🔹 Feature: Front Door – Managed Identities to Authenticate to Origins

🔹 What It Does: Adds an extra layer of security, protecting your origins from being bypassed through Front Door.

What It Gives You:

✅ Enhanced security for origin access

✅ Simplified identity management without the need for credentials

✅ Seamless integration with Azure services

✅ Reduced risk of unauthorized access

⚠️ Additional control – verify if access is routed through Azure Front Door, check the X-Azure-FDID header in incoming requests and confirm it matches your Front Door’s ID.

More info: https://learn.microsoft.com/en-us/azure/frontdoor/origin-authentication-with-managed-identities 

🔹 Feature: Grafana with Azure Monitor

🔹 What It Does: Azure Monitor dashboards with Grafana enable you to leverage Grafana’s powerful query, transformation, and visualization capabilities for enhanced data insights.

What is it giving you:

✅ Real-time monitoring across multiple data sources

✅ Customizable, interactive dashboards for dynamic visuals

✅ Seamless integration with Azure services for smooth workflows

✅ Enhanced flexibility in analyzing and presenting critical metrics

📊 Don’t forget to check out Managed Grafana Service for comprehensive monitoring solutions.

More info: https://learn.microsoft.com/en-us/azure/azure-monitor/visualize/visualize-grafana-overview

New Post in Series: Azure, Microsoft 365, Windows, Microsoft Products

This time, let’s dive into a tool that helps you build AI applications capable of querying external APIs and decomposing AI prompts for enhanced performance.

🔹 Feature: Symantec Kernel

🔹 What It Does: A free SDK designed to build AI applications that act as an orchestration layer between large language models and your custom code.

What’s Helping You:

✅ Seamless integration of math operations within AI workflows.

✅ Efficient handling of external API calls to expand AI capabilities.

✅ Simplifies AI prompt decomposition for better data processing.

✅ Acts as a bridge between AI models and your application logic, ensuring smooth orchestration.

✅ Plugin ecosystem

⚠️ Challenges and Considerations: For new project consider using Microsoft Agent Framework as the successor to Symantec Kernel.

More Info: https://github.com/microsoft/semantic-kernel

Competitors of LangChain, LlamaIndex, LangGraph

🔹 Feature: Azure File Sync

🔹 What It Does: Synchronizes local File Shares with Azure Files.

What It Offers You:

✅ Seamless Synchronization: Ensures your local file shares and Azure Files are always up-to-date.

✅ Multi-Master Support: Facilitates collaboration across multiple sites with real-time updates.

✅ Efficient Migrations: Simplifies the transition from on-premises storage to the cloud without downtime.

✅ Local Cache Option: Provides quick access to frequently used files, reducing latency and dependency on internet speed.

✅ Backup: Disaster recovery scenarios, Backup scenarios.

More info: https://learn.microsoft.com/en-us/azure/storage/file-sync/file-sync-planning

#mvpbuzz #azurenews

🔹 Feature: IoT Central

🔹 What It Does: Simplifies the creation of IoT applications, dashboards, device management, and more.

What is it giving you:

✅ Quick Deployment: Easily set up IoT solutions without deep coding knowledge.

✅ Scalable Management: Manage thousands of devices effortlessly with built-in scalability.

✅ Customizable Dashboards: Visualize data effectively with personalized dashboards.

✅ Integration Ready: Seamlessly connects with other Microsoft services like Azure Functions and Power BI.

Some projects: 

🌐 https://youtu.be/fiyHol2yje0?si=tNwnzQ3jaBB7JGCj

🌐 https://youtu.be/9Ve9030IVqg?si=YbnWJ_ED5RQkJmXm

🔹 Feature: Azure Relay – Live without VPN

🔹 What It Does: Enables secure, direct connections between systems even when they’re behind firewalls using HTTPS.

What is it giving you:

✅ Built on the well-known Azure Service Bus for reliability and scalability.

✅ No need to open inbound ports, enhancing security.

✅ Seamless communication across distributed applications.

✅ Supports a variety of communication patterns (request/response, one-way, relayed messaging).

✅ Eliminates complex network configurations.

Easy step by step: https://github.com/MariuszFerdyn/Tunnel-via-Azure-Relay

🔹 Feature: Container Insights Segregation by Namespace

🔹 What It Does: Provides the ability to configure container console log collection, enabling segregation of logs by different Container Insights.

What It’s Giving You:

✅ Reduce Costs: Efficient log segregation minimizes unnecessary data ingestion, cutting down on expenses.

✅ Rescue PII Data Ingestion: Enhances control over data logs, reducing the risk of unintentional PII data exposure.

⚠️ Challenges and Considerations: Not easy – Configuration via Config Map

More info: https://learn.microsoft.com/en-nz/azure/azure-monitor/containers/container-insights-multitenant?tabs=arm

#mvpbuzz #azurenews

🔹 Feature: Confidential Computing

🔹 What It Does: Keeps memory encrypted within the virtual machine. It’s also available for PaaS platforms that have underlying virtual machines.

