Continuation of the Well-Architected Framework Series: This time, we’re focusing on Assessment across Azure, Microsoft 365, Windows, and other Microsoft products.

🔹 Feature: Microsoft Assessments

🔹 What It Does: Helps you check your solution effectiveness and alignment with best practices using Microsoft’s Assessment tools.

What It’s Giving You:

✅ Actionable Insights: Identify areas for improvement in your current architecture.

✅ Tailored Recommendations: Receive recommendations specific to your environment and workloads.

✅ Risk Identification: Spot potential risks and security gaps early.

✅ Optimized Performance: Ensure your solutions are scalable, secure, and cost-efficient.

✅ Simplified Compliance: Align with industry standards and Microsoft’s best practices effortlessly.

More info: https://learn.microsoft.com/en-us/assessments/

#

Are you architect?

🔹 Feature: Azure Well-Architected Framework

🔹 What It Does: Planning a landing zone or deploying PaaS and others? Here are essential guidelines you must know!

What is it giving you?

✅ Best Practices for designing and operating reliable, secure, and efficient systems.

✅ Guidance on optimizing costs while maintaining performance.

✅ Framework to strengthen your cloud architecture based on proven pillars.

🌟 Main Pillars:

✅ Reliability – Ensure systems recover from failures and continue to function.

✅ Security – Protect applications and data from threats.

✅ Cost Optimization – Manage expenses while maximizing value.

✅ Operational Excellence – Improve processes and monitoring for smooth operations.

✅ Performance Efficiency – Achieve the best performance with scalable resources.

🔗 More info: https://learn.microsoft.com/en-us/azure/well-architected/

🔹 Feature: VNet Flow Logs

🔹 What It Does: The successor to NSG Flow Logs, offering advanced capabilities without the need to implement NSG.

What It’s Giving You:

✅ Enhanced visibility into network traffic

✅ Simplified monitoring without NSG dependency

✅ Detailed analytics for improved security insights

✅ Easier troubleshooting for network-related issues

More info: https://learn.microsoft.com/en-us/azure/network-watcher/vnet-flow-logs-overview?tabs=Americas#virtual-network-flow-logs-compared-to-network-security-group-flow-logs

🔹 Feature: “Hey Copilot” on Windows 11

🔹 What It Does: Transform your Windows 11 device into an AI-powered assistant, enabling you to manage tasks effortlessly using natural language.

What Is It Giving You?

✅ Voice Activation & Natural Conversation

Simply say, “Hey Copilot,” to start a voice interaction. Your PC understands natural language, letting you search, summarize, and perform tasks—no keyboard needed.

✅ Copilot Vision — “See What You See”

Your AI PC visually interprets content on your screen or within apps. Whether editing photos, reviewing presentations, or organizing files, Copilot Vision helps you take smart next steps.

✅ Agentic Actions — Acting on Your Behalf

Beyond providing answers, Windows 11’s AI executes tasks for you—like drafting emails, creating documents, organizing files, or scheduling events—with your approval.

✅ Deep Integration Into Your Workflow

Copilot is seamlessly built into Windows 11 and your taskbar. It connects with apps, settings, and tools, helping you work efficiently without switching contexts.

✅ Unified Connections Across Your Services

Link personal and work accounts—like OneDrive, Outlook, Google Drive, and Gmail—so your PC can locate, summarize, and act on information wherever it’s stored.

More info and great videos:

https://blogs.windows.com/windowsexperience/2025/10/16/making-every-windows-11-pc-an-ai-pc/

🌟 The Saga Continues! 🌟

🔹 Feature: Azure Chaos Studio

🔹 What It Does: Enables you to experiment with controlled chaos by simulating resource failures to see how your applications respond.

What is it giving you:

✅ Helps identify vulnerabilities in your systems before they cause real issues.

✅ Enhances system resilience by preparing for unexpected failures.

✅ Supports proactive troubleshooting, saving time and resources.

✅ Provides insights to optimize performance under stress conditions.

More Info: https://rzetelnekursy.pl/ui-tests-with-playwright-azure-load-testing-and-resilience-tests-with-azure-chaos-studio/

🚀 Testing Saga Continues! 🚀

🔹 Feature: Azure App Testing

🔹 What It Does: Perform Load Web Tests in Azure, fully compatible with JMeter for seamless performance evaluation.

What Is It Giving You?

