Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!
Member: TysonPaul | Microsoft Community Hub
Identify Which Process Is Blocking a File in Windows
Team Blog: ITOps Talk
Author: OrinThomas
Published: 07/13/2025
Summary: The article explains how to identify which process is blocking a file in Windows when you encounter access errors. It describes using Resource Monitor, Process Explorer, and command-line tools like openfiles and handle.exe to search for and view processes locking a file. The tools allow you to find the responsible process by name or handle, and optionally end the process or close the handle to release the file, but caution is advised when doing so.
Rehydrating Archived Blobs via Storage Task Actions
Team Blog: Azure PaaS
Author: ankitsah
Published: 07/09/2025
Summary: Azure Storage Actions is a managed platform that automates data management tasks, including rehydrating archived blobs in Azure Blob Storage and Data Lake Storage, without extra compute or coding. Rehydration tasks can be set up via the Azure portal, but only Standard priority is available. The process involves creating a task, assigning roles and filters, enabling the assignment, and monitoring task runs. Storage Actions is generally available in select regions, with some areas in preview. Execution reports are accessible after task completion. For more details, refer to Microsoft Learn documentation.
Announcing GA of Bicep templates support for Microsoft Entra ID resources
Team Blog: Azure Governance and Management
Author: Dan_Kershaw
Published: 07/29/2025
Summary: Microsoft has announced the general availability of Bicep templates for Microsoft Entra ID resources starting July 29th, 2025. This update allows users to define and deploy both Azure and Microsoft Entra ID resources together using Bicep, streamlining infrastructure as code (IaC) workflows. The new Microsoft Graph Bicep extension enables seamless authoring, deployment, and management of Entra ID resources in Bicep files, improving reliability and repeatability. Developers can now use familiar tools and editors, integrate with GitHub Actions, and benefit from type safety and IntelliSense, simplifying DevOps processes.
Support tip: Changes to Google Play strong integrity for Android 13 or above
Team Blog: Intune Customer Success
Author: Intune_Support_Team
Published: 07/21/2025
Summary: Google is updating its Play Integrity “strong integrity” requirements for Android 13+ devices, mandating hardware-backed security and a recent (within 12 months) security patch by May 2025. Microsoft Intune is aligning its compliance and app protection policies accordingly and will enforce these requirements by September 30, 2025. Admins should update compliance and conditional launch policies to warn or block non-compliant devices, use grace periods for user notification, and monitor device status in Intune. Early identification and communication are encouraged to ensure all devices meet the new standards before enforcement begins.
Optimize Azure Firewall logs with selective logging
Team Blog: Azure Network Security
Author: gusmodena
Published: 07/31/2025
Summary: Azure Firewall now supports ingestion-time transformations in Azure Log Analytics, enabling selective logging and advanced filtering of firewall logs before storage. Using Data Collection Rules (DCR) and Kusto Query Language (KQL), users can filter logs by criteria such as severity, IP ranges, or specific actions, reducing storage costs and focusing on critical data for security, compliance, and operational needs. This approach streamlines incident response, supports compliance requirements, and enables custom alerts, but is only available with resource-specific logs, not legacy diagnostic settings.
Kernel Dump based Online Repair
Team Blog: Azure Compute
Author: vaybhav_shaw
Published: 07/16/2025
Summary: Azure has introduced a real-time kernel dump analysis technology within its Compute Repair Platform to enhance reliability and minimize downtime. By collecting and analyzing Live Kernel Dumps (LKD) when failures occur, Azure can pinpoint root causes, automate targeted repairs, and significantly reduce service interruptions. This approach enables faster, data-driven responses to issues such as kernel panics, memory leaks, and driver failures, improving repair accuracy and infrastructure stability. The platform’s architecture automates dump collection, analysis, and repair decisions, achieving quicker recovery and reduced customer impact across Azure’s vast cloud infrastructure.
