Azure Weekly
Issue 571
12th July 2026
Email newsletters are tricky. There are so many different email clients, on so many different platforms, it's very difficult to please everyone. I did want to point out that if you struggle with the email newsletter (for example Gmail has a habit of truncating the email half way through), then we also have a web version of the newsletter, which offers a superior reading experience (fully responsive) and also offers the ability to toggle link summaries on and off - as I know some of the readers really like skimming titles, whereas others love the summaries to figure out if the longer article is worth their time. Head over to the website to give it a try.
Highlights for this week include:
- Microsoft Foundry Model Deployment Pricing Update by Chris Hoder - Microsoft Foundry will raise prices for EU and non-US deployments by 10-50% starting September 1, 2026, and introduce an APAC Data Zone.
- Built to bounce back: How Azure resiliency evolved by Rochak Mittal, Amit Ganguli, Surya Sripathi Raju, Molina Sharma - Azure's resiliency model focuses on a shared responsibility approach combining infrastructure foundations such as Availability Zones with customer-defined application architectures to ensure adaptable, recoverable, and trustworthy systems under real-world conditions.
- External key management for Azure Managed HSM is now in public preview by Salim Chawro - External key management for Azure Managed HSM allows organizations to maintain encryption keys on owned hardware outside Azure datacenters, fulfilling stringent regulatory demands while retaining robust sovereignty via a FIPS 140-3 Level 3 HSM.
- GigaWiper: Anatomy of a destructive backdoor assembled from multiple malware by Microsoft Threat Intelligence - GigaWiper merges multiple malware families into a Go-based backdoor capable of physical disk wiping, ransomware-style encryption without key storage, and multi-pass secure wiping, reflecting a trend toward modular destructive tools for enhanced efficiency and impact.
- A Paradigm Shift in Cloud Operations with Azure SRE Agent by Nir Mashkowski - Azure SRE Agent reduces incident triage time for companies like Zafin, Provation Medical, and InEight from hours to minutes by automating evidence collection, issue classification, and action recommendations in cloud operations.
- Generally Available: Support 5x churn in Azure Site Recovery by The Azure Updates Team - Azure Site Recovery now supports up to five times higher change rates, delivering 500 MB/s per VM and ensuring reliable disaster recovery for high IOPS workloads.
The new Fabric Weekly Newsletter launched on the 30th June, and we're going to stop covering the official Fabric site, to try and reduce the size of the newsletter If you're interested in all things Fabric, sign-up now!. and also don't forget about Power BI Weekly! (and don't forget subscriptions are "double-opt-in" - keep an eye out for an email which requires you confirm your subscription before you'll receive an issue). One Fabric-related post worth covering is:
- Microsoft Fabric Workspace Topology Patterns by James Broome - Understanding workspace topology patterns in Microsoft Fabric is crucial for setting up secure, scalable, and manageable environments from the start, avoiding costly refactors later.
🤖 AI
- Kernels Behind the Wall: Custom Python 3.10-3.14 Jupyter Kernels for Air-Gapped Azure ML This guide demonstrates building custom Python 3.10-3.14 Jupyter kernels for air-gapped Azure ML instances using conda-pack, private endpoints, and offline installation to overcome repository and kernel limitations.
- AI ethics: Why opting out isn’t always the ethical move Opting out of AI ethics discussions misses opportunities to address critical issues such as water usage, job displacement, and copyright problems through informed engagement.
- Monitoring & Observability in Microsoft FoundryPart 2: Configuration and Operations Monitoring & Observability in Microsoft Foundry Part 2 covers configuring Application Insights, operating in Azure Monitor, and setting up alerts for maintaining AI agent accuracy, safety, efficiency, and consistency.
- Understanding Token Cost Anatomy: The Five-Headed Bill Nobody Budgeted For The article explains that AI spending can be broken down into five distinct cost categories-API calls, model compute, data ingestion, prompt engineering, and storage-helping teams understand where their budget goes beyond just total costs.
- Available today: OpenAI’s GPT-5.6 in Microsoft 365 Copilot OpenAI's GPT-5.6 integrates into Microsoft 365 Copilot across Word, Excel, PowerPoint, Chat, and Cowork, boosting multi-step knowledge work with enhanced reasoning while upholding enterprise security and compliance.
