency-sensitive sectors like gaming. Botnet-driven attacks rapidly shifted targets, exploiting inconsistent defenses. Azure DDoS Protection mitigated over 174,000 attacks, underscoring the need for always-on, automated, and layered security. Organizations are urged to standardize protections, proactively monitor, and adopt Zero Trust and multi-layered defense strategies to ensure resilience against evolving threats in 2026. A Practical Guide to Azure DDoS Protection Cost Optimization Team Blog: Azure Network Security Author: SaleemBseeu Published: 02/18/2026 Summary: The article provides strategies for optimizing Azure DDoS Protection costs. It explains the differences between DDoS Network Protection (best for large-scale, centralized management) and DDoS IP Protection (for few, specific endpoints). Key recommendations include consolidating protection plans to reduce base costs, selectively applying protection based on workload exposure, preventing unnecessary spend via regular reviews, and using cost management tools and tagging for visibility. The guide emphasizes aligning protection with actual risk and criticality, and offers scripts and checklists to support ongoing cost-efficient DDoS defense.Check This Out! (CTO!) Guide (August 2025)
Member: TysonPaul | Microsoft Community Hub Enhance Your Data Protection Strategy with Azure Elastic SAN’s Newest Backup Options Team Blog: Azure Storage Author: adarsh_v Published: 08/18/2025 Summary: Azure Elastic SAN now supports public preview integrations with Azure Backup and Commvault, providing automated, managed backup and recovery for Elastic SAN volumes. Azure Backup offers independent, crash-consistent snapshots, up to 450 daily restore points, simplified management, and seamless Azure integration. Commvault delivers enterprise-grade protection, snapshot-based backups, flexible recovery (including cross-region restores), and indefinite retention, supporting both Windows and Linux VMs. These solutions enhance data protection against loss, ransomware, and errors, ensuring secure, recoverable cloud storage for various organizational needs. Azure Backup suits single-volume scenarios, while Commvault is ideal for complex, multi-volume enterprise deployments. Finding the Right Page number in PDFs with AI Search Team Blog: Azure PaaS Author: samsarka Published: 08/11/2025 Summary: The article discusses how AI-powered search can accurately extract and associate page numbers with search results in large PDF documents using Azure Blob Storage and Azure AI Search. It details technical steps such as configuring storage permissions, applying OCR skillsets, setting up parent-child index projections, and defining search index schemas. By rendering each PDF page as an image and processing it with OCR, the system enables precise, page-level content retrieval, facilitating better navigation, citation, and trust in AI-generated responses for users searching within complex documents. Protect against SharePoint CVE-2025-53770 with Azure Web Application Firewall (WAF) Team Blog: Azure Network Security Author: yuvalpery Published: 08/11/2025 Summary: Microsoft disclosed CVE-2025-53770, a critical vulnerability in on-premises SharePoint Server (2010, 2013, 2016, 2019, SE) allowing unauthenticated remote code execution via authentication bypass and deserialization flaws. Patches are available for 2016, 2019, and SE, but not for 2010 or 2013. Organizations should immediately apply updates, restrict access to unsupported versions, and implement custom Azure Web Application Firewall (WAF) rules to detect and block attack patterns targeting vulnerable SharePoint endpoints, as detailed in Microsoft’s official guidance. Azure CNI Overlay for Application Gateway for Containers and Application Gateway Ingress Controller Team Blog: Azure Networking Author: jonw Published: 08/29/2025 Summary: Microsoft has announced the general availability of Azure CNI Overlay for Application Gateway for Containers and AGIC. This integration enhances IP scalability and performance for AKS clusters by enabling direct pod-to-pod routing without encapsulation overhead. It addresses key challenges like IP exhaustion and load balancing for containerized applications. The solution supports over 1 million IPs across clusters in the same VNet and ensures feature parity with kubenet, which is being retired. Customers can now upgrade AKS networking to Azure CNI Overlay while maintaining business continuity and leveraging a high-performance ingress solution. Announcing more Azure VMware Solution enhancements Team Blog: Azure Migration and Modernization Author: christopheherrbach Published: 08/25/2025 Summary: Microsoft announced several enhancements to Azure VMware Solution (AVS) at VMware Explore in Las Vegas, including expansion to 35 