Browse All Posts (138)
Natalie Guevara explains why GitHub Advisory Database review times have increased as vulnerability reporting volume and complexity hit record levels, what GitHub is doing to scale curation without lowering quality, and what maintainers, researchers, and data consumers can do to help improve advisory accuracy and throughput.
GEGUIRGU announces a preview feature in Microsoft Fabric Real-Time hub that applies workspace Outbound Access Protection (OAP) to Azure and Fabric event consumption across workspaces, so cross-workspace event flows are blocked by default unless explicitly allowed via data connection rules.
Mark Russinovich explains why large language models hallucinate, what that means in practice for developers, and which mitigation techniques can reduce incorrect outputs while acknowledging the limits of today’s AI systems.
GitHub demonstrates the new /impeccable skill in the GitHub Copilot app, using it as a design partner to polish an open-source web app UI. The video shows enabling the feature in Experimental settings, iterating on UI improvements, and creating a pull request directly from the app.
Mads Kristensen shows a practical GitHub Actions pipeline for Visual Studio extension authors to build, version-stamp, and publish VSIX packages. It covers an MSBuild-based workflow, publishing to the Visual Studio Marketplace with a secret token, and optionally pushing CI builds to a VSIX Gallery for quick testing.
jometzg walks through building an autonomous PIM elevation audit workflow using Azure SRE Agent, including how to move from interactive chat exploration to a headless scheduled subagent that queries Log Analytics and emails a daily alignment report to stakeholders.
Wes Steyn shows how Microsoft Agent Framework’s Agent Harness can safely work with user data by adding file access, human approvals for risky tool calls, and durable memory. The post includes both C# and Python examples, plus runnable samples you can use as a starting point for your own agent.
John Edward explains how to combine a Copilot Studio agent with Power Automate to draft emails and route them through a human approval step before sending, creating a practical “human-in-the-loop” workflow for safer, more consistent business communication.
Welcome to this week's Weekly Azure Roundup, where the focus shifts from AI demos to operable systems. Azure Monitor's Copilot Observability Agent reached GA (with autonomous operations in preview), while MCP moved closer to production through Azure Functions tooling, a stateless protocol update for easier scale-out, and clearer security patterns using Entra ID and API Management. On the platform side, ACR added IPv6 dual-stack endpoints in preview and shared practical guidance on tuning image-pull performance, alongside updates across SQL and PostgreSQL tooling, confidential computing, and day-to-day ops improvements like azd and Kudu logging.
Welcome to this week's Weekly Security Roundup, where the thread tying most stories together is control: tighter authorization for agent tooling, stronger defaults in developer ecosystems, and faster containment when accounts and tokens get hit. On the threat side, Microsoft detailed phishing-to-implant activity delivering a persistent Node.js payload, plus infostealer ecosystems (StealC and Amadey) built and sold as services, and a DART case study showing how two separate attackers can overlap in the same environment. On the defense side, MCP security moved from connectivity to governance with enterprise-managed authorization in VS Code, APIM-fronted authorization patterns, hardened App Service hosting guidance, and new warnings about persistent AI memory as an injection surface. The roundup closes with practical supply chain and identity hardening updates across npm, Dependabot, GitHub Enterprise incident response controls, Azure DevOps workload identity federation, and platform-leve
This week's ML roundup connects two realities teams run into fast: scaling LLM training exposes bottlenecks beyond networking, and production AI depends on governed, reliable data access. We look at Azure's MLPerf Training deep dive on Llama 3.1 405B at 8,192 GPUs, then shift to Fabric updates that tighten Purview-based protections, improve ingestion patterns, and make Spark and Lakehouse operations more predictable. We also cover how vector search and embeddings are moving into the SQL core stack, plus research and applied ML stories that focus on closing the loop (testable explanations and automated genomic reanalysis).
This week's AI roundup is about taking agents from experiments to everyday workflows, with GitHub Copilot expanding across a desktop app, GitHub Desktop worktrees, and a more capable Copilot CLI terminal UI. Teams also got more enterprise-ready controls, including new model options like MAI-Code-1-Flash, Jira integration with streaming agent progress, clearer code review depth defaults, and better adoption reporting. On the platform side, MCP matured with enterprise-managed authorization, stateless scaling changes, and hardened Azure deployment patterns that treat tool servers like production APIs. We close with agentic operations reaching GA in Azure Monitor, plus practical guidance on agent reliability, security risks like persistent-memory attacks, and the ongoing push toward efficient inference from edge NPUs to 8K+ GPU training runs.