- Microsoft Foundry Model Deployment Pricing Update Microsoft Foundry will raise prices for EU and non-US deployments by 10-50% starting September 1, 2026, and introduce an APAC Data Zone.
- Tokenomics | The new AI currency & your options explained Learn how to optimize AI token usage with strategies like compressing conversation history, capping output tokens, caching static context, and using tools such as Agent Optimizer and Model Router in Microsoft Foundry for smarter app design and reduced spend.
- GCast 220: Creating a Workflow in Microsoft Foundry GCast 220 explains how to build sophisticated, multi-agent applications in Microsoft Foundry using its Workflow tool, enabling complex automation with no coding required.
- Foundry IQ is now in Copilot Studio: Bring your enterprise data to every agent conversation Foundry IQ's integration into Copilot Studio boosts AI agent performance by 54%, offering enterprise-ready features such as Customer-Managed Keys, ACLs, and compliance certifications for secure and governed data access.
- Who actually blocks AI in healthcare (and why) Healthcare AI deployments frequently stall due to structural barriers such as physician autonomy, works council surveillance concerns, patient privacy worries, legal liability fears, and CISO security vetoes, which are often not addressed by standard readiness checklists.
- Before You Ship Your Agent: A Five-Step Path to Evaluations You Can Trust Before shipping your AI agent, ensure you have multi-turn evaluated sessions, a clear rubric defining "good," simulated real-user conversations, sampled production traces for comprehensive coverage, and benchmarked standards to continuously validate quality.
- Multi-Agents in RavenDB RavenDB's multi-agent system enables creation of specialized agents coordinated via simple SubAgents configurations, reducing complexity and maintaining strict control.
- Introducing Kimi K2.7 Code in Microsoft Foundry Kimi K2.7 Code on Microsoft Foundry boosts long-horizon coding efficiency by cutting token usage by 30%, while providing enterprise-level security, quicker deployment, and smooth integration with GitHub Copilot and VS Code.
- Matthew Renze: AI Changes - Episode 409 Matthew Renze, a nine-time Microsoft MVP in AI and founder of Renze Consulting, discusses the evolution of AI integration-from simple assistant interactions to autonomous agency leadership-highlighting tools like OpenClaw, Hermes, and PaperClip AI.
- Token Economics: The New FinOps for Agentic AI Token economics manages costs in agentic AI by using caching, tiered pricing, and context compression to lower expenses without sacrificing performance.
🔎 Analytics
- Generally Available: Confidential Computing support for Azure Event Hubs Dedicated Azure Event Hubs Dedicated introduces Confidential Computing, using hardware-based TEEs to protect sensitive streaming data from unauthorized access during processing.
- Generally Available: Open AI GPT-5.6 on Azure Databricks Open AI’s GPT-5.6 is now generally available on Azure Databricks, enabling secure model serving through the Model Serving Endpoint for seamless integration with Microsoft Foundry workflows.
- Creating Microsoft Fabric Sandbox Capacities Chatbot Microsoft Fabric introduces time-based ephemeral sandbox capacities, allowing organizations to safely explore its features without worrying about costs or long-term resource commitments.
- Microsoft Fabric Workspace Topology Patterns Understanding workspace topology patterns in Microsoft Fabric is crucial for setting up secure, scalable, and manageable environments from the start, avoiding costly refactors later.
- The Data Engineering Patterns Series The Data Engineering Patterns Series explains how software engineering principles apply to data engineering, while also highlighting the complexities and challenges of that transition.
- Fabric Data Agents can choose Query Language based on Context Fabric Data Agents dynamically choose the optimal query language-SQL, Kusto, DAX, or Ontology-for each context to enhance performance and integrate historical analytics with real-time data in one AI chat interface.
- Optimising DAX: Model Design Comparisons and Testing Tips The article finds that the star schema offers best performance in DAX due to efficient compression of small dimension tables and medium-cardinality relationships, whereas flat tables can achieve good compression through run-length encoding despite having more columns.
