Azure Weekly

Issue 568

21^st June 2026

An edition that contains more tutorials and thought pieces than announcements. Highlights this week include:

• What’s new with Microsoft in open source and Kubernetes at Open Source Summit and KubeCon India by Sean McKenna - Microsoft unveiled new open-source tools and Azure Kubernetes Service enhancements aimed at improving operational reliability for AI workloads, including general availability of Azure Container Linux, preview of Azure Linux 4.0, and features like reversible upgrades, multi-cluster governance, and GPU optimisations.
• Azure Container Linux for AKS: Flatcar Grows Up by Richard Hooper - Azure Container Linux for AKS now offers enhanced stability and additional features, making it a more robust choice for cloud-native workloads after transitioning from preview status.
• Unlocking Microsoft OneLake as the data foundation for Azure Databricks customers by Dipti Borkar - Unlocking Microsoft OneLake as the data foundation for Azure Databricks customers enables true bi-directional interoperability, allowing both platforms to read from and store in OneLake natively, streamlining data management and governance across multi-platform AI projects.
• Extending interoperability: Azure Databricks can now store Unity Catalog managed tables directly in OneLake by Premal Shah - Azure Databricks can now store Unity Catalog managed tables directly in OneLake, enabling seamless bi-directional interoperability between the two platforms and allowing organizations to use OneLake as a native storage layer for Delta tables without managing separate systems.
• Transform your security operation with a unified experience in Defender by Mohit Kumar - Microsoft is merging Sentinel’s SIEM, XDR, threat intelligence, AI, and automation into Defender by March 31, 2027, to unify security operations, streamline workflows, reduce operational complexity, and prepare teams for an AI-first era of cybersecurity.
• AutoJack: How a single page can RCE the host running your AI agent by Microsoft Defender Security Research Team - AutoGen Studio’s AutoJack exploit lets untrusted web content within an AI agent bypass localhost protections, enabling remote code execution on the host machine by exploiting missing origin validation, absent authentication for MCP paths, and direct command injection from URL parameters.

