Browse All Roundups (87)

This week in GitHub Copilot, the story is less about new prompts and more about where agent work runs, how it gets reviewed, and how teams operate it safely. The Copilot desktop app expands in preview with canvases, voice input, isolated worktrees, and sandboxes, pushing agent workflows into a separate, reviewable workspace outside the editor. On the ops side, agentic workflows can now use GITHUB_TOKEN instead of PATs, Copilot Chat on the web surfaces cloud agent sessions and searchable history, and Copilot CLI and Code Review add configuration and governance controls (plus a new terminal security review command). We also saw Copilot features land deeper in Azure DevOps and Azure Repos, and model and platform news (Claude Fable 5 in Foundry) that reinforces how much governance, monitoring, and cost controls shape real agent adoption.

This week's Azure roundup focuses on turning agentic AI from demos into production systems, with Microsoft Foundry and Azure AI Foundry leaning into orchestration, observability, governance, and clearer token-based cost controls. On the operations side, Azure Monitor expanded its OpenTelemetry and DCR toolbox with GA features for metrics export and platform SLI/SLOs, while App Service added MCP support and improved Linux startup diagnostics to shorten troubleshooting loops. We also saw practical guidance for running AI workloads on Azure Container Apps, plus new security guardrails like Network Security Perimeter for Service Bus and LAPS for Azure Arc to standardize controls across cloud and hybrid environments.

This week in .NET, the Build 2026 recaps and session watchlists make one theme hard to miss: Microsoft is treating agentic workflows as something .NET teams should build, ship, and operate, not just demo. Alongside guidance for tracking .NET 11 and upcoming C# features, we saw practical patterns for grounded assistants ("golden repos" in ArchAngel) and a clear push toward multi-agent distributed apps with .NET Aspire and Microsoft Agent Framework. We also get a preview of where modernization is heading, with the .NET Day on Agentic Modernization connecting migrations to governed tool-calling flows through Copilot, Foundry services, and MCP-style integrations.

This week in security, the focus shifted to tightening defaults and making controls easier to enforce across code, agents, and cloud boundaries. GitHub reduced credential sprawl and raised CI/CD gates with built-in tokens, bot PR workflow approvals, stronger validation for agent-generated PRs, and faster CodeQL scanning (including coverage for dormant repos). On the AI side, the story was operational guardrails: Foundry governance controls, ASSERT for turning specs into repeatable evals, and practical MCP patterns for exposing and scanning tools safely. Rounding out the week were concrete enterprise hardening moves like Azure Network Security Perimeter for Service Bus, IP allow lists for EMU namespaces, passkey adoption campaigns, centralized platform log collection, and LAPS policy enforcement for Azure Arc.

This week's DevOps roundup is about tightening control without slowing delivery: GitHub Actions resumes minimum runner version enforcement, adds new hosted runner images, and expands approval gates for automation-driven pull requests. Agentic Workflows move into public preview with a Markdown-to-YAML authoring flow, new guardrails, and a shift from PATs to GITHUB_TOKEN for simpler permissions management. On the observability side, Azure Monitor pushes standardization with OpenTelemetry VM metrics, DCR-based metrics export and platform log collection, exemplar links between metrics and traces, and GA support for SLIs and SLOs. We also cover GHES 3.21, faster and broader CodeQL scanning, improved secret scanning signal quality, and updates that make reliability and cost allocation easier to track.

This week's AI roundup is about turning agents into something you can run, review, and govern. GitHub's Agentic Workflows moved into public preview with Actions-native controls, stronger sandboxing, and fewer operational footguns like PAT sprawl, while Copilot expanded enterprise configuration across code review, terminal workflows, and auditable agent sessions (including validation for third-party agents). On the platform side, Azure AI Foundry and Claude Fable 5 leaned into long-running agent patterns, and MCP kept emerging as the common layer for wiring tools with policy and authentication. We also saw practical guidance on evaluation and token discipline, plus concrete ops and security updates ranging from Azure Container Apps troubleshooting to reduced secret scanning alert fatigue.