🖥️ Compute
- Stop Hand-Building VMs at 2 AM: Automated Image Pipelines with Azure Image Builder and Compute Gallery Azure Image Builder and Compute Gallery automate VM image pipelines, ensuring consistency across regions and protecting against accidental deletions with versioning and replication controls.
- Azure Savings Plan vs Reserved Instances Azure Savings Plans provide flexible hourly commitments across all regions for broad compute services, offering up to 65% discounts versus Reserved Instances' up to 72% in specific regions.
- Deploy Windows updates to counter AI-discovered threats Microsoft has introduced updated patching recommendations and tools like Hotpatch, Autopatch report, and ring-based Windows Autopatch policies to reduce deployment timelines and reboots, helping organizations quickly counter AI-discovered vulnerabilities.
🚢 Containers
- Generally Available: Azure Red Hat OpenShift in Chile Central Azure Red Hat OpenShift's general availability in the Chile Central region enables South American businesses to deploy and manage OpenShift workloads closer to their user bases with reduced latency.
- Inspektor Gadget Is Now an AKS Extension (Preview) Inspektor Gadget, now as an AKS extension preview, lets developers instantly diagnose pod behavior and network issues within Azure Kubernetes Service clusters.
- A Practical Guide to Kubernetes Security Management This guide covers Kubernetes security management techniques such as RBAC, Pod Security, network policies, posture scanning, and tools like Kubescape, Falco, and Defender.
- Modern Ingress for AKS: Introducing Application Gateway for Containers (AGC) Application Gateway for Containers now integrates AI gateway capabilities through the CNCF Gateway API Inference Extension to intelligently route long-lived GPU-bound inference traffic, avoiding pod overload while keeping idle resources underutilized.
- Build Your First Internal Developer Platform Create your initial Internal Developer Platform using Backstage, which includes a software catalog, templates, streamlined CI/CD transitions, and Kubernetes deployment files.
- Lock Down AKS End to End with Application Gateway for Containers and Managed Cilium L7 Vyshnavi Namani and Darshil Shah show how Azure Application Gateway for Containers and Managed Cilium L7 via Advanced Container Networking Services securely route internet traffic to individual AKS pods using first-party add-ons, removing the need for external NGINX or WAF appliances.
- Hybrid Logic Apps Deployment on Red Hat OpenShift Hybrid Logic Apps Deployment on Red Hat OpenShift integrates Azure Logic Apps with self-managed OpenShift clusters, leveraging OpenShift’s security and custom ingress while staying compatible with Azure Arc.
- Designing for cloud sovereignty with Radius and Dapr Radius and Dapr enable cloud-native apps to stay portable across sovereign clouds and hyperscalers by separating required capabilities from infrastructure choices.
- Secure Native Access to Azure Kubernetes Service (AKS) Private Clusters with Azure Bastion Azure Bastion adds native client tunneling for private AKS clusters, allowing secure local kubectl operations without exposing management ports or needing VPNs, improving security and efficiency.
🗄️ Databases
- Migrate from EWS to Microsoft Graph API The migration guide includes an inventory checklist, permission setup, PowerShell SDK tools, and a validation process to ensure a smooth cutover from EWS to the Microsoft Graph API.
- What’s missing in T-SQL? Here’s my T-SQL wish list of features that developers actually need in SQL Server Edward Pollack proposes T-SQL enhancements focusing on extensibility with features such as custom index types and true constants for improved code quality.
- Azure SQL Error 9001: The Log for Database Is Not Available Azure SQL error 9001 occurs during planned maintenance when the database log becomes unavailable, causing disruptions; understanding its cause helps developers build more resilient applications.
- The N+1 Query Problem in EF Core: Detection, Diagnosis, and Permanent Fixes The article explains the N+1 query problem in Entity Framework Core, detailing four distinct shapes-lazy loading loops, explicit query loops, serializer storms, and write-side N+1-and provides detection methods using EF Core’s logger plus advanced profiling tools to identify and fix these inefficiencies permanently.
- I Know a Query’s Gonna Be Bad When… #TSQL2sday The article warns that lengthy changelogs with outdated author initials indicate poor documentation, change control, and likely technical debt in SQL queries.
