# Azure Governance âď¸ & Management đ¨
- by AmirBFor customers with machines managed by Azure (i.e., Arc-enabled machines and Azure VMs), last year we delivered built-in CIS Benchmarks for Linux. The feedback has been clear: âExcellent, now do Windows.â Today we're announcing that built-in CIS Benchmarks for Windows […]
- by mutemwamashekeBackground: Azure Machine Configuration remains committed to enabling greater security and simplicity in at-scale server management for all Azure customers. Machine Configuration (previously known as Azure Policy Guest Configuration) enables both built-in and custom configuration as code allowing you to […]
- by mutemwamashekeBackground: Azure Machine Configuration remains committed to enabling greater security and simplicity in at-scale server management for all Azure customers. Machine Configuration (previously known as Azure Policy Guest Configuration) enables both built-in and custom configuration as code allowing you to […]
- by stevenbucherWe're super excited to announce the public preview of the Azure Resource Manager MCP Server! This is a remote MCP server that provides tools to give AI agents first-class access to Azure infrastructure operations through Azure Resource Manager (ARM). AI […]
- by jtracey93msftFollowing on from months of working alongside customers, partners, and our internal product groups, we have now made two updates to the Azure landing zone (ALZ) and the Sovereign landing zone (SLZ), that Iâd like to walk you through in […]
- by shobhitgargRunning production workloads on Azure Kubernetes Service (AKS) is becoming the norm for platform teams building cloudânative applications at scale. As these environments increasingly host stateful workloads using persistent volumes, ensuring data protection and rapid recovery becomes missionâcritical. Today, weâre […]
- by Meagan McCroryManaging servers and VMs across Azure, on premises, and multi-cloud environments often means turning on core capabilitiesâmonitoring, updates, inventory, and configurationâthrough separate setup experiences. Weâve heard feedback that this makes it harder to get visibility into machine state and take […]
- by ShannonHicksAs Azure evolves, certain features are deprecated to streamline services and improve security and performance. One such upcoming change is the deprecation of the Docker Content Trust (DCT) feature in Azure Container Registry (ACR) which is ongoing over a three-year […]
# Azure Infrastructure đď¸
- by Harsha_NairWhat's New Security Insights:Â Â The new Security page in Kubernetes Center gives you an immediate, all clusters or Kubernetes Fleet Manager-wide view of your security posture without leaving the portal. At the summary level you can see: Security vulnerabilities […]
- by ranjsharmaOverview: AÂ golden image is a prebuilt, approved system template that represents the ideal baseline for deployment. It includes: Hardened operating system configuration (e.g., RHEL) Preinstalled software and dependencies Security patches and updates Organizational compliance standards Architecture: Golden Image Refresh for […]
- by ranjsharmaIntroduction Generative AI tools such as ChatGPT, GitHub Copilot, and Google Gemini are rapidly becoming part of everyday enterprise workflows. Teams use them for code generation, documentation, analysis, support automation, and productivity enhancement. However, this accelerated adoption has also created […]
- by ranjsharmaArchitecture Overview Rundeck Server (AWS) â https://dev.rundeck.xyz.com Rundeck Runner (Azure Linux VM) Secure Communication over HTTPS (Port 4432) Optional Proxy for enterprise networks 1.Ensure that network connectivity is established between the Rundeck endpoint (dev.rundeck.xyz.com) and the Azure subnet over port […]
- by ranjsharmaArchitecture:Â This blog describes how to build a practical Terraform Drift Validator for Azure that compares three sources of truth: Excel sheet or design document containing expected Azure configuration Terraform state file representing IaC-managed deployed intent Live Azure configuration, verified […]
- by rbhatiaWhy TCP/TLS Proxy Matters Modern cloud architectures commonly focus on HTTP/HTTPS traffic management, but many enterprise systems still rely on: Proprietary TCP protocols Financial transaction systems Messaging platforms Legacy middleware applications Secure client-server communication Traditionally, these workloads often required: Network […]
- by RavinderGupta  The Brain of the Operation: Azure OpenAI. When building a DevOps agent, following are the points which can be considered to select Azure OpenAI as the ideal choice for logical engine: Native Tool Use: It is specifically optimized […]
- by mohit-kanojiaModern enterprises are no longer running workloads only inside a centralized cloud environment. Applications today operate across: On-premises datacenters Remote branch offices Manufacturing plants Retail stores Edge locations Hybrid infrastructure While Kubernetes has become the standard for container orchestration, managing […]
