Browse All Posts (1658)

Natalie Guevara walks beginners through using Visual Studio Code’s built-in Source Control features to work with Git and GitHub, including initializing a repo, creating branches, staging and committing changes, viewing diffs, merging, publishing to GitHub, and cloning repositories, with a short intro to MCP and Copilot Chat.

GitHub walks beginners through using Git and GitHub directly inside VS Code, covering the core source control workflow from initializing a repo and committing changes to branching, merging, and publishing to GitHub.

Visual Studio Code highlights a VS Code “hook” feature and points to a longer video that goes deeper on how hooks can be used to customize the editor experience.

Brigit Murtaugh introduces VS Code’s Agents window and how it supports agent-first workflows across repos and machines, including session management with worktrees, integrated previews and diffs, and built-in flows for running tasks and working with commits and pull requests.

John Savill explains what “AI skills” are, why they matter for working with AI assistants, and how to use them effectively through progressive disclosure, sequencing, and practical examples, including where skills can be used in environments like GitHub Copilot.

John Savill's Technical Training gives a quick, high-level overview of AI skills and what to focus on when building AI capability.

John Edward outlines practical Microsoft Copilot Studio scenarios teams are using to cut repetitive work, including customer support, HR onboarding, IT help desk triage, internal knowledge search, sales lead qualification, and meeting follow-ups across common Microsoft 365-connected workflows.

This week's DevOps roundup centers on supply chain defense, with new npm compromises (including Shai-Hulud variants) reinforcing the need for safer publishing and install defaults, plus fast secret rotation and endpoint hunting when incidents land. We also saw practical hardening lessons from GitHub Actions and extension supply chain incidents, alongside GitHub platform changes that improve auditability (issue fields, OIDC expansion, and API behavior updates). On the operations side, Copilot and VS Code agent workflows moved closer to day-to-day incident response, while Azure updates covered GitOps in AKS, more control over autoscaling, and patching at scale with Arc. The thread running through it all is treating automation and agents as production attack surface, then backing that up with instrumentation, governance, and repeatable controls.

This week in ML is about making AI systems easier to run in real environments: smaller-footprint agent stacks for UI tasks, benchmarks that test repeatable stateful workflows, and RAG designs that keep quality steady as corpora grow. On the infrastructure side, we saw practical steps to reduce cluster surprises and cut inference cold starts, plus a Kubernetes-native control plane pattern for model deployments. Fabric updates round out the story with improvements to freshness, auditing, notebook export controls, and cost attribution that directly affect feature pipelines, retrieval stores, and ML-adjacent monitoring.

This week's .NET roundup spans language changes, dependency hygiene, and how agent-driven development fits into real engineering workflows. On the platform side, C# proposals like caller-unsafe boundaries and .NET 11 preview union types aim to make APIs more explicit and domain models easier to reason about, while Blazor WebAssembly adds a Web Worker template to move heavy work off the UI thread. In build and security tooling, NuGet package pruning and audit-by-default raise the baseline for actionable vulnerability signals with less restore-graph noise. We also look at how Copilot planning, governance extensions, and OpenTelemetry tracing (including Aspire Dashboard) are pushing agent sessions toward the same reviewability and observability standards as production services.

Welcome to this week's Security roundup, where supply chain attacks kept pushing left into developer tools, dependencies, and CI defaults, including a poisoned VS Code extension incident and large-scale malicious npm package infections. Incident reporting also reinforced how quickly attackers can chain identity compromise, edge appliance exposure, and trusted tooling into broad access across on-prem and cloud control planes. On the defense side, the theme was making security more enforceable and testable: new npm release controls, tighter GitHub Actions guidance, practical KQL hunting playbooks, and concrete frameworks for agent security governance and red-teaming. We close with operational updates that reduce patching and change-management friction, plus developer-facing improvements that make audits and unsafe-code boundaries easier to reason about.

