Browse All Posts (127)
GitHub introduces GitHub Copilot code review “medium depth” reviews (public preview), showing how the higher-reasoning review mode can produce longer, more thorough pull request feedback for complex logic and security-sensitive changes, and how admins can enable it at the repository or organization level.
John Savill shares a short weekly roundup of Azure changes and announcements from 3rd July 2026, including VM restore point improvements, new blob integrity capabilities, storage migration updates, PostgreSQL tooling, Azure AI Foundry news (including Claude models), GitHub Copilot model updates, and quantum-safe security items.
Allison details three changes to the GitHub Copilot usage metrics API that improve reporting completeness for Copilot CLI activity, IDE identification, and AI credit attribution—helping orgs and enterprises get more reliable usage and consumption data from the REST API.
Allison announces the July 31, 2026 deprecation of Gemini 2.5 Pro and Gemini 3 Flash across GitHub Copilot experiences, and explains what Copilot Enterprise admins and teams need to change to keep using supported models.
Allison announces that GitHub Copilot CLI can now authenticate in GitHub Actions using the built-in GITHUB_TOKEN, removing the need to manage long-lived personal access tokens. The post also explains the required Copilot policy and workflow permission, plus options for tracking and controlling organization-billed AI credit spend.
GitHub walks through recent updates from the GitHub Changelog and demos experimenting with “canvases” inside the GitHub Copilot app, focusing on what’s new and how the tooling behaves in practice.
Allison announces a public preview for streaming GitHub Copilot agent session data in GitHub Enterprise Cloud, giving enterprises visibility into prompts, responses, and tool calls via a streaming endpoint or a REST API, with Microsoft Purview supported as a streaming destination.
Aaron Merrill explains how OneLake security works with Microsoft Fabric shortcuts to enable zero-copy data distribution. He breaks down passthrough vs delegated shortcuts, how permissions are evaluated (including intersection behavior), and when each model fits—especially for large-scale sharing, cross-tenant scenarios, and external storage sources.
shiv_narayanan introduces Delegated OneLake Shortcuts (preview) in Microsoft Fabric, a new authentication option that lets teams share OneLake data at scale using a configured connection identity instead of per-user pass-through access, including support for cross-tenant scenarios and OneLake security controls.
Allison announces AI credit pools for GitHub cost centers, letting enterprises cap how much of their monthly included Copilot AI credits each cost center can consume via the REST API, helping keep spend allocation aligned with the licenses assigned to each group.
Microsoft Developer walks through setting up Azure DevOps Pipelines for SQL projects created from SSMS Database DevOps or the VS Code SQL database projects extension, including build, code analysis, and iterative deployments to Azure SQL Database with security basics like firewall rules and passwordless auth.
Gali Reznick and coauthors announce preview support for Workspace Outbound Access Protection (OAP) across key Real-Time Intelligence experiences in Microsoft Fabric, explaining what outbound paths are allowed or blocked and how admins can reduce data exfiltration risk with workspace-level rules.
Raji Dani explains how Microsoft is tightening security across the Cloud Solution Provider (CSP) ecosystem, focusing on partner vetting, mandatory tenant security requirements, least-privilege delegated access to customer tenants, and stronger monitoring and incident response to reduce partner-to-customer attack paths.
Natalie Guevara explains how GitHub reduced 20,000+ secret scanning alerts across 15,000 repositories to zero by separating noise from real risk, validating whether credentials were still live, and building repeatable remediation and ownership workflows that scale across teams.
Fokko at Work demos what’s new for GitHub Copilot in Visual Studio Code 1.127, focusing on agent and chat workflow improvements like session organization, UI banners, review feedback in the editor gutter, and tools for troubleshooting agent behavior, plus visibility into subagent credits and plan/policy limitations.
daisami walks through adding production-grade auditing and telemetry to AI agents using Microsoft’s Agent Governance Toolkit (AGT) in a .NET (C#) sample. It shows how to append governance events to Azure Blob Storage, export OpenTelemetry metrics/traces to Application Insights, and apply default-deny policies with practical security guidance for log sanitization.
yairgil introduces Dynamic Thresholds (Preview) for query-based metric alerts in Azure Monitor, showing how Azure can learn per-time-series baselines for Prometheus and OpenTelemetry metrics. The post includes PromQL examples for AKS CPU anomaly detection and p95 latency regression alerting, plus practical query design tips to reduce noisy alerts.
GitHub shares a “Rubber Duck Thursday” update video highlighting what’s new and where to follow ongoing GitHub announcements across its official channels.
aakarshdhawan walks through how to enable Microsoft Entra ID B2B guest access for Power Apps (Canvas and Model-driven) that use Microsoft Dataverse, including the tenant invitation flow, environment access, licensing requirements, and Dataverse security roles needed to validate least-privilege access for external users.
