ICYMI: Accelerate your Frontier journey: Summit sessions now available on demand
June 19, 2026Upcoming June 2026 Microsoft 365 Champion community call
June 19, 2026
Member: TysonPaul | Microsoft Community Hub
Triggering Azure Functions from Blob Storage Using Event Grid
Team Blog: Core Infrastructure and Security
Author: AndrewCoughlin
Published: 05/11/2026
Summary: The article explains how to trigger Azure Functions from Blob Storage events using Azure Event Grid for real-time file processing. It outlines a step-by-step approach: create and deploy an Azure Function with an Event Grid trigger, set up an Event Grid subscription for BlobCreated events, and validate the process by uploading a blob. The method minimizes latency and avoids polling, making it suitable for enterprise scenarios. Key pitfalls include creating subscriptions before the function exists and misconfigurations. The article provides sample code and emphasizes the solution’s simplicity, reliability, and operational transparency.
TLS Certificate Pinning and Best Practices in Azure Open-Source Relational Databases
Team Blog: Core Infrastructure and Security
Author: TameikaL
Published: 05/13/2026
Summary: The article explains TLS certificate pinning and its implications for Azure open-source relational databases (PostgreSQL, MySQL). Certificate pinning enhances client-side security but increases operational risk, especially during certificate rotations, by causing connection failures if certificates change. Unlike Azure SQL, where certificate validation is platform-managed, Azure OSS databases use client-managed trust. The article advises against certificate pinning and recommends trusting documented root CAs, using standard TLS validation modes, and maintaining up-to-date trust stores to ensure secure and resilient client connections during certificate updates.
Azure DDoS Protection & Azure WAF: A Layered Defense for Modern DDoS Attacks
Team Blog: Azure Network Security
Author: saikishor
Published: 05/28/2026
Summary: The article explains how Microsoft Azure provides a layered defense against modern DDoS attacks by combining platform-level infrastructure protection, Azure DDoS Protection for network-level threats (Layers 3/4), and Azure Web Application Firewall (WAF) for application-layer (Layer 7) attacks. This multi-tiered approach ensures comprehensive mitigation by addressing both high-volume network floods and sophisticated application-level threats, using adaptive techniques, rate limiting, bot protection, and real-time analytics. The article emphasizes that a defense-in-depth strategy—leveraging both Azure DDoS Protection and WAF—is essential for safeguarding internet-facing applications and maintaining service availability.
Scaling GitHub Advanced Security in Azure DevOps with a single reusable YAML template
Team Blog: Azure Infrastructure
Author: Paulams732
Published: 05/11/2026
Summary: The article describes how to streamline GitHub Advanced Security (GHAS) integration in Azure DevOps by using a single, reusable YAML pipeline template. This approach dynamically detects repository content, runs only relevant security scans for application code and infrastructure-as-code, and centralizes configuration and reporting. It eliminates the need for multiple pipelines, reduces maintenance, ensures consistent security coverage, and supports polyglot and mixed repositories, resulting in a scalable and efficient DevSecOps process. Key lessons include the importance of detection-driven execution, dynamic configuration, and unified workflows for effective security management across diverse codebases.
Building AI Guardian Extension: AI Detection and Enterprise AI Security
Team Blog: Azure Infrastructure
Author: ranjsharma
Published: 05/19/2026
Summary: The article discusses the security and governance challenges posed by rapid enterprise adoption of generative AI tools, focusing on the risks of “Shadow AI”—the unauthorized use of AI platforms that can lead to data leakage and compliance violations. It introduces the AI Guardian Extension, a platform that autonomously detects and protects against Shadow AI by monitoring AI interactions, preventing sensitive data exposure, blocking risky prompts, and generating compliance reports, thereby enabling safe, compliant, and visible enterprise AI usage.
Public Preview: Migrate your regional virtual machines to availability zones
Team Blog: Azure Compute
Author: micahmckittrick
Published: 05/07/2026
Summary: Microsoft has announced a public preview feature enabling Azure users to migrate regional (nonzonal) Virtual Machines (VMs) and VM Scale Sets (VMSS Flex) into specific availability zones without rebuilding resources. The migration preserves VM names, disks, IPs, and other properties. This improves fault isolation, compliance, and disaster recovery. The process involves deallocating the VM, assigning it to a zone, and restarting it. Migration is one-way and must be done per VM. Certain configurations, like Basic SKU IPs and unmanaged disks, are not supported. Users are advised to roll out migrations in batches for production workloads.