global regions with eight more planned by year-end. AVS now offers improved support for VMware Cloud Foundation, DISA IL5 authorization for government use, flexible Azure NetApp Files storage options, and expanded Azure Elastic SAN support for all node types. These updates make AVS a robust choice for migrating and optimizing VMware workloads in Azure, with resources available for learning and skill-building through the Azure VMware Solution 2025 Learn Challenge. Container Networking with Azure Application Gateway for Containers (AGC): Overlay vs. Flat AKS Team Blog: Azure Infrastructure Author: lakshaymalik Published: 08/31/2025 Summary: Azure Application Gateway for Containers (AGC) integrates with AKS using two networking models: Overlay (Azure CNI Overlay) and Flat (Azure CNI Pod/Node Subnet). Overlay conserves VNet IPs by assigning pods overlay CIDRs, while Flat gives pods VNet-routable IPs for direct access. AGC auto-detects the model, requires a /24 subnet, supports network policies, and leverages Layer-7 routing and security features. Deployment uses Gateway API resources without changes for either model. Overlay requires ALB Controller v1.7.9+. AGC enables flexible, secure, and scalable ingress for AKS, integrating with Azure’s security and monitoring tools. Designing for Certainty: How Azure Capacity Reservations Safeguard Mission‑Critical Workloads Team Blog: Azure Governance and Management Author: Goutham_Bandapati Published: 08/25/2025 Summary: Azure Capacity Reservations allow organizations to secure specific VM resources in designated regions or zones, ensuring availability for mission-critical workloads during demand spikes. Unlike Reserved Instances, which offer cost savings for steady usage but don’t guarantee resource access, Capacity Reservations guarantee placement but incur costs even if idle. Combining both approaches—reserving capacity for reliability and using Reserved Instances for savings—mitigates risk, optimizes costs, and enhances resilience against unpredictable cloud demand, especially for regulated, latency-sensitive, or high-stakes workloads. This strategy is essential across all major clouds to transform capacity from a risk into a managed asset. Upcoming Changes to Instance Size Flexibility Ratios for Azure Reservations: What You Need to Know Team Blog: Azure Compute Author: kyleikeda Published: 08/04/2025 Summary: On September 4, Azure will update instance size flexibility ratios for reservations covering select Virtual Machines, Azure Redis Cache, and Dedicated Hosts. These changes, aimed at optimizing reservation discounts, may impact reservation coverage—potentially increasing or decreasing the number of units covered—without changing prices. Users should review impacted SKUs and monitor reservation utilization after the update to manage costs effectively. Recommendations include adjusting usage, exchanging reservations, or utilizing Azure Advisor for cost-saving strategies. Guidance is available in the Azure Portal and Microsoft documentation. SQL Server enabled by Azure Arc is now generally available in the US Government Virginia region Team Blog: Azure Arc Author: AbdullahMSFT Published: 08/14/2025 Summary: SQL Server enabled by Azure Arc is now generally available in the US Government Virginia region, allowing government agencies to manage on-premises SQL Server instances through the Azure Government portal securely and compliantly. Key features include onboarding SQL Server instances, inventory management, extended security updates, and licensing management. Some advanced features, like failover clustering and certain services, were initially unavailable but have since been enabled, including Always On availability groups and SQL Server services. This launch marks a significant step for hybrid data management in the government cloud, with further enhancements planned. Mobile Plans moves to the web Team Blog: Windows OS Platform Author: HunterM Published: 08/28/2025 Summary: Microsoft is retiring the Windows Mobile Plans app to simplify mobile data activation on PCs. Users will now buy and manage cellular plans directly through mobile operator websites and Windows Settings, eliminating the need for a separate app. eSIM activation will be streamlined and secure, with device IDs shared via Windows Settings. The transition begins in the second half of 2025, with full retirement by February 2026. Existing cellular functions remain unaffected. Operators gain more control over the activation process, and Microsoft is supporting them through the transition for a seamless user experience. System Center 2022 Update Rollup 3 Team Blog: System Center Author: AakashMSFT Published: 08/25/2025 Summary: System Center 2022 Update Rollup 3 (UR3) delivers stability, security, and compatibility