🤖 AI

• Auto-Generated Rubric Evaluators: Building Context-Aware Evaluators for AI Agents
  The auto-generated rubric evaluator system creates task-specific evaluators that score AI agents' performance against defined criteria, validated across multiple datasets for accuracy and reliability.
• Benchmarks in Microsoft Foundry (preview): Standardized model and agent quality checks
  Benchmarks in Microsoft Foundry let developers run standardized open-source tests on any model deployment or agent, instantly comparing results via a UI or API while distinguishing between overall model performance and specific deployment quality.
• Intelligent sampling in Microsoft Foundry: the science behind selecting better production traces
  Microsoft Foundry’s intelligent sampling technique uses a MinHash farthest-first algorithm to boost lexical diversity and LLM judge preference by 29% and 78%, respectively, making it ideal for evaluation and fine-tuning workflows that prioritize coverage over mirroring production frequencies.
• Azure AI Foundry Architecture
  Azure AI Foundry introduces a centralized Hub for corporate governance and granular Project workspaces that inherit security policies while isolating developer assets, enabling seamless model swaps through a unified catalog with serverless pay-as-you-go or provisioned compute options, and integrates secure data fabrics via identity-dr
• Azure AI Document Intelligence Tutorial
  Azure AI Document Intelligence’s v4.0 API introduces optimized deterministic extraction for structured templates, a new Layout Model delivering Markdown outputs ideal for RAG systems, and streamlined prebuilt models for financial documents with automatic check table parsing.
• A Guided Tour of the New Microsoft Foundry Labs
  Microsoft Foundry Labs offers hands-on access to cutting-edge AI experiments across six impactful domains, including MAI-Image-2.5 for advanced image generation and Fara 1.5 for computer-vision reasoning, enabling developers to immediately test frontier technologies without lengthy reimplementation delays.
• Dragon Copilot and Microsoft Marketplace are transforming the way healthcare is delivered
  Dragon Copilot and integration via Microsoft Marketplace aim to remove friction from overloaded clinical workflows by embedding AI directly into existing tools, addressing capacity constraints and inefficiencies in documentation, administration, and patient care.
• New in Cowork – the UI refresh and the cost question everyone’s asking
  The refreshed Cowork UI in the Microsoft 365 Copilot app introduces a new "/cost" skill that lets users track exactly how many Copilot Credits each task consumes, enhancing transparency and control over usage.
• Unlocking the next frontier of Local AI on Windows for Telecommunications
  Unlocking next-frontier Local AI on Windows for telecommunications enables customer care agents to respond instantly with richer context, field workflows that continue offline, and privacy-by-default network operations, all leveraging the existing telecom device fleet without new hardware.
• The Case for an Ontology Layer in Telecoms
  An ontology layer in telecoms provides a shared semantic framework that translates fragmented, unstructured data into consistent business meanings, enabling AI models to reason across network, IT/OSS/BSS, customer interaction, and external ecosystem datasets while adhering to telecom-specific standards.
• Azure AI Foundry vs Google Vertex AI
  Azure AI Foundry focuses on enterprise compliance with a Hub-and-Project hierarchy, while Google Vertex AI emphasizes a pipeline-first ecosystem integrated with GCP data services and offers superior multimodal model capabilities.
• Revolutionizing Document Intelligence: Scaling Construction Industries with AI-Driven Extraction
  This article shows how Azure AI services-Content Understanding, Foundry, Blob Storage, and OpenAI-are used to automate extraction from construction drawings, boosting productivity by enabling digital threads that reduce manual handoffs and improve project coordination.
• A Practical, Technical Guide to Bringing AI Into Everyday Nonprofit Workflows
  Microsoft Copilot for Microsoft 365 embeds AI directly into everyday tools like Word, Excel, Outlook, Teams, and PowerPoint, enabling nonprofits to automate knowledge work efficiently without needing new systems or specialized AI teams.
• Copilot Cowork is now generally available
  Copilot Cowork’s general availability introduces usage-based billing with a grace period for Frontier users and three credit tiers-light ($1-$3), medium ($4-$7), and heavy (>$7)-plus the option to commit to P3 credits for discounts, reflecting its cloud
• The Hidden Boundaries of Modern AI
  The article explains that AI models process inputs as encoded tensors rather than human-readable text, highlighting the critical distinction between how humans perceive prompts and how models actually interpret them.
• Azure OpenAI Architecture: The Decisions That Actually Matter (Part 3)
  Azure OpenAI’s architecture emphasizes GenAIOps practices-evaluation pipelines, full-stack observability, Model Router patterns, and prompt governance-to turn continuous model upgrades into routine operations rather than emergency events.
• How to Score a User Simulator: Introducing USR-8
  USR-8 introduces an Eight-Metric User Simulation Rubric that separates simulator behavior from style, revealing failure modes hidden by composite scores and showing that most "good" simulators rely on prompt policy rather than orchestration code.
• Build an Automated SLA Risk Agent with Routines in Microsoft Foundry
  This tutorial demonstrates how to build an automated SLA risk agent in Microsoft Foundry using Routines, which analyzes ticket data with Azure AI Search and surfaces potential SLA breaches daily.
• Detecting Python Vulnerabilities with GraphCodeBERT
  Detecting Python Vulnerabilities with GraphCodeBERT introduces CSI, a novel tool that uses code structure understanding instead of regex pattern matching to achieve an F1 score over 90% in identifying real vulnerabilities, addressing the limitations of existing tools like Bandit which rely on token patterns and often miss subtle security issues
• All Agents Report Back to Me: Monitoring AI Agents with Chat
  The article introduces a self-hosted Rocket.Chat chat server that lets AI agents post status updates via a custom skill, providing a unified monitoring portal with secure internal access for humans while keeping agent data private.
• Building ShadowQuest: A Multi-Agent RPG
  ShadowQuest showcases how specialized AI agents collaborate using Foundry IQ and GPT-4.1 to deliver immersive, context-aware responses in a multiplayer fantasy RPG built for the Agents League Hackathon.
• Agents That Test Agents: A Cloud-Native Skill-Eval Harness on Foundry Hosted Agents
  azure_skill_eval provides a cloud‑native harness on Foundry Hosted Agents to rigorously test skills like edu-video-script across multiple models and scenarios, using deterministic validators, an LLM judge for structured scoring, and an adversarial attacker agent to ensure robustness under varied prompts.
• Gamifying World Improvement: A Reasoning-Agent RPG on Microsoft Foundry
  The new reasoning‑agent RPG on Microsoft Foundry demonstrates how a multi‑agent system with live judges can validate complex world‑building tasks by requiring human approval at verification points, showcasing an architecture where each step, from company analysis to worker factory creation, is logged and reusable.
• Cross-Region Model Connectivity Options in Microsoft Foundry: Supported Patterns and Tradeoffs
  The article details three cross-region model connectivity patterns in Microsoft Foundry-direct connections, Azure API Management gateways, and VNet-secured APIM variants-explaining their use cases, tradeoffs, and a detailed VNet-secured implementation for enterprise deployments.

🔎 Analytics

• Generally Available: Azure Databricks native read access to Microsoft OneLake
  Azure Databricks gains native read access to Microsoft OneLake via Unity Catalog, allowing direct querying and analysis of data in OneLake with no need for data replication.
• Public Preview: Azure Databricks natively storing data in Microsoft OneLake
  Azure Databricks gains native support for writing Delta tables directly to OneLake, simplifying data management and enabling seamless integration between the two services.
• Azure Databricks at Databricks Data + AI Summit 2026: updates and new announcements
  Azure Databricks showcased its deep integration with Microsoft tools at the Data + AI Summit 2026, unveiling features like Genie for Teams and M365 Copilot beta, which enable context-aware data queries directly within collaboration platforms while maintaining Unity Catalog governance.
• Simplify Schema Changes in Fabric Data Warehouse with ALTER COLUMN (Preview)
  With ALTER COLUMN support in Fabric Data Warehouse, you can now modify column definitions like expanding VARCHAR sizes or adjusting numeric precision without rebuilding tables or disrupting downstream pipelines, streamlining schema evolution for analytics teams.
• Unlocking Microsoft OneLake as the data foundation for Azure Databricks customers
  Unlocking Microsoft OneLake as the data foundation for Azure Databricks customers enables true bi-directional interoperability, allowing both platforms to read from and store in OneLake natively, streamlining data management and governance across multi-platform AI projects.
• Extending interoperability: Azure Databricks can now store Unity Catalog managed tables directly in OneLake
  Azure Databricks can now store Unity Catalog managed tables directly in OneLake, enabling seamless bi-directional interoperability between the two platforms and allowing organizations to use OneLake as a native storage layer for Delta tables without managing separate systems.
• Azure Data Factory Pricing
  Azure Data Factory’s consumption-based pricing tracks every activity run, copy operation measured in Data Integration Units (DIU), and transformation using Apache Spark clusters, with costs varying by integration runtime type and compute meter.
• Why User Defined Functions (UDFs) Changed Testing in Power BI
  User Defined Functions (UDFs) in Power BI Desktop revolutionize testing by enabling reusable, versioned assertions directly within semantic models, streamlining DataOps processes and ensuring consistent model quality.
• How we built an internal data analytics agent
  Qubot is a Copilot-powered internal analytics agent at GitHub that lets employees ask data questions in plain language and receive instant answers, streamlining self-serve analytics across product teams without the need for dedicated analysts.