✅ Simplified load testing for web applications

✅ Enhanced performance insights with Azure integration

✅ Seamless compatibility with JMeter for smooth workflows

✅ Scalable testing environments to meet diverse demands

✅ Quick setup and easy configuration for faster results

More Info: https://rzetelnekursy.pl/ui-tests-with-playwright-azure-load-testing-and-resilience-tests-with-azure-chaos-studio/

🔹 Feature: Playwright Testing

🔹 What It Does: Perform UI Web tests with Playwright for Cloud and on-premise applications

What It’s Giving You:

✅ Streamlined automated UI testing for web applications

✅ Compatibility with both Cloud and on-premise environments

✅ Enhanced efficiency in detecting UI issues early

✅ Support for multiple browsers and platforms

✅ Easy integration with CI/CD pipelines

More Info: https://rzetelnekursy.pl/ui-tests-with-playwright-azure-load-testing-and-resilience-tests-with-azure-chaos-studio/

🔹 Feature: Connect to AKS Private Cluster Using Azure Bastion

🔹 What It Does: Establishes a secure tunnel to Azure Kubernetes Service, enabling you to invoke kubectl commands seamlessly.

What It Gives You:

✅ Secure and simplified access to AKS Private Clusters without exposing them to the public internet.

✅ No need for additional VPNs or jump hosts—Azure Bastion handles the secure connectivity.

✅ Direct command execution using kubectl, enhancing operational efficiency.

✅ Improved security posture with controlled access through Azure Bastion.

🤔 We are awaiting further tunnel bastion connection possibilities, such as those to Postgres. 🤔

More info: https://learn.microsoft.com/en-us/azure/bastion/bastion-connect-to-aks-private-cluster

#mvpbuzz #azurenews

🔹 Feature: Front Door – Managed Identities to Authenticate to Origins

🔹 What It Does: Adds an extra layer of security, protecting your origins from being bypassed through Front Door.

What It Gives You:

✅ Enhanced security for origin access

✅ Simplified identity management without the need for credentials

✅ Seamless integration with Azure services

✅ Reduced risk of unauthorized access

⚠️ Additional control – verify if access is routed through Azure Front Door, check the X-Azure-FDID header in incoming requests and confirm it matches your Front Door’s ID.

More info: https://learn.microsoft.com/en-us/azure/frontdoor/origin-authentication-with-managed-identities 

🔹 Feature: Grafana with Azure Monitor

🔹 What It Does: Azure Monitor dashboards with Grafana enable you to leverage Grafana’s powerful query, transformation, and visualization capabilities for enhanced data insights.

What is it giving you:

✅ Real-time monitoring across multiple data sources

✅ Customizable, interactive dashboards for dynamic visuals

✅ Seamless integration with Azure services for smooth workflows

✅ Enhanced flexibility in analyzing and presenting critical metrics

📊 Don’t forget to check out Managed Grafana Service for comprehensive monitoring solutions.

More info: https://learn.microsoft.com/en-us/azure/azure-monitor/visualize/visualize-grafana-overview

New Post in Series: Azure, Microsoft 365, Windows, Microsoft Products

This time, let’s dive into a tool that helps you build AI applications capable of querying external APIs and decomposing AI prompts for enhanced performance.

🔹 Feature: Symantec Kernel

🔹 What It Does: A free SDK designed to build AI applications that act as an orchestration layer between large language models and your custom code.

What’s Helping You:

✅ Seamless integration of math operations within AI workflows.

✅ Efficient handling of external API calls to expand AI capabilities.

✅ Simplifies AI prompt decomposition for better data processing.

✅ Acts as a bridge between AI models and your application logic, ensuring smooth orchestration.

✅ Plugin ecosystem

⚠️ Challenges and Considerations: For new project consider using Microsoft Agent Framework as the successor to Symantec Kernel.

More Info: https://github.com/microsoft/semantic-kernel

Competitors of LangChain, LlamaIndex, LangGraph

🔹 Feature: Azure File Sync

🔹 What It Does: Synchronizes local File Shares with Azure Files.

What It Offers You:

✅ Seamless Synchronization: Ensures your local file shares and Azure Files are always up-to-date.

✅ Multi-Master Support: Facilitates collaboration across multiple sites with real-time updates.

✅ Efficient Migrations: Simplifies the transition from on-premises storage to the cloud without downtime.

✅ Local Cache Option: Provides quick access to frequently used files, reducing latency and dependency on internet speed.

✅ Backup: Disaster recovery scenarios, Backup scenarios.

More info: https://learn.microsoft.com/en-us/azure/storage/file-sync/file-sync-planning

#mvpbuzz #azurenews

🔹 Feature: IoT Central

🔹 What It Does: Simplifies the creation of IoT applications, dashboards, device management, and more.

What is it giving you:

✅ Quick Deployment: Easily set up IoT solutions without deep coding knowledge.