Confidential Computing is here to elevate your security game:

✅ Secure Kubernetes Deployments: Protect sensitive data while running containerized applications.

✅ Azure Virtual Desktop: Enhance security for privileged workstations, safeguarding critical business environments.

✅ Data Integrity Across PaaS: Keep your data secure even when leveraging platform services.

More info: https://azure.microsoft.com/en-us/solutions/confidential-compute#Related-products-3

#mvpbuzz #azurenews

🔹 Feature: Azure Storage Discovery

🔹 What It Does: Automatically scans your Azure environment to detect, classify, and provide insights into storage resources.

What It’s Giving You:

✅ Simplified Data Management: Azure Storage Discovery helps you identify and organize your storage resources efficiently.

✅ Enhanced Visibility: Gain clear insights into storage accounts, their usage, and potential cost optimization areas.

✅ Streamlined Operations: Quickly discover redundant or underutilized storage, improving resource allocation.

✅ Security Insights: Identify potential vulnerabilities and maintain compliance with organizational policies.

More info: https://azure.microsoft.com/en-us/blog/from-queries-to-conversations-unlock-insights-about-your-data-using-azure-storage-discovery-now-generally-available/

🔹 Feature: Ephemeral OS Disk Support on Azure Virtual Desktop

🔹 What It Does: Every session resets to its initial state—perfect for software testing and privileged workstations.

What It’s Giving You:

✅ Enhanced Security: Ensures sensitive data isn’t stored long-term, minimizing security risks.

✅ Optimized Performance: Faster boot times and improved user experience due to streamlined OS management.

✅ Cost-Efficiency: Reduces storage costs since no persistent OS disk is needed.

✅ Ideal for Testing: Perfect for developers needing clean environments for repeatable test scenarios.

More info: https://techcommunity.microsoft.com/blog/azurevirtualdesktopblog/now-in-public-preview-ephemeral-os-disk-support-on-azure-virtual-desktop/4460172

sudo raspi-config nonint do_vnc 0

sudo apt-get install -y gcc make libssl-dev libpam0g-dev libx11-dev libxfixes-dev libxrandr-dev mc autoconf automake libtool libxkbfile-dev

git clone https://github.com/neutrinolabs/xrdp.git
cd xrdp
git checkout 4b2155b6cf80c0411ffe8b5f1f7e3e4fae09e1a8

./bootstrap
./configure
make
sudo make install

sudo mcedit /etc/xrdp/xrdp.ini

[Xvnc]
name=Xvnc
lib=libvnc.so
pamusername=ask
pampassword=ask
#username=ask
#password=ask
ip=127.0.0.1
port=5900
security_level=0
depth=24

 

sudo mcedit /etc/wayvnc/config

use_relative_paths=true
address=::
enable_auth=false
#enable_pam=true
private_key_file=tls_key.pem
certificate_file=tls_cert.pem
rsa_private_key_file=rsa_key.pem

sudo systemctl enable xrdp
sudo systemctl restart wayvnc xrdp.service

 

sudo dphys-swapfile swapoff
sudo mcedit /etc/dphys-swapfile

CONF_SWAPSIZE=2048

sudo dphys-swapfile setup
sudo dphys-swapfile swapon

 

This script do the following:

1. Install and Configure VNC Server
2. Open 5900 port on local firewall
3. Remove user appx packages (required to successful run the sysprep)
4. Do a sysprep /generalize /oobe /reboot

All is unattended. After it reboot you can connect using VNC-Viewer-7.13.1-Windows-64bit to this VM and perform OOBE (Out-of-Box Experience). In this way you can utilize Intune Autopilot.

Before proceed make sure the machine is has all updates and no pending restart – just restart VM.

# TightVNC Unattended Installation and Configuration Script
# Requires Administrator privileges

#Requires -RunAsAdministrator

# Configuration Variables
$Password = “Pa##word”
$TightVNCVersion = “2.8.84”
$InstallerURL = “https://www.tightvnc.com/download/$TightVNCVersion/tightvnc-$TightVNCVersion-gpl-setup-64bit.msi”
$InstallerPath = “$env:TEMP\tightvnc-setup.msi”
$Port = 5900

Write-Host “Starting TightVNC Installation and Configuration…” -ForegroundColor Green

# Disable BitLocker on C: drive
Write-Host “`n=== Checking BitLocker Status ===” -ForegroundColor Yellow
try {
$BitLockerVolume = Get-BitLockerVolume -MountPoint “C:” -ErrorAction Stop

if ($BitLockerVolume.ProtectionStatus -eq “On”) {
Write-Host “BitLocker is enabled on C: drive. Disabling…” -ForegroundColor Yellow

# Disable BitLocker
Disable-BitLocker -MountPoint “C:” -ErrorAction Stop
Write-Host “BitLocker disable initiated.” -ForegroundColor Green

# Wait for decryption to complete
Write-Host “Waiting for decryption to complete (this may take several minutes)…” -ForegroundColor Yellow