🖥️ Compute

• Azure Sets a New Performance Record for LLM Training Benchmark at Extreme Scale
  Azure set a new performance record for LLM training benchmark at extreme scale, achieving just over seven minutes to train Llama 3.1 405B across 8,192 GPUs using fifth-generation NVLink and Azure’s 100 GB/s MRC networking fabric.
• Azure Function App — Queue-Based Architecture for Long-Running Sync Jobs
  Azure Functions can handle long-running sync jobs by using a queue to decouple the HTTP trigger from execution, allowing workloads that exceed Azure’s 230-second HTTP timeout to run without caller timeouts while benefiting from automatic retry and robust authentication.
• SAP HANA On Azure
  Azure offers two optimized compute options for SAP HANA-E-Series VMs starting at 160 GiB RAM and M-Series up to 30 TiB RAM-with large instances supporting up to 24 TB single-node capacity and multi-node frameworks reaching 120 TB, ensuring high performance for enterprise workloads
• Windows Server vNext Insider Preview Build 29602 and QMR
  Quick Machine Recovery (QMR) in Windows Server vNext Insider Preview Build 29602 automates boot-critical failure recovery using cloud-assisted diagnostics and automated fixes, significantly reducing downtime and operational overhead for enterprise environments.
• Stop Overpaying for Azure Virtual Machines and Start Saving Today
  Stop Overpaying for Azure Virtual Machines and Start Saving Today by using B-Series VMs for burstable workloads, leveraging Spot VM pricing for deep discounts with interruption tolerance, selecting cost-effective regions, enabling auto-shutdown for idle dev/test environments, committing to Azure Savings Plans for predictable reductions on consistent
• The Platform Era Expands: MDEP at InfoComm 2026
  MDEP expands as an enterprise-grade operating system, enabling partners to focus on differentiation with native Microsoft integrations, seamless operations at scale, and support for a growing range of devices.

🚢 Containers

• What’s new with Microsoft in open source and Kubernetes at Open Source Summit and KubeCon India
  Microsoft unveiled new open-source tools and Azure Kubernetes Service enhancements aimed at improving operational reliability for AI workloads, including general availability of Azure Container Linux, preview of Azure Linux 4.0, and features like reversible upgrades, multi-cluster governance, and GPU efficiency boosts.
• Accelerating AKS troubleshooting with the Azure Copilot Observability Agent
  The Azure Copilot Observability Agent in Azure Monitor accelerates AKS troubleshooting by weaving together telemetry from multiple sources-metrics, logs, traces, and configuration changes-to help teams quickly identify and resolve complex issues across workloads, platform components, and infrastructure.
• Closing the loop on container security: From code to runtime in the AI era
  Microsoft Defender for Cloud now integrates continuous container security across code development and runtime operations on Azure, AWS, and GCP, using AI to detect vulnerabilities in real time and link findings directly to source repositories and running pods.
• Azure Container Linux for AKS: Flatcar Grows Up
  Azure Container Linux for AKS now offers enhanced stability and additional features, making it a more robust choice for cloud-native workloads after transitioning from preview status.
• AKS vs EKS
  AKS offers a free tier with no baseline control plane cost but lacks an SLA, while EKS provides 99.95% uptime SLA at $0.10 per hour per cluster across three AZs for high availability.
• Scaling AKS Workloads on Custom Metrics with KEDA and Azure Managed Prometheus
  This article demonstrates how to use Kubernetes Event Driven Autoscaling (KEDA) with Azure Managed Prometheus to automatically scale AKS workloads based on custom metrics like HTTP request rates.

