Click any tag below to further narrow down your results
Links
A former Azure engineer details how Microsoft's mismanagement and unrealistic plans jeopardized its relationship with OpenAI and the US government. The article outlines the internal chaos and lack of clarity that led to significant operational failures.
The article outlines recent updates in Azure Networking, focusing on enhancements in security, reliability, and scalability for AI and cloud applications. Key features include improved NAT Gateway architecture, advanced traffic management tools, and high-capacity connectivity options for organizations. It emphasizes Azure's role in supporting the next generation of cloud solutions.
This article explains how Azure can help businesses build intelligent applications using advanced technology and tools. It highlights the benefits of unifying technology for easier management and secure innovation on a reliable cloud platform.
Microsoft Azure fended off the largest DDoS attack recorded, peaking at 15.72 Tbps, attributed to the Aisuru botnet. This botnet, which has infected over 700,000 IoT devices, has shifted from simple attacks to renting out these devices for illicit proxy services. The rise of such threats underscores the vulnerabilities of poorly secured IoT devices.
This article outlines how Azure can help businesses build intelligent applications using advanced tools and services. It emphasizes the integration of technology for easier management and secure innovation on a reliable cloud platform.
This article examines how attackers can exploit log data in cloud environments for enumeration and intelligence gathering. It discusses the types of logs generated by major cloud providers like AWS, Azure, and GCP, and highlights the importance of rethinking log access to enhance security. Practical mitigation strategies for defenders are also presented.
EvilMist is a set of scripts for auditing cloud security, focusing on Azure Entra ID. It helps identify misconfigurations, assess user access, and simulate attack techniques, all without needing authentication tokens. The toolkit includes features for user enumeration, risk assessment, and export options for analysis.
This article outlines how to improve Azure infrastructure by integrating a Load Balancer and Virtual Machine Scale Sets (VMSS) for high availability. It covers setting up the necessary components, defining infrastructure using Terraform, and implementing autoscaling and security rules.
This article introduces Azure, a cloud platform for building intelligent applications using various advanced tools and services. It highlights the platform's ability to simplify management while ensuring security and efficiency for businesses.
Azure is phasing out the Docker Content Trust feature in Azure Container Registry over three years, which will remove the trustPolicy property from APIs. This change will affect any existing Azure Policy assignments referencing this property, requiring updates to prevent compliance issues.
This article explains how Azure can help businesses build intelligent applications using advanced technology and tools. It highlights the benefits of unifying technology for easier management and secure innovation on the cloud.
This article explains how Azure can help businesses build intelligent applications using advanced tools and services. It highlights the benefits of unifying technology for easier management and secure innovation on a cloud platform.
Microsoft announced new features at Ignite 2025, focusing on Azure Copilot, which automates cloud management tasks like migration and optimization. The updates also highlight advancements in Azure's AI infrastructure, enhancing performance and scalability across services.
This article explains how Azure can help businesses build advanced applications using its technology and tools. It emphasizes the importance of unifying technology for easier management and secure innovation on the cloud.
This article outlines how Azure can help businesses build intelligent applications using advanced tools and services. It emphasizes the ease of managing technology on a secure cloud platform, enabling efficient innovation.
Microsoft has partnered with Anyscale to bring a managed version of Ray, an open-source distributed computing framework, to Azure. This offering simplifies scaling Python AI/ML workloads by providing a user-friendly interface and efficient resource management without needing extensive Kubernetes knowledge.
This article introduces Azure, Microsoft's cloud platform that offers tools and services for building intelligent applications. It emphasizes the benefits of unifying technology for easier management and secure innovation.
Saporo offers a solution for hybrid identity security that combines posture analysis with attack path mapping. It helps organizations identify and reduce identity-related risks across various systems like Active Directory and Azure. By prioritizing vulnerabilities, it enables teams to monitor changes and strengthen defenses against potential attacks.
This article introduces Azure NetApp Files Elastic Zone-Redundant Storage (ANF Elastic ZRS), a cloud storage solution that ensures zero data loss and high availability across multiple availability zones. It features synchronous replication and automatic failover, making it suitable for mission-critical applications and enterprise environments.
