Azure Weekly

Issue 569

28^th June 2026

Quite a busy edition this week, with a good mixture of Microsoft and Community content. Highlights include:

• Introducing Cohere Command A+ in Foundry by Rashaud Savage - Command A+, Cohere’s 218B-parameter mixture-of-experts model now available in Microsoft Foundry, enables enterprise agents to reason across 48 languages, process multimodal inputs like images and tables, and orchestrate complex multi-step workflows with sub-second latency.
• Azure Copilot Observability Agent is generally available, with autonomous operations in preview by Efrat Nauerman - The Azure Copilot Observability Agent, now generally available with autonomous operations in preview, transforms alert noise into investigated issues by integrating AI reasoning across telemetry, resource context, and custom instructions to help teams quickly identify changes, and correlations.
• Inside Llama 3.1 405B MLPerf Training on Azure: System-Level Insights at 8K+ GPU Scale by shantanupatankar, Azin Heidarshenas - Scaling Llama 3.1 405B to 8,192 GPUs on Azure's Fairwater infrastructure reveals that feed-forward network kernels dominate compute time, while topology-aware mapping is crucial for achieving ultra-high scale efficiency.
• Building Practical Rowhammer Protection into Azure Cobalt 200 by Stefan Saroiu, Alec Wolman, Anant Deval, Sashi Majety - Azure Cobalt 200 incorporates advanced Rowhammer protection directly into its memory controller, using a hybrid design that balances performance and security without adding measurable overhead, as detailed in a recent research paper presented at ISCA 2026.
• Guarding AI memory by Natalie Isak, Sarah Cooley - Guarding AI memory involves protecting both personalization and agentic coherence while addressing unique attack vectors like delayed tool execution through adversarial memory poisoning, with Microsoft 365 implementing defense-in-depth measures across creation, storage, retrieval, model…
• MCP Server Authorization with Azure API Management: From Simple to Advanced by vzisiadis - Azure API Management integrates with the Model Context Protocol (MCP) to provide robust authorization options-from simple token validation to interactive OAuth sign-in-enabling fine-grained control over who can access MCP servers and what actions they may perform.
• Only 8.5% of MCP Servers Use OAuth — Here's How to Host One Securely on App Service by Jordan Selig - Deploying an MCP server on Azure App Service with built-in Easy Auth and Entra ID integration secures it against common vulnerabilities like CVE-2025-6514 and CVE-2025-49596, ensuring authenticated access to tools while protecting secrets and preventing unauthorized code execution.
• The end of a Azure Data Platforms era, and the future with Databricks- and Fabric-centric architectures by Adam Marczak - Azure Data Platforms will transition toward Databricks, and Fabric-centric architectures, prompting organizations to reassess their data strategies and infrastructure investments.

Finally, we are launching our new Fabric Weekly newsletter this week. Sign up if you'd like to receive it!