Use Azure Container Registry as an Upstream Source for Artifact Cache
Team Blog: Azure Compute
Author: toddysm
Published: 05/05/2026
Summary: Azure Container Registry (ACR) now supports using another ACR as an upstream source for artifact cache, enabling secure image promotion and distribution within organizations. This feature allows registries to cache images from other ACRs, with user-assigned managed identities (UAMI) supported for authentication, improving security by eliminating credential management. Common scenarios include promoting images between Dev and Prod registries and implementing hub-and-spoke registry topologies. The setup uses Azure CLI, requires proper RBAC permissions, and works best within the same tenant. Cross-tenant and some network configurations have limited support; portal integration is coming soon.
How to use Instance Mix with Azure Virtual Machine Scale Sets
Team Blog: ITOps Talk
Author: OrinThomas
Published: 05/24/2026
Summary: Instance Mix for Azure Virtual Machine Scale Sets allows you to specify up to five compatible VM sizes in a single scale set (Flexible orchestration mode), enhancing scalability, cost optimization, and provisioning success. Azure selects VM sizes during scale-out based on your chosen allocation strategy (LowestPrice, CapacityOptimized, or Prioritized). Best for stateless, horizontally scalable workloads, Instance Mix requires similar VM types, compatible architectures, and pre-checked quotas. It’s configured via Azure CLI or portal, with operational tips for optimal use. Avoid mixing very different VM types, and always verify availability and quotas before production deployment.
The End is Nigh for DES and an Update for hunting down RC4
Team Blog: Ask the Directory Services Team
Author: Chris_Cartwright
Published: 05/08/2026
Summary: Microsoft is finalizing the removal of DES and RC4 encryption types from Windows Kerberos authentication to enhance security. The article provides updated XML filters and event forwarding methods to help administrators identify and track the use of DES and RC4 in their environments. It also includes resources, scripts, and guidance for transitioning to stronger cryptography, with references to related Microsoft support articles and previous blog posts. Note: The described Event Forwarding methods are not yet compatible with Server 2025 but will be updated in the future.
Windows 365 for Agents: run AI agents in Cloud PCs across real applications
Team Blog: FastTrack
Author: JulieHersum
Published: 05/27/2026
Summary: Windows 365 for Agents, now in public preview, enables AI agents to autonomously execute real workflows across applications—including legacy and UI-based systems—within secure, policy-controlled Cloud PCs. This represents a shift from API-based automation, allowing agents to complete complex tasks like processing invoices or updating CRM data while maintaining enterprise security and control. Administrators can define boundaries and monitor agent activity, ensuring agents operate safely without impacting production systems. Windows 365 for Agents thus offers a secure, dedicated environment for scalable, autonomous AI workflow automation across diverse software environments.
From Scale to Breakthrough: Azure NetApp Files Sets a New Cloud Benchmark for EDA Performance
Team Blog: Azure Storage
Author: GeertVanTeylingen
Published: 05/22/2026
Summary: The article highlights Azure NetApp Files’ new “large volume breakthrough mode,” which sets a benchmark for cloud storage in Electronic Design Automation (EDA) workloads. Independently validated SPECstorage® 2020 benchmarks show this mode enables exceptional scalability and consistent sub-millisecond latency, supporting thousands of parallel EDA jobs without performance bottlenecks. Both single and scaled configurations demonstrated linear scaling in throughput and concurrency, empowering faster, more efficient chip design cycles. As a result, Azure NetApp Files transforms cloud storage from a limiting factor to a strategic enabler for modern, high-performance semiconductor design workflows.
Modernizing Azure Virtual Desktop with Nerdio and Azure Files
Team Blog: Azure Storage
Author: Vybava_Ramadoss
Published: 05/04/2026
Summary: The article discusses how organizations scaling Azure Virtual Desktop (AVD) face challenges with user profile storage, identity management, and cost efficiency. Nerdio Manager streamlines AVD deployment by integrating compute, storage, and identity management, reducing complexity and configuration drift. Azure Files Provisioned v2 enhances storage performance and cost efficiency, while Entra ID authentication simplifies identity architecture. Together, Nerdio and Azure Files enable faster, more reliable, and cost-effective AVD environments with improved user experience, especially during peak loads, and ensure consistent, audit-ready governance at enterprise scale.