- SQL Server Performance Office Hours Episode 67 Erik Darling answers five user-submitted SQL Server questions in Episode 67, covering topics like memory grants, suspicious plan operators, and batch mode vs row mode optimization techniques.
- Teamcenter on Oracle AI Database@Azure: Architecture, Validation, and Results The Teamcenter on Oracle AI Database@Azure solution delivers Oracle Exadata performance within Azure, supporting Siemens PLM workloads with native Azure management and high availability.
- Episode 189 - Top Ten SQL Server Performance Tuning Best Practices and More In Episode 189, Guy and Eitan discuss Paul Randal’s top ten SQL Server performance tuning best practices, explore upgrading to SQL Server 2025, and uncover new insights about temporary table caching.
🛠️ Developer tools
- TypeScript 7 is done TypeScript 7 adds a native Go-compiled compiler for 8x-12x faster builds but lacks an official API, restricting integration with popular frameworks until version 7.1.
- Claude AI Gets Yet Another Boost in VS Code 1.128 Visual Studio Code 1.128 enhances Claude AI with advanced agent workflows, attachment support, browser integration, shortcut enhancements, and improved enterprise telemetry management.
- How GitHub Copilot enables zero DNS configuration for GitHub Pages GitHub Copilot CLI automates DNS setup for GitHub Pages, enabling developers to publish custom-domain websites with HTTPS in under 15 minutes without manual DNS record editing.
- Things that Have Worked for Our OSS Community The author shares lessons learned from 15 years of OSS community work, emphasizing responsiveness, user-centric documentation, and automation to foster a thriving Critter Stack ecosystem.
- GitHub's former CEO launches a distributed Git network built for the agentic coding age The company behind GitHub is creating a distributed Git network designed to support the emerging era of coding agents, enhancing infrastructure for autonomous development workflows.
- Microsoft Testing Platform and .Net 10 The new Microsoft Testing Platform (MTP) introduced with .Net 10 provides a lightweight, portable alternative to VSTest, removing dependencies and improving test execution in CI pipelines, Visual Studio, and VS Code.
- Avalonia UI vs Microsoft’s .NET MAUI Joseph Tomkinson's comparison shows MAUI has stronger mobile support and more third-party components while Avalonia UI leads in cross-platform consistency, desktop performance, and Linux support, with recent funding doubling project builds over six months.
- Microsoft Agent Framework for .NET (part 1): what it is, how it works, and when to use it The Microsoft Agent Framework for .NET provides a scalable solution for developing AI agents with better integration than alternatives like Semantic Kernel, LangChain, and AutoGen.
- Jeff Fritz on Copilot for App Modernization Jeff Fritz explains how GitHub Copilot’s Modernization Agents use AI to analyze legacy .NET and Java apps, plan upgrade strategies, and automate the execution process.
🔩 DevOps
- How to automate Fabric data agent testing with promptfoo and GitHub Actions This guide demonstrates how to automate testing of Fabric data agents using promptfoo and GitHub Actions, ensuring every code change is validated with automated LLM tests.
- How GitHub gave every repository a durable owner GitHub now requires a designated owner for each new repository, archives inactive ones, and uses custom properties to track ownership linked to services, teams, or individuals, enhancing security workflows and cutting manual work.
- Automating cross-repo documentation with GitHub Agentic Workflows GitHub Agentic Workflows automates cross-repo documentation by generating a markdown workflow that prompts an AI agent to draft and open pull requests in the docs repository, ensuring timely updates without granting unrestricted write access.
- GitHub availability report: June 2026 GitHub's June 2026 report details infrastructure progress, handling 100% of anonymous pull request reads with new services, increasing repository traffic to 50%, offloading 500,000 queries per second from the primary database, and enhancing access controls and capacity.
- Introducing ROI for agents in Foundry ROI for Agents in Foundry connects agent performance data with business value metrics, enabling organizations to quantify whether production agents deliver measurable cost savings or revenue growth.
- Q1 2026 Innovation Graph update: Open source collaboration is accelerating worldwide The Q1 2026 Innovation Graph update reveals a 16% quarter-over-quarter increase in outbound collaboration across economies, driven by heightened developer activity on platforms like GitHub.