🤖 AI

• Local-First and Fully Traced: Routing Between Ollama, Foundry Local, and Microsoft Foundry
  The article details how to route between Ollama, Foundry Local, and Microsoft Foundry using a single contract, ensuring seamless transitions between cloud and local tiers while maintaining consistent behavior for agents.
• Maintaining working memory in AI agents
  Maintaining working memory in AI agents involves managing what information stays relevant within a model's context window to ensure reliable performance, as excessive loading reduces focus and accuracy, especially for tasks requiring real reasoning rather than simple lookup.
• Mind the Specs: Grading formal specifications and KPIs as artefacts for LLM-driven code generation
  The new pipeline converts plain-language requirements into both a formal Alloy model and numerical KPI targets, grading them deterministically before feeding graded results to an LLM for code generation, addressing the lack of quality signals in prompt-to-code workflows.
• Right-Sizing Intelligence: Building a Multimodal Model Portfolio for Healthcare and Life Sciences
  Building a multimodal model portfolio in healthcare enables systems to leverage diverse models-large reasoning models for complex tasks, efficient small models for cost-sensitive operations, and specialized voice, image, and video models-to achieve optimal performance, scalability, and safety across clinical workflows.
• Introducing Cohere Command A+ in Foundry
  Command A+, Cohere’s 218B-parameter mixture-of-experts model now available in Microsoft Foundry, enables enterprise agents to reason across 48 languages, process multimodal inputs like images and tables, and orchestrate complex multi-step workflows with sub-second latency.
• Agents That Remember the Boss: Closing the Loop with Foundry Agent Service Memory
  Foundry Agent Service Memory ensures that decisions made at the CEO gate are recorded in a dedicated store, recalled by subsequent agents as binding direction, and visibly impact artifact outcomes through deterministic state changes.
• Mistral Document AI (with OCR 4) and Mistral Medium 3.5 arrive in Microsoft Foundry
  Mistral Document AI with OCR 4 and Mistral Medium 3.5 expand Microsoft Foundry’s model portfolio, offering structured document understanding for enterprise workflows and an open-weight general-purpose model for reasoning, coding, and agentic tasks.
• KVStream: Smarter Memory Management for On-Device Language Model Inference
  KVStream introduces smarter memory management for on-device language model inference, addressing fragmentation, over-reservation, lack of batching, and redundant computation that bog down performance on local hardware.
• The Gate Is the Product: Human-Verified Artifacts in a Foundry Multi-Agent Game
  The Gate Is the Product introduces a three-layer scoring system-deterministic validators, a model rubric floored by those validators, and a human gate-that ensures only artifacts deemed reliable by humans can earn XP, preventing models from self-certifying their output.
• Azure Machine Learning vs Azure AI Foundry
  Azure Machine Learning excels at custom end-to-end MLOps pipelines for data scientists, while Azure AI Foundry focuses on rapid deployment of generative and agentic AI solutions via a model catalog and serverless orchestration.
• Evaluating Multi-Turn Agents: A Quality Study of Microsoft Foundry’s Multi-Turn Evaluators
  The study evaluates four multi-turn agents in Microsoft Foundry, finding Task Completion and Customer Satisfaction evaluators highly reliable for session-level quality, while Groundedness is best used as a triage signal due to high judge sensitivity.
• Practice the Hard Call: Real-Time Voice Training with Live Voice Practice
  Live Voice Practice uses Azure Voice Live’s real-time speech-to-speech technology to let agents rehearse high-pressure customer service scenarios with AI customers, providing immediate, evidence-backed feedback and eliminating the ethical and scalability issues of traditional roleplay methods.
• Evaluating performance and efficiency of the GitHub Copilot agentic harness across models and tasks
  The GitHub Copilot agentic harness demonstrates superior token efficiency and comparable task completion rates across leading models like Claude Sonnet 4.6, Opus 4.7, GPT-5.4, and GPT-5.5 on industry-standard benchmarks such as SWE-bench Verified
• An Operational Toolchain for Microsoft Foundry Private Networks
  The article introduces Preflight, Diagnostic checks, and Cleanup tools to streamline operational state management for deployments of Microsoft Foundry into private networks, reducing failed redeploy times from thirty to forty-five minutes to under five seconds.
• Defending your Memory in Microsoft Foundry Agent Service against memory poisoning
  Defending your Memory in Microsoft Foundry Agent Service against memory poisoning involves understanding how long-term memory works-extracting, consolidating, storing, and retrieving user preferences, conversation summaries, and procedural patterns-while implementing controls to prevent attackers from influencing or deleting these durable memories.
• The Token Economics of the Edge: Running Qwen3 on a Windows NPU with WinML CLI
  Running Qwen3 on a Windows NPU with WinML CLI demonstrates how edge inference reduces token costs to near-zero while offering low latency, enhanced privacy, and offline availability, thanks to the specialized performance of neural processing units.
• The Agentic Workday: A Technical Deep Dive into Microsoft Scout for Healthcare and Life Sciences
  Microsoft Scout uses agentic AI to automate and streamline complex, regulated workflows in healthcare and life sciences, reducing assembly time while maintaining security and compliance boundaries.
• How Microsoft Scout Brings Agentic AI to Everyday Healthcare and Life Sciences Work
  Microsoft Scout transforms agentic AI from answering queries into executing multi-step workflows across healthcare and life sciences applications, documents, and the web while maintaining human oversight for critical decisions.

🔎 Analytics

• Use built-in Fabric data protection to get your data AI-ready
  Microsoft Fabric integrates built-in data protection features with Azure Purview to classify, control access, secure, and monitor data, enabling organizations to safely prepare their datasets for generative AI applications.
• On-premises data gateway June 2026 release
  The June 2026 on-premises data gateway release (version 3000.322) introduces Windows Web Account Manager authentication for stronger token security, updates Apache Log4j to 2.25.4 for enhanced security, adds consent-driven diagnostic uploads with richer insights in
• Secure AI at scale: Join the Microsoft Entra + Purview webinar series
  The webinar series will guide security teams on integrating identity, access management, and data protection strategies to securely scale AI adoption across networks, applications, and AI agents.
• From inception to Blueprint: Introducing the Oracle AI Database@Azure AI adoption playbook
  The Oracle AI Database@Azure playbook provides field-tested patterns for securely adopting AI on Oracle data across regulated industries, covering zero data movement, managed replication, and intelligence layers while integrating with tools like Copilot Studio, Fabric, and Entra ID.
• Build a Governed Databricks Workspace with Pulumi
  Pulumi enables platform teams to automatically provision a governed Databricks workspace with standardized cluster policies, notebooks, and automated jobs, reducing operational risks from inconsistent configurations and ensuring cost controls are enforced across all data science environments.
• Know before you optimize: Diagnose Lakehouse table health with a single T-SQL command (Generally Available)
  Microsoft Fabric introduces sp_get_table_health_metric, a T-SQL stored procedure that lets data engineers diagnose Lakehouse table health issues-like suboptimal file layouts causing slow queries-with a single command, enabling proactive maintenance and reduced compute waste.
• Billing for Microsoft Fabric Planning (Preview)
  Microsoft Fabric Planning’s hybrid billing model-combining role, and session-based pricing with job-based automation fees-is designed to match the cyclical, high-intensity nature of enterprise planning workloads while offering predictability and flexibility.
• Multi-cloud data architecture patterns using Fabric Data Factory (Generally Available)
  Fabric Data Factory introduces standardized patterns for seamless multi-cloud data architectures, reducing integration complexity by 40%.
• The end of a Azure Data Platforms era, and the future with Databricks- and Fabric-centric architectures
  Azure Data Platforms will transition toward Databricks, and Fabric-centric architectures, prompting organizations to reassess their data strategies and infrastructure investments.
• Join our free livestream series on using Microsoft IQ with Python
  Join a three-part livestream series that dives deep into using Microsoft IQ (Foundry, Work, and Fabric versions) with Python to build AI agents grounded in organizational knowledge, M365 data, and OneLake business information.
• Rayfin | Go from prompt to production backend
  Rayfin enables developers to generate complete backend definitions-including schemas, relationships, and access policies-using an open-source SDK with GitHub Copilot, then deploys the full production-ready application in a single command to Microsoft Fabric, automatically handling provisioning, security, identity controls, and audit compliance.

