Azure Weekly
Issue 570
5th July 2026
Highlights this week include:
- Meet Brain: The AI system behind Azure reliability by Mark Russinovich - Azure’s Brain AI creates a digital twin of cloud health using telemetry, AI models, and service dependencies to enable faster issue detection.
- Microsoft's new Azure Linux 4.0 is here, and it could replace Windows Server in the enterprise by Steven J. Vaughan-Nichols - Azure Linux 4.0 adds container orchestration tools and improved security to compete with Windows Server in enterprises.
- Fan Intelligence for World Cup 2026 by Luke Murray - A World Cup 2026 fan intelligence platform built on AKS with Orleans, Drasi event pipelines, and 12 Microsoft Foundry-backed AI agents (goal explainers, briefings, bracket projections), open source and deployable via azd.
- Microsoft Entra Backup and Recovery is now generally available by Cindy Crane - Microsoft Entra Backup and Recovery now provides a 7-day retention period for critical identity data.
- Auditing UK energy policy without a cluster: a laptop, a duck, and twenty years of wind by Barry Smart - Barry Smart audits UK energy policy using a laptop, Python, DuckDB, and Gherkin for significant cost savings and insights.
- Announcing Fabric Weekly: a free Microsoft Fabric newsletter by Carmel Eve - Fabric Weekly provides weekly updates on Microsoft Fabric's developments in data engineering, reporting, storage, governance, management, and AI.
Yes, after many months of saying we were launching Fabric Weekly - we've actually done it! We'll stop covering Fabric news in this newsletter (in an attempt to bring the size down!). So if you're interested in Fabric - sign up for Fabric Weekly and also don't forget about Power BI Weekly! (and don't forget subscriptions are "double-opt-in" - you need to confirm your subscription).
🤖 AI
- Generally Available: Toolboxes in Microsoft Foundry Teams can now share standardized tools across prompt agents in Microsoft Foundry, enhancing consistency and cutting development time.
- Generally Available: Document PII NextGen Playground in Azure AI Language Azure AI Language's new General Availability Document PII NextGen Playground speeds up personal data detection evaluation with preloaded samples.
- Public Preview: Document PII playground sample in Microsoft Foundry NextGen The public preview allows users to test Azure AI Language's privacy protection features on a sample document.
- Azure Machine Learning vs Databricks Azure Machine Learning focuses on end-to-end model lifecycle and MLOps with Azure integration, while Databricks emphasizes big data processing.
- Fan Intelligence for World Cup 2026 A World Cup 2026 fan intelligence platform built on AKS with Orleans, Drasi event pipelines, and 12 Microsoft Foundry-backed AI agents (goal explainers, briefings, bracket projections), open source and deployable via azd.
- The 2026 Agent Confidence Index: Where 300 builders see real momentum The 2026 Agent Confidence Index survey shows technical experts give agents an average confidence score of 64 out of 100, with high trust in tasks.
- Spring AI 2.0 Goes GA, Giving Java Developers a More Mature AI App Stack Spring AI 2.0 advances the Java framework for generative AI apps with a Spring Boot 4 baseline, cleaner agentic tooling, Model Context Protocol support, and vendor-backed integrations including Azure Cosmos DB.
- Claude in Microsoft Foundry is now generally available Claude in Microsoft Foundry provides enterprises a streamlined route from AI experimentation to production using Azure-native tools.
- Practice the Hard Call: Real-Time Voice Training with Live Voice Practice Live Voice Practice offers AI-powered, scored roleplay for hard customer service calls using Azure Voice Live's real-time speech-to-speech service.
- Claude Sonnet 5 Is Now Generally Available in Microsoft Foundry Claude Sonnet 5 is now generally available in Microsoft Foundry, giving enterprises Anthropic's upgraded Sonnet model for coding, agents, and professional work with Azure-native authentication, billing, and governance.
- From Game to Operations: Exporting a Foundry-Designed Workforce as a Portable Bundle The final series post shows how a Foundry-designed org exports as a dependency-free, versioned JSON workforce bundle that any platform can ingest and provision behind its own human approval gate.
- Governed Intelligence per Dollar. What Healthcare Already Knows About Metrics That Lie. The article argues that intelligence-per-dollar repeats healthcare's fee-for-service mistake, proposing Governed Intelligence per Dollar that prices in clinical risk and audit posture before optimizing model cost.
- Foundry Control Plane and Agent 365: Two Control Planes Walk Into an Enterprise The post compares Microsoft Foundry Control Plane, which lets developers build, evaluate, trace, and operate agents, with Agent 365, which lets IT discover, govern, and secure agents, concluding most enterprises need both.
- Sales Agent is now generally available: Bringing customer and deal intelligence into the flow of work Sales Agent in MS 365 Copilot provides instant customer insights, reducing context-switching and boosting response speed.
