🔹 Feature: Copilot Studio Lite

🔹 What It Does: A lightweight, no-code agent builder embedded in Microsoft 365 Copilot — making it easy for users (not just developers) to quickly build AI agents with your organisation’s content. 

What Is It Giving You:

🤔 It could be thread as demo of Copilot Studio, agent is created using prompts. Can not do more like answer the questions using data that you have access to. Can no interact so can not send email.

✅ Access to Organizational Knowledge: Connects with Microsoft Graph, SharePoint, and Outlook while maintaining existing permissions and governance.

✅ Cost-Efficient: Free to use in its “lite” form with eligible Microsoft 365 licenses, perfect for lightweight scenarios and piloting agents without upfront costs.

✅ Fast Time-to-Value: Ideal for small teams or specific cases like onboarding assistants, FAQ bots, or document-search agents for rapid deployment.

✅ Option to Scale: As your needs grow, upgrade to the full Copilot Studio experience with advanced connectors, multistep workflows, and external channel publishing.

More info:

🌐 https://learn.microsoft.com/en-us/microsoft-365-copilot/extensibility/copilot-studio-experience

🌐 https://learn.microsoft.com/en-us/microsoft-copilot-studio/billing-licensing

🔹 Feature: Microsoft Purview

🔹 What It Does: A comprehensive portfolio of products designed to keep your data secure, no matter where it resides.

While Office 365 is often the starting point for many, securing your data as it moves inside and outside your organization is critical. The next step? Configuring labels and other security measures to safeguard your information effectively.

Be aware that Microsoft Purview enables you to track and manage your data not only within Office 365 but also across Azure and on-premises environments. Plus, there’s an additional portal to help streamline your data governance:

🌐 Portal: https://web.purview.azure.com/

🌐 Office365: https://purview.microsoft.com/

What It’s Giving You:

✅ Unified data governance across cloud and on-premises

✅ Advanced tracking and visibility for sensitive information

✅ Simplified compliance with integrated labeling and classification

✅ Enhanced risk management with robust security configurations

The new feature, Data Security Investigations in Microsoft Purview, is designed to enhance your organization’s ability to detect, investigate, and respond to potential data security risks. This feature allows security teams to gain comprehensive visibility into data activities, ensuring sensitive information is protected and compliance requirements are met (https://learn.microsoft.com/en-us/purview/data-security-investigations).

More info: https://learn.microsoft.com/en-us/purview/

🔹 Feature: Conditionalr Access Optimization Agent

🔹 What It Does: Identifies users or applications not protected by Conditional Access policies and suggests next steps to secure them.

What It Gives You:

✅ Enhanced visibility into unprotected access points

✅ Actionable recommendations to improve security posture

✅ Streamlined management of Conditional Access policies

✅ Proactive threat mitigation through continuous assessment

More info: https://learn.microsoft.com/en-us/entra/security-copilot/conditional-access-agent-optimization

🔹 Feature: Microsoft Agent Framework – The Successor to Symantec Kernel

🔹 What It Does: Developers can create intelligent, secure, and scalable agent-based applications

What It Gives You:

✅ Modularity: Workflows can be broken down into smaller, reusable components, making it easier to manage and update individual parts of the process.

✅ Agent Integration: Workflows can incorporate multiple AI agents alongside non-agentic components, allowing for sophisticated orchestration of tasks.

✅ Type Safety: Strong typing ensures messages flow correctly between components, with comprehensive validation that prevents runtime errors.

✅ Flexible Flow: Graph-based architecture allows for intuitive modeling of complex workflows with executors and edges. Conditional routing, parallel processing, and dynamic execution paths are all supported.

✅ External Integration: Built-in request/response patterns enable seamless integration with external APIs and support human-in-the-loop scenarios.

✅ Checkpointing: Save workflow states via checkpoints, enabling recovery and resumption of long-running processes on the server side.

✅ Multi-Agent Orchestration: Built-in patterns for coordinating multiple AI agents, including sequential, concurrent, hand-off, and Magentic.

✅ Composability: Workflows can be nested or combined to create more complex processes, allowing for scalability and adaptability.

More info: https://github.com/microsoft/agent-framework

🔹 Copilot News – You must be familiar with these AI Agents that can do work for you, enhancing productivity like never before.

