AI 资讯
Microsoft Discovery Reaches GA on Azure, Powering the Agentic AI Behind Majorana 2 Quantum Chip
Microsoft announced the general availability of Microsoft Discovery, its Azure-based platform for deploying autonomous AI agent teams in scientific R&D. The platform powered the development of Majorana 2, a topological quantum chip with 1,000x reliability improvement and 20-second qubit lifetimes. Microsoft now targets a scalable quantum computer by 2029, halving its original timeline. By Steef-Jan Wiggers
AI 资讯
Microsoft Launches Logic Apps Automation at Build 2026
Microsoft announced Logic Apps Automation at Build 2026, a new SKU at auto.azure.com packaging workflows, AI agents, knowledge services, and model access into a managed SaaS experience. Agents integrate via agent-loop orchestration, Foundry agents, and managed sandbox. Knowledge as a Service provides a fully managed RAG pipeline. By Steef-Jan Wiggers
产品设计
Azure MANA NIC Rollout: Could It Impact Your Aviatrix Gateways?
If you run Aviatrix on Azure, there is a slow-moving infrastructure change happening underneath your gateways right now that is worth paying attention to. Microsoft started rolling out a new generation of network hardware on May 26, 2026, called MANA (Microsoft Azure Network Adapter). For most Azure workloads, the change is invisible. For network virtual appliances (NVAs) like Aviatrix gateways, it is not, and Aviatrix has issued a field notice ( FN-2026-AZ-001 ) telling customers to take action. What is MANA and Why is Microsoft Rolling it Out? For roughly a decade, Azure VMs with Accelerated Networking enabled have used Mellanox-based NICs exposed to the guest as mlx4/5 SR-IOV adapters . SR-IOV (Single Root I/O Virtualization) lets the VM talk to the network card hardware directly, bypassing the hypervisor's virtual switch. This is what gives Accelerated Networking its low-latency, high-throughput characteristics. Microsoft has been quietly building its own in-house networking silicon. MANA is the result: a Microsoft-designed network adapter that replaces the Mellanox hardware Azure has been using on the host side. From an Azure customer's perspective, MANA preserves Accelerated Networking semantics, but the device the guest OS sees is different. The driver is different. The interface name is different. And that is where Aviatrix gateways run into trouble. Why Aviatrix Gateways Are Affected Aviatrix gateways are not generic VMs. They run a custom data plane that binds tightly to the underlying NIC for performance reasons. Specifically, the gateway image expects the Mellanox driver to be present and operational. On MANA hardware, that driver is no longer in play, and the gateway image does not yet include a MANA-aware driver. Per the field notice, the symptom is intermittent performance degradation rather than an outright outage. That makes it harder to detect: throughput drops, latency spikes, or session resets that look like noise can be the early signs of a gate
AI 资讯
From Template to Cloud: Hosting a Free Static Website on Azure Blob Storage Step-by-Step
Introduction Website hosting has been greatly improved through the use of cloud computing. This has made it easier for individuals as well as businesses to access, scale, and use hosting services at a reasonable price. One of the easiest and most efficient methods that developers may use to host a static site on Microsoft Azure is the Static Website Hosting option offered by Azure Blob Storage, which allows developers to upload their static files without the need for a traditional web or virtual server (i.e., HTML, CSS, JavaScript, and media files). In this project, I will download a free static website template from Tooplate, customize the downloaded version using Visual Studio Code (VS Code), and then deploy the new version to Azure Blob Storage for public viewing. This will involve editing all content, images, styles, and branding so that the template reflects how I want it to look when it is completed. To develop my own static website using Azure Blob Storage, I will first navigate to Tooplate and browse the templates available for modification (or further development). After deciding which template is most suitable, I will download the ZIP package of the template and extract it onto my local computer's disk drive. Then, I will open the ZIP file's contents using VS Code to customize all aspects of the website prior to publishing. After customizing the template, we will create an Azure storage account, enable Static Website Hosting, upload the customized/static website files to the Azure Blob Storage $web container, and then publish the created static website into the cloud. Project Objectives .Download a free static website template from Tooplate. .Go to VS code and edit the downloaded template from there .Create a Resources Group .Create an Azure Storage Account. .Enable Azure Static Website Hosting. .Upload website files to Azure Blob Storage. .Deploy and access the website through Azure's public endpoint. .Document the deployment process. Prerequisites Before
AI 资讯
Provide private storage for internal company documents
Create a storage account and configure high availability. Create a storage account for the internal private company documents. In the portal, search for and select Storage accounts . Select + Create . Select the Resource group created in the previous lab. Set the Storage account name to private . Add an identifier to the name to ensure the name is unique. Select Review , and then Create the storage account. Wait for the storage account to deploy, and then select Go to resource . This storage requires high availability if there’s a regional outage. Read access in the secondary region is not required. Configure the appropriate level of redundancy . Explanation A storage account is like a digital locker in the cloud. Resource group is a folder that organizes related services. High availability means your files stay safe even if one region (data center area) has problems Configure Redundancy In the storage