🖥️ Compute

• Add Nodes to SQL Server 2022 and Windows Server 2022 Failover Cluster
  Adding nodes to SQL Server 2022 and Windows Server 2022 failover clusters enhances scalability and high availability by automatically distributing workloads across new instances.
• Microsoft SPARK: Powering America’s Genesis Mission for Scientific Discovery
  Microsoft’s SPARK program partners with DOE labs to accelerate AI-driven scientific discovery for the Genesis Mission, offering dedicated project management, an AI Center of Excellence, Azure credits, professional services funding, and joint research initiatives focused on enhancing national security and energy innovation.
• Action over information: How App Advisor turns guidance into progress on Marketplace
  App Advisor transforms guidance into actionable steps, using personalized recommendations and AI insights to help software companies efficiently move through discovery, build, publish, and growth stages on Marketplace.
• What IT teams need to know about Linux Secure Boot certificates expiring in 2026
  Organizations using Linux UEFI Secure Boot must prepare to trust the expiring 2011 CA by June 27, 2026, as only 2023-signed shims will be accepted after that date.
• Inside Llama 3.1 405B MLPerf Training on Azure: System-Level Insights at 8K+ GPU Scale
  Scaling Llama 3.1 405B to 8,192 GPUs on Azure's Fairwater infrastructure reveals that feed-forward network kernels dominate compute time, while topology-aware mapping is crucial for achieving ultra-high scale efficiency.

🚢 Containers

• Connecting Azure Kubernetes Clusters to Tailscale Networks
  This article demonstrates how to securely connect an Azure Kubernetes Service cluster to a Tailscale private network using a proxy, enabling easy and secure access from any device within the Tailnet without complex VPN setups.
• Build Agent Architecture using AI Landing Zones
  The AI Landing Zones framework from Microsoft enables secure governance, unified control, and flexible runtime options for building and scaling enterprise AI agents across the Azure and 365 platforms.
• IPv6 Dual-Stack Endpoints for Azure Container Registry (Public Preview)
  Azure Container Registry now offers a public preview of IPv6 dual-stack endpoints, allowing registries to serve both IPv4 and IPv6 clients simultaneously while requiring Premium SKU and dedicated data endpoints for full functionality.
• How Many Copies of Each Layer Does Your Container Registry Actually Need?
  Azure Container Registry’s performance curve shows that adding container image layer copies boosts pull speeds up to a moderate point, after which extra copies stop helping and can even slow things down due to storage bottlenecks.

🗄️ Databases

• Take control of your PostgreSQL maintenance
  Azure Database for PostgreSQL flexible server now offers self-service controls to view, reschedule, and apply upcoming maintenance directly from the Azure portal, reducing disruption during critical business periods.
• Generic Best Practices for HikariCP with Azure Database for PostgreSQL
  Configuring HikariCP for Azure Database for PostgreSQL involves setting maxLifetime to 30 minutes, maintaining minimumIdle slightly below maximumPoolSize (e.g., 15 out of 20), using a default idleTimeout of 10 minutes, and sizing maximumPoolSize based on expected concurrent connections to
• Lessons Learned #541:Automatic Plan Correction vs External Tables: A Practical Lesson from the Field
  This article explains why queries referencing external tables may not always benefit from Azure SQL Database’s Automatic Plan Correction feature, as their performance depends on remote data sources and network factors, suggesting selective exclusion of such query IDs from FORCE_LAST_GOOD_PLAN.
• 5 T-SQL features that should already exist (2026 SQL Server wish list)
  The article outlines five T-SQL features-such as native compressed file imports and improved JSON handling-that could greatly enhance SQL Server’s productivity for data engineers and developers in 2026.
• Using Bulk Copy API for faster ingestion in Fabric Data Warehouse (Preview)
  The Bulk Copy API in Fabric Data Warehouse (Preview) boosts client-side ingestion speeds by 5-10× over traditional T-SQL INSERTs, enabling faster direct writing of application-generated data into warehouse tables.
• BulkSynchronize in EF Core: Mirror Your Data in One Operation
  BulkSynchronize in EF Core automates inserting, updating, and deleting database rows based on a provided source list, eliminating the need for custom sync logic that can introduce bugs as data volume grows.
• Microsoft Fabric–Why Are You So Down?
  Microsoft Fabric lacks transparent post-mortems and detailed incident histories compared to Azure and AWS, raising concerns about customer trust and support for its global users.
• Learn T-SQL With Erik: Controlling Memory Grants
  Erik explains how to manage memory grants in T-SQL queries, offering techniques like adding indexes and using Cross-Apply to reduce resource contention and improve performance.
• Building an Azure architecture that’s ready for every signature
  Exclaimer built an Azure-based architecture using Kubernetes Service, SQL Database, PostgreSQL, Cosmos DB, Data Explorer, and Databricks to handle 80k customers, 9.6M seats, and over 21B emails annually while ensuring high availability, regional data compliance, and cost efficiency
• SQL Server 2016 Extended Security Updates: Stay Protected While You Modernize
  SQL Server 2016 Extended Security Updates provide up to three years of continued security patches until July 17, 2029, helping organizations maintain protection while they plan modernization or upgrade paths.
• Data sync fails with deadlock error
  The article explains how to resolve deadlock errors that cause data sync failures in Azure SQL Data Sync by adjusting synchronization settings, optimizing system tables, and planning for the service’s retirement on September 30, 2027.
• Azure SQL DB Fabric Mirroring with Private Endpoint
  Azure SQL DB Fabric Mirroring with a Private Endpoint requires the source database to be on Standard Tier with at least 100 DTUs, enables System Assigned Managed Identity on the logical server, registers Microsoft.PowerPlatform as a subscription-level source provider, and configures the Virtual Network Subnet to delegate Microsoft.Power
• mssql-python 1.10.0: Service Principal Bulk Copy, More Reliable Arrow Text, and a Core Timeout Fix
  mssql-python 1.10.0 introduces bulk copy support for ActiveDirectoryServicePrincipal service principals, improving enterprise automation compatibility, enhances Arrow text reliability across platforms with consistent Unicode handling, and resolves bulk load connection timeout issues in the core library.
• Announcing Microsoft.Data.SqlClient 7.0.2 and 6.1.6
  The new servicing updates for Microsoft.Data.SqlClient 7.0.2 and 6.1.6 introduce Web Account Manager (WAM) broker support for Entra ID authentication modes on Windows, hardened TDS token parsing to prevent protocol attacks, fixes for null-reference issues in SqlDataReader and Always Enc
• Microsoft Django backend for SQL Server -mssql-django 1.7.3 is now available
  mssql-django 1.7.3 enhances SQL Server connectivity for Django by robustly parsing modern authentication settings and fixing a subclassing bug in server-property caching, ensuring smoother integration with advanced authentication scenarios.
• SQL Server Performance Office Hours Episode 65
  In Episode 65, Erik Darling discusses why SQL Server often grants large memory allocations to trivial queries and explores the implications for query performance optimization.
• Scaling EF Core for Data Imports: From CSV Files to Millions of Database Rows
  Bluesky introduces a production-ready EF Core import pipeline that processes a nightly 500 k-row supplier catalog in under five minutes using CsvHelper DTOs, chunked streaming, and bulk insertion with ChangeTracker disabled.
• SQL Server as a Document Database — and why you want that!
  Polecat enables SQL Server 2025 to function as a document database with native JSON support, mirroring Marten's API for seamless productivity gains without migrations or mapping files.