This week in ML is a reminder that production reliability lives in the details: licensing and entitlements in Azure AI Foundry, VM and disk changes that can reshape workloads, and the day-to-day reality of cold starts, probe timeouts, and OOM kills. We also saw practical guidance for handling regional capacity limits in Azure Databricks and for standardizing failure logs across Fabric and Synapse pipelines with Azure Monitor and KQL. On the product side, Fabric added real-time dashboard improvements, governed sharing options (including OneLake shortcuts and cross-workspace role management), and more Copilot-driven authoring paths that fit into versioned, repeatable workflows.

This week in DevOps, agentic workflows moved from demos to platforms you can standardize, version, and roll out, with new GitHub Copilot and agent app surfaces, deeper PR-integrated review, and APIs that let other systems trigger governed agent tasks. Security teams also got a clearer warning label as prompt injection and a large npm campaign showed how agent tools and CI publishing flows can be abused, reinforcing least privilege, pinning, and explicit approval boundaries. On the operations side, direct OTLP ingestion into Azure Monitor reached GA and agent-focused observability views expanded, making trace-first debugging and cost visibility more practical as AI credits and usage-based billing become day-to-day concerns.

This week, GitHub and Microsoft positioned Copilot as part of an enterprise agent platform, where identity, tool access, policy, observability, and eval loops matter as much as model output. Copilot also moved further into resource management, with model deprecations and replacements, optional Gemini models via admin policy, 1M-token context and reasoning controls, and fully live usage-based billing tied to GitHub AI Credits (plus new cost signals for code review and Actions). Inside GitHub, agentic workflows expanded with richer PR context for Copilot Chat, configurable code review tiers and MCP-backed skills, Azure Repos review previews, and Marketplace-installed agent apps. The rest of the updates fill in the execution and governance layer (CLI scheduling and rubber-duck review, sandboxes, a cloud agent tasks API, the Copilot SDK GA, and tighter enterprise controls across VS Code, JetBrains, Visual Studio, and Eclipse).

This week in ML, Microsoft Fabric moved closer to an agent-ready analytics platform, with new ways to ship backends into Fabric, ground agents in governed context, and model relationships directly on OneLake. Rayfin positions Fabric as a default deployment target for data-powered apps, while Fabric IQ (now GA) and its ontology support aim to standardize how agents request context with permissions and auditability built in. Graph in Fabric (GA) adds GQL-based relationship querying, and the Fabric Operations agent plus Fabric Skills show how Microsoft wants teams to monitor, automate, and code against Fabric with guardrails instead of one-off scripts.

This week's AI roundup focuses on Microsoft Foundry's shift from a model catalog to an end-to-end platform for building, operating, and distributing enterprise agents. Build 2026 updates centered on a repeatable operations loop (traces, evaluations, routing, and tuning), production-ready hosted agents with more reliable memory controls, and tool connectivity that scales through Toolboxes and managed MCP servers. On the grounding side, Foundry IQ expanded retrieval and connectors, while Teams and Microsoft 365 Copilot publishing (plus Entra ID-backed A2A endpoints) moved agent deployment closer to where work actually happens.

This week's ML roundup focuses on tightening the path from data to deployed models, with Microsoft Foundry expanding model options and leaning into trace-based evaluation that works across clouds. On the data side, Microsoft Fabric added features that reduce day-to-day pipeline overhead, including incremental Delta maintenance, CDC in Copy job, richer IoT streaming metadata, and new preview tooling for Excel ingestion and scheduled Spark pools. We also look at practical building blocks around ML work, from governed data exploration in Data Formulator to persistent agent memory with SQL, plus an infrastructure take on single-GPU training at the 100B+ scale and a simpler approach to Python data pipelines with dlt.