# Azure Network Securityđ
- by AvanishYadavAs enterprises adopt Microsoft Azure for largeâscale and regulated workloads, security architecture must be driven by traffic trust boundaries and inspection intent, not connectivity alone. Regulatory frameworks consistently require a clear separation between Internetâuntrusted and private enterprise traffic, enforced through […]
- by saikishor Introduction: The Need for Layered DDoS Defense Organizations today operate in an environment where Distributed Denial of Service (DDoS) attacks continue to evolve across both network and application layers. To help organizations build resilient, internet-facing applications and services, Microsoft […]
- by aarontsang Overview Azure Bastion provides secure RDP and SSH access to Azure virtual machines directly via the Azure portal or via the native SSH/RDP client already installed on your local computer. Today, we are introducing public preview for managed identity […]
- by andrewmathuIntroduction As attackers continue to evolve their techniques, organizations require web application security that keeps pace with emerging threats without disrupting legitimate traffic. Azure Web Application Firewall (WAF) continues to evolve to meet these demands and now supports Default Rule […]
- by saikishorIntroduction: Azure Firewall Premium provides strong protection with a built-in Intrusion Detection and Prevention System (IDPS). It inspects inbound, outbound, and east-west traffic against Microsoftâs continuously updated signature set and can block threats before they reach your workloads. IDPS works […]
- by SaleemBseeuIntroduction Distributed Denial of Service (DDoS) attacks continue to be one of the most prevalent threats facing organizations with internet-facing workloads. Azure DDoS Protection provides cloud-scale protection against L3/4 volumetric attacks, helping ensure your applications remain available during an attack. […]
- by Mohit_KumarAs threat actors continue to blend reconnaissance, exploitation, and post-compromise activity, network-level signals remain critical for early detection and correlated response. To strengthen this layer, we're introducing five new Azure Firewall IDPS detections, now available out of the box in […]
- by ShabazShaikManaging secure remote access to virtual machines traditionally means juggling public IP addresses, configuring jump boxes, deploying VPN infrastructure, and managing complex firewall rules. Each layer adds cost, complexity, and potential security vulnerabilities. Azure Bastion changes everything. It's a fully […]
# Azure Virtual Desktop (AVD) đĽď¸
- by Christian_MontoyaAt Microsoft Ignite 2025, we announced both the general availability of external identity support in Azure Virtual Desktop and the public preview support of using FSLogix and Azure Files as a user profile management solution for external identities in Azure […]
- by Rinku_DalwaniReliable connectivity is essential for ensuring consistent productivity in Azure Virtual Desktop (AVD) environments. Network variabilityâwhether due to packet loss, NAT misconfiguration, UDPârestricted networks, or restrictive enterprise network policiesâcontinues to be one of the most common causes of session interruptions […]
- by Steve_DownsAzure Virtual Desktop is a secured, cloud-based virtual desktop infrastructure (VDI) service that enables organizations to deliver Windows desktops and applications to users. Originally launched in 2019, Azure Virtual Desktop has evolved rapidly to meet the changing needs of modern […]
- by Michelle_MoyaManaging applications in virtualized desktop and server environments has traditionally required IT teams to bake apps directly into base images, driving image sprawl, slower updates, and higher operational overhead. App attach in Azure Virtual Desktop changes that model by enabling applications to be delivered dynamically to […]
- by Rinku_DalwaniUDP support over Private Link for Azure Virtual Desktop is now generally available. This release enables a direct, highâperformance, UDPâbased RDP connection between AVD session hosts and clients over Azure Private Link using RDP Shortpath for managed networks. This capability […]
- by Ron_ColemanToday Azure Virtual Desktop (AVD) is now available in the USGov Texas region of Azure Government, providing customers with an additional region for deploying secure and flexible virtual desktop environments that support a broad range of mission needs. Key benefits With this regional expansion, customers can now: […]
- by TomHickling Editor's Note: This post was last updated on January 21, 2026. At Microsoft, we understand customers need a desktop service that is reliable and resilient. Thatâs why weâve made service resilience a core architectural design principle within the Azure […]
- by ivaylo_ivanovWindows 10 reaches end of support on October 14, 2025. A great place to learn about all the Windows 10 Extended Security Updates (ESU) options is in our blog post, When to use Windows 10 Extended Security Updates. In this […]