Allison announces general availability of GitHub Issue fields, adding structured, typed metadata (like priority, effort, and dates) across repositories and projects. The update also adds MCP server access for AI tools, plus a new 100-entry limit for edit history on issues and pull requests.
Authorised Territory demonstrates how to build a web-search tool and wire it into a .NET Agent Framework agent, using SearXNG for search and a locally running LLM via Ollama, with the supporting services hosted in Docker Desktop.
Gloridel Morales explains how the September 2026 removal of NTLM support from Git’s libcurl will break HTTPS Git operations against Azure DevOps Server for environments that still rely on NTLM (often via silent SPNEGO fallback). The post shows how to detect NTLM usage and what to change to avoid outages.
Allison explains how enterprise admins can make GitHub Copilot’s auto model selection the default for new conversations by setting `model` to `auto` in enterprise managed settings, while still allowing users to switch models per conversation.
Allison announces the full retirement of GitHub Models on July 30, 2026, including the shutdown of the playground, model catalog, inference API, and BYOK endpoints, plus planned brownouts ahead of the cutoff date.
Allison announces general availability of enterprise managed-settings.json for GitHub Enterprise Cloud, letting admins centrally enforce Copilot client configuration (like allowed marketplaces, enabled plugins, and model selection) via a file stored in a .github-private repo and applied to VS Code and Copilot CLI.
Allison announces an update to GitHub secret scanning: validity checks are now available for Asana, IBM, and MessageBird credentials, helping teams quickly determine whether a detected leaked secret is still active and needs immediate rotation.
Allison announces a public preview feature for GitHub Secret Protection that scans all public content on github.com for leaked secrets and attributes findings back to an enterprise, including leaks that happen outside enterprise-owned repositories.
Allison announces a new Copilot CLI plugin for the Microsoft C++ Language Server, including a setup skill that generates and maintains compile_commands.json for better C++ semantic features across CMake, MSBuild, and custom build systems.
Allison announces general availability of Kimi K2.7 Code in GitHub Copilot, the first open-weight model offered in the Copilot model picker, including where it’s available, how it rolls out across plans, and what admins need to enable for Business and Enterprise.
Allison announces general availability of Copilot vision, which lets developers attach images and PDFs to GitHub Copilot Chat prompts so Copilot can reason about visual context alongside code, across VS Code, github.com, and the Copilot CLI.
Allison announces a public preview feature for Copilot CLI and the GitHub Copilot SDK that lets you cap AI credit usage per session, helping teams control spend during interactive work and unattended scripted runs.
AmirJafari announces that the Microsoft Fabric data agent API is now public, enabling teams to create, configure, update, and publish Fabric data agents programmatically from their own tools and pipelines. The post explains the management-plane focus, how it fits with Fabric automation, and includes a Python quickstart.
sbaynes introduces SkillOpt, a method for improving AI agent reliability by “training” a natural-language skill file through controlled text edits, validation gating, and feedback from execution trajectories—without updating model weights.
Matthew Leibowitz, David Ortinau, and Gerald Versluis walk through what’s new in SkiaSharp 4 and what the update means for .NET MAUI developers, then share highlights from the .NET MAUI community including MAUI UI July, recent releases, and notable ecosystem contributions.
lily-ma explains how to handle long-running Model Context Protocol (MCP) tool calls on Azure Functions when clients time out, using Durable Functions as a practical pattern today and outlining how the MCP Tasks extension will eventually standardize async tool execution.
Allison announces general availability of browser tools for GitHub Copilot in VS Code, enabling Copilot agents to drive a real browser to navigate and test live web apps, capture page content and console errors, and run scripted flows, with privacy defaults and enterprise controls.
Arvind Shyamsundar explains how to keep costs down without sacrificing performance by using Azure SQL features that help applications scale efficiently as they grow.
Microsoft Security Team summarizes Frost & Sullivan’s 2026 Frost Radar for Cloud/Application Runtime Security and explains the shift from posture-only visibility to runtime risk reduction, highlighting how Defender for Cloud and Defender XDR correlate signals across code, cloud, runtime, and SOC workflows to prioritize exploitable attack paths.
Natalie Guevara outlines six quick GitHub repository settings that materially reduce common attack paths for maintainers, focusing on vulnerability intake, secret leakage prevention, dependency risk, static analysis, and safer merges to the default branch.
John Maeda and Ross Heise wrap up the Cozy AI Kitchen series with a reflective finale on making AI concepts more approachable for developers, revisiting recurring ideas like Semantic Kernel, embeddings, tokens, and “agents,” and sharing what they learned from blending education, storytelling, and hands-on metaphors.