Hi everyone! Tyson Paul here with this month’s “Check This Out!” (CTO!) guide. Our goal with these posts is to guide you toward content that piques your interest, whether it's for learning, troubleshooting, or discovering new sources. Each month, we’ll give you a snapshot of intriguing blog content, provide direct links to the source material, and introduce you to other valuable blogs you might not know about yet. If you’re a long-time reader, you’ll notice this series is similar to our previous “Infrastructure + Security: Noteworthy News” series. We hope you find this new format just as helpful and engaging. Thank you for your continued support from all of us on the Core Infrastructure and Security Tech Community blog team!
Member: TysonPaul | Microsoft Community Hub
News and updates from FinOps X 2025: Transforming FinOps in the era of AI
Team Blog: FinOps
Author: micflan
Published: 06/25/2025
Summary: FinOps X 2025 highlighted Microsoft's advancements in integrating AI with FinOps, emphasizing tools like Copilot in Azure, PTU reservations, and Azure AI Foundry Observability to optimize and manage AI costs. Enhanced analytics, reporting, and community-driven standards like FOCUS improve transparency and collaboration. Updates to Azure services, sustainability tools, and flexible billing options further empower organizations to maximize ROI, control cloud spending, and accelerate FinOps adoption. AI-driven insights, automation, and unified platforms like Microsoft Fabric are central to transforming FinOps practices, offering greater efficiency, accountability, and scalability in the era of AI.
Azure WAF Integration in Security Copilot is Now Generally Available
Team Blog: Azure Network Security
Author: Eden_Yaakobi
Published: 06/10/2025
Summary: Microsoft has announced the general availability of Azure Web Application Firewall (WAF) integration with Security Copilot, combining advanced web app protection with AI-powered threat detection and response. This integration enables proactive threat analysis, optimized WAF configurations, and accelerated investigations using natural language prompts and AI-driven workflows. Security teams can now easily analyze attacks, top offending IPs, and rule activity without manual log parsing, improving efficiency and security posture. The integration delivers adaptive, cloud-scale protection for Azure Front Door and Application Gateway, marking a significant advancement in intelligent web application security.
Announcing the general availability of Azure Laosv4, Lasv4, and Lsv4 storage optimized VMs
Team Blog: Azure Compute
Author: RishiGomatam
Published: 06/11/2025
Summary: Microsoft has announced the general availability of Azure’s new Laosv4, Lasv4, and Lsv4 storage-optimized virtual machines. These L-series VMs offer up to 23TB high-performance local NVMe SSDs, significant CPU, networking, and storage improvements, and leverage Azure Boost SSDs for enhanced encryption and reduced latency. Laosv4, powered by AMD Genoa processors, features increased storage per vCPU and improved security, while Lasv4 and Lsv4 support both AMD and Intel’s latest CPUs, offering expanded configuration options and substantial performance gains for data-intensive workloads like big data analytics and databases.
Bring AI out of the shadows with agents for Microsoft 365 Copilot Chat
Team Blog: FastTrack
Author: JulieHersum
Published: 06/30/2025
Summary: The article discusses the risks of "shadow AI," where employees use unsanctioned AI tools, creating security, compliance, and governance challenges for organizations. It advocates for IT admins to address these risks by deploying Microsoft 365 Copilot Chat agents, which offer secure, compliant, and centralized AI experiences within Microsoft 365. The article provides a practical blueprint for deploying, governing, and scaling Copilot Chat agents, and offers checklists for data protection, user education, monitoring, and governance alignment to help organizations safely innovate while maintaining control and visibility over AI usage.
Migrating Basic SKU Public IPs on Azure VPN Gateway to Standard SKU
Team Blog: Azure Networking
Author: noriouch
Published: 06/16/2025
Summary: The article outlines three methods for migrating Azure VPN Gateway Basic SKU public IPs, which will retire by September 2025, to Standard SKU: using Microsoft’s migration tool (minimal downtime, no IP change), manually deleting and recreating the gateway (more downtime, possible IP change), and gradually migrating to a new virtual network (minimal downtime, new IP required). Each method’s steps, pros, cons, and considerations are detailed. The recommended approach depends on required downtime, configuration complexity, and rollback needs. Timely migration is essential to avoid service disruption.