🛠️ Developer tools

• MCP for Beginners: Why Every AI Engineer and Developer Should Learn the Model Context Protocol
  The Model Context Protocol (MCP) for Beginners curriculum, maintained by Microsoft, provides hands-on learning of MCP’s standardized client-server model that lets AI models seamlessly integrate with databases, APIs, and document search through a single protocol, reducing integration effort from M × N to
• The performance dividend: Optimizing PostgreSQL on Azure directly in Visual Studio Code
  The new PostgreSQL extension for Visual Studio Code on Azure integrates performance diagnostics, metrics dashboards, and AI-assisted recommendations to streamline database tuning within a single development environment.
• Dependency Injection & Agent Framework
  Dependency Injection enhances flexibility and testability by decoupling agents, tools, executors, and workflows from their concrete implementations when using the Microsoft Agent Framework with C#.
• Keeping GitHub Copilot on script during your demos
  copilot-mock-server lets speakers script Copilot responses ahead of time, ensuring consistent and reliable AI outputs during demos without interrupting the flow or requiring internet access.
• Introducing Corvus.Text.Json V5: Migration, Analyzers, and What's Next
  Corvus.Text.Json V5 introduces migration support and production Roslyn analyzers to help developers transition from V4 while ensuring code correctness and performance improvements.
• Building an Harness Agent with Microsoft Agent Framework
  The new Harness Agent pattern built with the Microsoft Agent Framework v1.0 simplifies deploying autonomous AI agents by abstracting infrastructure complexities and enhancing cross-platform compatibility.
• Building Secure, Well-Architected Azure Workloads with Azure Verified Modules and GitHub Copilot
  Azure Verified Modules paired with GitHub Copilot enables IT professionals to build secure, well-architected Azure workloads using a supported module library and AI-assisted infrastructure code development.
• A guide to innovating threat hunting with Microsoft Sentinel custom graph
  This guide demonstrates how to create custom graphs in Microsoft Sentinel using GitHub Copilot chat experiences in VS Code, enabling real-time threat hunting with visualized blast radius insights and multi-hop connections for deeper investigation.
• VS Code Keeps Eye on Costs in v1.126 Update
  Visual Studio Code 1.126 introduces session-level Copilot cost details, aligning with Microsoft’s emphasis on assisting developers in tracking and managing their usage-based GitHub Copilot expenses.
• Open VSX 1.0.0 Puts Focus on Open Extension Registry for VS Code Ecosystem
  Open VSX 1.0.0 introduces an open extension registry that standardizes access to thousands of VS Code-compatible plugins across multiple vendors.
• Mastering GitHub Copilot: Cost-Efficient Prompt Strategies
  The article reveals three cost-efficient prompt strategies to maximize GitHub Copilot usage while minimizing token expenditure.
• Securing Developers with Tanya Janca
  Tanya Janca of SheCodesPurple explains how sysadmins can bolster developer security by securing environments and pipelines, leveraging AI tools to generate more secure code, and addressing the evolving threat landscape with updated best practices.
• Enable agentic work management with Microsoft Planner MCP Server
  The new Work IQ APIs integrate Planner capabilities into agent-driven workflows, enabling automated work management across plans and tools with secure enterprise permissions.
• I automated my job (and it made me a better leader)
  Using the GitHub Copilot app's automations streamlined his workflow by scheduling prompts that cross-checked calendars, emails, and repos, reducing context-switching and freeing time for strategic thinking.
• Cloudflare-First Networking as Code with Pulumi
  Cloudflare-First Networking as Code with Pulumi enables platform teams to define DNS records, WAF rules, Worker canaries, and Zero Trust policies directly in version-controlled infrastructure code using Pulumi, ensuring consistent edge configurations across multi-cloud applications.
• Migrating Agentic Code Python -> C# Part 6 (final)
  The C# migration series concludes by implementing a BlogWorkflow class that orchestrates a blogger, researcher, author, and reviewer agent, with conditional logic to loop back to the author until content is approved.
• How I built Run Aspire Update Script with GitHub Copilot
  The article details how GitHub Copilot helped author a PowerShell script that recursively updates Aspire versions across directory trees with clear logging and error handling.
• Update Aspire Version Recursively in All Projects and Solutions
  The PowerShell script automates updating Aspire versions recursively across multiple projects and solutions using the Aspire CLI, saving time and reducing errors when maintaining consistent tooling across a workshop's diverse labs.
• VS Code 1.125 Adds Copilot Spend Meter After Billing Shock
  VS Code 1.125 introduces a Copilot Spend Meter to give developers real-time insight into their AI credit usage amid growing concerns over GitHub’s evolving billing transparency.
• From pledge to practice: Building a more inclusive open source ecosystem
  GitHub has launched initiatives such as the Open Source Assistive Technology Hackathon, expanded accessibility documentation, and hosted an Accessibility Summit to empower people with disabilities in open source contributions and improve mainstream project accessibility.
• Agent 365 Skills: Bring your agents into Microsoft Agent 365 in minutes
  Agent 365 Skills simplifies enterprise-ready AI agent onboarding by turning complex manual steps into a guided natural-language experience inside popular coding assistants.
• How I built an app just by talking to an AI LLM – the good, the bad, and what I’d do differently next time (part one)
  The author builds a small database translation app called dbRosetta entirely by interacting with an AI language model, documenting the process and tools-including Azure PostgreSQL Flexible Server, Copilot, GitHub CoPilot, Visual Studio Code, and Redgate Flyway-to demonstrate end-to-end development without manual coding
• Tamir Dresher: Squad Agent Workflows - Episode 407
  Tamir Dresher, a Principal Engineer at Microsoft Threat Protection and co-creator of Squad, discusses innovative squad agent workflows that streamline AI team orchestration directly within GitHub repositories.
• Introducing Corvus.Text.Json V5: TOON - Compact JSON for LLMs
  Corvus.Text.Json.Toon provides bidirectional TOON conversion - a compact text format that removes repeated property names and punctuation from JSON, reducing token count for LLM prompts with zero-allocation UTF-8 APIs.
• Introducing Corvus.Text.Json V5: Extended Types
  Corvus.Text.Json V5 extends type support with first-class handling for UTF-8 URIs, IRIs, and arbitrary-precision numeric types, improving JSON schema validation accuracy without allocation overhead.