- Optimizing GitHub Copilot Cost in the Usage-Based Billing Era Optimizing GitHub Copilot cost involves selecting appropriate models, limiting token usage through context windows and session length, implementing budget controls, and segmenting consumption by user role to maintain value without unpredictable expenses.
- You Can’t Govern What You Can’t Name Naming data pipelines creates audit trails, enabling proof of execution, authorization, and intent-essential for governance and trust in data operations.
🧬 Hybrid + multicloud
- Plan for Upcoming Changes to Extended Security Updates on Azure Local The pricing model change means Azure Local customers will pay a uniform list price for Extended Security Updates, simplifying costs regardless of deployment location or licensing program.
- Manage Hybrid Infrastructure with Azure Arc Azure Arc enables seamless management of hybrid infrastructure-including on-prem servers, Kubernetes clusters, and edge devices-while preserving local operational control within the Azure ecosystem.
- Azure AI, Azure Local, and vCF Private AI: A Practical Placement Comparison This comparison evaluates three enterprise AI placement patterns-managed Azure AI, Azure Local/Foundry Local, and vCF Private AI-using criteria like data gravity, latency, sovereignty, cost, operating model, governance, integration, maturity, and support to help organizations avoid accidental architecture by matching the workload boundary and requirements.
- Centralized Software Patch Management: Deploying Winget Auto Updates (WAU) via Active Directory GPO Deploying Winget Auto Updates via Active Directory GPO centralizes third-party software patch management, reducing configuration drift and administrative overhead.
🎭 Identity
- Microsoft authenticator cannot be backed up for Microsoft or Entra ID accounts Microsoft's Authenticator app lacks backup functionality for account information, requiring alternative sign-in methods such as SMS codes or admin assistance if devices are lost or changed, especially important for personal accounts with passwordless MFA.
- Understanding Copilot Risk: Mapping Exposure Across Zero Trust Pillars Understanding how Copilot affects access and data exposure within Zero Trust pillars helps identify risk areas such as identity verification, endpoint permissions, app usage, and sensitive data surfaces.
- Deploy PAWs with Microsoft Entra PIM Deploying PAWS with Microsoft Entra PIM enhances privileged access security by ensuring admin activations occur exclusively on trusted devices through integrated compliance and conditional access policies.
- Govern AI agent identities and access the same way you govern your employees Microsoft Entra introduces agent identity governance to manage AI agents' access rigorously, ensuring clear accountability and preventing overprivileged access.
- Zero Trust security for AI agents Zero Trust security for AI agents extends Conditional Access in Microsoft Entra to evaluate agent requests in real time, assigning managed identities with scoped permissions and integrating tools like Sentinel, Purview Insider Risk Management, DLP, and Azure API Management for continuous governance and monitoring.
- Mitigating Microsoft 365 Copilot access risk: Identity and device controls for Zero Trust This article explains how organizations can reduce access risks from deploying Microsoft 365 Copilot using identity and device controls in a Zero Trust model with tools like Entra ID, Conditional Access, Intune, and Defender to address six key risks.
- EntraPulse Polyarchy – an Entra ID Polyarchy MCP Server EntraPulse Polyarchy is an open-source live interactive server for visualizing identity hierarchies in Entra ID, based on the 2003 Polyarchy Server concept.
- Why you Shouldn’t bypass MFA for your office IP adresses Bypassing MFA for office IPs can reveal hidden security risks via Entra ID and Windows Privileged Access Rights.
- Conditional Access Policy – Building Real MFA Enforcement in Microsoft Entra ID Conditional Access Policy outlines why Security Defaults fall short for advanced MFA in Microsoft Entra ID, covering licensing needs, disabling Security Defaults, and creating a policy with assignments, conditions, and access controls.
- Limiting Microsoft 365 Copilot data exposure risk with Zero Trust apps and data controls This article explains how organizations can limit data exposure risk with Zero Trust apps and data controls in Microsoft 365 Copilot, focusing on mitigating overshared SharePoint and OneDrive content and addressing sensitivity label gaps.