Microsoft has renamed and updated its DevOps specialization to Agentic DevOps with Microsoft Azure and GitHub. Key changes include new performance requirements, updated audit expectations, and a focus on qualifying partners who support customer adoption of Azure and GitHub solutions.
This article discusses advancements in Azure's computing capabilities showcased at Ignite 2025. Key features include Direct Virtualization for low-latency access to GPUs, Large Container sizes for enhanced performance, and automation tools like Scheduled Actions for managing multiple VMs efficiently.
The Aisuru botnet targeted Microsoft's Azure network with a DDoS attack of 15.72 Tbps from over 500,000 IP addresses. This attack, using high-rate UDP floods, is part of a trend of record-breaking DDoS incidents linked to the botnet, which exploits vulnerabilities in IoT devices.
The article argues that while AWS remains financially strong, it faces significant challenges, particularly from Google Cloud and internal talent issues. It discusses the need for AWS to improve execution amid growing competition and changing market demands.
This article introduces Azure, a cloud platform that offers tools and services for building intelligent applications. It highlights how Azure helps businesses streamline technology management and implement innovations securely.
This article outlines how Azure can help businesses build intelligent applications using advanced technology and tools. It emphasizes the platform's ability to streamline management and foster innovation in a secure cloud environment.
This article outlines recent improvements in Azure Repos, including changes to TFVC check-in policies, enhanced pull request comment navigation, and better email notifications. It also previews upcoming features aimed at streamlining pull requests and improving API performance.
Datadog has streamlined the onboarding process for monitoring Azure environments, reducing manual steps and the risk of misconfiguration. Users can set up monitoring quickly through a guided flow, with options for Azure CLI, Terraform, or existing app registrations to fit different workflows.
This article explains how Azure can help businesses build intelligent applications using advanced technology and services. It highlights the platform's ability to streamline management and enhance security while driving innovation on a reliable cloud infrastructure.
This article introduces Azure, a cloud platform that helps businesses build intelligent applications using various tools and services. It emphasizes the platform's ability to streamline technology management and enhance innovation while ensuring security.
The article reveals a vulnerability in Microsoft's Update Health Tools that allowed remote code execution through abandoned Azure storage blobs. Researchers exploited this flaw by monitoring HTTP requests and discovered that many devices were at risk due to misconfigurations. Microsoft has since addressed the issue after responsible disclosure.
This article outlines the development of the Azure SRE Agent, focusing on the importance of context engineering in improving reliability and efficiency. It discusses the transition from numerous specialized tools to a few broad tools and generalist agents, highlighting key insights gained throughout the process.
This article explains how to manage Azure Firewall and Network Security Group (NSG) rules using Terraform and CSV files. It outlines a method to streamline rule management, reduce code clutter, and simplify updates through structured CSV inputs.
Microsoft Azure experienced a significant outage due to an inadvertent configuration change, impacting services like Microsoft 365, Xbox, and various companies including Capital One and Starbucks. Recovery efforts are underway, with many services reporting improvements, though some customers still face issues.
The article indicates a 404 error for a specific Azure DevOps page, meaning the page doesn't exist or the URL is incorrect. It provides links for service status and support, along with a timestamp.
This article explains how Azure can help businesses build intelligent applications using advanced technology and tools. It focuses on unifying technology for easier management and delivering innovations securely on the cloud.
This article explains how Azure can help businesses build intelligent applications using advanced technology and tools. It highlights the benefits of unifying technology for easier management and delivering secure innovations on a reliable cloud platform.
This article explains Azure network security groups (NSGs), which filter network traffic in Azure virtual networks. It details the properties of security rules, default rules created by Azure, and options for modifying and combining these rules. The article also covers augmented security rules, service tags, and application security groups for streamlined management.
This article explains how to use Azure Developer CLI to deploy containerized applications across multiple environments without rebuilding containers. It highlights new features in version 1.20.0, including separated container operations and layered infrastructure for better management and security.
Microsoft reported strong Q2 FY2026 earnings, with revenue hitting $81.3 billion and Azure growth at 39%. However, the stock fell 11% due to capacity constraints and high customer concentration risk, particularly from OpenAI, which accounts for $281 billion of their commercial obligations.