Check This Out! (CTO!) Guide (June 2025)
Team Blog: Core Infrastructure and Security
Author: TysonPaul
Published: 07/31/2025
Summary: The June 2025 Microsoft Community Hub roundup highlights major Azure and Microsoft 365 updates, including enhanced AI-driven FinOps tools, security advancements like Azure WAF integration with Security Copilot, new storage-optimized VMs, and sustainability features in Azure Migrate. Key releases cover edge workload orchestration via Azure Arc, improved app delivery in Azure Virtual Desktop, and encryption enhancements for Linux workloads. Additional updates include certification resources, troubleshooting guides, and policy management improvements, all aimed at boosting efficiency, security, compliance, and cloud adoption for organizations using Microsoft platforms.
Connectivity options between Hub-and-Spoke and Azure Virtual WAN
Team Blog: Azure Networking
Author: DanielMauser
Published: 07/29/2025
Summary: This article reviews four connectivity options for migrating from a traditional Hub-and-Spoke Azure network to Azure Virtual WAN: ExpressRoute hair-pinning, SD-WAN/IPSec virtual tunnels, vNet peering alongside vHub connections, and using a transit virtual network for decentralized vNets. Each scenario is detailed with connectivity flows, pros, cons, and administrative considerations, helping organizations ensure temporary coexistence and smooth migration. The article emphasizes evaluating each approach based on latency, throughput, administrative overhead, and cost to select the optimal migration strategy. Diagrams are available for reference.
AI for Operations - Copilot Agent Integration
Team Blog: Azure Architecture
Author: TaleTom
Published: 07/18/2025
Summary: The article details the integration of Copilot Studio Agents into the Azure AI for Operations Framework, focusing on two solutions: the Copilot FinOps Agent for interactive cost analysis and the Copilot Update Manager Agent for patch compliance and updates, both accessible via Microsoft Teams. These agents leverage Power Automate, Azure services, and OpenAI models to enable natural-language queries and actions, streamlining financial and operational workflows for finance, engineering, and security teams. Deployment requires specific Microsoft licenses, an Azure subscription, and configuration via GitHub resources.
Azure Virtual Desktop metadata database now available in Korea Central
Team Blog: Azure Virtual Desktop
Author: Ron_Coleman
Published: 07/24/2025
Summary: Microsoft has announced the availability of the Azure Virtual Desktop metadata database in the Korea Central region. This expansion enhances performance by reducing latency, supports local data residency and compliance requirements, and improves user experience for customers in Korea. The metadata database stores key configuration and operational data, keeping it closer to regional users. This move is part of Azure’s broader strategy to expand global coverage and help organizations build secure, high-performing digital workplaces. Customers can now configure their Azure Virtual Desktop environments to use the Korea Central database for optimized performance and compliance.
Azure VMware Solution now available in Spain Central
Team Blog: Azure Migration and Modernization
Author: KirstenMegahan
Published: 07/22/2025
Summary: Azure VMware Solution is now available in the Spain Central region, expanding to 35 Azure regions globally. This service enables organizations to migrate or extend VMware workloads to Azure without re-architecting applications, maintaining operational consistency, and supporting business continuity. It includes VMware’s technology stack, integration with Azure services, and licensing benefits like a 20% discount and the VMware Rapid Migration Plan, offering cost savings and price protection for migrations.
EOL of Azure Linux 2.0 on Azure Kubernetes Service enabled by Azure Arc
Team Blog: Azure Arc
Author: roycey
Published: 07/21/2025
Summary: Azure Linux 2.0 (formerly CBL-Mariner) will reach End of Life on July 31, 2025, ending all updates and support. Azure Kubernetes Service (AKS) enabled by Azure Arc will transition to Azure Linux 3.0 images with the Azure Local 2507 release. Azure Linux 3.0, generally available since August 2024, brings updated core components, improved security, and enhanced performance. All AKS Arc customers must upgrade to Azure Linux 3.0 to maintain compliance and support. Azure Linux 3.0 will be supported until summer 2027. Mariner and Azure Linux are the same OS, rebranded.
