Browse All Posts (307)

Allison announces an update to GitHub secret scanning: detections for Replicate secrets now include extended metadata to provide more context when a Replicate API token is found in a repository.

Allison announces a public preview of new GitHub REST API endpoints for retrieving GitHub Code Quality (CodeQL) findings at the repository level, enabling integrations that can query findings programmatically and support remediation workflows.

GitHub announces updates to GitHub Copilot CLI that add a terminal UI and tighter GitHub platform workflows, including tabs for issues and pull requests, quick access to gists, and slash-command driven actions like creating PRs and assigning reviewers from the terminal.

sbaynes announces the general availability of the Azure Copilot Observability Agent and explains how it uses Azure Monitor signals to help teams move faster from detection to root-cause understanding and remediation, as cloud systems become more agentic and operationally complex.

DevClass reports on Vercel’s Ship event announcements, focusing on the new open source eve agent framework and enterprise controls like Passport for bringing AI-built apps and agents under centralized identity and policy, including OpenID Connect support for providers such as Okta and Microsoft Entra ID.

sunil_sabat explains how Microsoft Fabric Data Factory supports multi-cloud data integration and orchestration across platforms like Snowflake, Databricks, Google BigQuery, and Salesforce, and how OneLake features (Shortcuts, mirroring) and Purview lineage help teams build governed, production-ready analytics and AI data flows.

Allison announces an update that lets Dependabot read from private GitHub-hosted package registries using the built-in GITHUB_TOKEN, removing the need for personal access tokens when the package grants Actions access to the repository.

Allison announces the general availability of GitHub Copilot CLI’s redesigned terminal interface, including tabbed navigation for issues, pull requests, and gists, plus an in-terminal setup flow for MCP servers, skills, plugins, and settings, with improved accessibility features.

Kayla Cinnamon demonstrates using MAI-Code-1-Flash inside VS Code via Copilot Chat to ship a feature end to end—navigating an existing codebase, building and running the project, and validating changes with tests—while also calling out the model’s cost benefits.

Justin Garrett interviews Microsoft MVP Andrew Pruski about building “Burrito Bot,” a semantic search demo that uses SQL Server 2025 vector search to recommend restaurants based on meaning rather than keywords, covering embeddings, similarity scoring, and scaling with vector indexes and ANN techniques.

Allison announces that Dependabot has dropped support for Python 3.9 due to end-of-life status, and explains the practical impact: Dependabot may stop opening pull requests for dependency updates if your setup still relies on Python 3.9.

Rohan Malpani explains how AI is being designed into developer tools, comparing Visual Studio “skills” with VS Code agent-based workflows and showing how teams move from prototypes to production-ready, AI-assisted engineering with attention to iteration, quality, and security.

Tim D'haeyer explains how to replace BizTalk-style code-table mapping during migrations by using an Azure Function that enriches XML documents via XPath-driven rules and SQL lookups, keeping Azure Logic Apps focused on orchestration instead of complex transformation logic.

Andrew Lock explains the new StringBuilder.MoveChunks() API in .NET 11 preview 5, showing how it can avoid large ToString() allocations by transferring a StringBuilder’s internal buffers. He also digs into the implementation details and why this matters for Roslyn source generators and SourceText creation.

John Edward introduces the GitHub Copilot Desktop App and explains how it extends Copilot beyond the IDE into a standalone workspace for understanding repositories, planning work, and getting AI help across day-to-day development tasks.

Allison announces BYOK support in the GitHub Copilot app, letting developers run agent sessions against their own model providers (including Azure OpenAI and Microsoft Foundry) while keeping billing, quotas, and data-handling terms under their control.

Rick Strahl breaks down three practical ways to ship a Windows app that works as both a GUI and a CLI, using his WebPackageViewer tool as the example and calling out the real-world trade-offs around console attachment, prompt glitches, and console-window flashing.

Learn Microsoft AI explains AgentSession in Microsoft Agent Framework, focusing on how it acts as a conversation state container to preserve context across agent runs and enable reliable multi-turn, stateful agent workflows.

GitHub introduces a beginner-friendly walkthrough of the GitHub Copilot app as a central place to manage work from idea to pull request, including using AI agents to explore issues, build features, and review changes in parallel.

Justin Bettencourt rounds up the May 2026 Azure SDK releases, including GA for the Azure SDK for Rust and the .NET Azure Batch client library, plus new Azure AI Search knowledge-base retrieval features and preview Azure AI Agent Server hosting libraries across .NET, Python, and JavaScript.

Santhosh_Ravin1 introduces Efficient Scaledown (Preview) for Microsoft Fabric Spark, explaining how remote shuffle storage and shuffle migration reduce recomputation during scale-down, improve resiliency, and cut compute costs, with concrete benchmark results and the Spark configuration needed to enable the feature.