- Episode 431: Agent Governance Is the New App Governance Agent governance in Microsoft 365 faces critical challenges with the rise of agentic workflows in Copilot, Copilot Studio, and third-party platforms.
- Anthropic Claude Goes GA in Microsoft Foundry Anthropic's Claude AI is now available in Microsoft Foundry to boost collaboration with Azure tools.
- Available today: Anthropic’s Claude Sonnet 5 in Microsoft 365 Copilot Anthropic's Claude Sonnet 5 is now available in Microsoft 365 Copilot, rolling out in Copilot Cowork and PowerPoint for agentic, multi-step document, spreadsheet, and presentation work.
- The Clinical App Store Has No Building Inspector. The article warns that Dragon Copilot vets each marketplace agent individually but nobody governs how stacked agents compose, letting errors propagate across a shared context no one reviews or monitors.
- Agent-to-Agent Communication: Connecting Foundry and LangGraph Agents via A2A The tutorial shows how to integrate a LangGraph agent on Azure Container Apps with a Foundry agent for efficient multi-agent workflows.
- Crafting an agent team that still includes me This article shows how to design an agent team prompt with human review points for guiding AI-driven iterative sprints and final code integration.
🔎 Analytics
- Generally available: Anthropic Claude Sonnet 5 on Azure Databricks Azure Databricks now supports Anthropic’s Claude Sonnet 5 generically, allowing users to use this efficient model in their data workflows.
- Power BI DirectQuery Mode: A Better Choice Than You Might Think The author now recommends a Fabric composite model with DirectQuery fact tables for very large data volumes, arguing it can match Import or Direct Lake on speed and cost through aggregations and CU smoothing.
- Never ship a broken semantic model again: how to build automated tests in Power BI with user-defined functions Power BI's new User Defined Functions (UDFs) enable reusable automated model tests via the open-source PQL.Assert library, runnable locally in Power BI Desktop or remotely via Power Automate or Fabric Notebooks — the latter also supporting row-level security testing through user impersonation.
- Auditing UK energy policy without a cluster: a laptop, a duck, and twenty years of wind Barry Smart audits UK energy policy using a laptop, Python, DuckDB, and Gherkin for significant cost savings and insights.
- Optimising DAX: Why Cardinality Matters Understanding cardinality is crucial for optimizing DAX performance due to its impact on memory usage and query speed.
- Item Recovery in Microsoft Fabric (Generally Available) Item Recovery in Microsoft Fabric is now generally available, letting you recover deleted items across supported workloads through the Workspace Recycle bin or REST API and configure tenant-wide recovery policies.
- Announcing Fabric Weekly: a free Microsoft Fabric newsletter Fabric Weekly provides daily updates on Microsoft Fabric's developments in data engineering, reporting, storage, governance, management, and AI.
- Fabric data agent API is now public: Build Fabric data agents into your tools and pipelines The public Fabric data agent API automates creation, configuration, and publishing of data agents for streamlined lifecycle management.
- Optimising DAX: The Cost of Relationships The post explains that VertiPaq relationship cost is driven by the key column's cardinality, making header/detail designs that link two large tables by a unique primary key especially expensive.
- Azure Data Factory – Automated deployments (CI/CD) using Azure DevOps Azure Data Factory integrates with Azure DevOps for automated CI/CD deployments, streamlining data pipeline management.
- Simplifying secure data access with Delegated OneLake Shortcuts (Preview) Delegated OneLake Shortcuts add an optional authentication mode that accesses target data through a configured connection identity, enabling delegated access management and cross-tenant sharing without provisioning every downstream user at the source.
- Supercharge your real-time data ingestion: What's new in Fabric Eventstream connectors Fabric Eventstream makes connector private network support, Apache Kafka, Azure Service Bus, and custom CA and mTLS generally available, plus preview capabilities for workspace identity, IoT Hub metadata, Oracle CDC, and HTTP pagination.
- Secure Azure and Fabric Event Flows Across Workspaces with Outbound Access Protection (Preview) Outbound Access Protection lets Fabric admins control which workspaces can consume Azure and Fabric event flows, blocking unauthorized access by default until the Real-Time Events connector is explicitly allowed.
🖥️ Compute
- Announcing public preview of new Mbv4 Virtual Machines The new Mbv4 VM series offers memory-optimized and storage-optimized configurations with up to 780,000 IOPS and 16GBps remote disk bandwidth, powered by 6th generation Intel Xeon processors and Azure Boost.
- How to build long-running MCP tools on Azure Functions The post shows how to build long-running MCP tools on Azure Functions using Durable Functions, returning a workflow id clients poll to handle work that exceeds typical client timeouts.
