Browse All Posts (117)
Allison announces new controls for GitHub Copilot code review, including reading custom instructions from the PR head branch, expanded instruction file support, repository-level setup steps via a workflow YAML, and a default-on firewall with separate configuration from Copilot cloud agent.
Allison announces a GitHub Mobile improvement that lets you start “Fix with Copilot” directly from Copilot code review pull request comments, making it quicker to address review feedback from a phone while keeping PRs moving.
GitHub demonstrates how to onboard the GitHub Copilot for Jira integration, including installing the app from the Atlassian Marketplace, authorizing access, handling SSO, and enabling organizations so Copilot can turn a Jira work item into a draft pull request.
Dalia Abuadas argues that in an AI-assisted workflow, writing the first patch is often no longer the expensive part—reviewing, validating, and owning the change is. She proposes using a constrained “price check” patch to replace long scope debates with evidence from a real diff and tests.
Elliot Volkman shares Microsoft Security’s Black Hat USA 2026 agenda, focused on how attackers abuse “trust paths” across software supply chains, identities, cloud services, and AI systems. The post highlights sessions on npm supply chain campaigns, Azure Automation research, GitHub-focused detection ideas, and hands-on skilling with Defender and Sentinel.
Visual Studio Code shows how to give GitHub Copilot more context by sharing your running website through VS Code’s Integrated Browser, so Copilot can reference what you’re seeing while you work.
Francesco Bonacci joins GitHub’s Open Source Friday to talk about Cua and the project’s open-source work in the GitHub ecosystem.
Fokko at Work walks through selected new features in Visual Studio Code 1.129 related to GitHub Copilot, using short demos and calling out that availability can vary based on enterprise policies and pricing plans.
Waldek Mastykarz explains how to evaluate agent skills that call APIs without paying for test traffic or mutating production data. He outlines why direct evals against real endpoints create cost, state, and non-determinism problems, then shows a proxy-based approach using Dev Proxy to emulate APIs while keeping production URLs unchanged.
Hidde de Smet audits a local SKILL.md “skills” library spread across Claude Code, a shared .agents catalog, and GitHub Copilot’s VS Code setup, showing how silent failures (missing files, duplicates, stale references) accumulate over time and how to stocktake them with a checklist and a couple of shell one-liners.
Microsoft Security Research and Balaji Venkatesh S break down two ACR Stealer intrusion chains seen in customer environments, showing how ClickFix lures lead to WebDAV- and MSHTA-driven execution, credential theft from browsers via DPAPI, and file staging for exfiltration, with concrete Defender detections, hunting queries, and mitigations.
redsa explains how Azure Cobalt CPUs enable per-VM power monitoring and workload-aware power capping in Azure datacenters, combining hardware and software changes across the stack to protect critical VM performance while improving power efficiency and allowing higher power oversubscription.
olivialiu-micro explains how SQL Server 2025 enables governed outbound calls to external AI services while keeping control inside the database security model, including permissions, enablement switches, authentication options, and built-in auditing for REST invocation and external model objects.
Lee Stott invites AI engineers to a Microsoft Foundry Discord round table on scaling agent apps beyond demos, focusing on how Foundry Toolbox, Skills, and Tool Search reduce tool sprawl, prompt bloat, and auth plumbing by centralizing tools behind a governed MCP endpoint with runtime discovery.
Rafia Aqil explains Microsoft’s IQ Platform (Work IQ, Fabric IQ, and Foundry IQ) and how it adds business and organizational context to AI systems. The post breaks down Fabric’s OneLake-based data layer, ontology-driven meaning, and Foundry IQ’s managed services for RAG, memory, ranking, and citations.
Allison announces that GitHub Projects views now support advanced search in the filter bar, enabling boolean AND/OR expressions to build more precise views. The update also adds a reviews: filter for PR items and introduces a 90-day retention policy for deployment statuses in the REST and GraphQL APIs.
Allison announces a GitHub update that lets repository admins archive pull requests so they’re removed from public view without being deleted. The post explains what happens when a PR is archived (closed and locked), how visibility changes for non-admins, and how to find archived PRs during triage.
Mabasile_MSFT announces general availability of OneLake Storage Tiers and Lifecycle Management in Microsoft Fabric, explaining how to keep frequently used data in the hot tier while automatically moving less-accessed data to cool or cold tiers to reduce long-term storage costs.
Allison announces new GitHub Enterprise Cloud REST API endpoints that let enterprise admins manage Visual Studio Subscription (VSS) assignments in bulk, including listing assignments, mapping UPNs to GitHub handles, and removing incorrect matches—useful when SCIM identities don’t align with VSS UPN formats.
Allison announces a public preview GitHub Actions runner image for Xcode 27 on GitHub-hosted macOS runners, including the new Xcode-version-based support model, the workflow labels to target the image, and current limitations around arm64-only availability.