Azure's ND GB300 v6 virtual machines achieved a record-breaking performance of 1.1 million tokens per second on the Llama2 70B model. This surpasses the previous record by 27% and features enhanced hardware optimizations for better inference workloads. The results were verified by Signal65.
Triggers and bindings in Azure Functions define how functions are invoked and how they interact with other resources. A function must have one trigger and can have multiple input and output bindings, allowing for flexible data handling without hardcoding service access. The article provides examples and code snippets for various programming languages to illustrate the configuration of triggers and bindings.
PostgreSQL is increasingly favored for Kubernetes workloads, now powering 36% of such databases. Azure offers two deployment options for PostgreSQL on AKS: local NVMe for high performance and Premium SSD v2 for optimized cost-performance, enhanced by the CloudNativePG operator for high availability. These innovations simplify the management of stateful applications, making Azure a robust platform for data-intensive workloads.
Learn how to automate the deployment of Azure SFTP using Terraform for a streamlined, version-controlled setup. The article provides a GitHub repository with necessary Terraform code, customization tips, and step-by-step instructions for creating and managing Azure SFTP resources efficiently.
Microsoft’s Azure Quantum group has outlined a plan to implement error correction in quantum computing, targeting a reduction of error rates from 1 in 1,000 to 1 in 1 million. Unlike IBM, which integrates both hardware and software for error correction, Microsoft provides access to various quantum hardware from different companies, allowing for flexible error correction schemes. The effectiveness of their proposed system has yet to be demonstrated with actual hardware.
The Cloud Privilege Escalation Awesome Script Suite provides tools for enumerating permissions across major cloud platforms like Azure, GCP, and AWS, helping users identify potential privilege escalation pathways and sensitive information access. It includes specific modules such as AzurePEAS for Azure environments and GCPPEAS for Google Cloud, utilizing advanced techniques for thorough permission analysis without altering any resources. Users can run these tools with various authentication methods and options for enhanced enumeration.
Monkey365 is an open-source PowerShell module designed to facilitate security configuration reviews for Microsoft 365, Azure subscriptions, and Microsoft Entra ID. It helps identify security gaps and misconfigurations while providing recommendations based on industry best practices and compliance standards. The tool supports over 160 checks and generates reports aligned with the CIS benchmarks for enhanced security assessment.
Azure Container Apps allows for time-based scaling using cron-type KEDA rules, enabling applications to automatically adjust their resource allocation based on predictable workload patterns. This guide details how to configure scaling actions for specific times using Azure Portal, CLI, and ARM templates, optimizing costs and resource usage. Key benefits include cost efficiency and simplicity in managing scaling rules.
Learn how to automate the generation and management of secrets, such as passwords, using Terraform and Azure Key Vault. The article covers creating a secure password, setting expiry dates, and implementing best practices for handling sensitive data in cloud infrastructure.
Azure Functions on Azure Container Apps is transitioning from the legacy V1 model to the recommended V2 model, which offers enhanced features, improved resource management, and simpler operations. The article outlines the limitations of V1, the advantages of V2, and provides a step-by-step checklist for transitioning to the new model, ensuring a smoother upgrade process for users.
Microsoft has introduced their new SRE Agent, which aims to assist users in troubleshooting connectivity issues by analyzing metrics and logs. However, the article raises concerns over the agent's flawed reasoning and the potential risks of automated actions taken without sufficient user oversight. Despite recognizing the tool's potential for efficiency, the author questions the reliability of the agent based on its demonstration.
OktaGinx is a phishlet designed for Evilginx that enables the bypassing of Okta authentication when used in conjunction with Azure. It incorporates techniques to evade framebusters, enhancing its phishing capabilities.
Bolthole is a proof-of-concept ClickOnce payload designed for Red Teams to gain initial access during authorized penetration tests. It facilitates a reverse SSH tunnel, CMD shell access, and SOCKS proxy functionality, allowing operators to pivot within the target environment seamlessly. The article provides detailed steps for setting up an Azure VM and configuring the necessary components for successful deployment and operation.
Microsoft has announced significant upgrades to its Azure security protocols, including the purging of dormant tenants and the rotation of keys to prevent future breaches, particularly following a nation-state hack. The company claims to have made substantial progress on its Secure Future Initiative, focusing on enhanced authentication and defenses against potential attack vectors.