🚢 Containers
- Azure Container Apps with Paul Yuknewicz and Jan Kalis Paul Yuknewicz and Jan Kalis discuss how Azure Container Apps Express speeds startup and how Sandboxes use managed identity to reach Azure and external services like Salesforce and SAP without the agent handling credentials.
- Introducing kars - an Agent Reference Stack for Kubernetes Kars enforces per-pod kernel isolation, zero credentials, encrypted messaging, and unified governance for AI agents on Azure Kubernetes Service.
- Azure Container Apps Express for Shipping Container Apps Fast Azure Container Apps Express (public preview) uses MicroVM-based startup and disk/memory state restore to cut cold starts from ~20s to ~1.5s and environment provisioning from ~120s to ~14s by skipping upfront environment setup entirely.
- Implement Workload Identity in AKS The deep dive explains replacing vulnerable service account credentials with Microsoft Entra Workload Identity in Azure Kubernetes Service, covering federated identity configuration and managed identities.
- Azure Red Hat OpenShift in FY26: Modernization, Production AI, and a Decade of Partnership This FY26 review recaps Azure Red Hat OpenShift customer stories from Banco Bradesco and Akkuro, GA of OpenShift Virtualization, Confidential Containers, and Workload Identity, expansion to 47 countries, and ten years of the Red Hat partnership.
- I Shipped Two Headlamp Plugins: One Checks Your Cluster, One Makes the Dashboard Look Good The release adds a KubeBuddy Headlamp plugin for cluster health checks and an enhanced dashboard visualizer for better user experience.
- Microsoft's new Azure Linux 4.0 is here, and it could replace Windows Server in the enterprise Azure Linux 4.0 adds container orchestration tools and improved security to compete with Windows Server in enterprises.
- Running Containers on WSL with C# WSL Containers, now in public preview, let developers build, pull, and run Linux containers natively on WSL without Docker Desktop, using the new wslc CLI and the Microsoft.WSL.Containers SDK to start containers programmatically from C#.
- Exploring Nscale’s Fleet Operations - in a Home Lab The home lab recreates Nscale's Fleet Operations node lifecycle on Intel NUCs, using Temporal workflows to drive MAAS provisioning, Slurm burn-in testing, and OpenStack enrolment fully hands-off.
🗄️ Databases
- Generally Available: New Powershell module: Az.PostgreSQLFlexibleServer The new Az.PostgreSQLFlexibleServer PowerShell module simplifies managing Azure Database for PostgreSQL with enhanced functionality.
- Lessons Learned #542: Reviewing Historical Azure SQL Database Storage Growth The article outlines three ways to review Azure SQL Database storage growth: Azure Monitor metrics within retention, exporting metrics to Log Analytics for long-term KQL analysis, and a custom snapshot table.
- Azure SQL vs PostgreSQL The guide compares Azure SQL and PostgreSQL across engine, dialect, indexing, security, and cost, favoring Azure SQL for Microsoft-ecosystem integration and PostgreSQL for extensibility and lower cost at scale.
- Log Insights in Minutes: A Simpler pgBadger Workflow The post shows a simpler workflow for generating a pgBadger HTML report from Azure Database for PostgreSQL Flexible Server by downloading native .log files from the portal, avoiding storage accounts and JSON extraction.
- 3 Reasons Enterprise SQL Server Migrations Slow Down - and How to Avoid Them The post identifies downtime risk, cost uncertainty, and compatibility as the three blockers that stall enterprise SQL Server migrations to Azure SQL, positioning Azure SQL Managed Instance and Hyperscale as answers.
- Learn T-SQL With Erik: Aligning Queries and Indexes Part 1 In Part 1 of Learn T-SQL, Erik Darling rewrites a query using CROSS APPLY and MAX instead of a derived join, aligning it with an existing index to cut runtime from three seconds to about fifteen milliseconds.
- Azure Cosmos DB vs AWS DynamoDB The guide contrasts multi-model, five-consistency-level Azure Cosmos DB with single-model AWS DynamoDB, comparing their data models, global replication, indexing defaults, and Request Unit versus capacity-unit pricing.
- From RAG to agents: Build AI pipelines inside Azure HorizonDB Azure HorizonDB's preview AI pipelines let you define chunking, embedding, extraction, and generation steps in SQL that run durably next to your Postgres data, replacing external orchestrators and glue code.
- From SQL Server On-Premises to Claude Desktop: How I built a Full MCP Pipeline The article walks through building a Python fastMCP server, an HTTP-to-stdio proxy, and a Docker deployment so Claude Desktop can query a SQL Server database like Wide World Importers through MCP tools.