This week's AI roundup focuses on what it takes to ship and operate agentic systems in real environments, from Microsoft Foundry updates (evaluation, model choice, and private networking) to clearer build-time vs run-time agent architectures. MCP kept gaining ground as the integration contract for tools, prompts, and "docs as context", with new Azure Functions prompt triggers and dedicated MCP servers for SRE workflows and Microsoft Learn grounding. On the GitHub Copilot side, enterprise rollouts got more practical with Claude Opus 4.8 GA, model targeting rules, stronger memory controls, and usage metrics that separate access from adoption. We wrap with IDE workflow changes that push plan-review-refine loops, plus security guidance that maps OWASP agentic risks to concrete governance tooling.

This week's DevOps roundup connects three threads that show up everywhere in modern delivery: supply chain risk, agent-driven automation, and platform guardrails that actually enforce policy. Microsoft flagged new npm install-time attack campaigns, a reminder that lifecycle hooks inherit your CI and workstation permissions unless you tighten token scope and credential exposure. On the automation side, guidance and tooling updates pushed agents toward production discipline (tool contracts, grounding, eval gates, and auditability), while GitHub and Azure shipped governance knobs like Code Quality enablement APIs, CodeQL improvements, hard budget limits for GHAS, and security baselines as code for Windows and Azure Arc.

This week's GitHub Copilot updates focused on making agentic work easier to manage at scale, from new model options and tighter enterprise controls to longer-running sessions you can supervise across devices. Claude Opus 4.8 reached general availability with a temporary premium request multiplier to plan around, while model rules add org-level targeting for phased rollouts. On the workflow side, VS Code continued building an agent-first experience (Agents window, remote sessions, and remote control GA), and MCP examples showed how tools, permissions, and doc grounding can make agents safer and more reliable. We also saw practical steps toward predictable behavior and measurable outcomes, with improved memory controls and new adoption cohorts in the Copilot metrics API to connect spend to real usage.

This week's DevOps roundup centers on supply chain defense, with new npm compromises (including Shai-Hulud variants) reinforcing the need for safer publishing and install defaults, plus fast secret rotation and endpoint hunting when incidents land. We also saw practical hardening lessons from GitHub Actions and extension supply chain incidents, alongside GitHub platform changes that improve auditability (issue fields, OIDC expansion, and API behavior updates). On the operations side, Copilot and VS Code agent workflows moved closer to day-to-day incident response, while Azure updates covered GitOps in AKS, more control over autoscaling, and patching at scale with Arc. The thread running through it all is treating automation and agents as production attack surface, then backing that up with instrumentation, governance, and repeatable controls.

This week in ML is about making AI systems easier to run in real environments: smaller-footprint agent stacks for UI tasks, benchmarks that test repeatable stateful workflows, and RAG designs that keep quality steady as corpora grow. On the infrastructure side, we saw practical steps to reduce cluster surprises and cut inference cold starts, plus a Kubernetes-native control plane pattern for model deployments. Fabric updates round out the story with improvements to freshness, auditing, notebook export controls, and cost attribution that directly affect feature pipelines, retrieval stores, and ML-adjacent monitoring.

This week's Azure roundup focuses on what it takes to run real workloads safely: small platform updates worth testing early (Functions, App Service TLS), repeatable deployment patterns, and stronger operational guardrails for AI systems. Azure AI Foundry content moved from agent demos to production plumbing like model routing evals, scalable RAG design, and App Service reference architectures with gateways, MCP scale-out, and self-healing behaviors. On the security side, incident writeups and threat research reinforced hardening priorities across identity, edge appliances, Key Vault, and software supply chains, while AKS, networking, and hybrid updates added practical tools for GitOps, safer rule changes, and lower-downtime patching with Arc.

Welcome to this week's Security roundup, where supply chain attacks kept pushing left into developer tools, dependencies, and CI defaults, including a poisoned VS Code extension incident and large-scale malicious npm package infections. Incident reporting also reinforced how quickly attackers can chain identity compromise, edge appliance exposure, and trusted tooling into broad access across on-prem and cloud control planes. On the defense side, the theme was making security more enforceable and testable: new npm release controls, tighter GitHub Actions guidance, practical KQL hunting playbooks, and concrete frameworks for agent security governance and red-teaming. We close with operational updates that reduce patching and change-management friction, plus developer-facing improvements that make audits and unsafe-code boundaries easier to reason about.