✅ Scalable Management: Manage thousands of devices effortlessly with built-in scalability.

✅ Customizable Dashboards: Visualize data effectively with personalized dashboards.

✅ Integration Ready: Seamlessly connects with other Microsoft services like Azure Functions and Power BI.

Some projects: 

🌐 https://youtu.be/fiyHol2yje0?si=tNwnzQ3jaBB7JGCj

🌐 https://youtu.be/9Ve9030IVqg?si=YbnWJ_ED5RQkJmXm

🔹 Feature: Azure Relay – Live without VPN

🔹 What It Does: Enables secure, direct connections between systems even when they’re behind firewalls using HTTPS.

What is it giving you:

✅ Built on the well-known Azure Service Bus for reliability and scalability.

✅ No need to open inbound ports, enhancing security.

✅ Seamless communication across distributed applications.

✅ Supports a variety of communication patterns (request/response, one-way, relayed messaging).

✅ Eliminates complex network configurations.

Easy step by step: https://github.com/MariuszFerdyn/Tunnel-via-Azure-Relay

🔹 Feature: Container Insights Segregation by Namespace

🔹 What It Does: Provides the ability to configure container console log collection, enabling segregation of logs by different Container Insights.

What It’s Giving You:

✅ Reduce Costs: Efficient log segregation minimizes unnecessary data ingestion, cutting down on expenses.

✅ Rescue PII Data Ingestion: Enhances control over data logs, reducing the risk of unintentional PII data exposure.

⚠️ Challenges and Considerations: Not easy – Configuration via Config Map

More info: https://learn.microsoft.com/en-nz/azure/azure-monitor/containers/container-insights-multitenant?tabs=arm

#mvpbuzz #azurenews

🔹 Feature: Confidential Computing

🔹 What It Does: Keeps memory encrypted within the virtual machine. It’s also available for PaaS platforms that have underlying virtual machines.

Confidential Computing is here to elevate your security game:

✅ Secure Kubernetes Deployments: Protect sensitive data while running containerized applications.

✅ Azure Virtual Desktop: Enhance security for privileged workstations, safeguarding critical business environments.

✅ Data Integrity Across PaaS: Keep your data secure even when leveraging platform services.

More info: https://azure.microsoft.com/en-us/solutions/confidential-compute#Related-products-3

#mvpbuzz #azurenews

🔹 Feature: Azure Storage Discovery

🔹 What It Does: Automatically scans your Azure environment to detect, classify, and provide insights into storage resources.

What It’s Giving You:

✅ Simplified Data Management: Azure Storage Discovery helps you identify and organize your storage resources efficiently.

✅ Enhanced Visibility: Gain clear insights into storage accounts, their usage, and potential cost optimization areas.

✅ Streamlined Operations: Quickly discover redundant or underutilized storage, improving resource allocation.

✅ Security Insights: Identify potential vulnerabilities and maintain compliance with organizational policies.

More info: https://azure.microsoft.com/en-us/blog/from-queries-to-conversations-unlock-insights-about-your-data-using-azure-storage-discovery-now-generally-available/

🔹 Feature: Ephemeral OS Disk Support on Azure Virtual Desktop

🔹 What It Does: Every session resets to its initial state—perfect for software testing and privileged workstations.

What It’s Giving You:

✅ Enhanced Security: Ensures sensitive data isn’t stored long-term, minimizing security risks.

✅ Optimized Performance: Faster boot times and improved user experience due to streamlined OS management.

✅ Cost-Efficiency: Reduces storage costs since no persistent OS disk is needed.

✅ Ideal for Testing: Perfect for developers needing clean environments for repeatable test scenarios.

More info: https://techcommunity.microsoft.com/blog/azurevirtualdesktopblog/now-in-public-preview-ephemeral-os-disk-support-on-azure-virtual-desktop/4460172

sudo raspi-config nonint do_vnc 0

sudo apt-get install -y gcc make libssl-dev libpam0g-dev libx11-dev libxfixes-dev libxrandr-dev mc autoconf automake libtool libxkbfile-dev

git clone https://github.com/neutrinolabs/xrdp.git
cd xrdp
git checkout 4b2155b6cf80c0411ffe8b5f1f7e3e4fae09e1a8

./bootstrap
./configure
make
sudo make install

sudo mcedit /etc/xrdp/xrdp.ini

[Xvnc]
name=Xvnc
lib=libvnc.so
pamusername=ask
pampassword=ask
#username=ask
#password=ask
ip=127.0.0.1
port=5900
security_level=0
depth=24