🗄️ Databases

• Generally Available: Microsoft Entra Server Principals and Server Roles for Azure SQL Database
  With general availability, Azure SQL Database now supports first-class server principals for Microsoft Entra identities, enabling granular server-level role assignments like ##MS_ServerStateReader## and centralized login management that simplifies provisioning across multiple databases.
• Troubleshooting Azure SQL Data Sync Failures Caused by Large Change Tracking Backlogs
  This article details how excessive synchronization metadata growth and large change backlogs in Azure SQL Data Sync can cause resource governance thresholds to be exceeded, leading to repeated failures and long sync times.
• BulkMerge (Upsert) in EF Core: How to Insert-or-Update Without the Headache
  EF Extensions' BulkMerge offers a performant, zero-dependency solution to EF Core's upsert problem, reducing 50,000 record imports from minutes to milliseconds by batching operations without manual code.
• Scaling Write Throughput in Azure Database for MySQL Using Application-Level Sharding
  This article demonstrates how application-level sharding in Azure Database for MySQL can boost write throughput by distributing writes across three flexible servers using a C# implementation, offering simplicity and predictability while avoiding cross-shard joins.
• Memory-Optimized Table Variables: Performance Under the Microscope
  Benchmark tests show that memory-optimized table variables outperform regular disk-based table variables dramatically under typical production conditions, though the benefit varies by workload and database configuration.
• Lessons Learned #540:Bulk Insert Throughput in Azure SQL Hyperscale with Partitioned Heap Tables
  This lesson learned details how using a partitioned heap staging table in Azure SQL Hyperscale reduced bulk insert latency by distributing rows across partitions, improving concurrency and stability compared to traditional non-partitioned heaps.
• Vector search in SQL Server: VECTOR_DISTANCE, VECTOR_SEARCH, and index trade-offs
  The article explains how to implement vector search in SQL Server using VECTOR_DISTANCE and VECTOR_SEARCH functions, detailing when to use vector indexes and their trade-offs, including the read-only table limitation now lifted in Azure SQL Database.

🛠️ Developer tools

• Public Preview: New project templates and template gallery for Azure Functions in VS Code
  The Azure Functions VS Code extension’s new public preview introduces a redesigned, visually rich template gallery that lets developers quickly find and configure projects through search and filters, streamlining the creation process.
• Microsoft Highlights Visual Studio Live! Event Lineup and Longtime Developer Community Role
  Visual Studio Live! has been a staple event for over a decade, with this year's 2026 series featuring keynotes in Microsoft headquarters, San Diego, and Orlando.
• Behind the Longevity of Visual Studio Live!: The People, the Craft, and the Community
  Visual Studio Live! persists by fostering deep community connections, evolving content to match platform shifts while maintaining enterprise relevance, and prioritizing credibility through measured technology coverage and interactive attendee engagement.
• Distributed Test Runs in the Aspire Community Toolkit
  The Aspire Community Toolkit optimized its extensive test suite in GitHub Actions by using matrix strategies and smart selection to reduce CI runtimes from hours to minutes while maintaining cross-platform coverage.
• Getting more from each token: How Copilot improves context handling and model routing
  GitHub Copilot enhances token efficiency by caching prompts, deferring tool definitions, and using Auto to select the optimal model for tasks like explanations, edits, or multi-file changes without developer intervention.
• What are git worktrees, and why should I use them?
  Git worktrees let developers create parallel branches without stashing or context switching, streamlining workflow for AI-assisted and highly concurrent development projects, though they require managing dependency copies and proper folder cleanup.
• GitHub Copilot CLI for Beginners: Overview of common slash commands
  Slash commands in GitHub Copilot CLI let beginners quickly switch models, monitor token usage, manage session context, and navigate projects-all from the terminal for efficient coding assistance.
• Make Visual Studio look the way you want
  Visual Studio 2026 introduces a Theme colors options page allowing users to customize any Fluent color token directly within the IDE, providing granular control over accent colors, hover states, and other visual elements without needing extensions or restarting the application.
• Windows Subsystem for Linux 3 gives developers a compelling reason to stick with Microsoft - here's why
  WSL 3 enhances the Windows experience for developers by reducing friction in deploying and managing Linux-based AI, containerized applications, and development environments.
• Neovim Clipboard on WSL: The One-Liner Fix
  This article provides a one-liner fix for Neovim clipboard issues on Windows Subsystem for Linux by installing the win32yank executable, which enables seamless copy-paste between Neovim and Windows applications.
• Software development and AI
  Software developers of the future need deep domain expertise to efficiently integrate AI tools, as merely improving speed or output quality without understanding the subject matter can degrade product value and teamwork effectiveness.
• Migrating Agentic Code Python -> C# Part 1
  Migrating Agentic Code from Python to C# Part 1 demonstrates how to translate a multi-agent application for generating blog posts, including sample files and test outputs showing successful conversion with approved draft results.
• Migrating Agentic Code Python -> C# Part 2
  This article continues a migration series, detailing how to bring Python configuration files into C# code and set up OpenAI and Tavily APIs for an agentic application, while introducing a new ResearchState class to manage workflow state.
• Creating a multi-agent application – Part 5 (final)
  This final part of the multi-agent application series demonstrates how to use LangGraph's StateGraph class to define workflows, including conditional edges that loop between agents based on review outcomes, enabling dynamic collaboration among research, authoring, and reviewing roles.