Cutover Strategy for Azure PaaS Services: A Step-by-Step Guide to Near Zero-Downtime Migrations
Team Blog: Azure Migration and Modernization
Author: lapadman
Published: 05/06/2026
Summary: The article outlines a step-by-step cutover strategy for migrating enterprise applications to Azure PaaS with near zero downtime. Emphasizing phased parallel cutover, it recommends gradual traffic shifts, robust rollback plans, and continuous monitoring to minimize risk. High availability (HA) and disaster recovery (DR) must be integrated into each phase. Messaging systems, particularly Azure Service Bus, are highlighted as the most complex component. The guide details essential roles, tools, metrics, and checklists to ensure a safe, controlled migration, concluding that cutover and HA/DR should be treated as a unified process for successful Azure transitions.
[Preview] CIS Benchmarks on Azure; Now for Windows Server
Team Blog: Azure Governance and Management
Author: AmirB
Published: 05/28/2026
Summary: Microsoft is announcing the preview of built-in CIS Benchmarks for Windows Server within Azure Policy and Machine Configuration, initially supporting Windows Server 2025. This expands their compliance offerings, which already cover Linux, to Windows environments managed by Azure and Arc. The solution allows flexible configuration, exportable compliance as code, and unified management across machine types. The preview starts in audit-only mode, with auto-remediation and enforcement planned. Future updates will add support for more Windows editions, granular rule enforcement, STIG baselines, and retire older, overlapping policies for streamlined compliance management in Azure.
Introducing the Azure Resource Manager MCP Server!
Team Blog: Azure Governance and Management
Author: stevenbucher
Published: 05/07/2026
Summary: The article announces the public preview of the Azure Resource Manager MCP Server, a tool enabling AI agents to interact with Azure infrastructure via Azure Resource Manager. It allows agents to generate, validate, and execute Azure Resource Graph queries, deploy and manage ARM templates, and monitor deployments—all from natural language prompts. The server supports compliance audits, rapid provisioning, and policy checks, and integrates with GitHub Copilot. It respects Azure security policies and is initially available for VS Code, with more features and client support planned. Users can install and provide feedback during the preview phase.
The power behind AI: Your brain
Team Blog: Microsoft Learn
Author: Nency_Yera
Published: 05/11/2026
Summary: The article shares Nency Yera’s journey as a neurodivergent professional with ADHD who, despite having no coding background, leveraged AI tools like GitHub Copilot and VS Code by customizing them to fit her thinking style. With supportive leadership and a personalized, step-by-step approach, she built practical solutions for her workplace. The story emphasizes that neurodivergent brains are assets, and that AI becomes powerful when adapted to individual needs, enabling anyone—regardless of technical background—to create impactful tools and unlock new potential.
New Microsoft Certified: Intelligent Applications Builder Associate Certification
Team Blog: Microsoft Learn
Author: LibertyMunson
Published: 05/27/2026
Summary: Microsoft has introduced the Certified: Intelligent Applications Builder Associate Certification, aimed at professionals building AI-powered business solutions using Microsoft Power Platform, Copilot, and natural language tools. To earn the certification, candidates must pass Exam AB-410 (beta), which validates skills in creating intelligent applications, automation, data models, and integrating AI agents. The first 300 test-takers before June 17, 2026, receive an 80% discount. Candidates should have experience with Dataverse, Power Apps, Power Automate, and Copilot features. The certification becomes generally available in July 2026, with preparation resources and study guides provided by Microsoft.
Ansible + Azure Arc: Use Ansible modules to deploy and manage Azure Arc machine extensions at scale
Team Blog: Azure Arc
Author: alinetran
Published: 05/20/2026
Summary: Microsoft has introduced new Ansible modules in the azure.azcollection for managing Azure Arc machine extensions at scale. These modules allow teams to automate the deployment, update, and removal of Azure Arc extensions through Ansible playbooks, streamlining extension lifecycle management across hybrid and multicloud environments. This integration eliminates the need for separate tools, enforces consistent configurations, supports compliance scenarios like centralized SSH access, and enhances visibility into extension states. The update strengthens Azure Arc’s position as a unified management platform for Windows and Linux servers using familiar automation workflows.
Simplified access to Hotpatching enabled by Azure Arc for Windows Server 2025
Team Blog: Azure Arc
Author: sharmajyoti
Published: 05/19/2026
Summary: Windows Server 2025 introduces hotpatching enabled by Azure Arc, allowing security updates without reboots across hybrid and multicloud environments at no extra cost. Eligible servers must be connected to Azure Arc and have Virtualization-based Security enabled. Azure Update Manager and other tools enable centralized patch management, improving uptime and simplifying compliance. Hotpatching delivers monthly security updates, with quarterly cumulative updates requiring a restart. Existing enrolled machines continue receiving hotpatches without additional action, and hotpatching remains free for Azure-hosted servers. Azure Arc also provides unified governance, monitoring, and lifecycle management for diverse server environments.