Boosting Productivity with Ansys RedHawk-SC and Azure NetApp Files Intelligent Data Infrastructure
Team Blog: Azure Architecture
Author: GeertVanTeylingen
Published: 06/19/2025
Summary: The article discusses how integrating Ansys Access with Azure NetApp Files (ANF) creates a high-performance, cloud-native infrastructure for Ansys RedHawk-SC simulations on Microsoft Azure. By leveraging ANF’s enterprise-grade, low-latency shared storage and advanced data management, organizations can accelerate complex engineering simulations, streamline file management, and scale on demand. The solution improves productivity, reduces simulation times, and offers cost optimization through dynamic scaling, efficient data protection, and tiered storage, all while maintaining reliability, security, and alignment with Azure’s Well-Architected Framework.
Azure Arc and Defender for Servers: Connectivity and Monitoring Script
Team Blog: Core Infrastructure and Security
Author: SantoshPargi
Published: 06/30/2025
Summary: Microsoft Defender for Servers, part of Microsoft Defender for Cloud, offers advanced threat protection and unified security management for servers across environments. On-premises servers can be onboarded using Azure Arc, enabling centralized policy and security management. The provided PowerShell script helps administrators verify the health of the Defender for Endpoint HIMDS service and Azure Arc connectivity on multiple servers by automating status checks, logging results, and identifying issues—streamlining monitoring and reducing manual effort.
Drive carbon reductions in cloud migrations with Sustainability insights in Azure Migrate
Team Blog: Azure Migration and Modernization
Author: ajaypartha95
Published: 06/18/2025
Summary: Azure Migrate has introduced a Sustainability Benefits feature that enables organizations to estimate and compare carbon emissions reductions when migrating from on-premises infrastructure to Azure. This new capability allows customers to visualize emissions savings alongside cost savings, supporting data-driven decisions that align with global sustainability goals. Using Microsoft-approved methodologies and carbon rate cards, the tool provides accurate, region-specific emissions estimates. The feature is now in public preview, helping IT, finance, and sustainability teams collaborate on environmentally and economically beneficial cloud migrations.
Announcing general availability of workload orchestration: simplifying edge deployments at scale
Team Blog: Azure Arc
Author: supriyobanerjee
Published: 06/30/2025
Summary: Microsoft has announced the general availability of workload orchestration in Azure Arc, a capability designed to simplify deployment and management of Kubernetes-based applications across distributed edge environments. This feature uses a centralized, template-driven model for configuration, enabling consistent, scalable, and error-resistant deployments for industries like manufacturing, retail, and healthcare. Key benefits include reusable templates, context-aware deployments, bulk rollout via GitOps, and end-to-end observability. The solution supports both IT administrators and OT operators, streamlining operations and compliance, and integrates with existing CI/CD workflows for efficient edge and cloud management.
Get help preparing for your Microsoft Certification exam with Course videos
Team Blog: Microsoft Learn
Author: NancyTandy
Published: 06/04/2025
Summary: The article highlights how Microsoft Learn for Organizations provides a variety of resources—including free, on-demand Course Videos—to help individuals prepare for Microsoft Certification exams. These expert-led videos cover a range of technologies and roles, offering flexible, self-paced learning mapped to official course content. Additional resources like learning hubs, practice assessments, and the Exam Readiness Zone further support skill development and exam readiness. Earning a Microsoft Certification validates skills agility, enhances career prospects, and ensures individuals stay current with evolving technology.
App-V support and partner integration now available in App attach
Team Blog: Azure Virtual Desktop
Author: JimMoyle
Published: 06/18/2025
Summary: Microsoft has announced general availability of App attach enhancements in Azure Virtual Desktop, including support for Microsoft App-V packages and integration with leading third-party platforms (Liquidware, Numecent, Omnissa). These updates enable IT admins to dynamically manage and deploy applications without altering the core desktop image, simplifying app delivery, reducing maintenance, and easing migration from legacy systems. The integrations expand flexibility, streamline cloud adoption, and offer centralized management, helping organizations modernize their application delivery while leveraging existing investments and partner capabilities for a seamless, scalable virtual desktop experience.
Build and Deploy Logic App Workflows Using Visual Studio Code and CI/CD Pipeline
Team Blog: Azure Infrastructure
Author: Devi_Priya
Published: 06/23/2025
Summary: This article guides users through creating, testing, and deploying Azure Logic App Standard workflows using Visual Studio Code and its Azure Logic Apps (Standard) extension. It details setting up the local development environment, building workflows, and connecting to Azure. The guide also covers running and debugging workflows locally, pushing code to Azure Repos, and automating deployment via CI/CD pipelines with sample YAML scripts for building and deploying logic apps to Azure, supporting streamlined development and operational workflows.
What's the deal with Kerb3961?