🔹 Feature: Copilot – Saga News November 2025

✅ Agent Mode for Word, Excel, PowerPoint

Elevate your document, spreadsheet, and presentation game with AI agents that assist in content creation, data analysis, and design optimization.

https://www.zdnet.com/article/microsoft-just-added-ai-agents-to-word-excel-and-powerpoint-how-to-use-them/

✅ Agent Mode and Office Agent (Word, Excel) in M365 Copilot

https://www.microsoft.com/en-us/microsoft-365/blog/2025/09/29/vibe-working-introducing-agent-mode-and-office-agent-in-microsoft-365-copilot/

✅ Facilitator

A powerful meeting agent that drives agendas, captures notes, and simplifies follow-ups, ensuring no detail is missed.

https://learn.microsoft.com/en-us/microsoftteams/facilitator-teams

✅ Copilot in SSMS

Enhance SQL Server Management Studio with AI-driven insights, query optimization, and data management tools.

https://learn.microsoft.com/en-us/ssms/copilot/copilot-in-ssms-overview

✅ Viva Engage Agents

Boost community interactions with AI agents that foster engagement, streamline communication, and support network growth.

https://learn.microsoft.com/en-us/viva/engage/ai-technology-with-viva-engage/agents-community-network-deployment-config

✅ Dedicated Agents for Teams Channels

Have an AI teammate for every Teams channel, tailored to understand your projects and keep your team aligned.

https://learn.microsoft.com/en-us/microsoftteams/set-up-channel-agent-teams

✅ Knowledge Agent in SharePoint

Harness AI to enrich content, automate processes, and prepare knowledge for seamless integration with Copilot.

https://techcommunity.microsoft.com/blog/spblog/introducing-knowledge-agent-in-sharepoint/4454154

✅ Model Choice in Researcher

Expand your research capabilities with flexible model options in Microsoft 365 Copilot.

https://www.microsoft.com/en-us/microsoft-365/blog/2025/09/24/expanding-model-choice-in-microsoft-365-copilot/

✅ Research in Copilot

Supercharge your research with AI-driven analysis and data synthesis tools.

https://www.microsoft.com/en-us/microsoft-365/blog/2025/03/25/introducing-researcher-and-analyst-in-microsoft-365-copilot/

✅ Multi-Agent Orchestration in Copilot Studio

Design complex workflows with AI agents that collaborate, delegate, and execute tasks seamlessly.

https://www.microsoft.com/en-us/microsoft-copilot/blog/copilot-studio/multi-agent-orchestration-maker-controls-and-more-microsoft-copilot-studio-announcements-at-microsoft-build-2025/

✅ Computer Use Tool in Copilot Studio

Enable agents to interact with websites and desktop applications for enhanced workflow automation.

https://learn.microsoft.com/en-us/microsoft-copilot-studio/computer-use

✅ Copilot Tuning

Boost the accuracy, relevance, and efficiency of your AI agents with business-specific tuning.

https://learn.microsoft.com/en-us/copilot/microsoft-365/copilot-tuning-overview

✅ Copilot Control System

Gain comprehensive oversight of your AI ecosystem with robust controls and monitoring tools.

https://techcommunity.microsoft.com/blog/microsoft365copilotblog/introducing-copilot-control-system/4397248

🔹 Feature: Viva Engage

🔹 What It Does: Similar to Facebook and Facebook Groups

Considerations:

🤔 While Facebook had a service like Facebook/Meta Workplace, it didn’t gain significant traction.

🚀 I previously developed a tool that could copy your Facebook group or profile as a complete replica. Although it wasn’t fully finished, it worked and looked just like Facebook! I’m seeking motivation to continue working on it.

🚀 This tool could potentially serve as a synchronization mechanism between Viva Engage and Facebook. But for what specific purpose—marketing, support groups? One potential benefit is enabling Viva Engage to leverage AI agents using internal knowledge.

🚀 In large organizations, Viva Engage is often integrated as part of the intranet, sometimes even as a SharePoint web part.

🤔 I haven’t observed it being used for support or helpdesk requests, but I believe it could be beneficial—much like how Stack Overflow operates.

🤔 While Viva Engage might be more suitable for certain cases compared to Teams, Teams is used daily, making it more convenient for users.

🔹 Feature: Azure Local / Azure Stack HCI

🔹 What It Does: Azure Stack HCI extends Azure capabilities to your on-premises environment, enabling seamless hybrid cloud solutions. It integrates with Azure services to provide scalability, efficiency, and robust security.

What is it giving you:

✅ Enhanced Flexibility: Deploy and manage workloads efficiently across both cloud and local environments.

✅ Optimized Performance: Benefit from low-latency processing closer to your data sources.

✅ Simplified Management: Unified tools for managing hybrid resources in one dashboard.

✅ Increased Security: Advanced security features with integrated Azure services.

✅ Cost Efficiency: Reduce operational costs with scalable infrastructure.

More info: https://azurelocalsolutions.azure.microsoft.com

Continuation of the Well-Architected Framework Series: This time, we’re focusing on Assessment across Azure, Microsoft 365, Windows, and other Microsoft products.

🔹 Feature: Microsoft Assessments

🔹 What It Does: Helps you check your solution effectiveness and alignment with best practices using Microsoft’s Assessment tools.

What It’s Giving You:

✅ Actionable Insights: Identify areas for improvement in your current architecture.

✅ Tailored Recommendations: Receive recommendations specific to your environment and workloads.

✅ Risk Identification: Spot potential risks and security gaps early.