🔩 DevOps

• Best practices for Infrastructure as Code CI/CD on Azure
  Learn how consuming Azure Verified Modules, adopting a single folder per environment layout, and implementing Workload Identity Federation can eliminate common IaC CI/CD pitfalls on Azure, preventing secret leaks and ensuring consistent deployments across dev, test, and prod.
• Lower API impact way of updating NVD Vulnerability Dependency data
  A new method reduces the impact on APIs when updating NVD vulnerability data, addressing recent NIST changes that caused dependency-check tools to experience long download times and frequent timeouts.
• Updated audit checklist for the Agentic DevOps specialization coming in January 2027
  The upcoming January 2027 update to the Agentic DevOps specialization audit checklist will include internal agentic adoption criteria and align certifications with GitHub’s automation, security, and AI-assisted development practices.
• Azure DevOps vs GitHub: Your 2026 Platform Decision
  In 2026, GitHub is positioned as the AI-native hub for agentic development, while Azure DevOps remains a stable, mature platform focused on code quality and security improvements, prompting a recommended hybrid model where teams use GitHub for agent workflows and Azure DevOps for traditional CI/CD and project
• Retirement of Azure DevOps issuer in Workload identity federation service connections
  The Azure DevOps issuer for workload identity federation will be retired on July 1, 2027, encouraging users to migrate to the standardized Microsoft Entra issuer to maintain support and leverage enhanced security features.
• Azure Bicep Has a Plan Mode: Use It On Your Next Production Deployment
  Azure Bicep’s new plan mode lets you preview changes without deploying, reducing risks in production by catching errors early.
• Conditional & Iterative Deployments with Azure Bicep
  Azure Bicep introduces conditional and iterative deployments, enabling teams to manage complex infrastructures more efficiently through single, maintainable templates.
• Azure Bicep Resource-Derived Types and Member Access Explained
  Azure Bicep’s `[*]` syntax enables strongly typed access to array properties like virtual network subnets, simplifying parameter definitions and reducing maintenance when working with resource-derived types.