🔩 DevOps

• Configure Azure Pipelines app in ghe.com
  Configuring Azure Pipelines to work with GitHub Enterprise Managed Users (ghe.com) requires manually installing the Azure Pipelines app in the target GitHub organization via a hidden URL, as there is no direct authorization button available.
• Introducing GitHub Pre-Purchase Plans: A Simpler Way to Plan Your GitHub Spend
  GitHub Pre-Purchase Plans let commercial customers commit upfront to usage-based GitHub services, receiving up to 15% savings and a predictable budget for variable AI-powered development costs.
• From Error Log to Closed Ticket, Without Leaving Your Terminal
  The Azure Support Ticket MCP tool lets you create and manage support tickets directly from your terminal using natural language, automatically inferring context from resource IDs and offering preview-then-confirm actions to keep changes safe.
• Accelerating researchers and developers building multilingual AI with a new open dataset
  The GitHub Multilingual Repositories Dataset reveals Korean dominates issue texts but Portuguese leads in READMEs, offering over 80 million classification rows to researchers and developers aiming to support multilingual AI projects.
• ARM MCP Server: A Catalog of 24 PoCs
  The ARM MCP Server provides AI agents with first-class access to Azure infrastructure operations, offering six tools for querying resource graphs, validating queries, executing searches, managing ARM deployments, and monitoring deployment statuses, all executed under the signed-in user's permissions without requiring additional credentials or service principals.
• Microsoft Build: Bicep as a declarative control plane for any system with an API?
  The session demonstrated how Bicep can be extended to act as a declarative control plane, controlling a Zigbee light through Home Assistant via a custom Local Deploy extension, showcasing its potential for managing third-party APIs and edge environments.
• Introduction to Azure Bicep roleDefinitions() function
  Azure Bicep's roleDefinitions() function simplifies managing Azure RBAC role assignments by clearly distinguishing it from traditional role definition resources, making it easier to handle both built-in and custom roles effectively.

🧬 Hybrid + multicloud

• Azure Arc Server May 2026 Forum
  The May 2026 Azure Arc Server Forum announced a private preview for Windows Server 2016 ESUs and made Windows Server Hotpatch via Azure Arc available free of charge for Windows Server 2025 instances connected to Azure Arc.
• Azure Local Multi-Rack Deployments: Scaling Hybrid Infrastructure in the Datacenter
  Azure Local supports hybrid deployments across single machines, edge clusters, sovereign environments, and large multi-rack datacenter setups while maintaining a consistent Azure experience.

🎭 Identity

• Our MacOS Platform SSO deployment
  The deployment used Microsoft Intune to roll out Platform SSO on macOS devices prior to version 26, sharing key lessons learned in the process.
• Deploying Platform SSO for pre macOS 26 with Microsoft Intune: Lessons Learned
  Deploying Platform Single Sign-On (PSSO) with Microsoft Intune on pre-macOS 26 devices revealed that binding authentication tokens to macOS’s Secure Enclave hardware enhances token protection and enables phishing-resistant MFA using Touch ID, though challenges like password policy issues and OS updates
• Using Microsoft Entra ID Workload Identity Federation (WIF) to Deploy from GitHub Actions to Azure
  This post demonstrates deploying to Azure from GitHub Actions securely using Entra ID WIF, eliminating the need to store secrets in repository secrets.
• Enterprise-ready Claude Desktop with Entra ID, APIM, and Microsoft Foundry (No Backend Required)
  Securely enable Claude Desktop in enterprise environments using Microsoft Entra ID, Azure API Management, and Foundry without deploying a custom backend, enforcing per-user identity and aligning with Zero Trust principles.
• AI is accelerating cyberattacks—here’s how to stay ahead
  Microsoft introduces a unified identity risk score that integrates attack-chain insights to provide real-time access decisions, enhancing detection and response capabilities against AI-accelerated cyberattacks.
• 347 - Microsoft's Security Adoption Model: a map for security modernization
  Microsoft's Security Adoption Model unifies a decade of security guidance into role-aware layers-business scenarios, nine accountability disciplines, and technology pillars-to streamline modernization across on-premises and multicloud environments.
• Securing the invisible workforce
  Microsoft Defender introduces comprehensive non-human identity protection, offering unified visibility, risk assessment, governance, and AI agent awareness to tackle overprivileged, dormant, and unidentified identities critical for securing AI-driven operations.
• One Person One License philosophy for Microsoft Entra Update
  Microsoft’s “One Person, One License” policy for Entra ID ensures each employee gets a single license, simplifying admin account management and enhancing compliance.
• Microsoft Entra ID Sign-In Logs Where to Find
  Microsoft Entra ID sign-in logs can be accessed through the Azure portal or admin center, with retention and visibility varying by license tier; detailed steps guide administrators to locate interactive and non-interactive login events for security investigations.
• The Death of Security Questions: Why Identity Proofing Is the Future of Service Desk Security
  Identity proofing offers a more robust approach to service desk security by verifying user authenticity beyond traditional questions, reducing account takeover risks.
• Entra Internet Access TLS Inspection Fails with ERR_CERT_INVALID
  Entra Internet Access’s TLS inspection feature can trigger ERR_CERT_INVALID errors due to misconfigured certificate validation settings, impacting secure web traffic verification.
• Implementing Workload Identity in AKS
  Implementing Azure Kubernetes Service (AKS) with Workload Identity enables organizations to replace static pod credentials with federated identity and managed identity access, enhancing security and simplifying credential management.
• What’s New in Entra Private Network Connector v1.5.4892.0
  Entra Private Network Connector v1.5.4892.0 introduces enhanced security features and improved performance for publishing on-premises web applications, supporting Global Secure Access with streamlined GSA client connectivity.
• Active Directory Planning Tool: Mapping Structures and Delegations with SMAD-X
  SMAD-X’s latest version 0.3.5 introduces a domain timeline for tracking directory evolution, enhanced delegation management with graph filters and visual indicators, refined user experience through improved text filtering and themes, and technical upgrades like standardized JSON exports and optimized object relationship processing.