✅ Optimized Performance: Ensure your solutions are scalable, secure, and cost-efficient.

✅ Simplified Compliance: Align with industry standards and Microsoft’s best practices effortlessly.

More info: https://learn.microsoft.com/en-us/assessments/

#

Are you architect?

🔹 Feature: Azure Well-Architected Framework

🔹 What It Does: Planning a landing zone or deploying PaaS and others? Here are essential guidelines you must know!

What is it giving you?

✅ Best Practices for designing and operating reliable, secure, and efficient systems.

✅ Guidance on optimizing costs while maintaining performance.

✅ Framework to strengthen your cloud architecture based on proven pillars.

🌟 Main Pillars:

✅ Reliability – Ensure systems recover from failures and continue to function.

✅ Security – Protect applications and data from threats.

✅ Cost Optimization – Manage expenses while maximizing value.

✅ Operational Excellence – Improve processes and monitoring for smooth operations.

✅ Performance Efficiency – Achieve the best performance with scalable resources.

🔗 More info: https://learn.microsoft.com/en-us/azure/well-architected/

🔹 Feature: VNet Flow Logs

🔹 What It Does: The successor to NSG Flow Logs, offering advanced capabilities without the need to implement NSG.

What It’s Giving You:

✅ Enhanced visibility into network traffic

✅ Simplified monitoring without NSG dependency

✅ Detailed analytics for improved security insights

✅ Easier troubleshooting for network-related issues

More info: https://learn.microsoft.com/en-us/azure/network-watcher/vnet-flow-logs-overview?tabs=Americas#virtual-network-flow-logs-compared-to-network-security-group-flow-logs

🔹 Feature: “Hey Copilot” on Windows 11

🔹 What It Does: Transform your Windows 11 device into an AI-powered assistant, enabling you to manage tasks effortlessly using natural language.

What Is It Giving You?

✅ Voice Activation & Natural Conversation

Simply say, “Hey Copilot,” to start a voice interaction. Your PC understands natural language, letting you search, summarize, and perform tasks—no keyboard needed.

✅ Copilot Vision — “See What You See”

Your AI PC visually interprets content on your screen or within apps. Whether editing photos, reviewing presentations, or organizing files, Copilot Vision helps you take smart next steps.

✅ Agentic Actions — Acting on Your Behalf

Beyond providing answers, Windows 11’s AI executes tasks for you—like drafting emails, creating documents, organizing files, or scheduling events—with your approval.

✅ Deep Integration Into Your Workflow

Copilot is seamlessly built into Windows 11 and your taskbar. It connects with apps, settings, and tools, helping you work efficiently without switching contexts.

✅ Unified Connections Across Your Services

Link personal and work accounts—like OneDrive, Outlook, Google Drive, and Gmail—so your PC can locate, summarize, and act on information wherever it’s stored.

More info and great videos:

https://blogs.windows.com/windowsexperience/2025/10/16/making-every-windows-11-pc-an-ai-pc/

🌟 The Saga Continues! 🌟

🔹 Feature: Azure Chaos Studio

🔹 What It Does: Enables you to experiment with controlled chaos by simulating resource failures to see how your applications respond.

What is it giving you:

✅ Helps identify vulnerabilities in your systems before they cause real issues.

✅ Enhances system resilience by preparing for unexpected failures.

✅ Supports proactive troubleshooting, saving time and resources.

✅ Provides insights to optimize performance under stress conditions.

More Info: https://rzetelnekursy.pl/ui-tests-with-playwright-azure-load-testing-and-resilience-tests-with-azure-chaos-studio/

🚀 Testing Saga Continues! 🚀

🔹 Feature: Azure App Testing

🔹 What It Does: Perform Load Web Tests in Azure, fully compatible with JMeter for seamless performance evaluation.

What Is It Giving You?

✅ Simplified load testing for web applications

✅ Enhanced performance insights with Azure integration

✅ Seamless compatibility with JMeter for smooth workflows

✅ Scalable testing environments to meet diverse demands

✅ Quick setup and easy configuration for faster results

More Info: https://rzetelnekursy.pl/ui-tests-with-playwright-azure-load-testing-and-resilience-tests-with-azure-chaos-studio/

🔹 Feature: Playwright Testing

🔹 What It Does: Perform UI Web tests with Playwright for Cloud and on-premise applications

What It’s Giving You:

✅ Streamlined automated UI testing for web applications

✅ Compatibility with both Cloud and on-premise environments

✅ Enhanced efficiency in detecting UI issues early

✅ Support for multiple browsers and platforms

✅ Easy integration with CI/CD pipelines

More Info: https://rzetelnekursy.pl/ui-tests-with-playwright-azure-load-testing-and-resilience-tests-with-azure-chaos-studio/

🔹 Feature: Connect to AKS Private Cluster Using Azure Bastion

🔹 What It Does: Establishes a secure tunnel to Azure Kubernetes Service, enabling you to invoke kubectl commands seamlessly.