🧬 Hybrid + multicloud

• Windows Admin Center version 2606 is now generally available!
  Windows Admin Center 2606 introduces significant reliability and accessibility enhancements based on user feedback, now exclusively in Administration Mode with plans for more frequent releases.
• How to Deploy Azure Local Small Form Factor (SFF) – Bringing Azure to the Edge
  Azure Local Small Form Factor (SFF) deployments let organizations run Azure services directly on edge devices, reducing latency and enabling real-time data processing at the source.
• Azure Local Simplified Machine Provisioning
  Azure Local Simplified Machine Provisioning streamlines edge infrastructure deployment, reducing the need for onsite IT staff and cutting setup time by up to 70%.
• Legacy LAPS vs. Windows LAPS vs. LAPS for Azure Arc
  LAPS for Azure Arc introduces cloud-backed governance, moving password management from local policies to a unified control plane that integrates with Azure Policy and Entra ID, offering scalable protection across on-premises and hybrid environments.

🎭 Identity

• Microsoft Intune and Apple platform updates: What to expect after WWDC 2026
  Intune is prioritizing new declarative device management capabilities from WWDC 2026, including allow/deny binary controls for macOS, enhanced content caching with status monitoring, upgraded Platform Single Sign-on features like Touch ID integration, and upcoming network configuration support in DDM.
• Cross-tenant Azure auth with no secrets (and the AADSTS700236 trap)
  Azure’s new cross-tenant authentication method lets a single Managed Identity authenticate across multiple Entra tenants without secrets, avoiding the AADSTS700236 error by using Federated Identity Credentials in a home tenant app registration.
• Microsoft Entra Connect Sync – Passwordless Authentication – now supported!
  With the new support for passwordless authentication, users can securely log in to applications without entering traditional passwords, enhancing security and user experience.

🔌 Integration

• Getting Started With NATS JetStream in .NET
  Getting Started With NATS JetStream in .NET introduces a lightweight, fast messaging system that runs as a single binary with no external dependencies, offering durable queues through its JetStream layer and providing an easy-to-use .NET client for seamless integration.
• MCP Server Authorization with Azure API Management: From Simple to Advanced
  Azure API Management integrates with the Model Context Protocol (MCP) to provide robust authorization options-from simple token validation to interactive OAuth sign-in-enabling fine-grained control over who can access MCP servers and what actions they may perform.
• Event Sourcing: Aggregates, Dynamic Consistency Boundaries, or what?
  This article explores consistency boundaries in event sourcing, comparing traditional aggregates from Domain-Driven Design to the newer Dynamic Consistency Boundaries approach, highlighting why they matter for preventing incorrect data displays and how different systems handle these challenges.

💡 Internet of Things

• Azure IoT guidance for DigiCert Global Root G1 trust-store updates in sovereign clouds
  This guidance explains how recent updates to operating system trust stores in Azure Government (Fairfax) and Azure China (Mooncake) environments may remove trust for the DigiCert Global Root G1 certificate, potentially causing TLS connectivity issues with Azure IoT devices and applications that rely on those updated trust stores.

🎓 Learning and Certifications

• EVENT: Microsoft Ignite 2026 – San Francisco, CA – November 17-20, 2026 – Registration is now open!
  Registration is open for Microsoft Ignite 2026 in San Francisco, featuring top industry leaders and innovative sessions on cloud, AI, and enterprise…
• Copilot & GitHub Pre-Purchase Plans (P3) Explained
  The new Pre-Purchase Plans (P3) for Copilot & GitHub offer enterprise customers volume discounts and early access to upcoming features, with coverage varying by region and product scope as details are finalized on the official Microsoft Learn page.
• Microsoft Credentials roundup: June 2026
  Microsoft introduces Pro Badges that validate real-world skills through product telemetry, with the first badge covering GitHub Copilot proficiency set to launch at GitHub Universe in late October 2026.
• AI-901 Responsible AI Principles: Apply Fairness, Safety, Privacy, Inclusiveness, Transparency, And Accountability
  The AI-901 Responsible AI Principles exam focuses on practical application-testing real-world scenarios where you must identify which of six core principles (Fairness, Safety, Privacy, Inclusiveness, Transparency, Accountability) is at risk and choose the appropriate design fix.
• Assignments in Microsoft Teams: Grading, feedback, and AI built into your flow
  Assignments in Microsoft Teams now integrates AI tools directly into the workflow for creating instructions, building rubrics, and grading student work, allowing educators to edit suggestions while keeping all data within the tenant’s security boundaries.
• DOWNLOAD: Free eBook, “Power Platform Guide: Power Apps Canvas Next Level”
  Nicolo Ferranti's free eBook provides practical strategies for enhancing Power Apps Canvas development with UDFs, centralized state management, and a…