This week focused on making AI coding and agent workflows easier to govern and operate at scale, from Copilot defaulting to GPT-5.3-Codex as an LTS-style baseline to task-routed "Auto" model selection in VS Code with clearer admin enforcement. Agents kept moving deeper into day-to-day delivery, with remote control for Copilot CLI sessions, one-click fixes for failing GitHub Actions, and more auditable cloud agent configuration via REST APIs. On the platform side, Microsoft Foundry and Azure patterns emphasized shipping and running agents like real services: persistent memory, evaluation for model routing, MCP catalogs and scalable tool servers, and LLMOps controls for RAG and self-healing deployments. Security guidance reinforced the same direction, with deterministic tool-boundary enforcement (FIDES) and CI-native red teaming and intent tracking (RAMPART and Clarity) so safety stays tied to code changes.

This week's .NET roundup spans language changes, dependency hygiene, and how agent-driven development fits into real engineering workflows. On the platform side, C# proposals like caller-unsafe boundaries and .NET 11 preview union types aim to make APIs more explicit and domain models easier to reason about, while Blazor WebAssembly adds a Web Worker template to move heavy work off the UI thread. In build and security tooling, NuGet package pruning and audit-by-default raise the baseline for actionable vulnerability signals with less restore-graph noise. We also look at how Copilot planning, governance extensions, and OpenTelemetry tracing (including Aspire Dashboard) are pushing agent sessions toward the same reviewability and observability standards as production services.

This week's GitHub Copilot roundup focuses on two practical themes: more predictable model management and more hands-off agent workflows. GPT-5.3-Codex becomes the new Business/Enterprise baseline as the first Copilot LTS model, while VS Code Auto mode shifts to task-based routing with clearer visibility and billing signals. On the workflow side, Copilot expands "Fix with Copilot" across PR reviews and failing Actions runs, adds remote control for CLI sessions, and introduces an API for auditing cloud agent configuration. We also saw web chat gain better page-level context and semantic issue search, plus broader client momentum with Visual Studio's Plan agent and the Copilot for Eclipse plugin going open source.

This week’s roundup is about turning agents into something you can run day to day: priced in tokens, governed by policy, and observable like any other production service. GitHub Copilot filled in the operational gaps ahead of June’s billing shift with reporting, plan changes, and new ways to standardize and trigger agent work via skills, apps, and APIs. Microsoft’s AI stack sharpened the same themes with local inference, OpenTelemetry tracing, continuous evaluation, and more human supervision in Power Platform, while cloud and DevOps updates pushed teams toward pinned baselines, stronger messaging guarantees, and tighter key and identity hygiene.

Welcome to this week's Weekly .NET Roundup, where the theme is making modern .NET systems easier to run in the real world: from durable, orchestrated AI agents to more predictable Blazor WebAssembly performance and testing. We look at the Host Integration Server 2028 preview bringing .NET 10, Linux support, Entra ID, and Arc governance to IBM integration scenarios, plus new guidance that turns the Microsoft Agent Framework into something you can build, host, and observe like any other service. We also cover secure-by-default agent deployments with an azd template, practical .NET 10 minimal API versioning patterns, and a steady stream of Copilot and VS Code updates that push agents, context control, and reproducible workflows into everyday development.

This week's Azure updates center on making production changes less disruptive, from in-place VM moves into Availability Zones and Availability Set migrations to VM Scale Sets (Flexible), to new Intel Xeon 6-based VM families and upcoming reservation retirements that impact cost planning. On the AI side, the focus shifts from models to operations, with the Azure Resource Manager MCP Server, multi-region agent landing zone guidance, and clearer paths from local prototypes to governed, observable deployments in Azure AI Foundry. Infrastructure and security themes tie it together with safer Terraform state migrations, earlier validation for Azure Functions deployments, more transparent HSMs, and better code-to-cloud risk context via Defender for Cloud and GitHub Advanced Security. Data and platform operations round out the week with Cosmos DB RU lessons, Databricks inventory and DR patterns, Logic Apps Standard migration tooling, and practical improvements for ACR, AKS resiliency testing,