- Protecting Microsoft at AI speed: How SFI proactively hardens our cloud Microsoft's Secure Future Initiative creates a multi-agent AI system to rapidly identify and mitigate cloud infrastructure vulnerabilities across multiple contexts.
- What's new in Agent 365 – June 2026 Agent 365 adds enhanced visibility and governance tools for managing local AI agents across devices, featuring a new registry for discovery, expanded audit coverage in Microsoft Purview, and integrated security protections via Defender to ensure compliance and reduce risk.
- How to Build Power Platform Governance for Dynamics 365 ERP Migration Building a robust Power Platform foundation before migrating Dynamics 365 ERP from LCS ensures security, compliance, and stability by establishing governance controls.
- Microsoft Entra ID Retires Custom Controls For External MFA Microsoft is retiring Custom Controls in Entra ID’s Conditional Access for External MFA, prompting organizations to transition to the new authentication methods before the retirement date.
🔌 Integration
- Announcing Flat File Schema Generation support in Azure Logic Apps Standard Azure Logic Apps Standard now provides Flat File Schema Generation to automatically create BizTalk-compatible XSD schemas from sample CSV or delimited payloads, simplifying enterprise flat-file integration onboarding.
- Coding with Logic Apps Standard: Local Functions Local Functions in Azure Logic Apps Standard let integration developers embed custom .NET code directly within workflows, simplifying debugging and deployment while maintaining seamless scalability.
🎓 Learning and Certifications
- The Copilot specialization is receiving key updates—including an audit The updated Microsoft 365 Copilot specialization replaces customer references with a third-party capabilities audit, introduces new certifications such as AB-100 and AB-620, and retires MS-102 and APL-7008/4002 to align partners' expertise with market demand.
- The Event Ended. The Community Didn't. GitHub Copilot Dev Days in 58 countries united 22,042 developers through community-led events organized mainly by Microsoft MVPs, fostering local connections and AI-driven innovation.
- New exam for Microsoft Certified: Windows Server Administrator Associate Certification The new certification combines two exams into one, emphasizing hybrid management and modern security skills with an early participant beta discount.
- Two months of innovation: Microsoft Adoption updates from May-June 2026 Microsoft introduced updates in May and June 2026 to simplify AI integration across roles, featuring a redesigned Copilot Adoption Hub, a new Prompt Gallery, multilingual webinars, accessibility improvements, and IT resources, aiming to make AI feel like a collaborative teammate.
- Recent and upcoming Microsoft exam changes – Tuesday 7 July 2026 The article details planned modifications to two upcoming Microsoft certification exams-AZ-400 and SC-100-as of July 27 and 28, 2026, respectively.
⚖️ Management and Governance
- Public Preview: Azure Chaos Studio Workspaces and Scenarios Azure Chaos Studio’s new public preview introduces Workspaces and Scenarios, enabling faster, application-centric testing of workload resilience with reduced outage simulation latency.
- Public Preview: Manage Azure Chaos Studio from the Azure CLI The Azure CLI now enables direct management of Azure Chaos Studio scenarios, simplifying setup with a single command that provisions workspaces and configurations automatically.
- AI Agents Are the New Control Plane: Governing Identity, Tool Access, and Observability Across Azure, AWS, Google Cloud, and VCF AI agents pose governance challenges due to the need for unified control over identity, tool access, data boundaries, network egress, observability, human approval, and exceptions across multiple cloud platforms.
- Turning Azure Policy Signals into Actionable Governance Insights Turning Azure Policy Signals into Actionable Governance Insights demonstrates how combining PolicyStates with PolicyAssignments offers context on non-compliance importance, converting compliance data into actionable governance insights for recovery, auditability, and telemetry.
- Windows settings backup becoming a new resilience baseline Windows settings backup will now be enabled by default on eligible devices starting with Windows 11 version 26H2, simplifying resilience efforts.
- From Downtime Risk to Enterprise Resilience: SAP NetWeaver Java HA Journey with SUSE SUSE High Availability transformed SAP NetWeaver Java Central Services into an enterprise-grade platform with automated failover reducing recovery times to under five minutes.
