Browse All Community (365)
rbhatia explains how Azure Application Gateway’s Layer 4 TCP/TLS proxy can centralize ingress for non-HTTP workloads, including legacy TCP protocols and Kubernetes-hosted TCP services. The post covers TCP/TLS listeners, TLS pass-through, Proxy Protocol v1 for preserving client connection details, and practical recommendations for production deployments.
RoaaSakr explains how AKS Pod Sandboxing startup time for large-memory pods improved dramatically after Azure Linux kernel changes for Microsoft Hypervisor (MSHV), shifting from eager memory allocation to deferred page allocation and making sandbox VM boot time largely independent of requested memory size.
SurenderSinghMalik breaks down recent Azure App Service (Linux) changes that make Python deployments faster and more reliable for AI-heavy workloads, including new compression and packaging defaults, fewer expensive file operations, and client-side improvements that reduce transient deployment failures.
EfratNauerman announces a public preview update for the Azure Copilot Observability Agent in Azure Monitor, focused on using chat-driven investigations and exploration to speed up triage and root-cause analysis across logs, metrics, traces, and alerts in distributed systems.
vikas_gautam describes an end-to-end architecture for bringing Databricks Genie into Microsoft Teams using an Azure AI Foundry agent, focusing on what breaks in private, regulated environments and how to handle networking isolation, multi-hop identity, and per-user authorization when querying governed data.
TulikaC introduces Platform Release Channel for Azure App Service for Linux, a setting that lets teams control how quickly runtime patch updates are applied so they can balance security updates with validation time in production.
Michael Flanakin summarizes FinOps toolkit 14, including a Copilot Studio agent template for querying FinOps hub data with KQL, a new recommendations pipeline that ingests Azure Advisor and Resource Graph results, a simplified hub deployment UI, and a preview dataset for commitment discount eligibility.
RavinderGupta outlines a “self-healing” CI/CD pattern where an agent observes Azure DevOps pipeline failures, uses Azure OpenAI (via Microsoft AI Foundry) to analyze build logs, and then proposes or applies fixes—such as updating Terraform for Azure Internal Load Balancer configuration—by opening a pull request for review.
simranparkhe announces general availability of Azure Integrated HSM for select AMD v7 Trusted Launch VM sizes, explaining how it caches keys and offloads cryptographic operations locally to reduce Key Vault round-trips while keeping key material inside a FIPS 140-3 Level 3 hardware boundary.
simonjj announces Azure Container Apps Express (public preview), a new way to deploy a container image as an internet-reachable app on Azure with pre-provisioned capacity, fast provisioning, sub-second cold starts, and built-in production defaults like ingress, secrets, and observability.
syedarshad walks through a practical workflow for testing AI agents with LangSmith, using Azure OpenAI as the target model. The guide shows how to build an evaluation dataset, run LLM-as-judge scoring (correctness and hallucination checks), and interpret per-example and aggregate results with tracing and experiment views.
NandiniMuralidharan shows how to connect browser-harness to Playwright Workspaces so an AI coding agent can drive a real, cloud-hosted Chromium browser over CDP, enabling parallel, isolated sessions for tasks like scraping and interacting with JavaScript-heavy sites.
Max Uritsky announces general availability of a new Azure Boost hardware platform underpinning Esv7, Dsv7, and Dlsv7 VMs, detailing the PCIe card architecture (ASIC/FPGA, MANA NIC, Arm SoC), the performance gains for networking and storage, and the security model built around hardware root of trust and continuous attestation.
Connected-Seth explains how Azure Event Grid MQTT Broker supports common IoT messaging patterns and highlights four features—retain messages, shared subscriptions, HTTP publish, and subscription identifiers—that reduce client complexity and make it easier to scale device telemetry and command workflows.
Jingwei Wang introduces “Open in VS Code” from Azure Copilot in the Azure Portal, a guided workflow that takes AI-generated Terraform configurations into an Azure-hosted VS Code environment so teams can validate, configure state backends, and deploy to Azure with fewer handoffs.
kinfey explains why AI agents running model-generated code need stronger isolation than standard containers, then walks through deploying a GitHub Copilot SDK agent on AKS using Kata Containers (kata-vm-isolation) plus layered hardening like seccomp, NetworkPolicy egress allowlists, and deny-by-default tool permissions.
vikas_gautam introduces PII Shield, a privacy proxy that sits in front of LLM calls to detect and anonymize PII (with optional reversal) so raw identifiers don’t leak through prompts, gateways, logs, or observability pipelines.
vyomnagrani explains why Microsoft built Azure AI Foundry Agent Service on Azure Container Apps, focusing on what changes when AI agents move from prototypes to production: bursty execution, long-running workflows, secure tool execution, isolation, state persistence, and the operational requirements for running agent fleets reliably at scale.
mohit-kanojia explains what AKS Arc is and how Azure Arc extends Azure’s control plane to run and manage Kubernetes on-premises, at the edge, and in multicloud. The post covers core components (Arc agents, custom locations, logical networks), a CLI-driven deployment flow, and practical networking and troubleshooting guidance.