🛠️ Developer tools
- Building C# and C++ Apps with GitHub Copilot CLI and Visual Studio 2026 The GitHub Copilot CLI lets engineers describe outcomes in plain English so the agent scaffolds C# or C++ projects, drives MSBuild, and resolves compiler errors, verified against Visual Studio 2026 Community.
- VS Code 1.127 Further Integrates Advanced Browser-AI Tech VS Code 1.127 boosts its built-in browser with advanced AI capabilities for better AI agent development and deployment.
- MobileWright Overview: Simplifying iOS and Android Test Automation MobileWright simplifies iOS and Android test automation with a Playwright-style API, zero setup complexity, and built-in AI-agent support.
- Visual Studio June Update – Track Your Usage, Trust Your Tools Visual Studio's June update improves Copilot visibility with real-time alerts and MCP server trust validation for secure tool execution.
- GitHub Copilot App - Canvas Is Not a UI Builder GitHub Copilot App's Canvas provides an interactive runtime environment for real-time co-creation and iteration of multi-agent systems.
- Announcing SkiaSharp 4.0 SkiaSharp 4.0, now co-maintained by Uno Platform and Microsoft's .NET team, ships as the first stable v4 release with up to 24% faster GPU rendering, variable font support, and a predictable release cadence tied to Chrome/Skia milestones.
- Automating your Visual Studio extension builds with GitHub Actions This guide demonstrates automating Visual Studio extension builds, versioning, and publishing via GitHub Actions with reusable CI/CD actions.
- I let Copilot build my database. Here’s what I learned – and everything I’d do differently next time (part two) Copilot designed a working four-table PostgreSQL schema for Azure Flexible Server with foreign keys, JSONB metadata, and seed data, then flagged eight issues when asked to critique its own output.
- I tried GitHub Spec Kit : An Honest Field Report GitHub Spec Kit's spec-driven workflow decomposed a document management feature for a Blazor Server app into fifty tasks, though EnsureCreated() skipping new tables required the converge phase to fix runtime errors.
- Migrating C# -> Microsoft Agent Framework The migration refactors C# agents into the Microsoft Agent Framework, converting them to ChatClientAgents, separating static system prompts from per-turn state, and removing manual tool invocation and JSON parsing code.
- Master the Command Line with GitHub Copilot CLI: The guide walks students through the most useful GitHub Copilot CLI slash commands, such as plan, diff, review, and security-review, with concrete scenarios that build professional development habits.
- Action Required: Migrate Your Copilot CLI MCP Config Away from .vscode/mcp.json The GitHub Copilot CLI removed support for .vscode/mcp.json, requiring users to migrate MCPP configs to .mcp.json in project root or .github/mcp.
- Auditing and Telemetry for the Agent Governance Toolkit - Getting Started with .NET Core The Agent Governance Toolkit sample records AI agent actions to an Azure Blob Storage Append Blob and exports metrics and traces to Application Insights for production auditing and telemetry.
- Add vs AddRange in EF Core: The Performance Myth You Need to Stop Repeating The claim that Add() is slower than AddRange() describes EF6, not EF Core, where neither method calls DetectChanges automatically, so the two carry no meaningful performance difference through EF Core 10.
- Same prompt, different models: Cowork model outcome and cost comparison Claude Sonnet 5 provides high-quality results at the low cost of one Copilot Credit, surpassing more expensive models like GPT-5.
- 5 EF Core Performance Anti-Patterns That Entity Framework Extensions Eliminates The post covers five EF Core performance anti-patterns, noting EF Core 10 natively handles two while Entity Framework Extensions supplies BulkMerge, WhereBulkContains, and BulkSynchronize for the upsert, parameter-limit, and sync cases.
- A Big Week for the Critter Stack Between June 22 and 29 the CritterStack shipped three Wolverine, Marten, and Polecat releases each, faster database-backed messaging, MassTransit and NServiceBus interop over SQL Server and PostgreSQL, and CritterWatch observability.
- Validation in FastEndpoints: Pipelines, Pitfalls, and Patterns FastEndpoints focuses on robust validation pipelines to prevent errors such as race conditions and preserve data integrity.
- Closed class hierarchies: Exploring the .NET 11 preview - Part 4 .NET 11 preview 5's new "closed" keyword restricts a class hierarchy to a single assembly, letting the compiler apply exhaustiveness checking to switch expressions and catch unhandled cases at compile time.
🔩 DevOps
- Switching the Aspire Community Toolkit to NuGet Trusted Publishing The Aspire Community Toolkit replaced its long-lived NuGet API key with trusted publishing, exchanging GitHub's OIDC token for short-lived keys via NuGet/login, where the main pitfall is matching the exact workflow filename in the nuget.org policy.
- Upcoming Change: NTLM Removal in Git (libcurl) – Impact to Azure DevOps Server Customers Azure DevOps Server customers relying on NTLM for Git over HTTPS will break in September 2026 when libcurl drops NTLM support, and should migrate to Kerberos or SSH and verify Negotiate isn't silently falling back to NTLM.