Grafana has updated its Prometheus data source to better align with specific cloud services, deprecating AWS and Microsoft Azure authentication in favor of dedicated plugins for Amazon and Azure. This move reflects Grafana's commitment to a "big tent" philosophy, emphasizing interoperability and tailored solutions for diverse observability tools while continuing to support the open-source community.
Microsoft is addressing an outage affecting its Azure Front Door CDN, which has disrupted access to various Microsoft 365 services across Europe, Africa, and the Middle East. As of the latest updates, the company has restored approximately 98% of the service and is actively monitoring for full recovery, with the outage affecting only about 4% of previously impacted customers. The incident has been officially mitigated, and users have reported resolution of access issues.
A method for restoring a deleted container image from an Azure Container Registry using a running pod on an Azure Kubernetes Service node is presented. By utilizing the Azure CLI and containerd commands, users can retrieve the necessary image even when SSH access is disabled. The process involves checking for the image on the node and subsequently pushing it back to the registry.
Structuring Azure Firewall Policy rules is essential for effective management and troubleshooting. The article outlines a hierarchical approach that includes creating rule collection groups, rule collections, and prioritizing rules to ensure proper traffic management and security. Emphasizing the importance of planning before implementing rules can save time and resources in the long run.
Microsoft is implementing mandatory multifactor authentication (MFA) for Azure resource management operations starting October 1, 2025, as part of its ongoing efforts to enhance security against cyber threats. Phase 2 enforcement will require users to authenticate with MFA before managing resources, while workload identities will remain unaffected. Customers are encouraged to enable MFA for their users and prepare for the enforcement to ensure seamless access to Azure services.
Azure Kubernetes Service (AKS) networking involves understanding various network topologies and models, such as Kubenet and Azure CNI, to ensure efficient and secure connectivity for containerized applications. The article provides a comprehensive guide on different networking options, best practices, and real-world scenarios, emphasizing the importance of proper IP management and cluster configurations. It also highlights the transition from Kubenet to Azure CNI due to upcoming changes in service support.
Generative AI thrives in cloud environments, enabling organizations to overcome barriers to adoption and drive significant business value. By leveraging Azure's advanced infrastructure and tools, companies can implement real-time data insights, embed AI into enterprise workflows, utilize generative search for enhanced information access, and deploy intelligent AI agents to optimize operations and reduce costs. Migration to the cloud is essential for businesses aiming to innovate and scale their AI capabilities effectively.
Microsoft has updated the Azure SRE Agent, enhancing its capabilities for enterprise incident response and announcing that billing will begin on September 1, 2025. New features include granular permissions, expanded service skills, and integrations with incident management tools like ServiceNow, aimed at streamlining operations and improving uptime. The agent is designed to automate incident handling while ensuring security and adaptability for diverse operational styles.
The article discusses the implications of a leak involving Azure Active Directory client secrets, highlighting the potential security risks and the importance of securing cloud applications. It emphasizes best practices for managing client secrets to prevent unauthorized access and data breaches in cloud environments.
Microsoft has introduced container network logs in the public preview of Advanced Container Networking Services for Azure Kubernetes Service, providing detailed insights into network traffic. This feature enhances troubleshooting, security enforcement, and operational efficiency by monitoring various traffic layers and offering two modes of log storage. Users can visualize logs through Azure managed Grafana dashboards for better analysis and monitoring.
Azure offers three distinct containerisation services: Azure Kubernetes Service (AKS) for complex workloads requiring Kubernetes control, Azure App Service for straightforward web apps and APIs with minimal management, and Azure Container Apps for serverless, event-driven microservices. Choosing the right service depends on the specific needs of the workload, team expertise, and desired level of control. New cloud-native projects often benefit from starting with Container Apps for its balance of simplicity and power.
Multitenant logging in Container Insights allows customers using AKS to segregate container logs by different teams, enabling each team to access logs from their specific Kubernetes namespaces and manage billing in separate Log Analytics workspaces. The article outlines the scenarios supported, how to configure multitenancy using Data Collection Rules (DCRs), and steps for onboarding and managing these settings in an AKS cluster.