 

sudo mcedit /etc/wayvnc/config

use_relative_paths=true
address=::
enable_auth=false
#enable_pam=true
private_key_file=tls_key.pem
certificate_file=tls_cert.pem
rsa_private_key_file=rsa_key.pem

sudo systemctl enable xrdp
sudo systemctl restart wayvnc xrdp.service

 

sudo dphys-swapfile swapoff
sudo mcedit /etc/dphys-swapfile

CONF_SWAPSIZE=2048

sudo dphys-swapfile setup
sudo dphys-swapfile swapon

 

This script do the following:

1. Install and Configure VNC Server
2. Open 5900 port on local firewall
3. Remove user appx packages (required to successful run the sysprep)
4. Do a sysprep /generalize /oobe /reboot

All is unattended. After it reboot you can connect using VNC-Viewer-7.13.1-Windows-64bit to this VM and perform OOBE (Out-of-Box Experience). In this way you can utilize Intune Autopilot.

Before proceed make sure the machine is has all updates and no pending restart – just restart VM.

# TightVNC Unattended Installation and Configuration Script
# Requires Administrator privileges

#Requires -RunAsAdministrator

# Configuration Variables
$Password = “Pa##word”
$TightVNCVersion = “2.8.84”
$InstallerURL = “https://www.tightvnc.com/download/$TightVNCVersion/tightvnc-$TightVNCVersion-gpl-setup-64bit.msi”
$InstallerPath = “$env:TEMP\tightvnc-setup.msi”
$Port = 5900

Write-Host “Starting TightVNC Installation and Configuration…” -ForegroundColor Green

# Disable BitLocker on C: drive
Write-Host “`n=== Checking BitLocker Status ===” -ForegroundColor Yellow
try {
$BitLockerVolume = Get-BitLockerVolume -MountPoint “C:” -ErrorAction Stop

if ($BitLockerVolume.ProtectionStatus -eq “On”) {
Write-Host “BitLocker is enabled on C: drive. Disabling…” -ForegroundColor Yellow

# Disable BitLocker
Disable-BitLocker -MountPoint “C:” -ErrorAction Stop
Write-Host “BitLocker disable initiated.” -ForegroundColor Green

# Wait for decryption to complete
Write-Host “Waiting for decryption to complete (this may take several minutes)…” -ForegroundColor Yellow

$DecryptionComplete = $false
$MaxWaitTime = 3600 # 1 hour maximum wait
$ElapsedTime = 0
$CheckInterval = 10 # Check every 10 seconds

while (-not $DecryptionComplete -and $ElapsedTime -lt $MaxWaitTime) {
Start-Sleep -Seconds $CheckInterval
$ElapsedTime += $CheckInterval

$BitLockerStatus = Get-BitLockerVolume -MountPoint “C:” -ErrorAction SilentlyContinue
$EncryptionPercentage = $BitLockerStatus.EncryptionPercentage

Write-Host “Decryption progress: $($EncryptionPercentage)% encrypted remaining…” -ForegroundColor Cyan

if ($BitLockerStatus.VolumeStatus -eq “FullyDecrypted”) {
$DecryptionComplete = $true
Write-Host “BitLocker decryption completed successfully!” -ForegroundColor Green
}
}

if (-not $DecryptionComplete) {
Write-Host “Warning: Decryption is taking longer than expected.” -ForegroundColor Yellow
Write-Host “Current encryption status: $($EncryptionPercentage)% encrypted” -ForegroundColor Yellow
Write-Host “Continuing with installation, but Sysprep may have issues if encryption is not complete.” -ForegroundColor Yellow
}
}
elseif ($BitLockerVolume.ProtectionStatus -eq “Off”) {
Write-Host “BitLocker is already disabled on C: drive.” -ForegroundColor Green
}
else {
Write-Host “BitLocker status: $($BitLockerVolume.ProtectionStatus)” -ForegroundColor Cyan
}
}
catch {
Write-Host “Could not check BitLocker status: $_” -ForegroundColor Yellow
Write-Host “Continuing with installation…” -ForegroundColor Yellow
}

# Download TightVNC Installer
Write-Host “Downloading TightVNC installer…” -ForegroundColor Yellow
try {
Invoke-WebRequest -Uri $InstallerURL -OutFile $InstallerPath -UseBasicParsing
Write-Host “Download completed successfully.” -ForegroundColor Green
}
catch {
Write-Host “Error downloading TightVNC: $_” -ForegroundColor Red
exit 1
}