What It Gives You:

✅ Secure and simplified access to AKS Private Clusters without exposing them to the public internet.

✅ No need for additional VPNs or jump hosts—Azure Bastion handles the secure connectivity.

✅ Direct command execution using kubectl, enhancing operational efficiency.

✅ Improved security posture with controlled access through Azure Bastion.

🤔 We are awaiting further tunnel bastion connection possibilities, such as those to Postgres. 🤔

More info: https://learn.microsoft.com/en-us/azure/bastion/bastion-connect-to-aks-private-cluster

#mvpbuzz #azurenews

🔹 Feature: Front Door – Managed Identities to Authenticate to Origins

🔹 What It Does: Adds an extra layer of security, protecting your origins from being bypassed through Front Door.

What It Gives You:

✅ Enhanced security for origin access

✅ Simplified identity management without the need for credentials

✅ Seamless integration with Azure services

✅ Reduced risk of unauthorized access

⚠️ Additional control – verify if access is routed through Azure Front Door, check the X-Azure-FDID header in incoming requests and confirm it matches your Front Door’s ID.

More info: https://learn.microsoft.com/en-us/azure/frontdoor/origin-authentication-with-managed-identities 

🔹 Feature: Grafana with Azure Monitor

🔹 What It Does: Azure Monitor dashboards with Grafana enable you to leverage Grafana’s powerful query, transformation, and visualization capabilities for enhanced data insights.

What is it giving you:

✅ Real-time monitoring across multiple data sources

✅ Customizable, interactive dashboards for dynamic visuals

✅ Seamless integration with Azure services for smooth workflows

✅ Enhanced flexibility in analyzing and presenting critical metrics

📊 Don’t forget to check out Managed Grafana Service for comprehensive monitoring solutions.

More info: https://learn.microsoft.com/en-us/azure/azure-monitor/visualize/visualize-grafana-overview

New Post in Series: Azure, Microsoft 365, Windows, Microsoft Products

This time, let’s dive into a tool that helps you build AI applications capable of querying external APIs and decomposing AI prompts for enhanced performance.

🔹 Feature: Symantec Kernel

🔹 What It Does: A free SDK designed to build AI applications that act as an orchestration layer between large language models and your custom code.

What’s Helping You:

✅ Seamless integration of math operations within AI workflows.

✅ Efficient handling of external API calls to expand AI capabilities.

✅ Simplifies AI prompt decomposition for better data processing.

✅ Acts as a bridge between AI models and your application logic, ensuring smooth orchestration.

✅ Plugin ecosystem

⚠️ Challenges and Considerations: For new project consider using Microsoft Agent Framework as the successor to Symantec Kernel.

More Info: https://github.com/microsoft/semantic-kernel

Competitors of LangChain, LlamaIndex, LangGraph

🔹 Feature: Azure File Sync

🔹 What It Does: Synchronizes local File Shares with Azure Files.

What It Offers You:

✅ Seamless Synchronization: Ensures your local file shares and Azure Files are always up-to-date.

✅ Multi-Master Support: Facilitates collaboration across multiple sites with real-time updates.

✅ Efficient Migrations: Simplifies the transition from on-premises storage to the cloud without downtime.

✅ Local Cache Option: Provides quick access to frequently used files, reducing latency and dependency on internet speed.

✅ Backup: Disaster recovery scenarios, Backup scenarios.

More info: https://learn.microsoft.com/en-us/azure/storage/file-sync/file-sync-planning

#mvpbuzz #azurenews

🔹 Feature: IoT Central

🔹 What It Does: Simplifies the creation of IoT applications, dashboards, device management, and more.

What is it giving you:

✅ Quick Deployment: Easily set up IoT solutions without deep coding knowledge.

✅ Scalable Management: Manage thousands of devices effortlessly with built-in scalability.

✅ Customizable Dashboards: Visualize data effectively with personalized dashboards.

✅ Integration Ready: Seamlessly connects with other Microsoft services like Azure Functions and Power BI.

Some projects: 

🌐 https://youtu.be/fiyHol2yje0?si=tNwnzQ3jaBB7JGCj

🌐 https://youtu.be/9Ve9030IVqg?si=YbnWJ_ED5RQkJmXm

🔹 Feature: Azure Relay – Live without VPN

🔹 What It Does: Enables secure, direct connections between systems even when they’re behind firewalls using HTTPS.

What is it giving you:

✅ Built on the well-known Azure Service Bus for reliability and scalability.

✅ No need to open inbound ports, enhancing security.

✅ Seamless communication across distributed applications.

✅ Supports a variety of communication patterns (request/response, one-way, relayed messaging).

✅ Eliminates complex network configurations.

Easy step by step: https://github.com/MariuszFerdyn/Tunnel-via-Azure-Relay

🔹 Feature: Container Insights Segregation by Namespace

🔹 What It Does: Provides the ability to configure container console log collection, enabling segregation of logs by different Container Insights.