Azure AppHunter is an open-source PowerShell tool designed for security professionals to analyze and identify excessive or risky permissions assigned to Azure Service Principals. It enables users to enumerate dangerous Microsoft Graph permissions, detect privileged role assignments, and uncover potential escalation paths in Azure environments with minimal dependencies. The tool supports integration into automation and red teaming workflows, making it valuable for cloud security assessments.
Microsoft will require paid subscriptions for hotpatching in Windows Server 2025 starting July 1, 2025, allowing admins to install updates without restarting. Currently, hotpatching is available for free in preview, but those testing it must disenroll by June 30 to avoid automatic subscription. The service will cost $1.50 per CPU core per month and is designed for both multi-cloud environments and on-premises servers via Azure Arc connectivity.
Microsoft Entra has introduced a new design feature aimed at enhancing control for guest users within Azure Active Directory. This update is part of a broader effort to improve user experience and security for organizations utilizing Microsoft’s identity services. The changes are expected to streamline access management while ensuring robust security protocols are maintained.
ATEAM is a Python tool designed for reconnaissance of Azure services, enabling security researchers and Azure administrators to discover resources and tenant ownership information. It supports multi-threaded scanning, DNS validation, and exports results in various formats while utilizing an SQLite database for persistent storage of findings.
Azure Accelerate is a new offering from Microsoft designed to streamline cloud and AI transformations for organizations by providing access to expert guidance, funding opportunities, and comprehensive support throughout the implementation process. The initiative combines various Azure services and resources to help businesses modernize their operations, optimize investments, and successfully navigate their cloud journeys. Notable examples of successful Azure implementations showcase the platform's impact across various sectors.
The article discusses Microsoft's latest developments in AI, specifically highlighting their collaboration with Elon Musk's Grok AI and advancements in Azure AI Foundry. It emphasizes the strategic moves Microsoft is making to enhance its AI capabilities and competitive edge in the tech industry.
The project deploys a Velociraptor container on Azure App Service to facilitate incident response investigations, providing advanced endpoint visibility and scalable threat hunting capabilities across various operating systems. It includes features like a flexible query language and artifact management for efficient forensic analysis. Users are advised to configure authentication and can choose between scaling options for larger environments.
Default outbound access for Azure virtual machines will be retired on March 31, 2026, necessitating the transition to explicit outbound connectivity methods like NAT Gateway or Azure Firewall. Existing virtual networks will not be affected, but users are encouraged to adopt explicit methods for improved control and security. Guidance is provided for identifying resources using default outbound access and transitioning to recommended solutions.
Starting Databricks clusters can incur significant unexpected costs due to data downloads during VM startup, especially when routed through Azure Firewall, leading to charges exceeding €3,000 monthly. Best practices to mitigate these costs include using Private Endpoints, careful monitoring of network traffic, and testing configurations in isolated environments before production deployment.
KubeForenSys is a Python tool designed to collect data from Kubernetes clusters, particularly Azure Kubernetes Service, and send it to Azure Log Analytics for post-compromise analysis. It gathers various data types such as pod logs, Kubernetes events, command histories, and suspicious pod detections, while also automating the provisioning of necessary Azure resources. Users can customize the data collection parameters and ensure proper access and configurations for effective operation.
Microsoft has launched Azure Storage Discovery in preview, a fully-managed service that provides users with insights into their blob storage, including data evolution, cost optimization, and security recommendations. The service integrates with Azure Copilot, allowing users to analyze their storage estate efficiently using natural language queries and offers historical data for a comprehensive understanding of trends. Currently available in select regions, it features a free pricing plan for basic insights and a standard plan for advanced analytics, both free until September 30, 2025.
BlackCat is a PowerShell module aimed at validating the security of Microsoft Azure environments by identifying potential security risks and ensuring compliance with best practices. It requires PowerShell 7.0 or higher and the Az.Accounts module, and is set to be published on the PowerShell Gallery after completion. Users can also contribute to the project by providing feedback or making code contributions through GitHub.
Explore the integration of Azure Multi-Factor Authentication (MFA) with Duo's Entra ID and its external authentication methods. This webinar provides insights into enhancing security protocols and compliance for organizations using these technologies.
Terraform and Bicep are prominent infrastructure-as-code tools, with Terraform being a cloud-agnostic solution and Bicep specifically designed for Microsoft Azure. Bicep simplifies the JSON syntax of ARM templates and offers native Azure integration, while Terraform boasts a rich provider ecosystem and state management features. Understanding their differences can help users choose the right tool for their deployment needs.