- Building an AI Azure Ops Workbench — Part 1: From reactive tickets to a proactive copilot The Azure Support Agent is an open-source AI-driven workbench that integrates with tenant tools via the official Azure MCP server, automatically discovers resources, generates live architecture diagrams, runs Well-Architected assessments, and orchestrates specialist agents for issue investigation, monitoring, and remediation.
- Implementing Azure Policies with Barbara Forbes Barbara Forbes explains how Azure Policies enhance security, cost management, and efficiency by encouraging critical evaluation of default settings and thorough documentation for effective governance.
- Microsoft Marketplace as a platform to support FinOps: Turning Cloud Spend into Business Value Microsoft Marketplace enhances FinOps by unifying purchasing, governance, and cost optimization for improved visibility and reduced operational friction.
- Azure Monitor Observability Agent goes autonomous (preview) The Azure Monitor Observability Agent’s new autonomous operations feature automatically triages alerts, correlates related issues into a single Azure Monitor issue with natural-language explanations, and runs deep investigations without any human trigger.
- A Paradigm Shift in Cloud Operations with Azure SRE Agent Azure SRE Agent reduces incident triage time for companies like Zafin, Provation Medical, and InEight from hours to minutes by automating evidence collection, issue classification, and action recommendations in cloud operations.
- Deployment Stacks: Treating Your Azure Deployments Like Real Resources Deployment Stacks treat Azure deployments as real resources, offering built-in RBAC governance to prevent accidental deletions or drift, reducing orphaned costs and security risks for IT professionals.
- Big Thinkers: John Allspaw – How Human-Centered Operations Shaped Modern DevOps and Reliability Engineering John Allspaw explains how focusing on human-centered operations principles transformed DevOps and reliability engineering into more effective, team-friendly practices.
- Azure Resource Group vs Resource Manager Azure Resource Manager orchestrates and governs all Azure operations through authentication, auditing, and policy enforcement, with Azure Resource Groups serving as logical containers for unified resource lifecycle management.
- Azure Management Groups Azure Management Groups offer a hierarchical structure for organizing Azure subscriptions, enforcing policies and access controls up to six levels deep with support for up to 10,000 groups per tenant.
- When Arc Goes Silent: Turning Visibility Gaps into SOC Action This playbook uses Azure Sentinel and Logic Apps to turn silent Azure Arc-enabled server health issues into a single daily assurance report for security leaders and SOC managers.
- Designing Private Cloud SLOs in VCF Operations: Fleet Observability Without Dashboard Sprawl Designing private cloud SLOs in VCF Operations focuses on defining clear service expectations like provisioning success and capacity headroom for actionable insights.
🚌 Migration
- Generally Available: Support 5x churn in Azure Site Recovery Azure Site Recovery now supports up to five times higher change rates, delivering 500 MB/s per VM and ensuring reliable disaster recovery for high IOPS workloads.
- Golden Paths Are a Product. Treat Them Like One. Treating golden paths like products-by applying product discipline such as internal NPS tracking and SLOs-ensures they remain adopted, trusted, and continuously improved across multiple teams.
- Built to bounce back: How Azure resiliency evolved Azure's resiliency model focuses on a shared responsibility approach combining infrastructure foundations such as Availability Zones with customer-defined application architectures to ensure adaptable, recoverable, and trustworthy systems under real-world conditions.
🌐 Networking
- Generally Available: Network Security Perimeter support for Azure Event Hubs Azure Event Hubs introduces Network Security Perimeter support, allowing organizations to create logical network isolation boundaries and enforce perimeter-based access controls for enhanced security.
- Public Preview: Exceptions in WAF for Azure Application Gateway and Azure Front Door Azure introduces a public preview of exception rules in its Web Application Firewall (WAF) to let developers safely allow legitimate traffic without increasing false positive rates.
- AI can build the pipeline, but don’t trust it for security (building an app with an AI LLM, part three) Grant Fritchey shows how to use GitHub Copilot and VSCode to set up Redgate Flyway for PostgreSQL on Azure Flexible Server, building an automated CI/CD pipeline while noting the AI's overconfident security choices may cause lasting architectural issues.
- Securing message brokers takes more than turning off public access Securing message brokers requires layered network controls such as IP firewalls, service endpoints, private endpoints, and Network Security Perimeter to accommodate diverse workloads like payment pipelines and telemetry ingestion instead of using a single toggle for all cases.