Team Blog: Ask the Directory Services Team
Author: WillAftring
Published: 06/03/2025
Summary: Kerb3961 is a new library in Windows Server 2025 and Windows 11 24H2 that refactors Kerberos cryptography, centralizing and simplifying encryption type (etype) management. It removes hard-coded cipher dependencies, making etype usage more predictable and secure, and ensures that administrator configurations are now strictly enforced. This change facilitates easier deprecation of outdated ciphers like RC4, but requires administrators to better understand their environment’s etype usage. Enhanced auditing and PowerShell scripts are provided to support this transition, aiming for improved security and more stable Kerberos operations.
Step-by-Step Guide: How to setup conditional access reauthentication policy for PIM?
Team Blog: ITOps Talk
Author: dishanfrancis
Published: 06/16/2025
Summary: The article provides a step-by-step guide to configuring Conditional Access reauthentication policies for Entra ID Privileged Identity Management (PIM). By creating an Authentication Context, updating PIM role settings, and enforcing a Conditional Access policy that requires reauthentication, organizations can enhance security for privileged role activations. The process ensures users must reauthenticate before accessing sensitive roles, reducing risks like session hijacking. The article includes detailed configuration steps and confirms policy effectiveness through testing, helping administrators implement stronger access controls for high-privilege operations.
Azure Verified Modules: Support Statement & Target Response Times Update
Team Blog: Azure Tools
Author: jtracey93msft
Published: 06/09/2025
Summary: Azure Verified Modules (AVM) has updated its support statement, extending response targets for bugs/security issues from 3 to 5 business days and for feature requests to 15 business days. Bugs and feature requests are now handled separately. These changes reflect a more realistic approach based on resource constraints and community feedback. New internal tools and processes are being implemented to improve tracking and compliance. AVM remains committed to transparency, community involvement, and continued improvement, with future enhancements planned and an invitation to join the next AVM Community Call on July 1, 2025.
Performance at Scale: The Role of Interconnects in Azure HPC & AI Infrastructure
Team Blog: Azure High Performance Computing (HPC)
Author: HugoAffaticati
Published: 06/25/2025
Summary: The article discusses the crucial role of high-performance interconnects—particularly InfiniBand—in enabling scalable, efficient communication between Azure HPC & AI virtual machines (VMs) for demanding workloads. It explains key performance metrics (bandwidth, latency), benchmarking tools like NCCL, and best practices for configuring and optimizing GPU clusters on Azure. Performance results using Grok-1 LLM training demonstrate that Azure’s ND_H100_v5 VMs achieve over 97% scaling efficiency and nearly match the performance of bare-metal supercomputers, highlighting Azure’s effective network architecture and pre-configured images for HPC and AI workloads.
Known issue: Customizations not saved with security baseline policy update
Team Blog: Intune Customer Success
Author: Intune_Support_Team
Published: 06/30/2025
Summary: Microsoft Intune has identified an issue where customizations to security baselines are not automatically retained during upgrades between specific baseline versions. Instead, default recommended settings are applied, requiring administrators to manually reapply custom settings in new policies. The affected baselines include versions for Microsoft Edge, Windows 10 and later, Windows 365, Microsoft Defender, and Microsoft 365 Apps. Intune creates a duplicate policy during the update, and conflict resolution logic determines which settings apply. An automated fix is planned for future releases; until then, admins must manually recreate customizations when updating baselines.
Secure Linux workloads using Azure Files with Encryption in Transit
Team Blog: Azure Storage
Author: soniagupta
Published: 06/30/2025
Summary: Microsoft Azure has announced general availability of Encryption in Transit (EiT) for Azure Files NFS shares, enabling TLS 1.3 encryption for data transfers within trusted VNets. EiT enhances data security, compliance, and performance for Linux workloads without operational complexity, using the open-source stunnel proxy and the AZNFS mount helper for easy setup and management. EiT supports major Linux distributions and integrates with enterprise platforms like SAP and AKS. Available globally at no extra cost, EiT helps organizations, including those in regulated industries, secure sensitive data and meet compliance requirements seamlessly.
Troubleshooting missing prerequisites for Azure Machine Configuration - in 3 easy steps!
Team Blog: Azure Governance and Management
Author: mutemwamasheke
Published: 06/10/2025
Summary: The article provides a three-step guide to resolve missing prerequisites for Azure Machine Configuration on Azure Virtual Machines. First, use Azure Resource Graph to identify subscriptions lacking the required Guest Configuration extension or managed identity. Second, assign the “Deploy prerequisites to enable Guest Configuration policies” initiative to automatically install necessary extensions and identities for new VMs. Third, trigger remediation tasks to apply these prerequisites to existing VMs. This ensures compliance, enables effective policy enforcement, and maintains secure, auditable server configurations at scale.
Microsoft