What’s new in FinOps toolkit 14 – April 2026
Team Blog: FinOps
Author: Michael_Flanakin
Published: 05/13/2026
Summary: FinOps toolkit 14 introduces AI integration via a Copilot Studio agent template, enabling users to query FinOps hub data in natural language. It adds support for ingesting Azure Advisor and custom optimization recommendations, simplifies hub deployment options, and previews a new dataset for commitment discount eligibility. The release also delivers various fixes and enhancements across guides, Power BI, workbooks, and the PowerShell module. Looking ahead, the toolkit will deepen AI features, expand data support, and offer premium services to further help organizations optimize and manage cloud costs in Microsoft Azure environments.
Azure CLI on macOS: Upcoming Installation Changes
Team Blog: Azure Tools
Author: Alex-wdy
Published: 05/11/2026
Summary: Microsoft is updating how Azure CLI is installed on macOS to better meet security and enterprise requirements. Starting with version 2.86.0 (Preview), Azure CLI will shift from Homebrew Core to new options: Homebrew Cask (recommended) and an offline tarball for air-gapped environments. These changes enable distribution of precompiled, signed, and notarized binaries, aligning with macOS security standards. Homebrew Core remains available during the transition, but users are encouraged to adopt the new methods and provide feedback. Full rollout details and installation instructions are available on Microsoft Learn.
From Prompt to Production: Open in VS Code for Terraform in Azure Copilot
Team Blog: Azure Tools
Author: Jingwei_Wang
Published: 05/12/2026
Summary: Microsoft has introduced “Open in VS Code” for Terraform in Azure Copilot, enabling users to move seamlessly from AI-generated Terraform code in Azure Portal to real deployments within an integrated, guided workflow. This feature supports immediate editing, validation, and deployment in a browser-based VS Code environment, with built-in guidance for backend configuration and deployment. Users can select from Azure Storage, Terraform Cloud, or a temporary workspace for state management. The solution streamlines Infrastructure as Code processes for both beginners and enterprises, now in public preview, with future plans for enhanced CI/CD and editor integrations.
Understanding and building an Azure Hybrid Meshed Hub-Spoke Topology
Team Blog: Azure Networking
Author: Svenbaeck
Published: 05/18/2026
Summary: The article explains how to design a secure, scalable Azure hybrid network using a meshed hub-spoke topology. Centralized hubs control all traffic and security, preventing uncontrolled lateral communication between spokes and supporting hybrid connectivity. Key design principles include controlled routing in gateways and spokes, proper VNet peering, and meshing hubs for multi-region setups. Azure Firewalls or NVAs in the hub enable traffic inspection and policy enforcement. The approach simplifies management, enhances security, and supports regional independence and fault isolation, making it suitable for enterprise-scale Azure environments. Clear address planning and consistent configuration are emphasized for effective operation.
Simplify Virtual WAN Spoke Connectivity at Scale with Azure Virtual Network Manager
Team Blog: Azure Networking
Author: Jay-Li
Published: 05/26/2026
Summary: Azure Virtual Network Manager (AVNM) integrates with Azure Virtual WAN to simplify and automate spoke connectivity, routing, and security policy management across large-scale hub-and-spoke network architectures. By grouping virtual networks and applying centralized connectivity and routing policies, AVNM reduces repetitive manual configuration, ensures operational consistency, and enables bulk onboarding, dynamic updates, and incremental deployments. This integration streamlines operations, enhances scalability, and provides robust security controls, making it easier for organizations to manage complex Azure networking environments confidently and efficiently.
Building resilient networks for AI supercomputers
Team Blog: Azure High Performance Computing (HPC)
Author: jithinjose
Published: 05/06/2026
Summary: The article details Microsoft’s networking innovations for the Fairwater AI supercomputer, focusing on resilience and efficiency at extreme GPU scale. Central to this is the Multipath Reliable Connection (MRC), a new, open-source transport protocol that distributes data across multiple paths, enabling robust, high-utilization GPU clusters even during routine network faults. Combined with a two-tier multiplane topology and static SRv6 routing, this approach minimizes disruptions, improves training throughput, and simplifies failure recovery. Microsoft, in partnership with industry leaders, is open-sourcing MRC and related tools to advance resilient AI infrastructure across the ecosystem.