# Install TightVNC silently
Write-Host “Installing TightVNC…” -ForegroundColor Yellow
try {
$InstallArgs = @(
“/i”
“`”$InstallerPath`””
“/quiet”
“/norestart”
“ADDLOCAL=Server”
“SERVER_REGISTER_AS_SERVICE=1”
“SERVER_ADD_FIREWALL_EXCEPTION=1”
“SET_USEVNCAUTHENTICATION=1”
“VALUE_OF_USEVNCAUTHENTICATION=1”
“SET_PASSWORD=1”
“VALUE_OF_PASSWORD=$Password”
“SET_VIEWONLYPASSWORD=1”
“VALUE_OF_VIEWONLYPASSWORD=$Password”
)

Start-Process “msiexec.exe” -ArgumentList $InstallArgs -Wait -NoNewWindow
Write-Host “TightVNC installed successfully.” -ForegroundColor Green
}
catch {
Write-Host “Error installing TightVNC: $_” -ForegroundColor Red
exit 1
}

# Wait for installation to complete
Start-Sleep -Seconds 5

# Configure TightVNC Registry Settings
Write-Host “Configuring TightVNC settings…” -ForegroundColor Yellow
$RegistryPath = “HKLM:\SOFTWARE\TightVNC\Server”

try {
# Set port
Set-ItemProperty -Path $RegistryPath -Name “RfbPort” -Value $Port -Type DWord -Force

# Set to run as system service (autostart)
Set-ItemProperty -Path $RegistryPath -Name “RunControlInterface” -Value 1 -Type DWord -Force

# Enable authentication
Set-ItemProperty -Path $RegistryPath -Name “UseVncAuthentication” -Value 1 -Type DWord -Force

# Additional security settings
Set-ItemProperty -Path $RegistryPath -Name “AcceptRfbConnections” -Value 1 -Type DWord -Force
Set-ItemProperty -Path $RegistryPath -Name “QueryAcceptOnTimeout” -Value 0 -Type DWord -Force
Set-ItemProperty -Path $RegistryPath -Name “QueryTimeout” -Value 30 -Type DWord -Force
Set-ItemProperty -Path $RegistryPath -Name “LocalInputPriority” -Value 0 -Type DWord -Force
Set-ItemProperty -Path $RegistryPath -Name “LocalInputPriorityTimeout” -Value 3 -Type DWord -Force

Write-Host “Registry settings configured successfully.” -ForegroundColor Green
}
catch {
Write-Host “Error configuring registry: $_” -ForegroundColor Red
}

# Configure Windows Firewall
Write-Host “Configuring Windows Firewall rules…” -ForegroundColor Yellow
try {
# Remove existing rules if they exist
Remove-NetFirewallRule -DisplayName “TightVNC Server” -ErrorAction SilentlyContinue

# Add firewall rule for all profiles (Domain, Private, Public)
New-NetFirewallRule -DisplayName “TightVNC Server” `
-Direction Inbound `
-Protocol TCP `
-LocalPort $Port `
-Action Allow `
-Profile Domain,Private,Public `
-Enabled True `
-Description “Allow TightVNC Server connections on port $Port”

Write-Host “Firewall rule created successfully for port $Port on all profiles.” -ForegroundColor Green
}
catch {
Write-Host “Error configuring firewall: $_” -ForegroundColor Red
}

# Restart TightVNC Service
Write-Host “Restarting TightVNC Server service…” -ForegroundColor Yellow
try {
Restart-Service -Name “tvnserver” -Force -ErrorAction Stop
Write-Host “TightVNC Server service restarted successfully.” -ForegroundColor Green
}
catch {
Write-Host “Error restarting service: $_” -ForegroundColor Red
Write-Host “Attempting to start the service…” -ForegroundColor Yellow
try {
Start-Service -Name “tvnserver” -ErrorAction Stop
Write-Host “TightVNC Server service started successfully.” -ForegroundColor Green
}
catch {
Write-Host “Error starting service: $_” -ForegroundColor Red
}
}

# Verify service is running
Write-Host “`nVerifying installation…” -ForegroundColor Yellow
$Service = Get-Service -Name “tvnserver” -ErrorAction SilentlyContinue
if ($Service) {
Write-Host “Service Status: $($Service.Status)” -ForegroundColor Cyan
Write-Host “Service Start Type: $($Service.StartType)” -ForegroundColor Cyan
}

# Verify firewall rule
$FirewallRule = Get-NetFirewallRule -DisplayName “TightVNC Server” -ErrorAction SilentlyContinue
if ($FirewallRule) {
Write-Host “Firewall Rule: Enabled” -ForegroundColor Cyan
}