🔌 Integration

• On the road to .NET 10 Support: Logic Apps Migration from In-Proc to Out-of-Proc hosting model
  Azure is gradually migrating Logic Apps from in-proc to out-of-proc hosting, with most customers unaffected but those using NuGet-based deployment needing to update their apps before automatic migration occurs.
• Message pumps fail in the transaction details
  Message pumps face complex challenges when handling messages that involve database writes, additional message dispatches, failures mid-process, or transitions to different broker systems, requiring careful infrastructure design to manage concurrency, transactions, and error handling effectively.
• Controlling Tool Access with APIM MCP Gateway
  APIM MCP Gateway provides fine-grained control over individual tools in enterprise MCP servers, enabling centralized authentication, rate limiting, logging, and policy enforcement without modifying the underlying MCP server.
• Automating Daily MDE Compliance Monitoring Across Azure VMs
  This Azure Logic App automatically detects and alerts on VMs falling out of MDE coverage, notifying owners within 24 hours and providing daily CSV reports to streamline compliance monitoring.

🎓 Learning and Certifications

• Recent and upcoming Microsoft exam changes – Sunday 21 June 2026
  The forthcoming retirement of the AI-900 exam on June 30, 2026, marks a significant shift in Microsoft’s certification landscape, necessitating updated study plans for professionals.
• Course Retirement: DP-3011
  The retiring DP-3011 course will be replaced by DP-750, which offers a more comprehensive and role-aligned curriculum for mastering production-ready data engineering with Azure Databricks, including advanced topics like Unity Catalog, secure governance, and workload maintenance.
• Microsoft AI Skills Fest wraps—and the momentum continues
  Microsoft AI Skills Fest concluded with over 28 million minutes of free AI learning across 200+ countries, and participants can now claim sweepstakes prizes, Credly badges, and free certification exam vouchers by following the outlined steps.
• How to Learn Azure from Scratch
  Learning Azure from scratch involves mastering foundational cloud concepts through the AZ-900 certification, understanding service models like IaaS, PaaS, and SaaS, organizing resources in resource groups and subscriptions, then specializing in Cloud Administration, Data & AI Engineering, or Platform/DevOps roles with targeted certifications.
• Episode 430: Scouting out Microsoft Scout
  Episode 430 explores how Microsoft Scout’s local-first architecture enhances productivity by integrating with MCP workflows, custom skills, and offline automation more effectively than traditional Copilot solutions.
• AZ-900 Practice Questions
  This AZ-900 practice guide breaks down the exam into three core domains-cloud concepts, Azure architecture and services, and management governance-with detailed strategies to tackle distractor questions effectively.
• How to write blog posts with Copilot Cowork
  This article details how the author uses Copilot Cowork, particularly with Anthropic’s Claude Fable 5 model, to streamline writing blog posts by preserving context and style across long articles while incorporating real-time tools like Fable for drafts.

⚖️ Management and Governance

• Generally Available: Log Analytics Summary Rules experience
  The new Azure portal experience for Log Analytics Summary Rules lets users efficiently aggregate large log datasets into summarized tables, boosting query performance and simplifying reporting.
• General Availability: Simple log alerts in Azure Monitor
  Simple log alerts in Azure Monitor let users set real-time, row-by-row notifications for Basic logs, reducing latency and cost while maintaining powerful monitoring capabilities.
• Build a Financial Dashboard in Copilot Cowork (Ideas Coach to Researcher to Build)
  Nick Aquino demonstrates how to create a fully interactive financial dashboard in Copilot Cowork without writing any code, using a step-by-step workflow that leverages Copilot’s agents for ideation and planning before handing the final prompt to Cowork for rapid build.
• Big Thinkers: Brendan Gregg – How Systems Performance Engineering Shaped Modern Observability
  Brendan Gregg explains how systems performance engineering laid the groundwork for today’s observability tools, enabling real-time monitoring across massive data streams.
• From the Field: Accelerate Your Development for Microsoft Marketplace!
  The article describes a presentation at Microsoft Build 2026, focusing on how to accelerate development for the Azure Marketplace using infrastructure-as-code and deployable product experiences.
• Anomaly detection made easy with Dynamic thresholds for Log search alerts
  Azure Monitor now offers dynamic thresholds for log search alerts, using machine learning to automatically adjust anomaly detection limits based on historical patterns and seasonal trends, simplifying configuration and reducing false positives without any additional cost.
• Inside the Observability Agent: How Deep Investigations and Reasoning Work
  The Azure Copilot observability agent uses a dedicated investigation runtime that builds hypotheses, gathers cross-layer data, and presents findings in an understandable, data-backed format to help engineers quickly root out complex incidents.
• FinOps X 2026 – New Era for Agentic AI and Tokenomics
  FinOps X 2026 focuses on the emerging fields of agentic AI and tokenomics, highlighting how these areas are reshaping financial operations for artificial intelligence projects.
• Clarity at every stage: App Advisor turns Marketplace complexity into action
  App Advisor transforms Marketplace complexity into clear, guided actions for software development teams, streamlining build, publish, and growth processes through a structured Discover-Build-Publish-Grow experience tailored to each stage.
• What to Expect When You're Expecting Direct CSP with Microsoft
  When adopting a Cloud Solution Provider for Azure, customers can expect their existing tenant, identities, and Entra ID to remain intact, with only minor adjustments needed in billing and permission configurations.