This week focused on making AI coding and agent workflows easier to govern and operate at scale, from Copilot defaulting to GPT-5.3-Codex as an LTS-style baseline to task-routed "Auto" model selection in VS Code with clearer admin enforcement. Agents kept moving deeper into day-to-day delivery, with remote control for Copilot CLI sessions, one-click fixes for failing GitHub Actions, and more auditable cloud agent configuration via REST APIs. On the platform side, Microsoft Foundry and Azure patterns emphasized shipping and running agents like real services: persistent memory, evaluation for model routing, MCP catalogs and scalable tool servers, and LLMOps controls for RAG and self-healing deployments. Security guidance reinforced the same direction, with deterministic tool-boundary enforcement (FIDES) and CI-native red teaming and intent tracking (RAMPART and Clarity) so safety stays tied to code changes.

SHAILESHDEVADIGA outlines a production-oriented Azure Retrieval-Augmented Generation (RAG) architecture that ingests documents from Blob Storage, extracts structure with Document Intelligence, generates embeddings with Azure OpenAI, and serves grounded answers via an Azure AI Foundry agent backed by Azure AI Search.

This week's Azure roundup focuses on what it takes to run real workloads safely: small platform updates worth testing early (Functions, App Service TLS), repeatable deployment patterns, and stronger operational guardrails for AI systems. Azure AI Foundry content moved from agent demos to production plumbing like model routing evals, scalable RAG design, and App Service reference architectures with gateways, MCP scale-out, and self-healing behaviors. On the security side, incident writeups and threat research reinforced hardening priorities across identity, edge appliances, Key Vault, and software supply chains, while AKS, networking, and hybrid updates added practical tools for GitOps, safer rule changes, and lower-downtime patching with Arc.

This week's GitHub Copilot roundup focuses on two practical themes: more predictable model management and more hands-off agent workflows. GPT-5.3-Codex becomes the new Business/Enterprise baseline as the first Copilot LTS model, while VS Code Auto mode shifts to task-based routing with clearer visibility and billing signals. On the workflow side, Copilot expands "Fix with Copilot" across PR reviews and failing Actions runs, adds remote control for CLI sessions, and introduces an API for auditing cloud agent configuration. We also saw web chat gain better page-level context and semantic issue search, plus broader client momentum with Visual Studio's Plan agent and the Copilot for Eclipse plugin going open source.

Authorised Territory demonstrates how to return JSON data from a resource command in .NET Aspire 13.3.0 by wiring up a Minimal API project to Aspire orchestration and invoking its endpoints via HTTP commands from the Aspire dashboard.

GitHub explains a practical way to start contributing to open source by looking for repositories with the “good first issue” label, then following the project’s contributing guide to make a small first fix. It also mentions using GitHub Copilot to help find projects by language and label.

Noa Kuperberg introduces the new chat experience for the Azure Copilot Observability agent, showing how operators can ask natural-language questions in the Azure Portal and have the agent translate them into queries, correlate signals across data sources, and return actionable insights for troubleshooting.

John Savill runs through the weekly Azure update for 22nd May 2026, covering a wide set of platform changes across AKS, Functions, App Service, networking, storage, Event Grid, databases, and Azure AI Foundry, including retirements, new limits, and feature updates developers and operators should track.

Amar Digamber Patil shares what inspired the Budget Bytes series and how developers can build useful AI-powered apps on a tight budget, starting small and scaling over time using Microsoft services like Azure SQL.

Allison announces two npm supply-chain security updates: staged publishing (now GA) and new install-time allowlist flags in npm CLI 11.15.0+. The post explains how to route CI/CD publishes into a stage queue that requires maintainer approval with 2FA, and how to lock down non-registry dependency sources during installs.

Pamela Fox shares the recordings, slides, and sample repos from a three-part livestream series on deploying and hosting Python AI agents on Microsoft Foundry, including Agent Framework and LangChain/LangGraph builds plus quality, safety, and evaluation practices.

Nadim Abdo summarizes why Microsoft was named a Leader in Forrester’s Workforce Identity Security Platforms Wave (Q2 2026), and uses the report as a jumping-off point to discuss identity as a core security control, including ITDR, phishing-resistant authentication, and extending governance to AI agents and other non-human identities.