- 6 security settings every GitHub maintainer should enable this week GitHub Security Lab bundles six free repo settings, SECURITY.md, private vulnerability reporting, secret scanning with push protection, Dependabot, code scanning, and branch protection, into a guided "Protect Your Project" flow you can complete in about 15 minutes.
- Smoke Test Microsoft Foundry Agents with GitHub Actions The post adds smoke tests for Foundry Hosted Agents in GitHub Actions, using a Python runner and a JSON test catalog to confirm a deployed agent responds and stays on-prompt as a fast deployment gate before fuller evaluations.
- Your Azure DevOps pipelines have a 2027 deadline, and the clock has just started Azure DevOps retires its workload-identity-federation issuer on 1 July 2027, so older single-tenant service connections must migrate to the Microsoft Entra issuer, and the author shares a PowerShell script to bulk-migrate them via the undocumented MigrateToEntraIssuer operation.
- Shaping Software While It Runs: A Canvas Scenario, Start to Finish Walking a customer-support-triage build end-to-end on a GitHub Copilot App multi-agent Canvas, the article argues Canvas is for shaping, observing, and validating agent-driven systems as they run, not for building the end-user UI.
- Guide to Transitioning from DevOps to MLOps Engineer This guide highlights key skill gaps between DevOps and MLOps, providing pathways for transition and showcasing lucrative AI careers.
- How GitHub maintains compliance for open source dependencies GitHub's Open Source Program Office details using the new License Compliance feature for GitHub Advanced Security to vet dependency licenses against policy on pull requests, using Evaluate and Active modes plus an exception-request workflow.
- Inside the Advisory Database and what happens when vulnerability volume breaks records In May 2026 the GitHub Advisory Database published a record 1,560 reviewed advisories as vulnerability-report volume surged, lengthening review times while accuracy held, and it asks contributors to submit complete data and request CVEs only when intending to publish.
- Deploy Enterprise PowerShell Modules Using Azure Artifacts The guide builds a private PowerShell repository on Azure Artifacts with automated CI/CD publishing, semantic versioning, code signing, and JEA integration for secure enterprise module distribution.
- GitHub Copilot App Canvas Is a Runtime GitHub Copilot App Canvas turns software development into dynamic, real-time orchestration of living systems for collaborative creation and evolution.
- AI 200 – Your AI App Shouldn’t Need a Redeploy to Change a Setting – Azure App Configuration Store Azure App Configuration provides a centralized store for configuration values read at runtime, and the article walks through creating a store and its region, pricing, authentication, and recovery settings.
- Highlights from Git 2.55 Git 2.55 adds repacking with incremental multi-pack indexes for faster repository maintenance.
🧬 Hybrid + multicloud
- Microsoft Defender for Cloud expands multicloud coverage across AWS and Google Cloud Microsoft Defender for Cloud adds coverage of ~90 new AWS and Google Cloud resource types, enhancing risk assessment in hybrid environments.
🎭 Identity
- Guest Access for Canvas and Model-Driven Apps with Microsoft Entra ID The guide walks through configuring Microsoft Entra ID B2B guest access to Power Platform canvas and model-driven apps, covering invitations, environment access, licensing, and Dataverse security roles.
- EntraPulse: Tenant Profiles, Lokka 2.0 Interactive Apps, and Microsoft Enterprise MCP EntraPulse now includes tenant profiles, Lokka 2.0 apps, and integrates with the MS Enterprise Managed Cloud Platform for improved IAM solutions.
- Migrating frontline mobile devices: Identity considerations for assigned and shared devices The article distinguishes assigned, shared kiosk, and shared sign-in device models for frontline mobile, explaining when individual identity is required and why shared credentials should be avoided.
- Bring business logic into PIM role activation workflows Custom extensions for Microsoft Entra Privileged Identity Management let PIM call a REST API during role activation to validate tickets, HR status, or compliance and enforce the returned decision.
- 349 - Back to basics: Managed identities vs. Service Principals vs. App Registrations This podcast episode revisits how App Registrations, Service Principals, and Managed Identities are used to access resources secured by an Entra tenant, and why they remain relevant in 2026.
- How to Enable and Roll Out Microsoft Authenticator Passkeys in Microsoft Entra ID: A Step-by-Step Guide This guide explains how to enable and roll out Microsoft Authenticator passkeys in Microsoft Entra ID as a phishing-resistant alternative to traditional MFA methods such as SMS and voice.
- Microsoft Entra Backup and Recovery is now generally available Microsoft Entra Backup and Recovery now provides a 7-day retention period for critical identity data.