$DecryptionComplete = $false
$MaxWaitTime = 3600 # 1 hour maximum wait
$ElapsedTime = 0
$CheckInterval = 10 # Check every 10 seconds

while (-not $DecryptionComplete -and $ElapsedTime -lt $MaxWaitTime) {
Start-Sleep -Seconds $CheckInterval
$ElapsedTime += $CheckInterval

$BitLockerStatus = Get-BitLockerVolume -MountPoint “C:” -ErrorAction SilentlyContinue
$EncryptionPercentage = $BitLockerStatus.EncryptionPercentage

Write-Host “Decryption progress: $($EncryptionPercentage)% encrypted remaining…” -ForegroundColor Cyan

if ($BitLockerStatus.VolumeStatus -eq “FullyDecrypted”) {
$DecryptionComplete = $true
Write-Host “BitLocker decryption completed successfully!” -ForegroundColor Green
}
}

if (-not $DecryptionComplete) {
Write-Host “Warning: Decryption is taking longer than expected.” -ForegroundColor Yellow
Write-Host “Current encryption status: $($EncryptionPercentage)% encrypted” -ForegroundColor Yellow
Write-Host “Continuing with installation, but Sysprep may have issues if encryption is not complete.” -ForegroundColor Yellow
}
}
elseif ($BitLockerVolume.ProtectionStatus -eq “Off”) {
Write-Host “BitLocker is already disabled on C: drive.” -ForegroundColor Green
}
else {
Write-Host “BitLocker status: $($BitLockerVolume.ProtectionStatus)” -ForegroundColor Cyan
}
}
catch {
Write-Host “Could not check BitLocker status: $_” -ForegroundColor Yellow
Write-Host “Continuing with installation…” -ForegroundColor Yellow
}

# Download TightVNC Installer
Write-Host “Downloading TightVNC installer…” -ForegroundColor Yellow
try {
Invoke-WebRequest -Uri $InstallerURL -OutFile $InstallerPath -UseBasicParsing
Write-Host “Download completed successfully.” -ForegroundColor Green
}
catch {
Write-Host “Error downloading TightVNC: $_” -ForegroundColor Red
exit 1
}

# Install TightVNC silently
Write-Host “Installing TightVNC…” -ForegroundColor Yellow
try {
$InstallArgs = @(
“/i”
“`”$InstallerPath`””
“/quiet”
“/norestart”
“ADDLOCAL=Server”
“SERVER_REGISTER_AS_SERVICE=1”
“SERVER_ADD_FIREWALL_EXCEPTION=1”
“SET_USEVNCAUTHENTICATION=1”
“VALUE_OF_USEVNCAUTHENTICATION=1”
“SET_PASSWORD=1”
“VALUE_OF_PASSWORD=$Password”
“SET_VIEWONLYPASSWORD=1”
“VALUE_OF_VIEWONLYPASSWORD=$Password”
)

Start-Process “msiexec.exe” -ArgumentList $InstallArgs -Wait -NoNewWindow
Write-Host “TightVNC installed successfully.” -ForegroundColor Green
}
catch {
Write-Host “Error installing TightVNC: $_” -ForegroundColor Red
exit 1
}

# Wait for installation to complete
Start-Sleep -Seconds 5

# Configure TightVNC Registry Settings
Write-Host “Configuring TightVNC settings…” -ForegroundColor Yellow
$RegistryPath = “HKLM:\SOFTWARE\TightVNC\Server”

try {
# Set port
Set-ItemProperty -Path $RegistryPath -Name “RfbPort” -Value $Port -Type DWord -Force

# Set to run as system service (autostart)
Set-ItemProperty -Path $RegistryPath -Name “RunControlInterface” -Value 1 -Type DWord -Force

# Enable authentication
Set-ItemProperty -Path $RegistryPath -Name “UseVncAuthentication” -Value 1 -Type DWord -Force

# Additional security settings
Set-ItemProperty -Path $RegistryPath -Name “AcceptRfbConnections” -Value 1 -Type DWord -Force
Set-ItemProperty -Path $RegistryPath -Name “QueryAcceptOnTimeout” -Value 0 -Type DWord -Force
Set-ItemProperty -Path $RegistryPath -Name “QueryTimeout” -Value 30 -Type DWord -Force
Set-ItemProperty -Path $RegistryPath -Name “LocalInputPriority” -Value 0 -Type DWord -Force
Set-ItemProperty -Path $RegistryPath -Name “LocalInputPriorityTimeout” -Value 3 -Type DWord -Force

Write-Host “Registry settings configured successfully.” -ForegroundColor Green
}
catch {
Write-Host “Error configuring registry: $_” -ForegroundColor Red
}

# Configure Windows Firewall
Write-Host “Configuring Windows Firewall rules…” -ForegroundColor Yellow
try {
# Remove existing rules if they exist
Remove-NetFirewallRule -DisplayName “TightVNC Server” -ErrorAction SilentlyContinue

# Add firewall rule for all profiles (Domain, Private, Public)
New-NetFirewallRule -DisplayName “TightVNC Server” `
-Direction Inbound `
-Protocol TCP `
-LocalPort $Port `
-Action Allow `
-Profile Domain,Private,Public `
-Enabled True `
-Description “Allow TightVNC Server connections on port $Port”