The Microsoft Defender Security Research Team breaks down a multi-stage intrusion that started with an Azure-hosted F5 BIG-IP edge appliance, pivoted to an internal Confluence server, and escalated into credential theft and relay-style attacks against Active Directory, with concrete Defender detections, hunting queries, and mitigation guidance.

Reynald Adolphe and Guy Royse show how to build AI agents with persistent memory using Redis Agent Memory and GitHub Copilot, with a practical demo that ties agent workflows to a ham radio scenario.

stclarke introduces MagenticLite, MagenticBrain, and Fara1.5—Microsoft Research releases that explore how to build capable, human-supervised AI agents that run efficiently on smaller models, including a browser + local file workflow, an orchestration model, and a computer-use model tuned for long-running tasks.

Natalie Guevara shares GitHub’s announcement that Gartner positioned GitHub as a Leader in the 2026 Magic Quadrant for Enterprise AI Coding Agents, highlighting Copilot’s shift from code generation to agentic, end-to-end SDLC workflows with enterprise governance and security controls.

Steve Dispensa shares two customer stories (St. Luke’s and ManpowerGroup) showing how organizations are using Microsoft Security to build AI-ready foundations, with a focus on unifying SecOps signals, strengthening governance, and using Security Copilot to speed up investigations and automate routine SOC work.

Visual Studio Code introduces the new Agent Customization window, showing how developers can tailor agent behavior and related settings directly in the editor.

GitHub introduces a GitHub Copilot remote control feature that lets developers start a coding session on a computer and continue it from a phone, including managing multiple agent sessions without staying at a desk.

GeertVanTeylingen summarizes new SPECstorage Solution 2020 EDA_BLENDED benchmark results for Azure NetApp Files “large volume breakthrough mode”, highlighting how it sustains sub-millisecond latency while scaling concurrency and throughput for demanding EDA workloads.

Aung Oo explains how Azure NetApp Files supports large-scale Electronic Design Automation (EDA) workloads with predictable, low-latency shared storage, highlighting independent SPECstorage Solution 2020 benchmark results and real-world production adoption for high-concurrency EDA job execution.

DeepGanguly announces a preview capability for Azure Functions on Azure Container Apps that lets you override the platform’s auto-generated KEDA scale rules and supply your own scaler configuration, so you can control thresholds, combine multiple scaling signals, and safely revert back to platform-managed scaling.

vinilv explains how to run a fast, user-space “preflight” on Azure HPC GPU clusters to catch common distributed training failures early. The post introduces ai-cluster-validator and walks through validating Slurm topology, PyTorch DDP initialization, GPU affinity, and NCCL collectives, with actionable logs and telemetry for ops teams.

Sergey Menshykh explains how Agent Skills in the Microsoft Agent Framework Python SDK can be authored as files, inline code, or reusable classes, then composed into a single provider with discovery, filtering, deduplication, and optional human approval for script execution.

himachauhan explains why RAG systems that work well at 1,000 documents often degrade at hundreds of thousands or millions, and outlines practical architecture shifts—like semantic chunking, hierarchical indexing, hybrid retrieval, and precomputed embeddings—to keep retrieval quality, latency, and cost predictable at scale.

Allison announces that GitHub Copilot for Eclipse is now open source under the MIT license, with the full plugin code published on GitHub for community review and contributions.

Fokko at Work demos selected new features in Visual Studio Code 1.121 with a focus on GitHub Copilot and agent workflows, including remote agents, model configuration options, terminal tool improvements, and observability using OpenTelemetry and Grafana.

KishoreKumarPattabiraman outlines five build-time disciplines that help cloud-native platforms scale without constant rewrites: flexibility, resilience, observability, delivery practices, and cost discipline, with concrete patterns like tenant-scoped feature flags, idempotent writes, and request ID propagation across services.

KishoreKumarPattabiraman lays out five operational disciplines for running cloud-native platforms in production, focusing on observability, alert quality, incident response, release confidence, and continuous reliability using SLOs and error budgets.