- Where risk meets compliance: The power of unified endpoint security Unified endpoint security with Intune, Defender for Endpoint, and Conditional Access blocks risky devices in real time, reducing threat exposure.
- Streamlining macOS security: Automatically enable AutoFill after Platform SSO registration Microsoft's custom script enables Company Portal AutoFill on macOS devices post Platform SSO registration for seamless passwordless authentication.
- Authenticating AWS Workloads to Azure Functions using Workload Identity Federation Workload Identity Federation lets AWS resources call Azure Functions without stored secrets by exchanging a short-lived AWS OIDC token for a Microsoft Entra ID access token.
- Why Passwords Are Not Enough – Protecting Microsoft 365 with Entra ID MFA Entra ID's MFA cuts account compromise risks by over 99%, even with rising password theft.
- Duende IdentityServer Production Deployment Checklist The checklist covers production considerations for Duende IdentityServer, including configuring persistent encryption keys, handling redirect URIs behind a load balancer, and managing operational database growth.
🔌 Integration
- Creating Azure Sandbox Chatbot with Azure Logic Apps Azure Logic Apps enables rapid creation of sandbox chatbots for testing Azure solutions without impacting production environments.
- Azure Messaging Explained: Event Grid vs Event Hubs vs Service Bus The guide frames Azure Event Grid as a notification layer, Event Hubs as a streaming ingestion pipeline, and Service Bus as a workflow execution system, arguing most design mistakes come from confusing events with messages.
- Your Knowledge Hub is only as good as the knowledge inside it The article argues a Microsoft 365 knowledge hub needs governance over content quality, not just storage, because Copilot exposes poor knowledge management by surfacing content that is accessible but outdated or untrusted.
- Can User Technical Profile Influence AI Architecture Decisions? An experiment with BMAD on Devin, Windsurf, and Cascade finds that including a developer's technical profile in the LLM context can bias architecture and stack decisions, especially when candidate options score closely.
- When the handler outlives the lease When message handlers exceed the queue’s visibility timeout, the pump must implement lease renewal to prevent duplicate processing.
- The scheduler is part of your message pump The async model uses frequent handler yields to let the scheduler advance lease renewal tasks while processing business logic.
🎓 Learning and Certifications
- SharePoint Showcase: How Microsoft uses Copilot in SharePoint, and how you can get started Microsoft shares real-world Copilot in SharePoint use cases, citing roughly 6,000 hours saved, 75% better content discovery, and a 95% reduction in legal data-tracking time.
- AgentCon Around the World: How MVPs Are Supporting AI Agents Learning Globally AgentCon, a free community-driven world tour by the Global AI Community, has drawn over 12,000 attendees across 65 events, with MVPs bringing AI agents to local communities through demos and labs.
- Exam AI-901 Study Guide: Microsoft Azure AI Fundamentals The Exam AI-901 certifies foundational knowledge of Azure AI services for developers and IT professionals.
- Lessons From Building AI Skills in the Real World with Copilot in SharePoint Matt Wolodarsky shares lessons from building Copilot in SharePoint skills, urging teams to pick repeatable content-centric workflows, design around handoffs and checkpoints, and prove real improvement.
⚖️ Management and Governance
- Meet Brain: The AI system behind Azure reliability Azure’s Brain AI creates a digital twin of cloud health using telemetry, AI models, and service dependencies to enable faster issue detection.
- Find anomalies in Prometheus and OpenTelemetry metrics with Dynamic Thresholds (Preview) Azure Monitor extends dynamic thresholds to query-based metric alerts for managed Prometheus and OpenTelemetry metrics, learning an independent, self-refining baseline for each time series.
- Proving application resilience on Azure with Chaos Studio Azure Chaos Studio Workspaces tests real-world failure modes to ensure applications recover within expected timeframes before production incidents.
- Introducing a unified alert experience for Microsoft Purview Insider Risk Management Microsoft Purview Insider Risk Management adds a unified alert queue combining classic and agent workflows, expanded user profile details, and notes across alerts and cases in public preview.
- What’s New in Microsoft 365 Copilot | June 2026 The June 2026 update makes Copilot Cowork generally available with usage-based billing and a new Cost Management Dashboard, alongside citation, notebook, and app enhancements across Microsoft 365.
- The workflow is the product: Copilot Cowork plugins change what AI can do for businesses Copilot Cowork plugins extend the assistant across enterprise systems using skills and secure connectors packaged and distributed through the Microsoft Marketplace by partners.
- Azure Budget Alerts Azure Budget Alerts trigger actual and forecasted cost notifications across management group, subscription, and resource group scopes to help organizations govern cloud spending.
- Azure Update Manager Says "No Update Data"? Here's What I Learned After Breaking (and Fixing) It The author recounts how an infrastructure change caused Azure Update Manager to report no update data, since cloud management platforms do not automatically resume after the environment changes underneath.