🚌 Migration

• Public Preview: Azure Migrate – GitHub Copilot Modernization integration for at scale code assessments
  Azure Migrate’s public preview introduces an integration with GitHub Copilot, enabling large-scale code assessments that combine portfolio discovery with AI-driven context awareness.
• Three lessons that make or break your AWS-to-Azure workload migration
  Three critical lessons-avoiding overengineering, securing stakeholder alignment, and using blue-green cutover for safe transitions-help ensure AWS-to-Azure migrations succeed rather than stall or fail.
• Generate at scale code insights in Azure Migrate using GitHub Copilot Modernize CLI (preview)
  Azure Migrate now integrates with GitHub Copilot Modernization to deliver scalable code insights, enabling teams to assess multiple applications at once and make data-driven modernization decisions with reduced analysis time.
• Modernize your data with Azure Storage: Plan and migrate with confidence
  Azure Storage migration planning emphasizes understanding each dataset's unique requirements-whether it needs dependency assessment, efficient network transfer, real-time synchronization, or readiness for modernization scenarios like analytics and AI-ensuring confidence and continuity throughout the transition.

🌐 Networking

• Generally Available: ICMP Support for Azure Standard V2 NAT Gateway
  Azure has introduced general availability of ICMP support for its Standard V2 NAT Gateway, allowing users to perform outbound ping tests and diagnose connectivity problems more efficiently.
• Migrating from MSEE Hairpin Routing to AVNM Mesh for Large-Scale VNet-to-VNet Connectivity
  Migrating from MSEE Hairpin Routing to AVNM Mesh for Large-Scale VNet-to-VNet Connectivity reduces dependency on MSEE, improves latency and bandwidth efficiency, and simplifies management through group-based mesh configurations capable of supporting up to 5,000 VNets and 20,000
• ICMP Support for Azure StandardV2 NAT Gateway
  Azure StandardV2 NAT Gateway now supports outbound ICMP ping, enabling workloads to use ping for reachability testing and troubleshooting without additional configuration.
• Windows Lies Make Application Gateway Certs Harder
  Windows’ aggressive certificate validation can hide incomplete chains, causing Azure Application Gateway to misinterpret TLS handshakes and mark backends as unhealthy when Linux or other clients would succeed.
• Troubleshoot DNS Issues with PowerShell
  Use PowerShell commands to systematically test DNS name resolution, client settings, cache entries, and network connectivity for a repeatable troubleshooting workflow.
• Azure Firewall explicit proxy Migration Guide
  The Azure Firewall explicit proxy feature will soon limit PAC files to 256 KB, support single HTTP/HTTPS ports, remove dual-port requirements, and require both a PAC file SAS URL and Managed Identity for security compliance after general availability.