⚖️ Management and Governance

• 10 things to know before enabling Microsoft 365 Backup
  Before enabling Microsoft 365 Backup, know that it offers resiliency with compliance built in, fast restore speeds up to 1-3 TB per hour, is designed for bulk recovery after ransomware attacks, provides both daily fast and granular restore points, and supports scalable configuration via dynamic
• The governance shift: RBAC, URBAC, data lake, and MSSP
  Defender's governance shift introduces Unified RBAC (URBAC) that coexists with existing Azure RBAC, enabling data-scoped cross-workspace permissions and tiered data models while preserving current role assignments.
• The Data Collector API Is Going Away: How to Migrate Your Azure Monitor Logs
  The Data Collector API for Azure Monitor Logs will retire on September 14, 2026, forcing users to migrate to the newer DCR-based custom log ingestion method that offers better authentication and schema control.
• Modernizing Nonprofit Operations with Power Automate
  Power Automate helps nonprofits automate routine tasks like donor thank-you emails, volunteer application routing, and event registration with low-code logic, connectors to tools such as Outlook and SharePoint, and real triggers tied directly to business events.
• From insight to action: The next phase of agentic cloud operations
  Agentic cloud operations at Azure integrates AI-powered agents that turn real-time insights into governed actions, streamlining hybrid infrastructure management with continuous optimization loops.
• From Prompt to Provisioned: A Closer Look at the Azure Deployment Agent
  The Azure Deployment Agent transforms workload design by guiding users through architecture planning, grounding outputs in the Well-Architected Framework, and generating reviewable Terraform or Bicep code directly from natural language prompts.
• Monday Ledger: The 5 Skills Your IT Team Needs to Support AI Infrastructure
  The article identifies five critical skills-model monitoring, token and cost management, prompt governance and versioning, data fluency for interpreting model outputs, and cross-functional collaboration-that cloud teams typically lack when supporting AI infrastructure.
• EU Azure Regions Capacity – June 2026
  Azure regions in the EU for June 2026 face deployment failures due to regional provisioning restrictions, requiring users to select alternative locations or submit support requests for exceptions.
• Azure Resource Group vs Management Group
  Azure Management Groups serve as high-level governance containers for organizing subscriptions, while Resource Groups are granular lifecycle containers that hold individual deployed Azure assets like VMs and storage accounts.
• Azure Copilot Observability Agent is generally available, with autonomous operations in preview
  The Azure Copilot Observability Agent, now generally available with autonomous operations in preview, transforms alert noise into investigated issues by integrating AI reasoning across telemetry, resource context, and custom instructions to help teams quickly identify changes, correlations, and evidence for resolving problems while maintaining human oversight.

🚌 Migration

• Deploy an Azure Landing Zone in About Twelve Minutes with the ALZ IaC Accelerator
  The ALZ IaC Accelerator dramatically reduces Azure Landing Zone setup from weeks to just twelve minutes, automating management groups, policies, networking, and CI/CD pipelines while supporting both Bicep and Terraform.
• What I learned preparing for Cloud Migration and Modernization of Microsoft
  Preparing for cloud migration audits requires proving repeatable capabilities with clear evidence, focusing on candidate projects, thorough pre-assessment, and structuring evidence packs to meet audit requirements effectively.
• Build a Sovereign Private Cloud with Azure Local
  Azure Local enables organizations to meet strict regulatory data residency requirements, support sovereign AI workloads, operate in disconnected environments, ensure business continuity with a local fallback plan, and achieve low-latency performance by providing a cloud-consistent control plane on hardware you can physically manage.

🌐 Networking

• Public Preview: Application Gateway for Containers – Inference gateway
  Application Gateway for Containers introduces an inference gateway that integrates the Kubernetes Gateway API Inference Extension, allowing seamless AI model serving directly within containerized environments.
• A real look at BYON Microsoft Foundry
  BYON Foundry in Azure provides private, internal networking for organizations with strict security and regulatory requirements, offering control over routing and egress at a higher operational and financial cost compared to the managed VNet option.