- Automate SOC 2 Compliance with PowerShell The guide walks through using PowerShell and Azure Policy as Code to automate evidence collection and enforce SOC 2 compliance controls across enterprise cloud environments.
- Your readiness playbook: adoption helper, costs, APIs, and the checklist The playbook covers the Defender adoption helper script, the Sentinel cost estimator, an API migration strategy toward Microsoft Graph security, and an FAQ for the transition to Defender.
- My Journey with Azure SRE Agent The author describes building an autonomous PIM elevation audit agent with Azure SRE Agent, sharing lessons on headless design, explicit tool declaration, and manual YAML editing.
- Find and fix app issues - Azure Copilot Observability Agent The Azure Copilot Observability Agent autonomously correlates signals across logs, metrics, alerts, application health, and ML anomalies to surface root cause and recommend mitigation steps.
- Microsoft Purview Adds Native Role Assignment Time Limits Microsoft Purview enables admins to set temporary access durations for native role assignments, improving compliance.
- Extend data security to the network with Microsoft Purview and Microsoft Entra Microsoft Purview and Entra integrate in public preview to extend data security to the network layer, detecting and blocking sensitive data shared to shadow AI, unmanaged SaaS, and personal cloud in real time.
- Stop Shadow AI with Microsoft Purview Microsoft Purview adds tools to detect and block shadow AI activities, safeguarding corporate data.
🚌 Migration
- Admins: Migrating user data during mergers and restructurings just got easier The update streamlines cross-tenant user data migration during mergers and restructurings via Graph APIs, reducing disruption and support tickets.
- AI-assisted Synapse Spark and pipeline migration to Microsoft Fabric from the command line (Preview) The AI-assisted Synapse Migration skill moves Spark pools, lake databases, notebooks, and job definitions to Microsoft Fabric from the command line, with a companion skill migrating orchestration pipelines.
🌐 Networking
- Optimal routing with ExpressRoute – Revisited The article maps ExpressRoute routing guidance to Virtual WAN, showing how secured hubs drop asymmetric flows because MSEEs strip private ASN prepending, and how route maps restore predictable routing with reserved public ASNs.
🔐 Security
- Microsoft Moves Up Quantum Safe Security Timeline Microsoft is accelerating its quantum-safe security timeline, saying advances in quantum computing and new federal requirements have turned post-quantum cryptography into an immediate engineering priority.
- How GitHub used secret scanning to reach inbox zero GitHub cut over 20,000 secret scanning alerts to zero in nine months, bulk-closing roughly 18,000 inactive test secrets, enforcing scanning and push protection everywhere, and validating which credentials were still live.
- Behind the Build with Gigamon: Enriching Microsoft Sentinel with Network-Derived Telemetry Gigamon and Microsoft integrated network telemetry into Sentinel to enhance security investigations with real-time context and AI insights.
- Protect sensitive data in motion across SaaS and AI apps with Microsoft Purview and Microsoft Entra Microsoft extends data security to the network layer in public preview, combining Purview classification with Entra identity-aware enforcement to detect and block sensitive data flowing to shadow AI, unmanaged SaaS, and personal cloud in real time.
- Advanced Microsoft Intune capabilities now available in Microsoft 365 E3 and E5 As of July 1, advanced Microsoft Intune Suite capabilities are included in Microsoft 365 E5 with select capabilities in E3, spanning Endpoint Privilege Management, Cloud PKI, Remote Help, Advanced Analytics, and Security Copilot.
- Microsoft named a leader in the Frost Radar for cloud and application runtime security Microsoft is positioned as a visionary leader in Frost & Sullivan's 2026 Frost Radar for Cloud/Application Runtime Security, reflecting its hyperscale ecosystem, Defender for Cloud integration with Defender XDR, and large customer base.
- Monthly news - July 2026 The July 2026 Defender roundup brings Workbooks Advanced Hunting and workspace-filter capabilities to GA, adds MTO Tenant Groups, new cloud audit hunting tables, and local AI agent discovery and runtime protection.
- AI-Accelerated Supply Chain Attacks with Mackenzie Jackson Mackenzie Jackson discusses AI-accelerated software supply-chain attacks, the risk of highly privileged developer accounts and exposed secrets, and why waiting 48 hours before installing newly released packages reduces malware exposure.
- Accelerating the quantum-safe timeline Microsoft is accelerating its Quantum Safe Program to transition critical products to post-quantum cryptography by 2029, prioritizing network cryptography upgrades, crypto-agility for stored data, and modernized cryptographic trust chains.
- What’s new in Microsoft Sentinel: June 2026 Microsoft Sentinel's June updates make expanded ASIM parsers and two new schemas generally available, add the Agent Identities Asset Connector in preview, and introduce Sentinel MCP graph tools for investigating entity relationships.