What It’s Giving You:

✅ Reduce Costs: Efficient log segregation minimizes unnecessary data ingestion, cutting down on expenses.

✅ Rescue PII Data Ingestion: Enhances control over data logs, reducing the risk of unintentional PII data exposure.

⚠️ Challenges and Considerations: Not easy – Configuration via Config Map

More info: https://learn.microsoft.com/en-nz/azure/azure-monitor/containers/container-insights-multitenant?tabs=arm

#mvpbuzz #azurenews

🔹 Feature: Confidential Computing

🔹 What It Does: Keeps memory encrypted within the virtual machine. It’s also available for PaaS platforms that have underlying virtual machines.

Confidential Computing is here to elevate your security game:

✅ Secure Kubernetes Deployments: Protect sensitive data while running containerized applications.

✅ Azure Virtual Desktop: Enhance security for privileged workstations, safeguarding critical business environments.

✅ Data Integrity Across PaaS: Keep your data secure even when leveraging platform services.

More info: https://azure.microsoft.com/en-us/solutions/confidential-compute#Related-products-3

#mvpbuzz #azurenews

🔹 Feature: Azure Storage Discovery

🔹 What It Does: Automatically scans your Azure environment to detect, classify, and provide insights into storage resources.

What It’s Giving You:

✅ Simplified Data Management: Azure Storage Discovery helps you identify and organize your storage resources efficiently.

✅ Enhanced Visibility: Gain clear insights into storage accounts, their usage, and potential cost optimization areas.

✅ Streamlined Operations: Quickly discover redundant or underutilized storage, improving resource allocation.

✅ Security Insights: Identify potential vulnerabilities and maintain compliance with organizational policies.

More info: https://azure.microsoft.com/en-us/blog/from-queries-to-conversations-unlock-insights-about-your-data-using-azure-storage-discovery-now-generally-available/

🔹 Feature: Ephemeral OS Disk Support on Azure Virtual Desktop

🔹 What It Does: Every session resets to its initial state—perfect for software testing and privileged workstations.

What It’s Giving You:

✅ Enhanced Security: Ensures sensitive data isn’t stored long-term, minimizing security risks.

✅ Optimized Performance: Faster boot times and improved user experience due to streamlined OS management.

✅ Cost-Efficiency: Reduces storage costs since no persistent OS disk is needed.

✅ Ideal for Testing: Perfect for developers needing clean environments for repeatable test scenarios.

More info: https://techcommunity.microsoft.com/blog/azurevirtualdesktopblog/now-in-public-preview-ephemeral-os-disk-support-on-azure-virtual-desktop/4460172

sudo raspi-config nonint do_vnc 0

sudo apt-get install -y gcc make libssl-dev libpam0g-dev libx11-dev libxfixes-dev libxrandr-dev mc autoconf automake libtool libxkbfile-dev

git clone https://github.com/neutrinolabs/xrdp.git
cd xrdp
git checkout 4b2155b6cf80c0411ffe8b5f1f7e3e4fae09e1a8

./bootstrap
./configure
make
sudo make install

sudo mcedit /etc/xrdp/xrdp.ini

[Xvnc]
name=Xvnc
lib=libvnc.so
pamusername=ask
pampassword=ask
#username=ask
#password=ask
ip=127.0.0.1
port=5900
security_level=0
depth=24

 

sudo mcedit /etc/wayvnc/config

use_relative_paths=true
address=::
enable_auth=false
#enable_pam=true
private_key_file=tls_key.pem
certificate_file=tls_cert.pem
rsa_private_key_file=rsa_key.pem

sudo systemctl enable xrdp
sudo systemctl restart wayvnc xrdp.service

 

sudo dphys-swapfile swapoff
sudo mcedit /etc/dphys-swapfile

CONF_SWAPSIZE=2048

sudo dphys-swapfile setup
sudo dphys-swapfile swapon

 

This script do the following:

1. Install and Configure VNC Server
2. Open 5900 port on local firewall
3. Remove user appx packages (required to successful run the sysprep)
4. Do a sysprep /generalize /oobe /reboot

All is unattended. After it reboot you can connect using VNC-Viewer-7.13.1-Windows-64bit to this VM and perform OOBE (Out-of-Box Experience). In this way you can utilize Intune Autopilot.

Before proceed make sure the machine is has all updates and no pending restart – just restart VM.

