Browse All Posts (101)
Salim Chawro summarizes Microsoft’s July 2026 Secure Future Initiative (SFI) progress report, covering measurable improvements in identity and configuration hardening, AI-assisted proactive defense for vulnerability discovery and remediation, and preparations for post-quantum cryptography—plus concrete steps organizations can apply now.
Napalys Klicius explains why migrating Copilot code review to shared Unix-style exploration tools (grep, glob, view) initially increased cost and reduced useful findings, and how rewriting tool instructions to match a reviewer’s diff-first workflow delivered about 20% lower average review cost without hurting quality.
John Savill runs through a weekly set of Azure platform updates, covering new capabilities across OpenShift, storage, Event Hubs, Log Analytics, Chaos Studio, and identity. He also calls out security-related changes (WAF exceptions, Network Security Perimeter, Entra backup/restore) and an OpenAI/GPT update.
GitHub recaps this week’s developer news, including the general availability of the GitHub Copilot app (now supporting free and education plans plus bring-your-own-key), GitHub Issue Fields reaching general availability, and quick updates on new ECMAScript JavaScript methods and the new HTTP QUERY method.
David Paquette explains how the Azure DevOps team reduced Azure Pipelines task extension size by bundling Node-based tasks with esbuild, cutting thousands of files down to a few per task and significantly improving agent download and extraction time in real production pipelines.
Allison announces an update to GitHub Mobile that adds improved filtering and sorting for GitHub Copilot sessions, helping developers find active, completed, and needs-attention sessions more quickly as their session list grows.
Hidde de Smet breaks down why spec-driven development can either reduce risk or quietly add “delivery debt”, especially in regulated environments. He outlines six common process cost centers, a three-lane model (full/light/no-spec), and a small set of KPIs to tell when structure is paying off.
Fokko at Work demos selected updates in Visual Studio Code 1.128 that affect GitHub Copilot, including configuring the default utility model for BYOK and notes on how enterprise policies and pricing plans can change which features are available.
Daniel Roth, Javier Calvarro Nelson, Maya Mateva, and Stamo Gochev present a Blazor Community Standup on “generative UI”: using AI agents and agent-driven UI patterns to dynamically create and adapt application experiences with AG-UI, A2UI, Microsoft Agent Framework, and Blazor.
Carlotta Castelluccio demonstrates how to build a hosted, coded AI agent in VS Code using GitHub Copilot CLI and a Microsoft Foundry Skill, then walks through the workflow to test and deploy it for a social media management scenario.
Allison announces the general availability of GitHub’s refreshed pull requests dashboard at github.com/pulls, highlighting the new Inbox experience, saved views, and improved filtering/search to help developers and teams track reviews, CI failures, and ready-to-merge work more efficiently.
sbaynes explains how Microsoft AI collaborated with poet William Sieghart and Gravity Road to build Ode Poetry, a real-time voice experience that transcribes user speech, responds empathetically, and recommends poems using MAI-Transcribe and MAI-Voice, with a strong focus on safety testing and quality iteration.
Mika Dumont introduces an interactive upgrade canvas in the GitHub Copilot app that lets teams track a .NET modernization end-to-end, from assessment and planning through execution, code changes, build failures, and final results, with the same upgrade workflow available in Visual Studio, VS Code, and the Copilot CLI.
Allison announces the rollout of OpenAI’s GPT-5.6 model family (Sol, Terra, and Luna) in GitHub Copilot, including what each variant is best suited for, where you can select them, and what admins need to enable for Business and Enterprise plans.
Michael Recachinas explains how GitHub enforced validated repository ownership across a 14,000+ repo organization to unblock security workflows like secret scanning remediation, reduce risk, and make governance and compliance scoping reliable.
GeertVanTeylingen explains what’s changed in Azure NetApp Files for running Oracle Database on Azure VMs, focusing on newer capabilities that make Oracle storage easier to size, deploy, protect, replicate, migrate, and clone across the database lifecycle.
Microsoft Developer recaps the 2026 updates shipped across SQL Server, Azure SQL, and SQL database in Fabric, highlighting security, tooling, and developer workflow changes announced around SQLCon/FabCon and Microsoft Build 2026.
NeoCai announces the general availability of enhanced host pool management for Azure Virtual Desktop, covering session host configuration and updates, dynamic autoscale via scaling plans, and using ephemeral OS disks to improve performance and simplify refresh-heavy environments.
Allison announces a public preview update to GitHub Code Quality that lets organization owners enable or disable Code Quality for a targeted subset of repositories, with optional enforcement to prevent repo admins from changing the setting.
GitHub introduces Bring Your Own Key (BYOK) support in the GitHub Copilot app, showing how to connect custom model providers, run local models with Ollama, and switch models from the model picker across all Copilot plans.