This week in Security, the spotlight is on what happens after initial access: Microsoft reported active exploitation of the Linux "Dirty Frag" local privilege escalation path, a reminder that containment and patching for LPE issues cannot wait. Threat research reinforced the same theme of attackers leaning on real workflows, from AiTM phishing that steals cloud authentication tokens to ClickFix-style macOS lures that push users into running Terminal commands. On the platform side, guidance and tooling matured around securing AI agents (least-privilege tokens, centralized governance, and safer PR review) while GitHub and Azure shipped practical improvements for earlier DevSecOps scanning, code-to-cloud risk correlation, and hardened container distribution paths.

This week in the Weekly GitHub Copilot Roundup, model deprecations moved from a background concern to an operational deadline, with admins needing to update allowlists, defaults, and documentation before pinned model choices disappear. In VS Code and Copilot CLI, the theme is more agent capability paired with more governance: semantic indexing and chat history retrieval, richer agent sessions (terminal and browser tab access), and enterprise-managed plugins. MCP-based security tools expanded the agent inner loop with secret scanning now GA and dependency scanning in preview, while new usage metrics, token-efficiency practices, and agent PR review guidance help teams measure cost, validate behavior, and ship changes more safely at scale.

This week's Weekly AI Roundup focuses on what it takes to run coding agents as operational systems, not just helpful assistants. Copilot model deprecations (Grok Code Fast 1, GPT-4.1, Claude Sonnet 4) put a spotlight on enterprise model policies and the need for planned cutovers with validation windows. Across VS Code and Copilot CLI, agent mode gained more workflow plumbing, admin controls, and new measurement signals like code review comment types in the usage metrics API. On the platform side, MCP servers brought Azure operations and security scanning closer to the editor, while Agent Framework guidance and Azure landing zone architecture spelled out patterns for durable, governed deployments.

This roundup tracks a clear shift from agent capability to agent governance: more context, more observability, and more policy controls across Copilot, VS Code, and the CLI. On the platform side, Microsoft tightened the path from prototype to production with .NET agent building blocks, Azure AI Foundry deployment patterns, and data governance improvements that make RAG and operations easier to standardize. We also cover the less flashy work that keeps systems dependable at scale, including Fabric and Databricks operational updates, GitHub migration and ruleset changes, and security research that keeps token theft, privilege escalation, and supply chain risk in focus.

This week in DevOps, AI agents started to look less like helpers and more like production automation, so the focus shifted to guardrails: least-privilege identity, auditable tool access, and cost controls for token-heavy workflows. GitHub expanded MCP-based security checks (secret scanning GA and dependency scanning preview) and shared practical guidance for reviewing agent-generated pull requests, while Microsoft outlined patterns for governing multi-region agent sprawl and previewed an Azure Resource Manager MCP Server for structured ops automation. On the platform and infrastructure side, teams got updates that make change safer and more repeatable, from CodeQL and code-to-cloud correlation to Terraform stability, Azure cutover playbooks, and Kubernetes hardening and resiliency testing.

This week in DevOps was about making the delivery pipeline more reliable end-to-end: GitHub shared what it is changing after recent availability incidents, while Microsoft and the community published practical guidance for scaling CI runners, modernizing infrastructure as code (IaC), and tightening up the tooling and documentation that keeps teams shipping.

This week’s roundup is about turning agentic tooling into something teams can run, budget, and govern. GitHub Copilot’s shift to token-based billing and AI Credits makes cost a first-class part of rollout checklists, especially as agent-style IDE and PR workflows expand and code review begins consuming both AI Credits and GitHub Actions minutes. On the platform side, GPT-5.5 in Microsoft Foundry, Microsoft Agent Framework 1.0, and A2A/MCP interoperability point toward more standardized agent runtimes, while Azure and Fabric updates reinforce the same operational theme: tighter identity, clearer observability, and more precise controls in both connected and constrained environments.