# TightVNC Unattended Installation and Configuration Script
# Requires Administrator privileges

#Requires -RunAsAdministrator

# Configuration Variables
$Password = “Pa##word”
$TightVNCVersion = “2.8.84”
$InstallerURL = “https://www.tightvnc.com/download/$TightVNCVersion/tightvnc-$TightVNCVersion-gpl-setup-64bit.msi”
$InstallerPath = “$env:TEMP\tightvnc-setup.msi”
$Port = 5900

Write-Host “Starting TightVNC Installation and Configuration…” -ForegroundColor Green

# Disable BitLocker on C: drive
Write-Host “`n=== Checking BitLocker Status ===” -ForegroundColor Yellow
try {
$BitLockerVolume = Get-BitLockerVolume -MountPoint “C:” -ErrorAction Stop

if ($BitLockerVolume.ProtectionStatus -eq “On”) {
Write-Host “BitLocker is enabled on C: drive. Disabling…” -ForegroundColor Yellow

# Disable BitLocker
Disable-BitLocker -MountPoint “C:” -ErrorAction Stop
Write-Host “BitLocker disable initiated.” -ForegroundColor Green

# Wait for decryption to complete
Write-Host “Waiting for decryption to complete (this may take several minutes)…” -ForegroundColor Yellow

$DecryptionComplete = $false
$MaxWaitTime = 3600 # 1 hour maximum wait
$ElapsedTime = 0
$CheckInterval = 10 # Check every 10 seconds

while (-not $DecryptionComplete -and $ElapsedTime -lt $MaxWaitTime) {
Start-Sleep -Seconds $CheckInterval
$ElapsedTime += $CheckInterval

$BitLockerStatus = Get-BitLockerVolume -MountPoint “C:” -ErrorAction SilentlyContinue
$EncryptionPercentage = $BitLockerStatus.EncryptionPercentage

Write-Host “Decryption progress: $($EncryptionPercentage)% encrypted remaining…” -ForegroundColor Cyan

if ($BitLockerStatus.VolumeStatus -eq “FullyDecrypted”) {
$DecryptionComplete = $true
Write-Host “BitLocker decryption completed successfully!” -ForegroundColor Green
}
}

if (-not $DecryptionComplete) {
Write-Host “Warning: Decryption is taking longer than expected.” -ForegroundColor Yellow
Write-Host “Current encryption status: $($EncryptionPercentage)% encrypted” -ForegroundColor Yellow
Write-Host “Continuing with installation, but Sysprep may have issues if encryption is not complete.” -ForegroundColor Yellow
}
}
elseif ($BitLockerVolume.ProtectionStatus -eq “Off”) {
Write-Host “BitLocker is already disabled on C: drive.” -ForegroundColor Green
}
else {
Write-Host “BitLocker status: $($BitLockerVolume.ProtectionStatus)” -ForegroundColor Cyan
}
}
catch {
Write-Host “Could not check BitLocker status: $_” -ForegroundColor Yellow
Write-Host “Continuing with installation…” -ForegroundColor Yellow
}

# Download TightVNC Installer
Write-Host “Downloading TightVNC installer…” -ForegroundColor Yellow
try {
Invoke-WebRequest -Uri $InstallerURL -OutFile $InstallerPath -UseBasicParsing
Write-Host “Download completed successfully.” -ForegroundColor Green
}
catch {
Write-Host “Error downloading TightVNC: $_” -ForegroundColor Red
exit 1
}

# Install TightVNC silently
Write-Host “Installing TightVNC…” -ForegroundColor Yellow
try {
$InstallArgs = @(
“/i”
“`”$InstallerPath`””
“/quiet”
“/norestart”
“ADDLOCAL=Server”
“SERVER_REGISTER_AS_SERVICE=1”
“SERVER_ADD_FIREWALL_EXCEPTION=1”
“SET_USEVNCAUTHENTICATION=1”
“VALUE_OF_USEVNCAUTHENTICATION=1”
“SET_PASSWORD=1”
“VALUE_OF_PASSWORD=$Password”
“SET_VIEWONLYPASSWORD=1”
“VALUE_OF_VIEWONLYPASSWORD=$Password”
)

Start-Process “msiexec.exe” -ArgumentList $InstallArgs -Wait -NoNewWindow
Write-Host “TightVNC installed successfully.” -ForegroundColor Green
}
catch {
Write-Host “Error installing TightVNC: $_” -ForegroundColor Red
exit 1
}

# Wait for installation to complete
Start-Sleep -Seconds 5

# Configure TightVNC Registry Settings
Write-Host “Configuring TightVNC settings…” -ForegroundColor Yellow
$RegistryPath = “HKLM:\SOFTWARE\TightVNC\Server”

try {
# Set port
Set-ItemProperty -Path $RegistryPath -Name “RfbPort” -Value $Port -Type DWord -Force

# Set to run as system service (autostart)
Set-ItemProperty -Path $RegistryPath -Name “RunControlInterface” -Value 1 -Type DWord -Force