# Clean up installer
Write-Host “`nCleaning up…” -ForegroundColor Yellow
Remove-Item -Path $InstallerPath -Force -ErrorAction SilentlyContinue

Write-Host “`n=== Installation Complete ===” -ForegroundColor Green
Write-Host “TightVNC Server is configured and running on port $Port” -ForegroundColor Green
Write-Host “Password has been set as specified” -ForegroundColor Green
Write-Host “Service is set to start automatically” -ForegroundColor Green
Write-Host “Firewall rule has been added for all profiles” -ForegroundColor Green

# Remove problematic AppX packages that prevent Sysprep
Write-Host “`n=== Removing User-Specific AppX Packages ===” -ForegroundColor Yellow
Write-Host “Cleaning up AppX packages that could cause Sysprep to fail (Error 0x80073CF2)…” -ForegroundColor Yellow

try {
# Get all AppX packages for all users that aren’t provisioned
$AppxPackages = Get-AppxPackage -AllUsers | Where-Object {
$_.NonRemovable -eq $false -and
-not (Get-AppxProvisionedPackage -Online | Where-Object {$_.DisplayName -eq $_.Name})
}

if ($AppxPackages) {
Write-Host “Found $($AppxPackages.Count) user-specific AppX packages to remove…” -ForegroundColor Cyan

foreach ($Package in $AppxPackages) {
try {
Write-Host ” Removing: $($Package.Name)…” -ForegroundColor Gray
Remove-AppxPackage -Package $Package.PackageFullName -AllUsers -ErrorAction Stop
}
catch {
Write-Host ” Warning: Could not remove $($Package.Name): $_” -ForegroundColor Yellow
}
}

Write-Host “AppX package cleanup completed.” -ForegroundColor Green
}
else {
Write-Host “No problematic AppX packages found.” -ForegroundColor Green
}
}
catch {
Write-Host “Warning: Error during AppX cleanup: $_” -ForegroundColor Yellow
Write-Host “Continuing with Sysprep…” -ForegroundColor Yellow
}

# Check for pending reboots before Sysprep
Write-Host “`n=== Checking for Pending Reboots ===” -ForegroundColor Yellow

$PendingReboot = $false

# Check Component Based Servicing
if (Test-Path “HKLM:\Software\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending”) {
Write-Host “Pending reboot detected: Component Based Servicing” -ForegroundColor Yellow
$PendingReboot = $true
}

# Check Windows Update
if (Test-Path “HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired”) {
Write-Host “Pending reboot detected: Windows Update” -ForegroundColor Yellow
$PendingReboot = $true
}

# Check Pending File Rename Operations
$PendingFileRename = Get-ItemProperty “HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager” -Name PendingFileRenameOperations -ErrorAction SilentlyContinue
if ($PendingFileRename) {
Write-Host “Pending reboot detected: File Rename Operations” -ForegroundColor Yellow
$PendingReboot = $true
}

if ($PendingReboot) {
Write-Host “`nWARNING: System has pending updates/reboots!” -ForegroundColor Red
Write-Host “Sysprep will fail if run now (Error 0x8007139F)” -ForegroundColor Red
Write-Host “`nRECOMMENDED ACTION:” -ForegroundColor Yellow
Write-Host “1. Reboot the system now to complete pending updates” -ForegroundColor Cyan
Write-Host “2. After reboot, run this script again” -ForegroundColor Cyan
Write-Host “`nAlternatively, the script can attempt to reboot now and you can run it again after.” -ForegroundColor Yellow

$Response = Read-Host “`nDo you want to reboot now? (Y/N)”
if ($Response -eq “Y” -or $Response -eq “y”) {
Write-Host “Rebooting system in 10 seconds…” -ForegroundColor Yellow
Start-Sleep -Seconds 10
Restart-Computer -Force
}
else {
Write-Host “Sysprep cancelled. Please reboot manually and run the script again.” -ForegroundColor Yellow
exit 1
}
}
else {
Write-Host “No pending reboots detected. Proceeding with Sysprep…” -ForegroundColor Green
}

# Run Sysprep
Write-Host “`n=== Running Sysprep ===” -ForegroundColor Yellow
Write-Host “The system will generalize and reboot…” -ForegroundColor Yellow
Start-Sleep -Seconds 3

try {
$SysprepPath = “$env:SystemRoot\System32\Sysprep\sysprep.exe”

if (Test-Path $SysprepPath) {
Write-Host “Executing Sysprep /generalize /oobe /reboot…” -ForegroundColor Yellow
Start-Process -FilePath $SysprepPath -ArgumentList “/generalize”, “/oobe”, “/reboot” -Wait -NoNewWindow
}
else {
Write-Host “Sysprep not found at $SysprepPath” -ForegroundColor Red
exit 1
}
}
catch {
Write-Host “Error running Sysprep: $_” -ForegroundColor Red
exit 1
}

🔹 Feature: GitHub Enterprise

🔹 What It Does: Offers GitHub on-premises (or as dedicated SaaS) with advanced security tools and SLA support.