This week, the Machine Learning story was mostly about getting data into shape for ML and analytics at scale: Microsoft Fabric leaned further into OneLake as the common data layer, tightened up real-time streaming so features and signals can arrive with fewer surprises, and nudged SQL developers toward a more modern, Git-friendly workflow in VS Code. Alongside those platform updates, Microsoft also shared an early look at how unconventional hardware (and its digital twins) might run real lending models in the future.

Copilot moves toward more agentic workflows across IDEs and GitHub, while June 1 brings token-based billing, AI Credits, and new meters like Actions minutes for private-repo code review. In parallel, Microsoft and the broader ecosystem tightened the production story for agents with GPT-5.5 in Foundry, GA interoperability protocols (A2A and MCP), and more concrete guidance on observability, retrieval, and governance. Platform updates across Azure and Fabric focused on controlled operations: sovereign and disconnected deployments, least-privilege storage access, SLI/SLOs in Azure Monitor, and better real-time pipeline monitoring.

Building on last week's "day-two readiness" thread (standard workflows, controlled transitions, and evidence-based troubleshooting), Azure’s story this week was about tightening control as Azure expands into more constrained environments. On one end, Azure Local and landing zone guidance leaned into disconnected and sovereign operations, while core platform services like Blob Storage, Azure Monitor, and AKS picked up practical updates that help teams scale securely, observe more precisely, and ship faster.

This week’s roundup is about turning agentic tooling into something teams can run, budget, and govern. GitHub Copilot’s shift to token-based billing and AI Credits makes cost a first-class part of rollout checklists, especially as agent-style IDE and PR workflows expand and code review begins consuming both AI Credits and GitHub Actions minutes. On the platform side, GPT-5.5 in Microsoft Foundry, Microsoft Agent Framework 1.0, and A2A/MCP interoperability point toward more standardized agent runtimes, while Azure and Fabric updates reinforce the same operational theme: tighter identity, clearer observability, and more precise controls in both connected and constrained environments.

This week in .NET was a mix of platform plumbing and practical building blocks: Microsoft pushed forward on modernizing the toolchain (especially inside Visual Studio), while several posts showed how .NET 10+ apps are increasingly composed from focused libraries for AI, caching, and API surface management. Coming right after last week's split between "install the preview" (.NET 11 Preview 3) and "patch production now" (April 2026 servicing), the throughline is familiar: the platform keeps tightening defaults (dependencies, provenance, project systems), and teams need to validate those shifts early to avoid surprises later. At the same time, a couple of changes signaled where the ecosystem is heading next, including a notable test platform dependency shift that could surface as a breaking change in CI.

Security news this week focused on two parallel pressures teams are feeling right now: urgent patch-and-harden work for high-impact vulnerabilities in core dev and runtime infrastructure, and the fast-moving reality that AI agents are becoming part of the attack surface. Across Microsoft and GitHub updates, the practical theme was governance (who can call what, when, and with what audit trail) paired with stronger identity and data protections that reduce blast radius when something does go wrong. That threads cleanly into last week's direction: reduce ambient privilege, remove long-lived secrets, and make secure defaults workable at scale, because when an incident starts from "normal" workflows, your margin often comes from consistent guardrails and fast containment.

This week’s roundup is about the trade-offs that show up when agents move from demos to daily work: more surfaces, more automation, and more reasons to enforce limits and policies. GitHub Copilot expanded agent experiences and model options (including GPT-5.5 GA), but it also introduced tighter individual usage controls and shifting access to premium Claude Opus models. On the Microsoft side, Azure AI Foundry, Agent Framework, and Fabric leaned into governed tool execution through MCP, with secure networking, managed identity, and outbound restrictions becoming default expectations. We close with the less glamorous but essential work of reliability and security: upcoming GitHub protocol and token changes, DevSecOps tuning via CodeQL and dependency graphs, and Defender research that turns real intrusion chains into actionable hunts and containment steps.