improvements across Operations Manager, Service Manager, Virtual Machine Manager, and Orchestrator. Key updates include expanded guest OS support (Windows Server 2025, multiple Linux distributions), HTTPS-by-default for storage providers, enhanced console stability, restored Teams notifications, improved platform stability on new CPUs/OS builds, .NET 8 and gMSA support for Orchestrator, and TLS 1.3 enablement. UR3 incorporates previous fixes from UR2 and can be installed even if UR2 failed, reflecting Microsoft’s ongoing commitment to regular quality updates. Windows Server 2025 Software Defined Datacenter: Networking Deployment Series (4/6) Team Blog: Networking Author: cindywan Published: 08/28/2025 Summary: Part 4 of the Windows Server 2025 Networking Deployment Series details how Contoso Medical Center secures its Software Defined Datacenter using SDN features. By leveraging Network Security Groups (NSGs), tag-based segmentation, and Default Network Policies (DNP), Contoso enforces Zero Trust, automates VM protection, and ensures consistent security from creation. These capabilities simplify policy management, enhance compliance, and protect critical healthcare workloads without manual firewall rules. The article also previews upcoming topics on Accelerated Networking and SDN Multisite, and encourages readers to try these features using Windows Admin Center and SDNExpress v2. Certifications refresh: AI-focused and fundamentals updates Team Blog: Microsoft Learn Author: GretchenLaBelle Published: 08/28/2025 Summary: Microsoft Learn is updating its certification and training offerings to focus on AI, Microsoft 365, Copilot, and agents, reflecting the growing integration of AI in business. New certifications will validate foundational and expert AI skills, while beginner-level courses for various functional roles are being introduced. Microsoft will retire select Fundamentals Certifications (MS-900, MB-910, MB-920) after December 31, 2025, but earned certifications remain valid. Applied Skills micro-credentials are also available, with a chance to win a 50% exam voucher. More details on new AI-focused certifications will be announced soon. Unlocking Flexibility with Azure Files Provisioned V2 Team Blog: ITOps Talk Author: Pierre_Roman Published: 08/14/2025 Summary: Azure Files Provisioned V2 introduces a flexible billing model, letting users independently provision storage, IOPS, and throughput for predictable costs and enhanced performance. Unlike previous models, it eliminates per-operation fees and enables scaling up to 50,000 IOPS and 5 GiB/sec throughput per share. This simplifies management, supports larger workloads, and often lowers costs by 30–50% for active use cases. Provisioned V2 streamlines planning and budgeting, making Azure Files more cloud-friendly and enterprise-ready while addressing common pain points in cloud file storage. From the frontlines: Managing common kiosk scenarios in your business Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 08/28/2025 Summary: The article by Saurabh Sarkar discusses managing Windows kiosk devices using Microsoft Intune to boost productivity in sectors like airlines and restaurants. It outlines how Intune enables centralized configuration, security, and compliance for kiosk devices, highlighting a pizza restaurant scenario using Windows Autopilot and Edge kiosk mode. Key features include auto logon, restricted browser access, and automated Wi-Fi connectivity. The post emphasizes best practices for deploying, managing, and securing frontline devices, and references further resources for effective kiosk management. Provider-Managed Azure Subscriptions: Cost Control and Commitment Clarity Team Blog: FinOps Author: Dirk_Brinkmann Published: 08/29/2025 Summary: The article discusses scenarios where enterprise customers allow service providers to manage Azure subscriptions using the provider’s tenant, while billing remains with the customer. This arrangement enables customers to maintain full control over pricing, cost allocation, and Azure Consumption Commitment (MACC) utilization, with complete cost visibility. Service providers manage resources but have limited access to pricing and billing details. Clear governance, billing policies, and RBAC configurations are essential for effective management, ensuring decoupled operational control and cost ownership between customers and service providers. Governing Copilot agents: Your next step starts here Team Blog: FastTrack Author: JulieHersum Published: 08/21/2025 Summary: Rob Howard’s article outlines a practical governance framework for managing Microsoft 365 Copilot AI agents. It emphasizes three pillars: security controls via Microsoft Purview, management controls through admin centers, and agent usage reporting for