This week's GitHub Copilot updates keep pushing Copilot beyond the IDE and into agent-first workflows you can run, review, and govern across tools. The Copilot desktop app reached general availability with isolated worktrees and an "agent merge" step, while BYOK and model pickers showed up across Desktop and other clients to make provider choice and cost control more practical. Copilot for Jira and the Copilot CLI's new terminal UI tightened the loop from issue to PR, and enterprise updates added stricter plugin sourcing controls plus reporting that ties adoption phases to merged pull requests. MCP work continued to mature with better security guidance, enterprise authorization patterns, and new benchmarking data focused on consistency and token efficiency across models.
Welcome to this week's Weekly .NET Roundup, where the center of gravity kept shifting from chat-based assistance to agentic workflows you can host, secure, and observe in real apps. Azure Functions gained richer MCP building blocks (including Entra ID auth and structured responses), Blazor demos showed agents triggering UI actions through components, and Microsoft Agent Framework pushed the "agent harness" idea as a practical control plane for approvals and telemetry. On the platform side, .NET 11 preview 5 introduced StringBuilder.MoveChunks() to reduce allocations in hot text pipelines, while Azure tooling and IDE updates (azd, Azure SDK, VS Code, and Visual Studio) focused on tightening day-to-day loops for provisioning, AI-assisted development, and cost/usage visibility.
Welcome to this week's DevOps roundup, where the main thread is making AI-driven automation operational: more governed Copilot app and agent workflows, plus enterprise controls for MCP authentication and plugin marketplaces. GitHub Actions continued its shift toward platform-scale policy and performance with step-level parallelism, tighter hosted runner governance, and new RHEL images for larger runners. On the operations side, Azure shipped practical improvements for troubleshooting and incident investigation (including the Copilot Observability Agent GA), while supply chain updates from npm, Dependabot, and GitHub Enterprise focused on reducing blast radius and simplifying least-privilege automation.
Authorised Territory demonstrates how to expose a .NET Azure Function as an MCP tool, using Visual Studio 2026 to create an Azure Functions project with an McpToolTrigger and then validating the tool with MCP Inspector.
GitHub shows how they use a GitHub Copilot app to monitor multiple community feedback streams and repository boards, then turn that input into actionable tasks with a single prompt.
GitHub announces general availability of the GitHub Copilot desktop app for macOS, Windows, and Linux, positioning it as an agent-native control center for working across repositories. GitHub highlights features like isolated git work trees and agent merge to help manage parallel agent workflows without losing context.
Lee Stott explains the Model Context Protocol (MCP) and why it’s becoming a practical standard for connecting LLM apps to tools and data. The post highlights recent updates to Microsoft’s MCP for Beginners curriculum, including spec alignment, validated SDK samples, and a security-focused refresh with concrete fixes and audits.
Allison announces an update to the GitHub Copilot usage metrics API reporting: enterprise and organization reports now include total pull requests merged per AI adoption phase, alongside existing per-user averages, making it easier to compare throughput and quantify adoption impact.
John Savill shares a quick Azure update for June 26, 2026, covering several platform changes including upcoming retirements and new capabilities across networking, VMware on Azure, and Azure NetApp Files.
Reynald Adolphe and the VS Code product team recap the June updates, with live demos of new Visual Studio Code features and recent GitHub Copilot improvements, plus a Q&A-style chat with the community.
Jesse Sullivan explains how the PostgreSQL extension for Visual Studio Code tightens the workflow for running Azure Database for PostgreSQL, bringing metrics, Azure Advisor recommendations, query plan tooling, and AI-assisted query analysis into the editor so teams can diagnose and tune performance without constantly switching tools.
GitHub shares an episode of The Download covering the general availability of the GitHub Copilot desktop app as a control center for managing multiple AI agents, plus updates on Anthropic pulling specific models offline and a quick look at Arnis for generating Minecraft worlds from real geography.