Mabasile_MSFT announces general availability of the OneLake storage report in Microsoft Fabric, which lets workspace admins generate an item-size breakdown of storage usage in a workspace, including visible, system, and soft-deleted data, plus billing status per item.
Pablo Lopes announces a free, open-source course that guides developers through modernizing a legacy ASP.NET app to .NET 10 using the GitHub Copilot modernization agent, including assessment and planning artifacts, an execution workflow, and a final deployment to Azure App Service.
Pritha Das announces a public preview feature that adds autoscale to Azure Event Grid namespaces, letting Standard tier namespaces automatically adjust Throughput Units based on real-time utilization while you set the minimum and maximum bounds.
Microsoft Developer walks through what’s new in Data API builder (DAB) 2.0, focusing on how it sits between an app and a database to expose APIs without writing custom CRUD endpoints. The overview highlights new secrets management, broader authentication options, improved authorization controls, and integration points.
Yesenia Yser and Toby Kohlenberg explain why AI agents need to be treated as first-class security principals, with tightly scoped roles, controlled tool access, and end-to-end auditability to prevent quiet permission creep and hard-to-investigate incidents.
Lily Ma explains why synchronous MCP tool calls break down for long-running work, and shows a practical Azure Functions + Durable Functions pattern you can use today while the MCP Tasks extension rolls out across clients and SDKs.
jordanselig explains the new stable Enterprise-Managed Authorization (EMA) extension for MCP and how it differs from a centrally governed OAuth setup using Microsoft Entra ID and Azure App Service Authentication. The post includes a working sample, a local EMA lab, and practical security details for deploying an Entra-governed MCP endpoint.
Ruben Rios announces a preview of Private Marketplace support in Visual Studio, aimed at organizations that need tighter control over how developers discover and install extensions for security, compliance, and governance reasons.
Visual Studio Code runs through the five most popular VS Code extensions in 2026 so far, highlighting what developers are installing to improve their day-to-day workflow inside the editor.
Noa Kuperberg breaks down how billing works for the Azure Copilot Observability Agent in Azure Monitor, including what gets metered, which operations are billable, where users can see per-response usage, and how to track costs in Azure Cost Management alongside standard Azure Monitor charges.
GitHub hosts a live Rubber Duck Thursday session exploring the new GPT-5.6 models (Luna, Terra, Sol) inside the GitHub Copilot App, focusing on what changes when you switch models and how that affects Copilot’s behavior during real-time usage.
Suma SaganeGowda explains how Microsoft 365 built COSMIC, an internal platform layer on Azure Kubernetes Service (AKS), to standardize provisioning, deployments, security/compliance guardrails, and observability across globally distributed services so product teams can ship faster without taking on Kubernetes operational overhead.
Microsoft Security Research, Ravikant Tiwari, Sagar Patil, Suriyaraj Natarajan and Arvind Gowda break down a coordinated compromise of the @asyncapi npm organization, where attackers abused a misconfigured GitHub Actions workflow and trusted publishing to ship import-time malware, and they provide concrete indicators, hunting queries, and remediation steps.
Authorised Territory demonstrates how to add console telemetry to a .NET AI agent harness by wiring up a trace provider and emitting traces using OpenTelemetry, with a local Ollama model (gpt-oss) used as the LLM runtime.
Allison summarizes new GitHub secret scanning and public monitoring improvements, including new partner detectors, expanded push protection defaults, a new webhook field to distinguish secret categories, and additional insight cards to help enterprises understand leak attribution and exposure scope.
The Visual Studio Code Team shares the evolving release notes for VS Code 1.130 (Insiders), with links to the commit log and closed issues so developers can track what’s landing in the build as features are added.
mk_sunitha explains a secure pattern for calling Microsoft Fabric REST APIs from User Data Functions (UDFs), using a service principal plus Azure Key Vault to keep secrets out of application code while still enabling governed automation like triggering Fabric pipelines and managing workspaces.
Manasa Ramalinga lays out a practical reference map for governing enterprise AI and autonomous agents, focusing on how to turn responsible AI policy into enforceable controls, runtime visibility, and audit-ready proof using Microsoft’s governance, security, and observability services.
Polly Davidson lays out a beginner-friendly roadmap for learning GitHub, from core Git concepts and essential commands to day-to-day collaboration with pull requests, issues, and projects. It also introduces GitHub Actions for CI/CD, GitHub Pages for publishing, and practical security basics like 2FA, secret scanning, Dependabot, and CodeQL.
jordanselig shares a reference implementation for giving an AI agent both short-term conversation history and durable, user-scoped memory on Azure App Service, using Redis for bounded session history and Cosmos DB vector search for recall, with keyless auth via managed identity and a one-command azd + Bicep deployment.