What It’s Giving You:

✅ GitHub Enterprise Cloud: Hosted by GitHub with robust enterprise features.

✅ GitHub Enterprise Server: Self-hosted, deployed on your company’s own infrastructure or in the cloud (AWS, Azure, GCP).

✅ Advanced Security: SAML/SSO, LDAP, SCIM, audit logs, IP allow-listing for enhanced protection.

✅ Enterprise-Grade Compliance: Meets SOC2, HIPAA, FedRAMP, and GDPR requirements.

✅ Centralized Management: Simplified policy and user management across your entire organization.

GitHub Enterprise (Cloud / Enterprise option): ~$21 USD per user per month.

🔹 Feature: API Management Gateway

🔹 What It Does:

✅ Simplifies API management across hybrid and multi-cloud environments.

✅ Enhances security with built-in authentication and threat protection.

✅ Provides detailed analytics for monitoring API performance and usage.

✅ Enables seamless integration with Azure services and on-premises systems.

🔹 What Is It Giving You:

✅ Centralized control over your APIs for consistent policy enforcement.

✅ Improved scalability and reliability for your applications.

✅ Accelerated development cycles with easier API versioning and management.

✅ Enhanced developer experience through a unified platform.

More info: https://learn.microsoft.com/en-us/azure/api-management/api-management-key-concepts

#mvpbuzz #azurenews

🔹 Feature: AI Gateway

🔹 What It Does: Built on Azure API Management Gateway, the AI Gateway extends robust API protections to your AI systems, including often-overlooked MCP servers.

What It Gives You:

✅ Control: Keep your AI solutions under strict governance.

✅ Security: Manage usage with authentication and authorization protocols.

✅ Efficiency: Balance loads seamlessly across your AI infrastructure.

✅ Cost Management: Monitor and optimize expenses effortlessly.

✅ All the other stuff that API management provides

More info: https://learn.microsoft.com/en-us/azure/api-management/genai-gateway-capabilities

#mvpbuzz #azurenews

AI and Copilot Everywhere. Last year, over 16,000 MCP servers were introduced. Consequently, I recommended that you consider providing an MCP server for your application.

🔹 Feature: MCP Server

🔹 What It Does: MCP Server delivers data and enables actions (e.g. Run Calc.exe on your Windows, Linux) from AI, not just through common protocols.

One picture speaks louder than a thousand words – what is MCP server:

✅ Seamless Integration: Enjoy effortless connections with AI-powered services, enhancing productivity and efficiency.

✅ Improved Data Flow: Experience faster, more reliable data transmission, ensuring your applications run smoothly.

✅ Action-Ready: Execute AI-driven tasks instantly, reducing delays and boosting operational agility.

✅ Flexible Protocol Support: Go beyond traditional protocols to harness AI’s full potential in diverse environments.

✅ Official MCP Registry: Visit the official MCP registry website or platform that maintains a verified list of servers (https://github.com/mcp).

Learn More: https://github.com/microsoft/community-content

#mvpbuzz #azurenews

⚠️ Intune is Moving to New IP Addresses (Front Door) – Stay Updated! New Post in Azure, Microsoft 365 Series:

🔹 Feature: Autopilot Device Preparation (AP-RP)

🔹 What It Does: Simplifies Autopilot debugging with enhanced efficiency.

What It’s Giving You:

✅ Auto-Log-Upload for provisioning failures – no manual uploads needed.

✅ Superior Troubleshooting – faster, clearer insights to resolve issues.

✅ Automatic Device Enrollment into Device Security Groups.

✅ Cross-Cloud Support – works seamlessly across commercial & government clouds.

✅ No Registration Required – fast, consistent Out-Of-Box Experience (OOBE).

✅ Device-Based Configuration with policy-driven provisioning.

⚠️ Entra Only – no hybrid support.

⚠️ No Script Provisioning – streamlined and secure setup.

More Info: https://learn.microsoft.com/en-us/autopilot/device-preparation/compare

#mvpbuzz #azurenews

🔹 Feature: Windows Server 2025 Security Baseline

🔹 What It Does: Offers powerful scripts to harden your Windows environment, not just for 2025, ensuring full compliance with top security standards.