Write-Host “Firewall rule created successfully for port $Port on all profiles.” -ForegroundColor Green
}
catch {
Write-Host “Error configuring firewall: $_” -ForegroundColor Red
}

# Restart TightVNC Service
Write-Host “Restarting TightVNC Server service…” -ForegroundColor Yellow
try {
Restart-Service -Name “tvnserver” -Force -ErrorAction Stop
Write-Host “TightVNC Server service restarted successfully.” -ForegroundColor Green
}
catch {
Write-Host “Error restarting service: $_” -ForegroundColor Red
Write-Host “Attempting to start the service…” -ForegroundColor Yellow
try {
Start-Service -Name “tvnserver” -ErrorAction Stop
Write-Host “TightVNC Server service started successfully.” -ForegroundColor Green
}
catch {
Write-Host “Error starting service: $_” -ForegroundColor Red
}
}

# Verify service is running
Write-Host “`nVerifying installation…” -ForegroundColor Yellow
$Service = Get-Service -Name “tvnserver” -ErrorAction SilentlyContinue
if ($Service) {
Write-Host “Service Status: $($Service.Status)” -ForegroundColor Cyan
Write-Host “Service Start Type: $($Service.StartType)” -ForegroundColor Cyan
}

# Verify firewall rule
$FirewallRule = Get-NetFirewallRule -DisplayName “TightVNC Server” -ErrorAction SilentlyContinue
if ($FirewallRule) {
Write-Host “Firewall Rule: Enabled” -ForegroundColor Cyan
}

# Clean up installer
Write-Host “`nCleaning up…” -ForegroundColor Yellow
Remove-Item -Path $InstallerPath -Force -ErrorAction SilentlyContinue

Write-Host “`n=== Installation Complete ===” -ForegroundColor Green
Write-Host “TightVNC Server is configured and running on port $Port” -ForegroundColor Green
Write-Host “Password has been set as specified” -ForegroundColor Green
Write-Host “Service is set to start automatically” -ForegroundColor Green
Write-Host “Firewall rule has been added for all profiles” -ForegroundColor Green

# Remove problematic AppX packages that prevent Sysprep
Write-Host “`n=== Removing User-Specific AppX Packages ===” -ForegroundColor Yellow
Write-Host “Cleaning up AppX packages that could cause Sysprep to fail (Error 0x80073CF2)…” -ForegroundColor Yellow

try {
# Get all AppX packages for all users that aren’t provisioned
$AppxPackages = Get-AppxPackage -AllUsers | Where-Object {
$_.NonRemovable -eq $false -and
-not (Get-AppxProvisionedPackage -Online | Where-Object {$_.DisplayName -eq $_.Name})
}

if ($AppxPackages) {
Write-Host “Found $($AppxPackages.Count) user-specific AppX packages to remove…” -ForegroundColor Cyan

foreach ($Package in $AppxPackages) {
try {
Write-Host ” Removing: $($Package.Name)…” -ForegroundColor Gray
Remove-AppxPackage -Package $Package.PackageFullName -AllUsers -ErrorAction Stop
}
catch {
Write-Host ” Warning: Could not remove $($Package.Name): $_” -ForegroundColor Yellow
}
}

Write-Host “AppX package cleanup completed.” -ForegroundColor Green
}
else {
Write-Host “No problematic AppX packages found.” -ForegroundColor Green
}
}
catch {
Write-Host “Warning: Error during AppX cleanup: $_” -ForegroundColor Yellow
Write-Host “Continuing with Sysprep…” -ForegroundColor Yellow
}

# Check for pending reboots before Sysprep
Write-Host “`n=== Checking for Pending Reboots ===” -ForegroundColor Yellow

$PendingReboot = $false

# Check Component Based Servicing
if (Test-Path “HKLM:\Software\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending”) {
Write-Host “Pending reboot detected: Component Based Servicing” -ForegroundColor Yellow
$PendingReboot = $true
}

# Check Windows Update
if (Test-Path “HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired”) {
Write-Host “Pending reboot detected: Windows Update” -ForegroundColor Yellow
$PendingReboot = $true
}

# Check Pending File Rename Operations
$PendingFileRename = Get-ItemProperty “HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager” -Name PendingFileRenameOperations -ErrorAction SilentlyContinue
if ($PendingFileRename) {
Write-Host “Pending reboot detected: File Rename Operations” -ForegroundColor Yellow
$PendingReboot = $true
}

if ($PendingReboot) {
Write-Host “`nWARNING: System has pending updates/reboots!” -ForegroundColor Red
Write-Host “Sysprep will fail if run now (Error 0x8007139F)” -ForegroundColor Red
Write-Host “`nRECOMMENDED ACTION:” -ForegroundColor Yellow
Write-Host “1. Reboot the system now to complete pending updates” -ForegroundColor Cyan
Write-Host “2. After reboot, run this script again” -ForegroundColor Cyan
Write-Host “`nAlternatively, the script can attempt to reboot now and you can run it again after.” -ForegroundColor Yellow