Distributing model weights to your AI cluster: a faster pre-flight on AKS and Slurm
Team Blog: Azure High Performance Computing (HPC)
Author: pauledwards
Published: 05/06/2026
Summary: The article introduces “azcp-cluster”, a tool for efficiently distributing large AI model checkpoints across multi-node GPU clusters on Azure. Instead of each node downloading the full dataset separately—causing slowdowns, increased costs, and potential Azure storage throttling—azcp-cluster shards the download across nodes, then broadcasts data at high-speed over InfiniBand. This approach reduces egress costs, maximizes fabric speed, and simplifies cluster setup on Slurm and AKS. Practical deployment examples, Docker integration, and Kubernetes scheduling strategies are provided, with recommendations for both merged-image and init-container patterns. Benchmarks show significant speedups and cost savings.
Share the Moment: Listen Together with Shared Audio
Team Blog: Windows OS Platform
Author: Steven Ilami
Published: 05/26/2026
Summary: The article introduces “Shared Audio,” a new Windows 11 feature that enables two users to wirelessly listen to audio from the same PC using separate Bluetooth LE Audio accessories, like headphones or hearing aids. This solves the longstanding limitation of one-audio-device connections, enhancing shared experiences during flights, study sessions, or road trips. Users can easily manage connections and individual volumes through Quick Settings. Shared Audio requires compatible LE Audio devices, Windows 11 (version 24H2 or newer), and suitable hardware. The feature aims to make group listening more accessible, convenient, and customizable for entertainment, productivity, and accessibility needs.
How to Secure Azure Databricks without Public Exposure using WAF + Private Endpoints
Team Blog: Azure Architecture
Author: FaizaanMerchant
Published: 05/11/2026
Summary: The article outlines how to secure Azure Databricks using a Zero Trust Architecture by combining Azure Application Gateway with Web Application Firewall (WAF) and Private Endpoints. This approach eliminates public internet exposure, ensures all traffic is inspected and routed securely, and aligns with strict compliance requirements. The recommended architecture uses a Hub-and-Spoke model, disabling public access and enforcing internal and external access through WAF and private endpoints, respectively. Key considerations include proper DNS configuration, SSL setup, and custom WAF rules, ensuring secure, compliant, and seamless access for both internal and external users.
Cloud Native Platforms: Evolve
Team Blog: Azure Architecture
Author: KishoreKumarPattabiraman
Published: 05/21/2026
Summary: The article argues that AI is transforming software engineering by augmenting workflows across the entire software development lifecycle—not just code generation. Success depends on disciplined adoption: turning individual AI prompts into reusable workflows, implementing robust guardrails, and maintaining clear boundaries for human judgment. Responsible AI, with practices ensuring fairness, transparency, safety, and accountability, is essential. Teams should measure AI by outcomes (like defect rates and lead time), not usage. The key is evolving engineering practices to leverage AI safely and effectively, making workflows, not individual suggestions, the core unit of value.
New Platform SSO with registration during Automated Device Enrollment on macOS
Team Blog: Intune Customer Success
Author: Intune_Support_Team
Published: 05/14/2026
Summary: Microsoft Intune now supports Platform Single Sign-On (PSSO) registration during Automated Device Enrollment (ADE) setup for macOS 26 and newer. With the new “Enable Registration During Setup” setting and Intune Company Portal version 5.2604.0+, users register their devices and sign in with Microsoft Entra credentials during Setup Assistant, enabling immediate access to work resources. This streamlines onboarding, reduces compliance gaps, authentication issues, and IT helpdesk tickets. The feature requires coordinated policies assigned to static user groups. Future updates aim to reduce multiple sign-in prompts for an even smoother enrollment experience.
Migrating frontline mobile devices: Aligning stakeholders before real-world testing
Team Blog: Intune Customer Success
Author: Intune_Support_Team
Published: 05/01/2026
Summary: The article outlines the crucial steps for migrating frontline mobile devices by emphasizing the need to align stakeholders and processes before conducting real-world testing with Microsoft Intune. It highlights translating discovery findings into actionable decisions, identifying and aligning key operational and technical stakeholders, and ensuring readiness across licensing, identity, and device lifecycle areas. Real-world testing should validate end-to-end workflows, security, and supportability in operational conditions, not just device enrollment. Standardization can evolve post-testing, and clear ownership of success criteria is essential to achieve meaningful pilot outcomes and support future device management decisions.