- VCF Private AI Services Networking: VDS + Foundation Load Balancer vs VPC Networking Choosing between VDS with Foundation Load Balancer and VPC networking for Private AI Services impacts whether you build a controlled platform service or an AI consumption platform, affecting operational model, scalability, and automation capabilities.
- The VCF Upgrade Readiness Review: Decisions Before You Open the Planner Before using Broadcom’s VCF Upgrade Planner, ensure DNS ownership, network IP reservations, change freeze approvals, phased maintenance acceptance, and a validated rollback plan are confirmed to make the generated upgrade path executable.
🔐 Security
- Extending Zero Trust to AI agents: securing the next enterprise identity Microsoft's new Zero Trust guidance extends identity governance to AI agents, stressing observability and ongoing security controls for managing autonomous workloads using Entra authentication and interacting with services such as SharePoint and Azure Functions.
- Build a patch strategy for today’s threat pace with Microsoft Microsoft Intune offers coordinated endpoint management to enable a three-stage patch strategy mitigating quick updates with automation, assessing risk for slower deployments, and enforcing compliance to balance threat response and regulatory constraints.
- Understanding Windows monthly updates: Servicing explained Windows monthly updates feature cumulative security patches on Patch Tuesday plus optional non-security preview updates for IT teams to test upcoming fixes.
- GigaWiper: Anatomy of a destructive backdoor assembled from multiple malware GigaWiper merges multiple malware families into a Go-based backdoor capable of physical disk wiping, ransomware-style encryption without key storage, and multi-pass secure wiping, reflecting a trend toward modular destructive tools for enhanced efficiency and impact.
- Defending the Inbox Against Prompt Injection Attacks Microsoft Defender now detects and isolates malicious AI instructions in emails before they reach users, boosting protection against AI-targeted threats via email.
- Microsoft Defender now integrates with Dragos, Forescout, & Armis for OT Security Microsoft Defender integrates with Dragos, Forescout, and Armis for unified OT security, providing real-time visibility, cross-domain threat correlation, and streamlined investigations.
- External key management for Azure Managed HSM is now in public preview External key management for Azure Managed HSM allows organizations to maintain encryption keys on owned hardware outside Azure datacenters, fulfilling stringent regulatory demands while retaining robust sovereignty via a FIPS 140-3 Level 3 HSM.
📦 Storage
- Public Preview: Export historical data from Log Analytics workspace with Export jobs The Log Analytics Export job enables selective export of historical data within specified time ranges to Azure Storage for optimized analytics and archival.
- Deploy Microsoft Defender for Storage with Malware Scanning and Sensitive Data Threat Detection Deploying Microsoft Defender for Storage adds malware scanning and sensitive data threat detection to Azure Storage, enhancing protection against partner and user-generated file threats.
- Optimize Oracle workloads on Azure with Azure NetApp Files Azure NetApp Files now offers flexible capacity pools, an application volume group for Oracle, availability-zone placement, enhanced data protection options, a migration assistant, short-term clones, cool access storage, and improved sizing guidance to optimize Oracle workloads on Azure with predictable performance and reduced operational complexity.
- Generally Available: Microsoft Entra ID-based access for Azure Blob Storage SFTP This new GA feature lets organizations use their existing Microsoft Entra IDs-including guest accounts-to access Azure Blob Storage via SFTP, enhancing security and simplifying identity management.
💻 Virtual Desktop Infrastructure
- Enhanced host pool management for Azure Virtual Desktop is now generally available Azure Virtual Desktop introduces enhanced host pool management with session host configuration updates, dynamic autoscaling, and ephemeral OS disk support to streamline secure, reliable, and cost-effective virtual environment administration.
- RDP Multipath with redundant TCP is now generally available for Windows 365 and AVD RDP Multipath enhances reliability on Windows 365 and Azure Virtual Desktop by automatically switching between connections to minimize interruptions.
- Windows 365 for Agents: A secured execution environment for AI agents Windows 365 for Agents provides a secure, managed cloud PC environment for running AI agents at scale with enterprise-level security controls.