Windows Server 2025 Software Defined Datacenter: Networking Deployment Series (3/6)
Team Blog: Networking
Author: Kyle_Bisnett
Published: 07/28/2025
Summary: The article details Contoso Medical Center’s deployment of Windows Server 2025 Software Defined Datacenter (SDDC) with a focus on implementing Software Defined Networking (SDN) using Network Controller on Failover Cluster (NC on FC). This new model offers rapid, resilient, and VM-less deployment, ensuring high availability and security for critical workloads. Using Windows Admin Center, Contoso achieved a robust SDN control plane, meeting enterprise uptime and compliance needs. The guide emphasizes the benefits of NC on FC, including streamlined management, enhanced security, and readiness for future SDN scaling and hybrid integration.
Terraform Azure Verified Modules for Platform Landing Zone (ALZ) Migration Guidance and Tooling
Team Blog: Azure Tools
Author: jaredfholgate
Published: 07/10/2025
Summary: Microsoft has announced the general availability of migration guidance and tooling for moving Terraform state from the classic CAF Enterprise Scale module to the Azure Verified Modules (AVM) for Platform Landing Zone. The provided guidance and tooling assist users in mapping existing Azure resources, resolving discrepancies, and generating Terraform import blocks for a smooth transition. The process involves setup, resource mapping, and attribute mapping stages, using the Terraform State Importer tool. Currently, support is limited to resources deployable by the classic module, with documentation focused on this scenario. More information is available at aka.ms/alz/tf/migrate.
Scaling Azure Functions & PaaS - Concurrency, Async, Messaging. Insights from Python Log Analysis
Team Blog: Azure Infrastructure
Author: ravisha
Published: 07/17/2025
Summary: The article shares practical lessons from operating large-scale Azure PaaS solutions with Python, focusing on concurrency, asynchronous programming, and reliable messaging. Key insights include using finite blob leases to prevent resource locks, robust async error handling, and idempotent message processing for resilience. It emphasizes best practices for managing Azure SDK clients, configuring Service Bus for high throughput and deduplication, and scaling function apps effectively. Operational tips cover monitoring, alerting, and security (managed identities, secure networking). Applying these strategies ensures Azure Functions remain reliable, scalable, and maintainable under high load and complex workflows.
The Adecco Group’s AI skill-building strategy powers talent, client impact
Team Blog: Microsoft Learn
Author: NancyTandy
Published: 07/17/2025
Summary: The Adecco Group has implemented a comprehensive AI skill-building strategy to address rising demand for AI skills internally and among job seekers. Focusing on sales, efficiency, product development, and customer experience, the company embedded AI into its operations and training. Results include a 63% productivity increase for recruiters, 200,000 AI-generated CVs, and 30,000 employees completing AI training. Tools like Microsoft 365 Copilot streamlined operations, enabling more strategic work. The Adecco Group’s approach aims to prepare its workforce and clients for the evolving job market.
📢 [Public Preview] Accelerating BlobNFS throughput & scale with FUSE for superior performance
Team Blog: Azure Storage
Author: niranja1890
Published: 07/03/2025
Summary: Azure has updated its AZNFS (3.0) mount helper for BlobNFS, now leveraging the libfuse3 library to deliver significant performance and scalability improvements. Enhancements include higher throughput (supporting up to 256 TCP connections), faster read/write speeds (up to 5x improvement), removal of Linux’s 16-group user limit, improved metadata performance, and support for larger files up to 5TB. These advancements make Azure Blob Storage more efficient for AI/ML, HPC, analytics, and backup workloads, benefiting customers needing high throughput and legacy application support via NFS 3.0.
Ansys Minerva Simulation & Process Data Management Architecture on Azure
Team Blog: Azure High Performance Computing (HPC)
Author: Sunita_AZ0708
Published: 07/30/2025
Summary: The article details the architecture of Ansys Minerva’s Simulation & Process Data Management on Azure, which uses four distributed tiers (client, web, enterprise, and resource) within a single availability zone. Each tier operates on separate virtual machines for scalability, reliability, and security, leveraging Azure services like Application Gateway, Entra ID, and SQL Server. The setup supports high availability, backup, and disaster recovery using Azure backups, Always On availability groups, and recommended VM SKUs. Security is reinforced through Azure Firewall and Web Application Firewall, while single sign-on is enabled via SAML configuration with Entra ID.
Microsoft