🔐 Security

• Azure Updates – Number 140 – June 27, 2026
  Azure Update #140 highlights new features for Architecture, Compute, Security Copilot, and Sentinel, streamlining recent releases for developers.
• Securing the Industrial Edge: A Guide to Microsoft Defender for IoT
  Microsoft Defender for IoT offers agentless security for industrial protocols via a decentralized architecture with OT sensors, integrated with Azure…
• New Security Controls in Edge for Business
  Edge for Business extends conditional access, Purview DLP, and Defender controls to all browser sessions on both managed and unmanaged devices, automatically blocking sensitive data from reaching unauthorized AI services and managing clipboard and screenshot actions by location.
• Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access
  The Photo ZIP campaign uses photo-themed ZIP archives with Node.js implants to gain persistent access in the hospitality industry, employing obfuscated PowerShell and dual registry persistence for stealthy operations.
• Choosing the right AI model in Microsoft 365: flexibility, control, and confidence
  Choosing the right AI model in Microsoft 365 lets organizations balance flexibility with enterprise-grade governance, offering options from default hosted models to independent providers like Anthropic, all managed through centralized admin controls.
• What’s new in Microsoft Intune – June
  Microsoft Intune introduces AI agents for secure user interactions with company data, auto-updates for enterprise applications to reduce vulnerability exposure, and a new Vulnerability Remediation Agent prioritizing CVEs across Windows devices, enhancing security posture.
• Microsoft a Leader in The Forrester Wave™ for Endpoint Management Platforms
  Forrester recognizes Microsoft Intune as a leader in endpoint management for its integrated approach using Azure Entra, Defender, Windows, and 365, offering unified device management across platforms with AI-powered privilege management and security assistance.
• Building Practical Rowhammer Protection into Azure Cobalt 200
  Azure Cobalt 200 incorporates advanced Rowhammer protection directly into its memory controller, using a hybrid design that balances performance and security without adding measurable overhead, as detailed in a recent research paper presented at ISCA 2026.
• Microsoft Sentinel Baseline Deployment: From Zero to Operational SOC – Summer Bonus!
  The bonus guide shows how to automate Sentinel’s core processes, enabling teams to maintain workspace health, enforce policies, and focus SOC staff on strategic initiatives.
• Azure Confidential Computing for Digital Sovereignty and Regulated Workloads
  Azure Confidential Computing is expanding its hardware-rooted security across multiple processors, regions, and services to meet growing digital sovereignty, regulatory compliance, and AI privacy demands.
• CNAPP evolution: How Microsoft aligns with leading cloud risk management platforms
  Microsoft’s CNAPP solution integrates risk correlation across identity, endpoints, data, and cloud environments to prioritize exploitable threats, extending security from code through runtime and SOC workflows for continuous operational risk reduction.
• Taming AI Tool Sprawl: A PowerShell Guide to Auditing and Governing Unauthorized AI Applications
  Use PowerShell alongside Azure services like Graph, Entra ID, and Defender for Cloud Apps to detect and control unauthorized AI applications effectively.
• Unify Your SOC: Integrating Defender XDR with Sentinel
  Integrating Defender XDR with Sentinel unifies security incident response, streams endpoint events, enhances detection capabilities across products, and supports seamless SOAR automation.
• Guarding AI memory
  Guarding AI memory involves protecting both personalization and agentic coherence while addressing unique attack vectors like delayed tool execution through adversarial memory poisoning, with Microsoft 365 implementing defense-in-depth measures across creation, storage, retrieval, model interaction, and user control.
• Automate Your SOC: A Guide to Sentinel Playbook Generation
  This guide shows how to use AI to automatically generate secure, tested Microsoft Sentinel Python playbooks, complete with integration profiles for smooth SOC automation deployment.
• One intrusion, two cyberattackers: Uncovering parallel threat activity
  The report details how a single ransomware intrusion uncovered parallel activities from two separate threat actors using blended tactics that obscured signals and challenged traditional views of multi-stage campaigns in hybrid environments.
• Post-Quantum Cryptography and Crypto-Agility
  Crypto-agility-designing systems so cryptography can be updated without disruption-is essential for resilient post-quantum transitions, requiring abstraction, configuration, and testing rather than hard-coded algorithms.
• The state of MCP security in 2026
  In 2026, the Model Context Protocol (MCP) faces evolving security risks such as prompt injection and tool poisoning, authorization vulnerabilities like the confused deputy, and over-broad access issues, with recent spec updates introducing tighter identity checks and new MCP Apps capabilities to enhance sandboxed UI interactions.
• How to Configure macOS Privacy Preferences Policy Control (PPPC) Using the Intune Settings Catalog
  Configuring macOS Privacy Preferences Policy Control in Intune requires matching the app identifier, code requirement from its signature, and using Authorization instead of Allowed to prevent apps from breaking or operating quietly without proper permissions.
• Best practices for deploying Secure Boot certificate updates
  Best practices for deploying Secure Boot certificate updates emphasize early testing, layered deployment approaches, and using the right mix of tools like Intune or Group Policy to ensure smooth rollouts across diverse Windows environments.

📦 Storage

• Generally Available: Azure NetApp Files migration assistant
  The Azure NetApp Files migration assistant, featuring SnapMirror, streamlines and reduces costs during data transfer by utilizing ONTAP’s native replication capabilities to move data between on-premises environments, Cloud Volumes Online, or other clouds to Azure NetApp Files.
• 348 - Updates to Azure Files in 2026
  Azure Files in 2026 introduces GA features like Entra-only identities, enhanced macOS access security, and preview support for Entra Kerberos authentication, streamlining cloud-first file share modernization.
• Boost performance with NFS nconnect on Azure NetApp Files datastores for Azure VMware Solution
  nconnect on Azure NetApp Files datastores for Azure VMware Solution boosts performance by allowing a single NFS mount to use multiple TCP connections, increasing throughput and reducing latency under concurrency without needing additional datastores or hosts.

💻 Virtual Desktop Infrastructure

• Azure Virtual Desktop vs Windows 365
  Azure Virtual Desktop offers customizable IaaS/PaaS infrastructure for specialized environments with granular control over networking and resources, while Windows 365 provides a turnkey SaaS solution with instant provisioning via Intune, ideal for organizations prioritizing simplicity and predictability.
• Point-in-time restore for Windows 11 is now generally available
  Point-in-time restore for Windows 11 lets IT teams quickly roll devices back to a previous stable state within minutes, automatically capturing system, apps, configs, settings, and local files every 24 hours via built-in recovery in the Troubleshoot menu of the Windows Recovery Environment.
• What is Azure Virtual Desktop
  Azure Virtual Desktop abstracts infrastructure management, allowing enterprises to focus on applications while offering multi-session Windows licensing and FSLogix profile containers for efficient resource use and fast logins.
• Azure Virtual Desktop Client
  The Azure Virtual Desktop client portfolio includes a Windows desktop app, web client for browsers, and specialized macOS, iOS, and Android clients, each optimized for different user needs and device types.

🔗 Web

• A Better Way to View Logs in Kudu for Azure App Service on Linux
  The new Log stream page in Kudu for Azure App Service on Linux provides live log streaming, advanced filtering by timeframe, instance, container, log type, and level, keyword search capabilities, and historical view options to help developers quickly diagnose startup behavior, runtime errors, and other application issues.
• Only 8.5% of MCP Servers Use OAuth — Here's How to Host One Securely on App Service
  Deploying an MCP server on Azure App Service with built-in Easy Auth and Entra ID integration secures it against common vulnerabilities like CVE-2025-6514 and CVE-2025-49596, ensuring authenticated access to tools while protecting secrets and preventing unauthorized code execution.
• MCP Just Went Stateless — What the 2026 Spec Changes About Scaling on App Service
  The 2026 MCP spec makes the protocol fully stateless, eliminating handshakes and session IDs so any App Service instance can handle requests, simplifying scaling and reducing reliance on external session stores.