$Response = Read-Host “`nDo you want to reboot now? (Y/N)”
if ($Response -eq “Y” -or $Response -eq “y”) {
Write-Host “Rebooting system in 10 seconds…” -ForegroundColor Yellow
Start-Sleep -Seconds 10
Restart-Computer -Force
}
else {
Write-Host “Sysprep cancelled. Please reboot manually and run the script again.” -ForegroundColor Yellow
exit 1
}
}
else {
Write-Host “No pending reboots detected. Proceeding with Sysprep…” -ForegroundColor Green
}

# Run Sysprep
Write-Host “`n=== Running Sysprep ===” -ForegroundColor Yellow
Write-Host “The system will generalize and reboot…” -ForegroundColor Yellow
Start-Sleep -Seconds 3

try {
$SysprepPath = “$env:SystemRoot\System32\Sysprep\sysprep.exe”

if (Test-Path $SysprepPath) {
Write-Host “Executing Sysprep /generalize /oobe /reboot…” -ForegroundColor Yellow
Start-Process -FilePath $SysprepPath -ArgumentList “/generalize”, “/oobe”, “/reboot” -Wait -NoNewWindow
}
else {
Write-Host “Sysprep not found at $SysprepPath” -ForegroundColor Red
exit 1
}
}
catch {
Write-Host “Error running Sysprep: $_” -ForegroundColor Red
exit 1
}

🔹 Feature: GitHub Enterprise

🔹 What It Does: Offers GitHub on-premises (or as dedicated SaaS) with advanced security tools and SLA support.

What It’s Giving You:

✅ GitHub Enterprise Cloud: Hosted by GitHub with robust enterprise features.

✅ GitHub Enterprise Server: Self-hosted, deployed on your company’s own infrastructure or in the cloud (AWS, Azure, GCP).

✅ Advanced Security: SAML/SSO, LDAP, SCIM, audit logs, IP allow-listing for enhanced protection.

✅ Enterprise-Grade Compliance: Meets SOC2, HIPAA, FedRAMP, and GDPR requirements.

✅ Centralized Management: Simplified policy and user management across your entire organization.

GitHub Enterprise (Cloud / Enterprise option): ~$21 USD per user per month.

🔹 Feature: API Management Gateway

🔹 What It Does:

✅ Simplifies API management across hybrid and multi-cloud environments.

✅ Enhances security with built-in authentication and threat protection.

✅ Provides detailed analytics for monitoring API performance and usage.

✅ Enables seamless integration with Azure services and on-premises systems.

🔹 What Is It Giving You:

✅ Centralized control over your APIs for consistent policy enforcement.

✅ Improved scalability and reliability for your applications.

✅ Accelerated development cycles with easier API versioning and management.

✅ Enhanced developer experience through a unified platform.

More info: https://learn.microsoft.com/en-us/azure/api-management/api-management-key-concepts

#mvpbuzz #azurenews

🔹 Feature: AI Gateway

🔹 What It Does: Built on Azure API Management Gateway, the AI Gateway extends robust API protections to your AI systems, including often-overlooked MCP servers.

What It Gives You:

✅ Control: Keep your AI solutions under strict governance.

✅ Security: Manage usage with authentication and authorization protocols.

✅ Efficiency: Balance loads seamlessly across your AI infrastructure.

✅ Cost Management: Monitor and optimize expenses effortlessly.

✅ All the other stuff that API management provides

More info: https://learn.microsoft.com/en-us/azure/api-management/genai-gateway-capabilities

#mvpbuzz #azurenews

AI and Copilot Everywhere. Last year, over 16,000 MCP servers were introduced. Consequently, I recommended that you consider providing an MCP server for your application.

🔹 Feature: MCP Server

🔹 What It Does: MCP Server delivers data and enables actions (e.g. Run Calc.exe on your Windows, Linux) from AI, not just through common protocols.

One picture speaks louder than a thousand words – what is MCP server:

✅ Seamless Integration: Enjoy effortless connections with AI-powered services, enhancing productivity and efficiency.

✅ Improved Data Flow: Experience faster, more reliable data transmission, ensuring your applications run smoothly.

✅ Action-Ready: Execute AI-driven tasks instantly, reducing delays and boosting operational agility.

✅ Flexible Protocol Support: Go beyond traditional protocols to harness AI’s full potential in diverse environments.

✅ Official MCP Registry: Visit the official MCP registry website or platform that maintains a verified list of servers (https://github.com/mcp).

Learn More: https://github.com/microsoft/community-content

#mvpbuzz #azurenews

⚠️ Intune is Moving to New IP Addresses (Front Door) – Stay Updated! New Post in Azure, Microsoft 365 Series:

🔹 Feature: Autopilot Device Preparation (AP-RP)

🔹 What It Does: Simplifies Autopilot debugging with enhanced efficiency.

What It’s Giving You:

✅ Auto-Log-Upload for provisioning failures – no manual uploads needed.

✅ Superior Troubleshooting – faster, clearer insights to resolve issues.

✅ Automatic Device Enrollment into Device Security Groups.