compliance. The article introduces governance zones—sandbox, controlled, and trusted—for phased Copilot deployment based on risk and data sensitivity. Additional resources include a readiness checklist, deployment examples, tool integration links, and previews of upcoming guidance. The article is part of Microsoft’s FastTrack initiative, providing IT admins with ongoing support and resources for effective Copilot governance. Transforming Enterprise AKS: Multi-Tenancy at Scale with Agentic AI and Semantic Kernel Team Blog: Core Infrastructure and Security Author: jianshn Published: 08/29/2025 Summary: The article details how to deploy Agentic AI using Semantic Kernel on Azure Kubernetes Service (AKS) with a scalable, secure multi-tenant architecture. By isolating tenants through AKS namespaces, dedicated node pools, managed identities, and RBAC/ABAC for Azure Blob Storage, the solution ensures strong data and compute separation, minimizing cross-tenant risks and optimizing resource use. The post provides step-by-step implementation guidance, including credential scoping and deployment of AI agents, enabling enterprise-grade multi-tenancy for AI workloads with operational flexibility, cost efficiency, and security. Announcing MSGraph Provider Public Preview and the Microsoft Terraform VSCode Extension Team Blog: Azure Tools Author: stevenjma Published: 08/14/2025 Summary: Microsoft has announced the public preview of the Terraform MSGraph provider and the new Microsoft Terraform VSCode extension. The MSGraph provider enables managing Entra and M365 Graph APIs, offering broader and more immediate support for Microsoft cloud resources compared to the AzureAD provider. The VSCode extension consolidates AzureRM, AzAPI, and MSGraph support, adds features like exporting Azure resources as Terraform code, and enhances coding with IntelliSense and code samples. These tools aim to streamline infrastructure-as-code workflows, simplify resource management, and accelerate automation for Terraform practitioners in the Microsoft ecosystem.Check This Out! (CTO!) Guide (June 2025)
Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!Check This Out! (CTO!) Guide (January 2026)
Member: TysonPaul | Microsoft Community Hub From classroom to workforce: Helping higher ed faculty prepare students for what’s next Team Blog: Microsoft Learn Author: RWortmanMorris Published: 01/15/2026 Summary: Microsoft is partnering with higher education institutions to prepare students and faculty for an AI-driven workforce. Through tools like AI Skills Navigator, Microsoft Learn for Educators, and the Microsoft Student Ambassadors program, they offer free, flexible training, credentials, and community support to develop practical AI and digital skills. These initiatives help faculty integrate AI into teaching, empower students with job-ready skills, and provide recognized certifications valued by employers. Microsoft also provides free access to Microsoft 365 and LinkedIn Premium, aiming to support lifelong learning, teaching innovation, and successful career pathways in the evolving educational landscape. Azure Arc Portal Update: Simplifying Onboarding and Management at Scale Team Blog: Azure Migration and Modernization Author: MarcoB Published: 01/16/2026 Summary: The updated Azure Arc portal streamlines onboarding and management of hybrid and multi-cloud resources. Key improvements include a redesigned landing page, guided onboarding via interactive questionnaires, and unified machine onboarding flows for greater simplicity. Navigation is reorganized for better clarity, and dashboards now offer adaptive summaries and actionable insights, transforming management tasks into intuitive actions. These enhancements aim to make Azure Arc more accessible and scalable, enabling users to efficiently manage external resources and focus on delivering business value instead of dealing with complexity. Resolve-DnsName vs. nslookup in Windows Team Blog: Networking Author: JamesKehr Published: 01/08/2026 Summary: The article compares nslookup and Resolve-DnsName for DNS troubleshooting in Windows. Nslookup is widely used but operates independently of Windows DNS client resolver, potentially causing inaccurate results due to quirks like DNS suffix handling and lack of support for modern DNS features. Resolve-DnsName, a PowerShell cmdlet, integrates with Windows DNS-CR, providing accurate results, support for DNSSEC, secure DNS, and flexible parameters. For Windows-centric troubleshooting and automation, Resolve-DnsName is recommended, while nslookup remains useful for basic queries and diagnosing DNS client issues. Understanding their differences ensures reliable DNS troubleshooting. Data Center Quantized Congestion Notification: Scaling congestion control for RoCE RDMA in Azure Team