🔐 Security

• June update: What’s new in Security for partners
  The June Security partner update highlights new product capabilities across Defender, Sentinel, Purview, and Agent 365, along with expanded go-to-market resources and incentives designed to help partners secure AI workloads and grow repeatable security services.
• Microsoft Leads a New Era of Software Supply Chain Transparency
  Microsoft introduces Signing Transparency (MST), an open-source ledger that records every production build of Azure services in a tamper-evident SCITT standard, enabling customers to independently verify code integrity and audit the software supply chain at any time.
• AutoJack: How a single page can RCE the host running your AI agent
  AutoGen Studio’s AutoJack exploit lets untrusted web content within an AI agent bypass localhost protections, enabling remote code execution on the host machine by exploiting missing origin validation, absent authentication for MCP paths, and direct command injection from URL parameters.
• Microsoft Security Copilot: AI-Driven Security Operations at Greater Scale
  Microsoft Security Copilot leverages cloud-scale telemetry and threat intelligence to provide real-time, tailored recommendations that help analysts detect elusive threats, investigate incidents faster with contextual summaries, automate response steps, correlate signals across multiple domains for a unified view, and boost productivity by handling repetitive tasks, resulting in significant efficiency gains
• New Forrester study shows customers who unified with Microsoft Security benefited from 124% ROI
  The Forrester study reveals that unifying with Microsoft Security delivers up to a 124% return on investment over three years through reduced breach likelihood, lower remediation costs, decreased technology spend, avoided headcount growth, and $3.0M in total cost of ownership savings.
• Detection and automation, reimagined
  Defender reimagines detection and automation by unifying endpoint, identity, email, cloud app, and Sentinel data into a single KQL experience, enabling richer cross-platform investigations and near-real-time custom detections with native response actions.
• IT experts weigh in: Advanced Intune capabilities coming to Microsoft 365 E3 and E5
  IT experts from top MVPs explain how new advanced Intune features in Microsoft 365 E3 and E5 enhance security, analytics, and remote help capabilities with practical deployment guidance.
• ​​Forrester names Microsoft a Leader in the 2026 Extended Detection and Response Platforms Wave™ report
  Forrester highlights how Microsoft's Frontier approach to XDR, combining AI, people, and continuous defense mechanisms, enables rapid response to sophisticated cyberattacks.
• Anatomy of the change
  The new Microsoft Defender platform unifies incident management, correlation, and data investigation into a single experience, reducing manual work and improving response times for SOC teams.
• Introducing New Additions to Microsoft Sentinel Normalization and ASIM
  Microsoft Sentinel has added new ASIM parsers for Azure Firewall, Key Vault, AWS CloudTrail (EC2, S3, IAM), and over 10 third-party products, along with two new schemas-Asset Entities and AI Agent Events-to enhance cross-source threat detection capabilities.
• Security Copilot RBAC for Embedded Experience in Unified Security Platform
  The Security Copilot RBAC model introduces a structured Role-Based Access Control framework to securely enable AI assistance within existing platforms like Defender XDR and Sentinel, ensuring that access is governed by an On-Behalf-Of model tied to the authenticated user's permissions while maintaining least-privilege security postures
• 47 Day Certificates with Todd Gardner
  The upcoming 47-day SSL certificates reflect a shift toward addressing certificate revocation inefficiencies, making automated replacement tools like CertKit crucial for seamless updates.
• Announcing Public Preview: Agent Identities Asset Connector for Microsoft Sentinel
  The Agent Identities Asset Connector for Microsoft Sentinel introduces a data model that maps human owners, agent identities, blueprints, and service principals, enabling security teams to answer critical questions about agent ownership, permissions, and governance within the broader identity ecosystem.
• Transform your security operation with a unified experience in Defender
  Microsoft is merging Sentinel’s SIEM, XDR, threat intelligence, AI, and automation into Defender by March 31, 2027, to unify security operations, streamline workflows, reduce operational complexity, and prepare teams for an AI-first era of cybersecurity.
• How Enterprise App Management secures your App Catalog from ingestion to device
  Enterprise App Management secures your app catalog by curating metadata, validating apps through static malware scans and dynamic detonation testing, and inheriting Intune’s trusted Win32 delivery pipeline without requiring new agents or runtimes.
• Microsoft Defender email security benchmarking: Key insights from one year of data
  The year-long benchmarking shows that Microsoft Defender consistently outperforms secure email gateways in pre-delivery threat detection, while integrated cloud email security vendors deliver the most value for filtering promotional and bulk emails, with Defender’s post-delivery remediation capabilities now accounting for an average 96% of
• Microsoft Defender for Office 365 Plan 1 is now rolling out to Microsoft 365 E3 and Office 365 E3
  Microsoft Defender for Office 365 Plan 1 expands built-in security with advanced anti-phishing, Safe Links, Safe Attachments, and enhanced visibility, automatically enabling protections for E3/G3 license holders by August 2026.
• Beyond the benchmark: Advancing security at AI speed
  Microsoft’s new MDASH system uses multi-model AI agents to discover and remediate software vulnerabilities across complex platforms like Windows and Azure in real time, expanding human-led security review capabilities beyond traditional benchmarks.
• Triage vulnerabilities with the Vulnerability Remediation Agent, now in public preview
  The Vulnerability Remediation Agent for Security Copilot in Microsoft Intune now publicly available, automating CVE identification, prioritization based on CVSS scores and impact, and providing step-by-step remediation guidance directly within the Intune admin center.

📦 Storage

• From Enterprise File Storage to an AI-Ready Data Foundation using Azure NetApp Files and OneLake
  Azure NetApp Files and OneLake together create a zero-copy data foundation that lets AI systems access enterprise file storage without migration, enabling seamless integration of historically siloed knowledge into modern AI workflows.
• Azure Storage Account Tutorial
  The Azure Storage Account Tutorial explains how provisioning a single standard account grants access to four specialized services-Blob Storage for unstructured data, Files for cloud file shares, Queue Storage for async messaging, and Table Storage as a NoSQL key-value store-while detailing performance tiers (Standard vs. Premium) and
• Bringing Enterprise File Data to Users with Azure NetApp Files, Microsoft Foundry, and M365 Copilot
  The architecture combines Azure NetApp Files and OneLake to make enterprise files AI-addressable, uses Azure AI Search and OpenAI to build a knowledge pipeline, and employs the Copilot agent within Microsoft Foundry to provide secure, traceable, and grounded responses inside familiar 365 tools.
• From File Data to AI‑Powered Knowledge Pipelines using Azure NetApp Files object REST API
  Azure NetApp Files’ object REST API enables seamless indexing of enterprise file data in OneLake, allowing Retrieval-Augmented Generation pipelines to retrieve and embed unstructured content without moving the original files.

💻 Virtual Desktop Infrastructure

• Get ready for Windows 11, version 26H2
  Windows 11, version 26H2 introduces a shared servicing model that enables smaller, quicker updates with minimal disruption, enhancing compatibility and reducing deployment complexity for IT organizations managing Windows environments.
• Scaling High-Performance CAD on Azure Virtual Desktop with NVIDIA RTX PRO 6000
  The study demonstrates that Siemens NX can run efficiently with up to 30 concurrent users on a single Azure Virtual Desktop host equipped with an NVIDIA RTX PRO 6000, maintaining stable graphics rendering and consistent user experiences across various engineering workloads.

🔗 Web

• When an Azure WebJob Aborts With No Error: Diagnosing a Silent Kill in a RAG Ingestion Pipeline
  Understanding why an Azure WebJob silently aborts without error is crucial for maintaining reliable RAG pipelines; the key insight is that such terminations are often caused by platform resource limits rather than application bugs, as evidenced by memory pressure on shared App Service Plans.