Microsoft Threat Intelligence breaks down GigaWiper, a Golang backdoor that bundles disk wiping, ransomware-like encryption, and system sabotage into modular commands, and maps its C2, persistence, and destructive behaviors to concrete Defender detections and hardening steps defenders can apply.
Allison announces a GitHub Copilot Chat feature on github.com that generates a high-level overview of a repository you’re visiting for the first time, summarizing the repo’s purpose, technologies used, and contribution guidelines, with an option to generate a README when one doesn’t exist.
Visual Studio Code shares a short sizzle reel promoting VS Code Learn, a set of free, hands-on courses created by the VS Code team to help developers learn VS Code features and workflows.
Wes Steyn shows how to scale a Microsoft Agent Framework “claw” using the Agent Harness: on-demand skills (including centrally managed Foundry skills via MCP), approval-gated shell access, CodeAct for sandboxed code execution, and concurrent background agents, with runnable samples in both .NET and Python.
Shree Divya M V announces a preview feature in Azure Logic Apps Standard that generates BizTalk-compatible flat-file XSD schemas directly from sample payloads, so teams can onboard CSV/delimited and fixed-width formats faster and then reuse the generated schema with Flat File Decoding and Encoding actions.
Authorised Territory demonstrates how to build a .NET agent harness that lets an AI agent read a local text file, using the .NET Agent Framework and the Microsoft.Agents.AI.Harness NuGet package with a locally running LLM in Ollama.
Allison announces general availability of GitHub Advanced Security innersource advisories, letting enterprises publish internal security advisories with visibility limited to enterprise-owned repositories. The update includes a new REST API for creating, updating, and withdrawing vulnerabilities, and uses Dependabot to notify affected repos and open upgrade pull requests.
David Pine explains how the .NET Aspire team uses GitHub Agentic Workflows to turn merged product pull requests into SME-reviewed documentation pull requests in a separate repo, while keeping security tight through a “safe-outputs” contract and narrowly scoped GitHub App permissions.
Allison announces enterprise-managed OpenTelemetry export controls for GitHub Copilot in VS Code and Copilot CLI, letting organizations centrally mandate OTLP endpoints, protocols, resource attributes, and capture settings without relying on per-developer OTEL_* environment variables.
CollinBrian explains how to design cloud-sovereign applications by keeping both deployment and runtime dependencies portable, using Radius for an application model and Dapr for consistent distributed-systems APIs across environments like Kubernetes and Azure.
Allison announces general availability of device-level deployment for managed GitHub Copilot settings in VS Code and GitHub Copilot CLI, enabling enterprise admins to enforce consistent Copilot governance via MDM, configuration files, or server-managed settings.
GitHub explains how to control GitHub Copilot costs in large organizations by mapping enterprise teams to cost centers, configuring AI credit pools, and applying user-level spending caps with per-user overrides for power users.
Nir Mashkowski shares customer examples of how Azure SRE Agent is being used to reduce incident triage and investigation time by having an AI-powered agent gather evidence, classify issues, and recommend next steps, with an emphasis on governance controls and operational “memory” for teams running production on Azure.
Jakub Oleksy’s June 2026 GitHub availability report summarizes six production incidents (including Copilot outages) and the reliability work behind GitHub’s ongoing Azure migration, with concrete mitigations like dependency pinning, stronger config validation, improved traffic blocking, and tighter production access controls.
Allison summarizes the June/early July 2026 Visual Studio Code releases (v1.123–v1.127) focused on GitHub Copilot: integrated browser upgrades for agent-driven web validation, better organization for parallel agent sessions, clearer cost and token visibility, easier model-provider discovery via Marketplace, and more hands-off Autopilot behavior.
Katie Savage announces a free, instructor-led virtual training series starting July 16 that introduces the GitHub Copilot app and its agent-driven workflow, including setup, custom instructions, MCPs, and features like Agent Merge and Canvases for tracking work.
Allison summarizes what’s new in actions/setup-java v5.5.0 for GitHub Actions workflows, including optional GPG signature verification for JDK downloads, a new Kona JDK distribution, and several Maven-focused improvements around toolchains, caching, and quieter CI logs.
Salim Chawro explains how Microsoft’s Secure Future Initiative (SFI) is being enforced with a multi-agent AI system that continuously evaluates live cloud services, looking for cross-domain weaknesses across code, identity, network, and runtime configuration to drive faster, higher-quality hardening.
Efrat Ben Porat announces public preview support for autonomous operations in the Azure Copilot Observability Agent, which can listen to Azure Monitor alerts, correlate them into issues, and run deep investigations automatically. The post explains what’s new, how correlation is guided by custom instructions, and how this changes on-call triage workflows.
Arvind Shyamsundar explains how an AI-assisted real-world build ran into an unexpected challenge, and how pairing GitHub Copilot with hands-on developer judgment helped reach a secure solution.