✅ Cross-Cloud Support – works seamlessly across commercial & government clouds.

✅ No Registration Required – fast, consistent Out-Of-Box Experience (OOBE).

✅ Device-Based Configuration with policy-driven provisioning.

⚠️ Entra Only – no hybrid support.

⚠️ No Script Provisioning – streamlined and secure setup.

More Info: https://learn.microsoft.com/en-us/autopilot/device-preparation/compare

#mvpbuzz #azurenews

🔹 Feature: Windows Server 2025 Security Baseline

🔹 What It Does: Offers powerful scripts to harden your Windows environment, not just for 2025, ensuring full compliance with top security standards.

What It Gives You:

✅ Easy to Use: Simplified security hardening process.

✅ Supported by Microsoft: Reliable and officially backed.

✅ No More Harden Kitty: Streamlined solution without the need for additional tools.

More Info: https://rzetelnekursy.pl/stop-using-hardenkitty-windows-server-2025-security-baseline-is-the-clear-winner/

#mvpbuzz #azurenews

🔹 Feature: Extended Network for Azure (VXLAN)

🔹 What It Does: Enables the use of the same IP network ranges both On-premises and on Azure.

What is it giving you:

✅ Simplified Network Management: No need to reconfigure IP ranges when extending your network to Azure.

✅ Seamless Connectivity: Ensures effortless communication between your on-premises systems and Azure resources.

✅ Enhanced Flexibility: Easily migrate workloads to the cloud without worrying about IP conflicts.

✅ Cost Efficiency: Reduces the overhead of complex network ⚠️ configurations and management.

⚠️ You should use this functionality only if there is no other option. Having different IP addresses is always recommended.

⚠️  This approach may lead to potential security risks and reduced network performance, making it less ideal compared to using separate IP addresses.

More info: https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/azure-extended-network

#mvpbuzz #azurenews

🚀  Azure and Microsoft 365 series bring Elastic SAN offer that has enhanced performance in comparison to Premium SSD disks. Notably, their cost is comparable to that of Standard SSD disks, despite their superior performance. 🚀

🔹 Feature: Azure Elastic SAN (Storage Area Network)

🔹 What It Does: A robust storage solution in Azure, complementing Premium Disks, Standard HDD, and SSD disks.

✅ What’s It Giving You?

4TB of SAN Premium Disk: ⚡ 20,000 IOPS / 🚀 800 MB/s

💰 Cost: 9.04 €/day

4TB of Premium Disk: ⚡ 7,500 IOPS / 🚀 250 MB/s

💰 Cost: 15.04 €/day

4TB of Standard SSD Disk: ⚡ 500 IOPS / 🚀 100 MB/s

💰 Cost: 8.48 €/day

4TB of Standard HDD Disk: ⚡ 500 IOPS / 🚀 60 MB/s

💰 Cost: 4.52 €/day

✅ Why Choose Azure Elastic SAN?

Higher performance at lower cost compared to Premium SSDs

Affordable like Standard SSDs but with superior speed and IOPS

#mvpbuzz #azurenews

🚀 Azure and Microsoft 365 series ensure your application isi always up and running! Game-changing feature!

🔹 Feature: Azure SRE Agent

🔹 What It Does: AI-powered assistant that helps diagnose and resolve Azure issues by analyzing your Resource Groups.

One video clip displays over one hundred words!

✅ Why It’s Beneficial:

✅ Automates Incident Management: Quickly identifies and addresses issues to minimize downtime.

✅ Diagnoses Apps & Performs Root Cause Analysis: Pinpoints problems with precision, reducing time spent on troubleshooting.

✅ Fine-Grained Access Control: Offers both human-in-the-loop and autonomous actions for secure, flexible management.

✅ Proactively Audits Resources: Continuously checks resources against Azure best practices to ensure optimal performance.

✅ Integrates with Developer Tools: Seamlessly connects with GitHub and Azure DevOps to enhance your development workflow.

🚀 Stay Ahead with Azure SRE Agent!

More info: https://learn.microsoft.com/en-us/azure/sre-agent/overview?tabs=explore

#mvpbuzz #azurenews

Azure and Office 365: Seamless Integration (Next Post in Series)

🔹 Feature: Azure Migrate

🔹 What It Does: This tool assists you in migrating your workloads to the Microsoft cloud.

✅ Discovery and Assessment: Identify and evaluate on-premises applications, servers, and databases for migration readiness.

✅ Server Migration: Seamlessly transfer virtual and physical servers to Azure.

✅ Database Migration: Simplify the process of moving databases to Azure SQL with minimal downtime.

✅ Application Modernization: Analyze and modernize .NET and Java applications for cloud efficiency.

✅ Integration with Azure Tools: Works seamlessly with Azure Monitor, Azure Security Center, and other services for optimized management.

✅ Cost Estimation: Provides precise cost projections for migrating workloads to Azure.

✅ Performance Insights: Offers performance-based recommendations to enhance cloud efficiency.