What It Gives You:

✅ Easy to Use: Simplified security hardening process.

✅ Supported by Microsoft: Reliable and officially backed.

✅ No More Harden Kitty: Streamlined solution without the need for additional tools.

More Info: https://rzetelnekursy.pl/stop-using-hardenkitty-windows-server-2025-security-baseline-is-the-clear-winner/

#mvpbuzz #azurenews

🔹 Feature: Extended Network for Azure (VXLAN)

🔹 What It Does: Enables the use of the same IP network ranges both On-premises and on Azure.

What is it giving you:

✅ Simplified Network Management: No need to reconfigure IP ranges when extending your network to Azure.

✅ Seamless Connectivity: Ensures effortless communication between your on-premises systems and Azure resources.

✅ Enhanced Flexibility: Easily migrate workloads to the cloud without worrying about IP conflicts.

✅ Cost Efficiency: Reduces the overhead of complex network ⚠️ configurations and management.

⚠️ You should use this functionality only if there is no other option. Having different IP addresses is always recommended.

⚠️  This approach may lead to potential security risks and reduced network performance, making it less ideal compared to using separate IP addresses.

More info: https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/azure-extended-network

#mvpbuzz #azurenews

🚀  Azure and Microsoft 365 series bring Elastic SAN offer that has enhanced performance in comparison to Premium SSD disks. Notably, their cost is comparable to that of Standard SSD disks, despite their superior performance. 🚀

🔹 Feature: Azure Elastic SAN (Storage Area Network)

🔹 What It Does: A robust storage solution in Azure, complementing Premium Disks, Standard HDD, and SSD disks.

✅ What’s It Giving You?

4TB of SAN Premium Disk: ⚡ 20,000 IOPS / 🚀 800 MB/s

💰 Cost: 9.04 €/day

4TB of Premium Disk: ⚡ 7,500 IOPS / 🚀 250 MB/s

💰 Cost: 15.04 €/day

4TB of Standard SSD Disk: ⚡ 500 IOPS / 🚀 100 MB/s

💰 Cost: 8.48 €/day

4TB of Standard HDD Disk: ⚡ 500 IOPS / 🚀 60 MB/s

💰 Cost: 4.52 €/day

✅ Why Choose Azure Elastic SAN?

Higher performance at lower cost compared to Premium SSDs

Affordable like Standard SSDs but with superior speed and IOPS

#mvpbuzz #azurenews

🚀 Azure and Microsoft 365 series ensure your application isi always up and running! Game-changing feature!

🔹 Feature: Azure SRE Agent

🔹 What It Does: AI-powered assistant that helps diagnose and resolve Azure issues by analyzing your Resource Groups.

One video clip displays over one hundred words!

✅ Why It’s Beneficial:

✅ Automates Incident Management: Quickly identifies and addresses issues to minimize downtime.

✅ Diagnoses Apps & Performs Root Cause Analysis: Pinpoints problems with precision, reducing time spent on troubleshooting.

✅ Fine-Grained Access Control: Offers both human-in-the-loop and autonomous actions for secure, flexible management.

✅ Proactively Audits Resources: Continuously checks resources against Azure best practices to ensure optimal performance.

✅ Integrates with Developer Tools: Seamlessly connects with GitHub and Azure DevOps to enhance your development workflow.

🚀 Stay Ahead with Azure SRE Agent!

More info: https://learn.microsoft.com/en-us/azure/sre-agent/overview?tabs=explore

#mvpbuzz #azurenews

Azure and Office 365: Seamless Integration (Next Post in Series)

🔹 Feature: Azure Migrate

🔹 What It Does: This tool assists you in migrating your workloads to the Microsoft cloud.

✅ Discovery and Assessment: Identify and evaluate on-premises applications, servers, and databases for migration readiness.

✅ Server Migration: Seamlessly transfer virtual and physical servers to Azure.

✅ Database Migration: Simplify the process of moving databases to Azure SQL with minimal downtime.

✅ Application Modernization: Analyze and modernize .NET and Java applications for cloud efficiency.

✅ Integration with Azure Tools: Works seamlessly with Azure Monitor, Azure Security Center, and other services for optimized management.

✅ Cost Estimation: Provides precise cost projections for migrating workloads to Azure.

✅ Performance Insights: Offers performance-based recommendations to enhance cloud efficiency.

🚀 Application awareness enhanced discovery and assessment workflows with an updated inventory view, dependency analysis, and centralized Action Center for managing migration issues

More info: https://learn.microsoft.com/en-us/azure/migrate/?view=migrate

#mvpbuzz #azurenews