Microsoft and VIAcode offer a free guide for migrating Linux workloads to Microsoft Azure, highlighting the benefits of running Linux on Azure, including significant cost savings and a zero-downtime migration framework. The guide includes expert insights, case studies, and strategies for optimizing performance and AI-readiness post-migration.
Microsoft has launched the Azure Service Health Built-In Policy (Preview) to automate and enhance the deployment of Service Health alerts across Azure subscriptions. This new policy simplifies the setup process, ensuring consistent notifications for platform-level issues, while allowing for customization and flexibility in alert management. It complements the existing Azure Monitor Baseline Alerts without replacing them.
The article discusses best practices for securing Terraform state files stored in Azure Blob Storage, emphasizing the importance of encryption, access control, and proper configuration to protect sensitive infrastructure data. It provides practical guidance on implementing these security measures effectively to mitigate risks associated with cloud infrastructure management.
The post details how to implement a "build once, deploy everywhere" strategy using Azure Developer CLI (azd) for provisioning environment-specific infrastructure and promoting applications from development to production. It emphasizes using conditional Bicep deployment, environment variable injection, and an automated CI/CD pipeline to ensure consistent deployments across different environments.
Microsoft and Hugging Face have expanded their collaboration to make over 10,000 open models easily deployable on Azure, enhancing accessibility for developers while ensuring secure deployment alongside company data. The initiative aims to empower enterprises to build AI applications using a diverse range of models, with ongoing updates and support for various modalities.
The article outlines how to implement a "build once, deploy everywhere" strategy using Azure DevOps Pipelines with the Azure Developer CLI. It highlights the benefits of using CI/CD artifact systems for improved traceability and cross-job compatibility, and presents a multi-stage pipeline structure that enhances deployment processes through better separation of concerns and validation checks.
The blog post outlines best practices for implementing DNS in Azure landing zones, emphasizing the importance of a well-structured DNS architecture for secure and scalable enterprise deployments. It discusses various components like Private DNS Zones, DNS Private Resolvers, and forwarding rulesets, and provides guidance on configuring DNS settings to facilitate efficient communication across virtual networks.
A comprehensive guide for deploying AI models using vLLM on Azure Kubernetes Service (AKS) with NVIDIA H100 GPUs and Multi-Instance GPU (MIG) technology is provided. It outlines the necessary prerequisites, steps for infrastructure creation, GPU component installation, and model deployment, enabling efficient utilization of resources and cost savings through hardware isolation.
The article discusses the process of deploying and managing Azure Virtual Machines, focusing on advanced networking and security features. It provides insights on best practices for configuration and management to enhance the performance and security of virtual environments in Azure.
The article discusses the use of data attributes in Azure, explaining how they can enhance the functionality and data handling within Azure applications. It highlights practical examples and best practices for implementing these attributes effectively.
Launch a secure and scalable Slack bot for Azure support tickets using Azure Container Apps, featuring zero-admin secrets management, RBAC access, and auto-scaling. This guide provides a production-ready blueprint for integrating Slack with Azure support, emphasizing speed, security, and cost efficiency for digital native teams.
Zone redundancy is now enabled by default for all Azure Container Registry (ACR) SKUs in regions that support Availability Zones, enhancing the resiliency of container artifacts without any additional cost or configuration required from users. This automatic upgrade protects against single-zone outages and applies to both new and existing registries. The Azure portal and CLI may not yet reflect this change accurately, but it is actively being addressed by Microsoft.
The article discusses the integration of service groups in Azure using Terraform with the AzAPI provider. It highlights best practices and the advantages of managing Azure resources through code, specifically focusing on the automation and efficiency Terraform provides in handling service groups. Additionally, it addresses common challenges and solutions encountered in the process.
Cloud logging best practices are essential for organizations migrating to cloud environments, helping them meet security, regulatory, and business needs. By understanding the differences between data and control plane logging across major cloud service providers, organizations can develop a customized logging framework that optimizes visibility and compliance. Collaboration with legal and compliance teams is crucial for navigating regulatory requirements and ensuring effective logging strategies.