🚀 Application awareness enhanced discovery and assessment workflows with an updated inventory view, dependency analysis, and centralized Action Center for managing migration issues

More info: https://learn.microsoft.com/en-us/azure/migrate/?view=migrate

#mvpbuzz #azurenews

Get ready for the next installment in our series on hidden gems in Azure and Microsoft 365!

🔹 Feature: On-Device AI with Microsoft Foundry Local — Free to Use!

🔹 What It Does: Foundry Local delivers the power of Azure AI Foundry directly to your local device, no Azure subscription needed. Enjoy seamless AI capabilities right where you are.

Why It’s Game-Changing:

✅ Enhanced Privacy: Your data stays on your device, ensuring top-tier security and privacy.

✅ Offline Capabilities: Run powerful AI models even without an internet connection — perfect for remote environments.

✅ Cost-Efficient: Completely free and eliminates the need for cloud-related expenditures.

✅ Faster Performance: Local processing reduces latency, delivering quicker responses and real-time analytics.

✅ Developer-Friendly: Simplifies AI integration for apps without complex cloud configurations.

More info: https://github.com/microsoft/Foundry-Local

If you’re looking for more models to explore try OpenSource LM Studio, which lets you play with AI on your laptop, there are plenty of options available. More: https://youtu.be/P67z8ZVlzzQ

#mvpbuzz #azurenews

Next post about features in Azure and Microsoft 365: Explore Copilot, your AI companion for simplifying, smartening, and enhancing task efficiency. Here’s a quick overview of our Copilots:

🔹 Feature: Copilot Saga

🔹 Function: Copilot is Microsoft’s family of AI assistants designed to provide contextual assistance, automate tasks, and enhance productivity across applications, platforms, and industries.

✅ Copilot for Microsoft 365

Empowers productivity in Word, Excel, PowerPoint, Sharepoint and more. It helps draft, summarize, and analyze content, turning ideas into polished documents effortlessly.

✅ Copilot for Power Platform

Assists in building apps, automating workflows, and analyzing data with natural language prompts, making app development accessible to everyone.

✅ Copilot in Dynamics 365

Enhances CRM and ERP tasks by providing AI-driven insights, predictive recommendations, and automated data entry to streamline business operations.

✅ GitHub Copilot

The ultimate coding assistant that suggests code snippets, completes lines, and helps debug efficiently, all powered by advanced AI models.

✅ Security Copilot

Supports cybersecurity teams by detecting threats, analyzing incident data, and providing actionable recommendations with AI precision.

✅ Copilot in Azure

Optimizes cloud management with AI-driven suggestions, resource optimization, and predictive analytics for better performance and cost efficiency.

✅ Consumer Copilot

Consumer Copilot is a free AI-powered digital assistant available in Edge.

✅ Copilot Studio

Copilot Studio is an advanced development environment designed to enhance productivity through AI-driven code suggestions and seamless integrations. It empowers developers to build, test, and deploy applications efficiently with intelligent assistance.

#mvpbuzz #azurenews

Azure and Office 365: Unlocking Seamless Integration (Next Post in Series)

🔹 Feature: Azure ARC

🔹 What It Does: Bringr your on-premise and other cloud Azure capabilities

🔹Core Azure Arc:

✅Kubernetes – Azure Arc → Lets you connect and manage Kubernetes clusters across on-prem, edge, and other clouds. https://learn.microsoft.com/en-us/azure/azure-arc/kubernetes/overview

✅Servers – Azure Arc → Brings non-Azure servers into Azure management (Windows/Linux). https://learn.microsoft.com/en-us/azure/azure-arc/servers/overview

✅SQL Server – Azure Arc → Extends Azure SQL security, monitoring, and policy compliance to on-premises SQL Servers. https://learn.microsoft.com/en-us/sql/sql-server/azure-arc/overview

✅Azure Arc Data Controller → Foundation for Arc-enabled data services, enabling hybrid data control and telemetry. https://learn.microsoft.com/en-us/azure/azure-arc/data/overview

✅Azure SQL Managed Instance – Azure Arc → Fully managed SQL MI deployed outside Azure but still operated/monitored as if native. https://learn.microsoft.com/en-us/azure/azure-arc/data/managed-instance-overview

✅Azure Arc Private Link Scope → Provides private, secure connectivity for Azure Arc resources to Azure services. https://learn.microsoft.com/en-us/azure/azure-arc/servers/private-link-security

🔹Additional Azure Arc capabilities:

✅Azure App Service, Functions, and Logic Apps → Run Azure PaaS services outside Azure. https://learn.microsoft.com/en-us/azure/app-service/overview-arc-integration

✅Azure Machine Learning → Extend ML workloads to Kubernetes clusters across hybrid environments. https://learn.microsoft.com/en-us/azure/machine-learning/how-to-attach-kubernetes-anywhere

✅Policy & Security integrations (Defender for Cloud, Azure Policy, Sentinel) → Apply uniform governance.

✅Azure Monitor / Azure Lighthouse with Arc → Centralized monitoring and management for Arc resources.