Blog: Azure Networking Author: VamsiVadlamuri Published: 01/13/2026 Summary: Microsoft Azure uses Data Center Quantized Congestion Notification (DCQCN) to enable high-throughput, low-latency RDMA-based storage across its global data centers. DCQCN, combined with Priority Flow Control, dynamically manages congestion using ECN-based feedback, ensuring reliable performance even with diverse hardware and network conditions. Azure addressed interoperability challenges between NIC generations by tuning DCQCN parameters and optimizing feedback mechanisms. As a result, Azure achieves line-rate RDMA performance, significant CPU savings, reduced latency, and near-zero packet loss, making DCQCN essential for scalable and resilient cloud storage infrastructure. What is going on with RC4 in Kerberos? Team Blog: Ask the Directory Services Team Author: WillAftring Published: 01/26/2026 Summary: Microsoft is phasing out RC4 usage in Kerberos authentication due to security concerns, with major changes starting in January 2026. RC4 will be removed as a default encryption type, and new auditing tools will help identify dependencies. Enforcement begins April 2026, with rollback options until July 2026. While DES is already removed, RC4 remains supported for critical legacy needs if properly configured. Microsoft encourages users to migrate away from RC4 and offers resources and support for environments still dependent on it. Redis Keys Statistics Team Blog: Azure PaaS Author: LuisFilipe Published: 01/21/2026 Summary: The article explains how to gather Redis key statistics, focusing on Time-to-Live (TTL) and key size, to troubleshoot cache usage and performance. It provides two Bash+LUA script solutions: one for key statistics (counting keys by TTL and size thresholds), and another for listing key names meeting specified TTL and size criteria. The article highlights the importance of managing TTL and key sizes for optimal Redis performance and warns that running these scripts can impact Redis workloads due to their need to scan all keys. Usage instructions, parameters, and performance considerations are detailed. Azure Arc Server Jan 2026 Forum Recap Team Blog: Azure Arc Author: Aurnov_Chattopadhyay Published: 01/20/2026 Summary: The January 2026 Azure Arc Server Forum highlighted new machine management features in Azure Compute Hub, updates on Windows Server Hot Patch and its billing, a preview of TPM-based onboarding to Azure Arc, and a recap of major 2025 SQL Server announcements. Attendees are encouraged to stay updated with the latest Arc agent, provide feedback, and register for SQL Con 2026. The session’s recording is available on YouTube, and registration for future forums and newsletters is open, with the next session scheduled for February 19, 2026. Azure File Sync: Azure Arc Integration, Additional Regions, and Secure Syncing Team Blog: Azure Storage Author: grace_kim Published: 01/16/2026 Summary: Azure File Sync now integrates with Azure Arc, enabling simplified deployment and management of hybrid file services. The service expands to four new regions—Italy North, New Zealand North, Poland Central, and Spain Central—offering improved regional data residency and performance. Enhanced security is provided through managed identities, eliminating the need for manual credential management. From January 2026, File Sync will incur no per-server cost for Windows Server Software Assurance customers using Azure Arc and File Sync agent v22+. These updates streamline onboarding, ensure secure access, and support scalable, predictable hybrid storage solutions. Announcing Public Preview of User delegation SAS for Azure Tables, Azure Files, and Azure Queues Team Blog: Azure Storage Author: ellievail Published: 01/16/2026 Summary: Microsoft has announced the public preview of user delegation SAS (UD SAS) for Azure Tables, Azure Files, and Azure Queues in all regions, expanding secure access beyond Azure Blobs. UD SAS ties SAS tokens to user identities via Entra ID and RBAC, enabling more granular, delegated access to storage resources. There’s no additional cost, and it’s available through REST APIs, SDKs, PowerShell, and CLI. Eligible storage accounts can use UD SAS without special settings, and setup involves assigning RBAC roles, obtaining a user delegation key, creating the SAS token, and sharing it securely. Deploy PostgreSQL on Azure VMs with Azure NetApp Files: Production-Ready Infrastructure as Code Team Blog: Azure Architecture Author: GeertVanTeylingen Published: 01/15/2026 Summary: The article details how deploying PostgreSQL on Azure VMs with Azure NetApp Files is simplified using production-ready Infrastructure as Code (IaC) templates. These templates automate setup, optimize storage performance, and enhance security, eliminating