# Enable authentication
Set-ItemProperty -Path $RegistryPath -Name “UseVncAuthentication” -Value 1 -Type DWord -Force

# Additional security settings
Set-ItemProperty -Path $RegistryPath -Name “AcceptRfbConnections” -Value 1 -Type DWord -Force
Set-ItemProperty -Path $RegistryPath -Name “QueryAcceptOnTimeout” -Value 0 -Type DWord -Force
Set-ItemProperty -Path $RegistryPath -Name “QueryTimeout” -Value 30 -Type DWord -Force
Set-ItemProperty -Path $RegistryPath -Name “LocalInputPriority” -Value 0 -Type DWord -Force
Set-ItemProperty -Path $RegistryPath -Name “LocalInputPriorityTimeout” -Value 3 -Type DWord -Force

Write-Host “Registry settings configured successfully.” -ForegroundColor Green
}
catch {
Write-Host “Error configuring registry: $_” -ForegroundColor Red
}

# Configure Windows Firewall
Write-Host “Configuring Windows Firewall rules…” -ForegroundColor Yellow
try {
# Remove existing rules if they exist
Remove-NetFirewallRule -DisplayName “TightVNC Server” -ErrorAction SilentlyContinue

# Add firewall rule for all profiles (Domain, Private, Public)
New-NetFirewallRule -DisplayName “TightVNC Server” `
-Direction Inbound `
-Protocol TCP `
-LocalPort $Port `
-Action Allow `
-Profile Domain,Private,Public `
-Enabled True `
-Description “Allow TightVNC Server connections on port $Port”

Write-Host “Firewall rule created successfully for port $Port on all profiles.” -ForegroundColor Green
}
catch {
Write-Host “Error configuring firewall: $_” -ForegroundColor Red
}

# Restart TightVNC Service
Write-Host “Restarting TightVNC Server service…” -ForegroundColor Yellow
try {
Restart-Service -Name “tvnserver” -Force -ErrorAction Stop
Write-Host “TightVNC Server service restarted successfully.” -ForegroundColor Green
}
catch {
Write-Host “Error restarting service: $_” -ForegroundColor Red
Write-Host “Attempting to start the service…” -ForegroundColor Yellow
try {
Start-Service -Name “tvnserver” -ErrorAction Stop
Write-Host “TightVNC Server service started successfully.” -ForegroundColor Green
}
catch {
Write-Host “Error starting service: $_” -ForegroundColor Red
}
}

# Verify service is running
Write-Host “`nVerifying installation…” -ForegroundColor Yellow
$Service = Get-Service -Name “tvnserver” -ErrorAction SilentlyContinue
if ($Service) {
Write-Host “Service Status: $($Service.Status)” -ForegroundColor Cyan
Write-Host “Service Start Type: $($Service.StartType)” -ForegroundColor Cyan
}

# Verify firewall rule
$FirewallRule = Get-NetFirewallRule -DisplayName “TightVNC Server” -ErrorAction SilentlyContinue
if ($FirewallRule) {
Write-Host “Firewall Rule: Enabled” -ForegroundColor Cyan
}

# Clean up installer
Write-Host “`nCleaning up…” -ForegroundColor Yellow
Remove-Item -Path $InstallerPath -Force -ErrorAction SilentlyContinue

Write-Host “`n=== Installation Complete ===” -ForegroundColor Green
Write-Host “TightVNC Server is configured and running on port $Port” -ForegroundColor Green
Write-Host “Password has been set as specified” -ForegroundColor Green
Write-Host “Service is set to start automatically” -ForegroundColor Green
Write-Host “Firewall rule has been added for all profiles” -ForegroundColor Green

# Remove problematic AppX packages that prevent Sysprep
Write-Host “`n=== Removing User-Specific AppX Packages ===” -ForegroundColor Yellow
Write-Host “Cleaning up AppX packages that could cause Sysprep to fail (Error 0x80073CF2)…” -ForegroundColor Yellow

try {
# Get all AppX packages for all users that aren’t provisioned
$AppxPackages = Get-AppxPackage -AllUsers | Where-Object {
$_.NonRemovable -eq $false -and
-not (Get-AppxProvisionedPackage -Online | Where-Object {$_.DisplayName -eq $_.Name})
}

if ($AppxPackages) {
Write-Host “Found $($AppxPackages.Count) user-specific AppX packages to remove…” -ForegroundColor Cyan

foreach ($Package in $AppxPackages) {
try {
Write-Host ” Removing: $($Package.Name)…” -ForegroundColor Gray
Remove-AppxPackage -Package $Package.PackageFullName -AllUsers -ErrorAction Stop
}
catch {
Write-Host ” Warning: Could not remove $($Package.Name): $_” -ForegroundColor Yellow
}
}

Write-Host “AppX package cleanup completed.” -ForegroundColor Green
}
else {
Write-Host “No problematic AppX packages found.” -ForegroundColor Green
}
}
catch {
Write-Host “Warning: Error during AppX cleanup: $_” -ForegroundColor Yellow
Write-Host “Continuing with Sysprep…” -ForegroundColor Yellow
}