Allison announces the general availability of MAI-Code-1-Flash, Microsoft AI’s in-house coding model, for GitHub Copilot Business and Copilot Enterprise, including how admins enable access via Copilot policies and where to find model and billing documentation.
sbaynes summarizes Microsoft Research work on generative causal testing (GCT), a method that uses LLMs to turn black-box brain-response prediction models into short, testable explanations and then validates them by generating targeted stories and measuring fMRI responses.
Thoa Nguyen shares a quick look at building “Opal,” a personal AI “pet” running on a Raspberry Pi, using agent-style workflows with GPT-4 plus browser automation. The video highlights real-time web browsing, Discord integration, and updating GitHub projects as part of a small end-to-end AI system.
Thoa Nguyen walks through the design and build of Opal, a personal AI “pet” running on a Raspberry Pi, using agent-based workflows with GPT-4 plus browser automation. The episode also touches on practical integrations like Discord and updating GitHub projects as part of a real, end-to-end AI system.
Allison announces GitHub Desktop 3.6, adding Git worktree support and deeper GitHub Copilot features for commit authoring and merge conflict resolution. The update introduces a Copilot SDK foundation, a model picker for Copilot features, and BYOK support for third-party or local models.
John Edward explains what an Agent Optimizer is in Azure AI Foundry Agent Service and why it matters for building reliable AI agents. The article breaks down how optimization works in practice—evaluating performance, refining instructions, improving workflows, and learning from feedback—to increase accuracy, efficiency, and user satisfaction.
Sandeep Sen and Kristen Womack share the May/June 2026 Azure Developer CLI (azd) roundup, covering new commands like azd tool and azd exec, safer provisioning with azure.yaml dependsOn, improvements to extensions and prompts, and a long list of fixes across deployments, pipelines, and authentication.
antonfr explains how Microsoft Fabric’s built-in data protection features—powered by Microsoft Purview—help teams make data “AI-ready” by classifying sensitive content, enforcing least-privilege access, applying persistent protection, and improving observability so Copilot and agent experiences don’t amplify oversharing risks.
Garry Trinder explains why AI coding agents often ignore “tips” in documentation: they form a plan before reading your docs, then interpret everything through that plan. Using an SPFx upgrade example, he shows how explicitly invalidating the agent’s default approach can reliably redirect it to the correct tool and process.
VS Code Team explains how the VS Code and TypeScript teams adopted TypeScript 7 (the Go-based native port) through an incremental migration, improving CI reliability and dramatically speeding up type-checking, watch builds, and in-editor TypeScript/JavaScript language tooling performance.
jovanpop-msft introduces the Bulk Copy API (preview) for Microsoft Fabric Data Warehouse, explaining when client-side bulk ingestion is a better fit than server-side COPY INTO and showing practical patterns for C#, Java, command-line bcp.exe, and orchestration tools like Azure Data Factory and SSIS.
Natalie Guevara shares benchmark results for the GitHub Copilot agentic harness, focusing on token efficiency and task-resolution parity across multiple coding-agent benchmarks. The post explains how Copilot’s shared harness is evaluated against model-vendor harnesses and how multi-model support (20+ models) affects cost, quality, and reproducibility.
Microsoft Defender Security Research Team breaks down a multi-stage intrusion campaign targeting hospitality organizations, using photo-themed ZIPs and fake image LNK files to launch obfuscated PowerShell, deploy a Node.js implant, and maintain persistence via dual registry keys, along with Defender detections, hunting queries, and mitigation guidance.
Allison shares updates to GitHub Copilot code review, including clearer visibility when Medium analysis depth is used and new org-level defaults for review depth. The post also explains a behind-the-scenes change that improves review efficiency by switching to Copilot CLI/SDK file exploration tools.
Allison announces a public preview update that lets enterprises restrict which marketplaces GitHub Copilot CLI and VS Code can install plugins from, using the strictKnownMarketplaces setting in enterprise-managed settings.json to reduce the risk of untrusted plugins.
Fokko at Work demos what’s new for GitHub Copilot in Visual Studio Code 1.126, focusing on cost visibility, improved controls for context and reasoning, and updates to the Agents experience including multiple chats and native feedback.