FaizaanMerchant explains a Zero Trust network design for Azure Databricks that avoids public workspace exposure by fronting external access with Azure Application Gateway WAF and routing traffic to the workspace through Private Endpoints, while keeping internal access on private connectivity (VPN/ExpressRoute).
grace_kim explains a Windows Kerberos hardening change rolling out from April–July 2026 that can break Kerberos-based SMB access to Azure Files when AD DS objects are still using (or defaulting to) RC4. The post shows how to detect impacted configurations and migrate to AES-256 before rollback is removed after July 2026.
Alex-wdy explains why Azure CLI on macOS is moving away from Homebrew Core and introducing new Preview installation options in Azure CLI 2.86.0, including a Homebrew Cask package and an offline tarball for restricted environments, with a focus on signed, notarized binaries and future enterprise authentication needs.
osmancokakoglu announces the winners of the AI Dev Days Hackathon and summarizes the projects and the Microsoft stack they used, including Azure AI Foundry, Azure OpenAI models, and the Microsoft Agent Framework, plus common Azure services and DevOps practices used to ship production-grade agentic apps.
EldertGrootenboer announces the general availability of confidential computing for Azure Service Bus Premium, explaining how TEEs protect message data while it’s being processed and how it complements existing encryption and network controls. The post also covers regional availability and how to enable the feature in the portal or via templates.
Eldert Grootenboer announces an SLA update for Azure Service Bus Premium: starting May 1, 2026, Premium namespaces deployed in Availability Zone regions receive a 99.99% uptime SLA, even when partitioning is not enabled, aligning the SLA with the zone-redundant architecture already in place.
robece announces General Availability of Stripe as a partner event source for Azure Event Grid, and outlines how to route Stripe events into Azure services (Functions, Logic Apps, Event Hubs, Service Bus) and Microsoft Fabric Eventstream for real-time processing and analytics.
Paulams732 describes a reusable Azure DevOps YAML pipeline template for scaling GitHub Advanced Security across many repositories by detecting repo contents, running CodeQL only when relevant, and adding IaC scanning with centralized reporting and SARIF artifacts.
SagarPatra explains how enterprise QA teams can use GitHub Copilot to reduce the mechanical overhead of writing and maintaining automated tests, while keeping trust through human review, governance, and intentional test design that supports reliable regression cycles.
ranjan_ashish explains why Azure Resource Manager deployments can fail with the DeploymentQuotaExceeded (800) limit in a resource group, especially in high-frequency CI/CD scenarios using Bicep or ARM templates, and outlines practical cleanup and prevention approaches.
mkachare explains how Azure NetApp Files depends on DNS when using Active Directory-backed SMB, dual-protocol, and NFSv4.1 Kerberos volumes, and why hub-spoke or Virtual WAN designs with an external DNS forwarder often fail. The post focuses on the two separate DNS paths ANF uses, plus the forward and reverse rulesets required to avoid hard-to-diagnose errors.
kunyanliu explains how CHERIoT-Ibex uses CHERI capability extensions on a RISC-V Ibex core to provide hardware-enforced memory safety and fine-grained compartmentalization for embedded systems, aiming to reduce common exploit classes like buffer overflows and use-after-free vulnerabilities.
Brian Benz summarizes the first independent security audit of Inspektor Gadget, an eBPF-based Kubernetes observability and Linux host inspection tool, including the vulnerabilities found, the fixes shipped in recent releases, and practical hardening recommendations for teams running it in production.
shwetayadav explains how index-based Terraform for_each keys can trigger destructive disk churn on Azure, and shows a safer migration approach using stable keys plus terraform state mv, with a reusable GitHub Copilot skill to generate deterministic state-move commands.
mscagliola shows how to use GitHub Copilot skills for spec-driven development, turning a Medallion Architecture blog post into a repeatable repo that generates Terraform for Azure platform setup and Databricks bundle files for workloads, while enforcing strict placeholder/TODO rules to avoid invented environment values.
hcamposu announces Microsoft Host Integration Server (HIS) 2028 preview, outlining the move to .NET 10 (including Linux support for non-SNA features), new REST-based connectivity for DB2 and CICS/IMS workloads, and a set of deprecations aimed at removing legacy dependencies and improving security and hybrid operations.
SagarPatra explains how their QA team used GitHub Copilot as a practical assistant for test design, automation scaffolding, and maintenance work, while keeping human review and responsible AI practices non-negotiable.
micahmckittrick announces a public preview feature for migrating existing regional (non-zonal) Azure VMs and VMSS Flex instances into specific availability zones while keeping the same resource ID, VM name, disks, NICs, and IP addresses, with a controlled in-place flow using a small set of API/CLI operations.
Steven Bucher announces the public preview of the Azure Resource Manager MCP Server, a remote MCP server that lets AI agents query and operate on Azure resources via Azure Resource Manager and Azure Resource Graph, including generating KQL queries from natural language and deploying ARM templates from within VS Code.
RishiGomatam announces the general availability of Azure Dlsv7, Dsv7, and Esv7 VM families powered by Intel Xeon 6, highlighting performance, scale, and storage/networking improvements, plus guidance on where they’re available and where to find detailed size specs.
divyanshi_varshney lays out a production-oriented reference architecture for running Azure OpenAI in regulated banking environments, focusing on private networking, identity-first access, RAG guardrails, and audit-ready observability. It also calls out common failure modes like AKS-to-Private Endpoint DNS issues and gaps in telemetry privacy.