# Check for pending reboots before Sysprep
Write-Host “`n=== Checking for Pending Reboots ===” -ForegroundColor Yellow

$PendingReboot = $false

# Check Component Based Servicing
if (Test-Path “HKLM:\Software\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending”) {
Write-Host “Pending reboot detected: Component Based Servicing” -ForegroundColor Yellow
$PendingReboot = $true
}

# Check Windows Update
if (Test-Path “HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired”) {
Write-Host “Pending reboot detected: Windows Update” -ForegroundColor Yellow
$PendingReboot = $true
}

# Check Pending File Rename Operations
$PendingFileRename = Get-ItemProperty “HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager” -Name PendingFileRenameOperations -ErrorAction SilentlyContinue
if ($PendingFileRename) {
Write-Host “Pending reboot detected: File Rename Operations” -ForegroundColor Yellow
$PendingReboot = $true
}

if ($PendingReboot) {
Write-Host “`nWARNING: System has pending updates/reboots!” -ForegroundColor Red
Write-Host “Sysprep will fail if run now (Error 0x8007139F)” -ForegroundColor Red
Write-Host “`nRECOMMENDED ACTION:” -ForegroundColor Yellow
Write-Host “1. Reboot the system now to complete pending updates” -ForegroundColor Cyan
Write-Host “2. After reboot, run this script again” -ForegroundColor Cyan
Write-Host “`nAlternatively, the script can attempt to reboot now and you can run it again after.” -ForegroundColor Yellow

$Response = Read-Host “`nDo you want to reboot now? (Y/N)”
if ($Response -eq “Y” -or $Response -eq “y”) {
Write-Host “Rebooting system in 10 seconds…” -ForegroundColor Yellow
Start-Sleep -Seconds 10
Restart-Computer -Force
}
else {
Write-Host “Sysprep cancelled. Please reboot manually and run the script again.” -ForegroundColor Yellow
exit 1
}
}
else {
Write-Host “No pending reboots detected. Proceeding with Sysprep…” -ForegroundColor Green
}

# Run Sysprep
Write-Host “`n=== Running Sysprep ===” -ForegroundColor Yellow
Write-Host “The system will generalize and reboot…” -ForegroundColor Yellow
Start-Sleep -Seconds 3

try {
$SysprepPath = “$env:SystemRoot\System32\Sysprep\sysprep.exe”

if (Test-Path $SysprepPath) {
Write-Host “Executing Sysprep /generalize /oobe /reboot…” -ForegroundColor Yellow
Start-Process -FilePath $SysprepPath -ArgumentList “/generalize”, “/oobe”, “/reboot” -Wait -NoNewWindow
}
else {
Write-Host “Sysprep not found at $SysprepPath” -ForegroundColor Red
exit 1
}
}
catch {
Write-Host “Error running Sysprep: $_” -ForegroundColor Red
exit 1
}

🔹 Feature: GitHub Enterprise

🔹 What It Does: Offers GitHub on-premises (or as dedicated SaaS) with advanced security tools and SLA support.

What It’s Giving You:

✅ GitHub Enterprise Cloud: Hosted by GitHub with robust enterprise features.

✅ GitHub Enterprise Server: Self-hosted, deployed on your company’s own infrastructure or in the cloud (AWS, Azure, GCP).

✅ Advanced Security: SAML/SSO, LDAP, SCIM, audit logs, IP allow-listing for enhanced protection.

✅ Enterprise-Grade Compliance: Meets SOC2, HIPAA, FedRAMP, and GDPR requirements.

✅ Centralized Management: Simplified policy and user management across your entire organization.

GitHub Enterprise (Cloud / Enterprise option): ~$21 USD per user per month.

🔹 Feature: API Management Gateway

🔹 What It Does:

✅ Simplifies API management across hybrid and multi-cloud environments.

✅ Enhances security with built-in authentication and threat protection.

✅ Provides detailed analytics for monitoring API performance and usage.

✅ Enables seamless integration with Azure services and on-premises systems.

🔹 What Is It Giving You:

✅ Centralized control over your APIs for consistent policy enforcement.

✅ Improved scalability and reliability for your applications.

✅ Accelerated development cycles with easier API versioning and management.

✅ Enhanced developer experience through a unified platform.

More info: https://learn.microsoft.com/en-us/azure/api-management/api-management-key-concepts

#mvpbuzz #azurenews

🔹 Feature: AI Gateway

🔹 What It Does: Built on Azure API Management Gateway, the AI Gateway extends robust API protections to your AI systems, including often-overlooked MCP servers.

What It Gives You:

✅ Control: Keep your AI solutions under strict governance.

✅ Security: Manage usage with authentication and authorization protocols.

✅ Efficiency: Balance loads seamlessly across your AI infrastructure.

✅ Cost Management: Monitor and optimize expenses effortlessly.

✅ All the other stuff that API management provides

More info: https://learn.microsoft.com/en-us/azure/api-management/genai-gateway-capabilities

#mvpbuzz #azurenews