- The AI-first SOC: Copilot, UEBA, threat intelligence, and SOC optimization This series finale explains how moving Sentinel into Defender unlocks Security Copilot, a unified UEBA experience with new data sources, native MDTI convergence, and cross-service SOC optimization recommendations, most of which activate once a workspace is connected.
- What’s new in Microsoft Security: June 2026 June's Microsoft Security updates include the codename MDASH agentic vulnerability scanning system, Defender protection for local AI agents, Entra Backup and Recovery reaching GA, database protection for AWS RDS, and expanded multicloud coverage.
- Securing AI agents: When AI tools move from reading to acting Microsoft Incident Response walks through an MCP tool-poisoning attack where a silently modified tool description redirects a Copilot Studio agent to exfiltrate data, and maps Microsoft controls for detecting and preventing it.
- Azure Defender vs Azure Security Center The guide traces how Azure Security Center's posture management and Azure Defender's workload protection merged into Microsoft Defender for Cloud, where foundational CSPM remains free and Cloud Workload Protection plans are paid.
- Understand your Sentinel tables at a glance: Monitor with table insights Table insights is a new panel on the Sentinel Tables page showing 30-day ingestion volume per tier, top five tables by volume, last-data-received, estimated daily cost, and volume anomalies so teams can spot silent connectors and cost spikes.
- Chromium extension uses AI‑related branding to redirect browser search The malicious Chromium extension pretends to be Perplexity AI to steal user search data via MV3 and DNR rules.
- Secure containers from code to runtime | Microsoft Defender Matt McSpirit demonstrates how Microsoft Defender for Cloud detects container hijacking through binary drift, contains threats with Security Copilot-guided pod isolation, blocks vulnerable images, and pushes CVE fixes to GitHub and back.
- Workspace Outbound Access Protection (OAP) for Real-Time Intelligence (Preview) Workspace Outbound Access Protection in Microsoft Fabric blocks data exfiltration risks with real-time intelligence while preserving common workflows.
- Securing zero-copy distribution patterns with OneLake security and shortcuts Onelake boosts zero-copy data sharing with fine-grained security and fast transfer paths for optimal performance and safety.
📦 Storage
- Generally Available: Client-side data integrity protections in Azure Blob Storage Azure Blob Storage now provides general availability of client-side CRC64-NVME data integrity protections in .NET, C++, and JavaScript SDKs.
- Public Preview: Azure Storage Mover now supports migration from Google Cloud Storage (GCS) Azure Storage Mover now supports cloud-to-cloud migration from Google Cloud Storage to Azure Blob Storage using the S3-compatible interface, helping organizations simplify multi-cloud consolidation onto Azure.
- Public Preview: Instant Access via application consistent restore points Azure's Instant Access feature recovers VM disks instantly after creating a restore point, cutting recovery time objectives.
- Four pipes are better than one NFS nconnect on Azure VMware Solution adds four parallel pipes to overcome bottlenecks when a workload exceeds even ample capacity and generous SLAs.
- Azure IaaS: How to design, build, and optimize cloud infrastructure for long-term cost efficiency Designing Azure IaaS infrastructure requires balancing compute, storage, and networking for long-term cost efficiency.
- Unlock more value from your data with Microsoft 365 Archive and partner integrations Microsoft 365 Archive moves inactive SharePoint content to a low-cost cold tier while preserving metadata and permissions, with partner solutions like Proventeq365 adding policy-driven lifecycle management at enterprise scale.
- Understanding % Characters in Azure Blob File Names Using SQL OPENROWSET (BULK) The article explains why SQL OPENROWSET (BULK) fails on Azure Blob file names containing a literal % character, showing that percent-decoding during path resolution requires encoding % as %25.
- Accelerate modern Linux workloads with Azure Files Azure Files provides managed NFS storage for modern Linux workloads, letting inference replicas share one copy of model weights and adding zonal placement, provisioned v2 billing, migration tooling, and Kubernetes CSI integration.
💻 Virtual Desktop Infrastructure
- Automating AVD Context-Based Redirections Azure Virtual Desktop Context-Based Redirections control clipboard, drive, printer, and USB access by device compliance, and the article automates the setup with PowerShell across three control planes.
🔗 Web
- Azure App Service Deployment Slots Azure App Service deployment slots run new code in an isolated, warmed-up staging slot, then swap it into production for zero-downtime releases, instant rollbacks, and per-slot configuration isolation.
- Azure App Service Environment The tutorial explains how Azure App Service Environment v3 provides a single-tenant App Service with network isolation, up to 200 instances, no VNet management dependencies, and a choice of External or Internal VIP deployment.