manual configuration and reducing deployment time from hours to minutes. Teams can use Terraform, ARM templates, or PowerShell for flexible, repeatable workflows across development and production environments. Key benefits include consistent environments, enterprise-grade features, rapid provisioning, cost efficiency, and support for AI/ML workloads and database migrations. The solution ensures scalable, secure, and high-performance PostgreSQL deployments on Azure. Unlocking Advanced Data Analytics & AI with Azure NetApp Files object REST API Team Blog: Azure Architecture Author: GeertVanTeylingen Published: 01/15/2026 Summary: The article details how the Azure NetApp Files object REST API enables S3-compatible object access to enterprise file data stored on Azure NetApp Files, eliminating the need for data copying or restructuring. This dual-access approach allows analytics and AI platforms, including Azure Databricks and Microsoft OneLake, to operate directly on NFS/SMB datasets, preserving performance, security, and governance. Integration scenarios, technical implementation, and video guides are provided to help organizations streamline data architectures, minimize data movement, and accelerate real-time insights across analytics and AI workflows. Release of Bicep Azure Verified Modules for Platform Landing Zone Team Blog: Azure Tools Author: ztrocinski Published: 01/20/2026 Summary: **Summary:** Microsoft has released Azure Verified Modules (AVM) for Platform Landing Zones using Bicep, providing a modular, customizable, and officially supported approach to Infrastructure as Code (IaC). The framework features 19 independently managed modules, supports full configuration, and integrates Azure Deployment Stacks for improved resource lifecycle management. Bicep AVM replaces classic ALZ-Bicep, which will be deprecated by 2027. Key benefits include end-to-end customization, faster innovation, independent policy management, and modernized parameter files, making Azure deployments more flexible, maintainable, and aligned with enterprise best practices. Migration guidance will be provided for existing users. Improving Efficiency through Adaptive CPU Uncore Power Management Team Blog: Azure Compute Author: PulkitMisra Published: 01/21/2026 Summary: The article discusses Microsoft Azure’s adoption of adaptive CPU uncore power management, focusing on Efficiency Latency Control (ELC) co-designed with Intel for Xeon 6 processors. ELC enables dynamic adjustment of uncore frequency based on CPU utilization, improving power efficiency without sacrificing performance. Real-world tests show up to 11% power savings at moderate loads and 1.5× performance-per-watt improvements at low loads. This approach allows Azure to deploy more servers within existing datacenter power constraints, enhancing sustainability and responsiveness to evolving cloud workload demands through hardware–software co-design. Announcing General Availability of Azure Da/Ea/Fasv7-series VMs based on AMD ‘Turin’ processors Team Blog: Azure Compute Author: ArpitaChatterjee Published: 01/27/2026 Summary: Microsoft has announced the general availability of Azure’s new AMD-based Da/Ea/Fasv7-series Virtual Machines powered by 5th Gen AMD EPYC ‘Turin’ processors. These VMs offer improved CPU performance, scalability, memory capacity, network, and storage throughput, with up to 35% better price-performance than previous AMD v6 VMs. They cater to diverse workloads, including general, memory, and compute-intensive tasks, and feature enhanced security and flexible configurations. Available across multiple Azure regions, these VMs deliver significant workload-specific gains and are praised by customers and technology partners for performance and efficiency improvements. Determine Defender for Endpoint offboarding state for Linux devices Team Blog: Core Infrastructure and Security Author: edgarus71 Published: 01/21/2026 Summary: The article describes a method for quickly determining the Microsoft Defender for Endpoint onboarding or offboarding state on Linux devices. Since the Defender portal can take up to 7 days to update offboarding status, a provided Bash script checks key indicators such as the onboarding file, Defender package installation, and service status. The script outputs whether the device is "ONBOARDED" or "OFFBOARDED," streamlining endpoint management and troubleshooting. It can be deployed at scale via Linux management tools and also run remotely from the Live Response console for onboarded devices. Conditional Access for Agent Identities in Microsoft Entra Team Blog: Core Infrastructure and Security Author: Farooque Published: 01/27/2026 Summary: Microsoft Entra introduces Agent Identities for AI systems and extends Conditional Access to them, but with limited controls