#mvpbuzz #azurenews

🚀 Native GIT Version Control in Windows Explorer

🔹 Feature: Native GIT Version Control in Windows Explorer

🔹 What It Does: This integration brings GIT version control details directly into File Explorer. You’ll see essential information such as:

✅ Branch name 🗂️

✅ Last commit author ✍️

✅ Last commit message 📝

✅ Previous version of the file 📄

It’s not a replacement for traditional GIT tools but offers quick, convenient access right within your file system for streamlined workflows. ⚡

More info: https://learn.microsoft.com/en-us/windows/advanced-settings/fe-version-control

#mvpbuzz #azurenews

🚀 Unlock the potential of open-source projects incubated by Mark Russinovich’s Azure CTO team — tools designed not only for cloud platforms but to empower developers everywhere.

🔹 Feature: Event-driven autoscaling, microservices runtime, change-driven processing, secure container patching, and multi-cloud application modeling.

🔹 What It Does: Enables faster, more reliable, and secure development and operations by combining scalability (KEDA), microservice building blocks (Dapr), data-driven automation (Drasi), vulnerability patching (Copa), and cloud-neutral application management (Radius).

✅ KEDA: Kubernetes Event-Driven Autoscaler — extends the native Kubernetes Horizontal Pod Autoscaler (HPA) to support event-based scaling (including scale-to-zero) by observing external event sources (queues, streams, databases, etc.). KEDA+2KEDA+2

🔗 https://keda.sh/

✅ Dapr: A portable, event-driven runtime for building microservices — provides building blocks such as service-to-service invocation, state management, pub/sub, actor model, and observability in a platform-agnostic manner.

🔗 https://dapr.io/

✅ Drasi: A data change processing platform — designed to continuously monitor data sources (logs, change feeds) via Sources, evaluate them with Continuous Queries, and issue Reactions automatically, enabling near real-time, declarative change-driven systems. Drasi is now part of the CNCF Sandbox. Microsoft Azure+3CNCF+3Microsoft Open Source+3

🔗 https://drasi.io/

✅ Copa (Project Copacetic): A container image patching tool — enables direct patching of OS-level vulnerabilities in container images based on vulnerability scanner reports (e.g. from Trivy), without full rebuilds, reducing turnaround time for security updates. It is a CNCF Sandbox project. GitHub+3Microsoft Open Source+3GitHub+3

🔗 https://project-copacetic.github.io/copacetic/

✅ Radius: Cloud-neutral application platform / resource manager — allows developers to model applications (services, dependencies) while platform teams define Recipes to map those models to infrastructure. Radius provides a unified application graph, multi-cloud deployment, and separation of concern between app definitions and platform implementation. Microsoft Tech Community+4Microsoft Azure+4docs.radapp.io+4

🔗 https://radapp.io/

Mark Russinovich’s projects are incredibly useful, designed to speed up the development process, particularly in cloud environments.

#mvpbuzz #azurenews

🚀 New Feature Alert! – The next installment in the series about Azure and Windows 365.

🔹 Feature: Guest accounts for Azure Virtual Desktop and Windows 365 Cloud PC

🔹 What It Does: External identity support allows you to invite users to your Entra ID tenant and provide them Azure Virtual Desktop resources.

✅ This means easier collaboration with external partners while maintaining secure access control. Simplify identity management and enhance productivity across organizational boundaries! 

More info:

https://learn.microsoft.com/en-us/azure/virtual-desktop/authentication#external-identity-preview

https://learn.microsoft.com/en-us/windows-365/enterprise/identity-authentication#external-identity-preview

#mvpbuzz #azurenews

Explore the underutilized features of Azure and Microsoft

🔹 Feature: Winget – No more sysprep – Beyond a Simple Package Manager for Windows  

🔹 What It Does: Winget isn’t just another package manager like yum or apt-get. It’s designed to simplify software management on Windows, but it offers even more than that.

Key Features:

✅ Software Installation: Easily install, upgrade, and manage applications.

✅ Capture Windows Settings: Winget can capture all your Windows settings and save them to a file.

✅ Seamless Restoration: Quickly restore settings on a new machine, making migrations hassle-free.

This functionality ensures that your personalized Windows environment can travel with you to any new device effortlessly.

Try yourself:

📁 winget configure export —all -o my_machine.winget

📁 winget configure. \my_machine.winget

#mvpbuzz #azurenews

Exploring underutilized features of Azure and Office 365!

🔹 Feature: Threads in Microsoft Teams  

🔹 What It Does: Create topics and reply to specific messages, similar to Slack.

Why It’s Game-Changing:  

✅ Enhances organization and clarity in conversations.  

✅ Facilitates focused discussions on specific topics.  

✅ Improves team collaboration by reducing noise.

💡 Pro Tip: Perfect for teams managing multiple projects or needing to keep discussions on track.

More info:

https://adoption.microsoft.com/en-us/microsoft-teams/new-chat-and-channels-experience/threads-in-channels/

https://techcommunity.microsoft.com/blog/microsoftteamsblog/from-threads-to-workflows-microsoft-teams-features-that-boost-everyone’s-product/4430879

#mvpbuzz #azurenews