Leonardo Micheloni explains how spec-driven development can reduce LLM “guesswork” by giving AI a clearer structure to work from, using GitHub Spec Kit as the concrete example discussed on On .NET Live.

Natalie Isak and Sarah Cooley explain how “AI memory” changes the threat model for assistants and agents, enabling delayed, cross-session attacks like adversarial memory poisoning. They outline Microsoft’s defense-in-depth approach for Microsoft 365 Copilot, including write-time sanitization, policy-governed storage, and auditability for SOC investigations.

Wes Steyn shows how to build an “agent harness” (a loop around a model with tools, planning, memory, and web search) using Microsoft Agent Framework. The post walks through creating a chat client with Microsoft AI Foundry, wrapping it into a harness agent, and running it in a console UI with plan/execute modes.

Wes Steyn introduces a hands-on series for building a CLI-style “claw” (a coding agent) using Microsoft Agent Framework, explaining the core harness loop—tools, planning, memory, approvals, and observability—and outlining how the sample evolves from a minimal agent to a production-ready service in .NET and Python.

Santhosh_Ravin1 explains how Microsoft Fabric’s Native Execution Engine (NEE) speeds up Spark workloads that use Python/Scala UDFs and nested data types. It covers why UDFs and complex types have historically forced costly serialization and row-based fallbacks, what NEE changes in the execution path, and the benchmarked performance gains.

Dona Sarkar shares what she thinks indie developers will be excited about at Microsoft Build 2026, focusing on AI-powered devices, new hardware form factors, and why these shifts matter beyond just writing code.

Microsoft Incident Response (DART) breaks down a ransomware investigation where two unrelated threat actors operated in parallel inside the same environment, blending tactics and obscuring attribution. The post highlights the intrusion chain, evasion and persistence techniques observed, and practical defensive priorities around patching, identity protection, and centralized telemetry.

yexu announces general availability of invoking Microsoft Fabric Copy jobs directly from Fabric Activator, enabling event-driven data movement that runs only when a condition is met (like a file landing in OneLake or a table update) instead of relying on fixed schedules.

GeertVanTeylingen explains how the NFS nconnect mount option (nconnect=4) improves Azure VMware Solution datastore performance when using Azure NetApp Files, by enabling multiple parallel TCP connections per ESXi host to increase throughput and reduce latency under concurrent I/O.

Allison summarizes new GitHub Copilot updates for JetBrains IDEs, including org/enterprise custom agents, better control of long-running Copilot CLI requests, an agent debug logs summary view, and a public preview of Claude as an agent provider, plus model picker and AI credits visibility improvements.

Payal Mahesh and Vicky Lin share large-scale test results showing how Azure Container Registry’s internal per-layer replication affects AKS image pull performance. They explain why there’s a “sweet spot” where extra copies eliminate storage throttling, why too many copies can regress tail latency, and what ACR is building next.

GitHub shows how a GitHub engineer uses the GitHub Copilot app with MCP server integrations to automate morning triage, including scheduled workflows, a daily brief, and surfacing prioritized issues to reduce noise before the day starts.

Waldek Mastykarz explains why “model preferences” (like “Claude prefers React”) are usually artifacts of missing or changing context, not stable traits of an LLM. He outlines how prompt format, workspace files, and evaluation-like prompting can shift outputs—and how to test models using realistic repo and task context.

Visual Studio Code highlights a quick path for moving a project from .NET Framework 4.8 to .NET 10 in VS Code, and points viewers to the AwesomeCopilot repository for related resources.

DevClass reports on upcoming npm 12 default changes that stop install-time scripts from running automatically, aiming to reduce a major supply-chain attack surface on developer machines and CI runners. The piece explains the new flags, breaking-change impact, and how teams can prepare using npm 11.x settings.

Eric van Wijk announces the deprecation and planned retirement of the Azure DevOps OIDC issuer used by Workload Identity Federation (WIF) service connections, and explains what Azure Pipelines users need to do to move existing connections to the Microsoft Entra issuer before the 2027 deadline.

DevClass reports on Checkmarx survey findings that many developers believe AI-generated code contains more vulnerabilities, yet some still ship it to production. The piece connects AI-assisted development, open source supply-chain risk, and security process gaps to higher breach frequency.

John Edward explains why AI apps are moving from single “copilot” assistants to multi-agent systems, and how Semantic Kernel can be used to orchestrate specialized agents that collaborate via tools, memory, and coordination patterns—along with the practical engineering challenges this introduces.

Thomas Maurer explains Azure Local Simplified Machine Provisioning, a new workflow for provisioning physical Azure Local nodes with minimal on-site work while keeping configuration and control centralized in Azure.