compared to human users. Currently, Conditional Access only allows blocking agent identities and assessing agent risk during token acquisition, without supporting MFA, device compliance, or session controls. This is due to agents’ machine-driven authentication methods. Despite limitations, Conditional Access helps prevent compromised agents, enforce separation of duties, and manage AI sprawl. Agent Blueprints are not governed by Conditional Access. Future enhancements are expected, but for now, CA remains a minimal, identity-focused security layer for AI agents. Announcing Azure CycleCloud Workspace for Slurm: Version 2025.12.01 Release Team Blog: Azure High Performance Computing (HPC) Author: xpillons Published: 01/07/2026 Summary: The 2025.12.01 release of Azure CycleCloud Workspace for Slurm introduces integrated Prometheus monitoring with managed Grafana dashboards, Entra ID Single Sign-On for secure authentication, support for ARM64 compute nodes, and compatibility with Ubuntu 24.04 and AlmaLinux 9. These enhancements streamline HPC cluster management, improve security, and offer real-time performance insights, empowering technical teams to build scalable and efficient environments. The update simplifies monitoring setup and user access, reinforcing Azure’s commitment to flexible, secure, and innovative HPC solutions for scientific and technical communities. Scaling physics-based digital twins: Neural Concept on Azure delivers a New Record in Industrial AI Team Blog: Azure High Performance Computing (HPC) Author: lmiroslaw Published: 01/12/2026 Summary: Neural Concept, leveraging Azure HPC infrastructure, achieved record-breaking accuracy and efficiency in automotive aerodynamic predictions using MIT’s DrivAerNet++ dataset. Their geometry-native Geometric Regressor outperformed all previous methods in predicting surface pressure, wall shear stress, velocity fields, and drag coefficients. The workflow transformed 39TB of CFD data into a production-ready model within a week, enabling real-time predictions and significantly shortening design cycles. Customers have realized up to 30% faster development and $20M savings per 100,000 vehicles. This demonstrates the industrial impact of scalable, AI-driven engineering workflows in automotive design. Intune my Macs: Accelerating macOS proof of concepts with Microsoft Intune Team Blog: Intune Customer Success Author: Intune_Support_Team Published: 01/22/2026 Summary: Intune my Macs is an open-source starter kit from Microsoft that streamlines macOS management proof of concepts using Intune. It deploys over 31 recommended enterprise configurations—including security, compliance, identity, and applications—via a single PowerShell script, operating in dry-run mode by default. The project helps organizations quickly evaluate and implement Intune for macOS, offers practical configuration examples, reduces setup time to minutes, and includes documentation and analysis tools. It’s ideal for learning, testing, and customizing Intune policies for macOS environments, saving significant time and effort. Silicon to Systems: How Microsoft Engineers AI Infrastructure from the Ground Up Team Blog: Azure Infrastructure Author: Alistair_Speirs Published: 01/27/2026 Summary: The article details how Microsoft engineers its AI infrastructure by designing custom silicon, servers, accelerators, and data centers as an integrated system optimized for performance, power efficiency, and cost. Highlighting custom chips like Cobalt 200 and the Maia AI Accelerator platform, Microsoft emphasizes purpose-built hardware, advanced cooling solutions, and end-to-end system integration. This approach ensures reliable, efficient AI workloads at global scale, powering services like Copilot and Teams. The engineering process involves close coordination between hardware and software development, from silicon design to datacenter deployment, prioritizing power and thermal management throughout. Deep dive into the Maia 200 architecture Team Blog: Azure Infrastructure Author: sdighe Published: 01/26/2026 Summary: Maia 200 is Microsoft’s first custom AI inference accelerator, designed for efficiency and scalability in Azure. It features advanced silicon, memory hierarchy, and data movement architecture, delivering 30% better performance per dollar than previous hardware. Optimized for narrow precision arithmetic and large language models, Maia 200 supports high-throughput, low-latency inference, and integrates seamlessly with Azure’s cloud infrastructure and developer tools. Its innovative interconnect and software stack enable reliable, scalable multi-tenant AI deployments, powering workloads like GPT-5.2 in Microsoft Foundry and 365 Copilot. Maia 200 sets a new standard for cloud-native, cost-effective AI inference.