account, in the Data management section, select the Redundancy blade . Ensure Geo-redundant storage (GRS) is selected. **Refresh **the page. Review the primary and secondary location information. Save your changes. Explanation : Redundancy means keeping copies of your files in multiple places. GRS ensures your files are copied to another region for safety. Create a storage container, upload a file, and restrict access to the file. Create a private storage container for the corporate data. In the storage account, in the Data storage section, select the Containers blade. Select + Container . Ensure the Name of the container is private . Ensure the Public access level is Private (no anonymous access). As you have time, review the Advanced settings, but take the defaults. It means: don’t change anything in the Advanced settings unless the lab specifically tells you to. Azure already chooses safe, recommended defaults for you. Select Create . Explanation : A container is like a folder inside your storage account. Setting Public access level to Private means nobody can see
AI 资讯
Persistent Agent Memory with Azure AI Foundry: A Complete Developer Guide
Meta Description: Learn how to build AI agents with persistent memory using Azure AI Foundry Memory Service. A complete developer guide covering concepts, memory types, scope, provisioning, and a full Python implementation with the Foundry Hosted Agent Framework. Persistent Agent Memory with Azure AI Foundry: A Complete Developer Guide Table of Contents Introduction What Is Azure AI Foundry Memory? Memory Types Deep Dive Memory Architecture: How It Really Works Access Patterns: Tool vs. Low-Level API Understanding Scope Hands-On: Provisioning a Memory Store Hands-On: Building the Foundry Hosted Memory Agent Running & Deploying the Agent Security Best Practices Quotas, Limits & Regional Availability Conclusion + Next Steps Introduction Imagine you've just shipped a polished AI assistant for your SaaS product. Users log in, ask questions, and get sharp, helpful responses. The launch goes well. Then the complaints start rolling in. "Why does it keep asking me for my name every single session?" "I told it last week that I'm vegetarian — why is it recommending steak again?" "It feels like talking to someone with amnesia." This is the stateless agent problem — one of the most frustrating gaps between the promise of conversational AI and the lived reality of production deployments. Every conversation starts from a blank slate. The agent has no idea who it is talking to, what that person prefers, or what was discussed yesterday, last week, or a month ago. The result is a user experience that feels hollow and repetitive — the opposite of the intelligent, personalized assistant your users were promised. The solution is persistent memory, and Azure AI Foundry Memory is Microsoft's production-grade answer to exactly this problem. Introduced as part of the Azure AI Foundry platform, the Memory Service gives agents the ability to remember facts across sessions, distill long conversation histories into concise summaries, and retrieve the right context at the right moment — all wit
AI 资讯
Device Code Flow: The Overlooked Phishing Vector (And How to Block It)
Device Code Flow abuse is not a new technique. Security teams have known for some time that this OAuth feature can be leveraged in phishing attacks to obtain tokens without stealing credentials. What is new is how accessible and scalable this attack has become. In April 2026, the FBI warned about a Phishing-as-a-Service (PhaaS) platform called Kali365, which operationalizes this exact technique. It allows even low-skilled attackers to run campaigns that trick users into entering device codes on legitimate Microsoft login pages — ultimately granting attackers OAuth tokens and acess to Microsoft 365 environments without triggering traditional authentication defenses. How Device Code Flow Works Device code flow is an authentication method designed for scenarios where a device has limited input options or lacks a convenient browser interface (such as smart TVs, IoT devices, or command-line tools). Instead of entering credentials directly on the device, the application generates a verification code and displays it. The user then switches to a secondary device (such as a laptop or smartphone), navigates to https://microsoft.com/devicelogin , and enters the provided code. After successfully authenticating, the identity provider securely links the session and grants the original device access to the requested resource. Why Device Code Flow Should Be Restricted In practice, many organizations don’t have a real or current business need for device code flow, yet leave it enabled—unnecessarily expanding their attack surface. Disabling it helps reduce exposure by removing a legacy or rarely used authentication path and reinforces modern controls. Microsoft recommends getting as close as possible to a full block. Start by auditing existing usage, validate whether any legitimate scenarios still require it, and strictly limit access only to well-defined, secured, and documented use cases (e.g., specific legacy tools). In all other cases, device code flow should be disabled by defau
AI 资讯
Google changed the way it crawls our site - and exposed several Azure Front Door misconfigurations
Originally published at https://rnye.tech Hi all, today's post details an interesting problem that faced a website thanks to undocumented Google crawl behaviour that hit us suddenly. The website used Azure Front Door for global CDN/WAF capability but only had one origin - hosted in Azure in the UK South region. This should have been fine given it's a UK-centric site that receives very little global traffic - that is until Google starts crawling you from the West Coast of the US suddenly. Let's dive in. The problem: what Google Search Console was telling us All was well with the site from the UK, cache hit ratios were in the 80%+ range, response times were generally rapid even if cache was missed. Google typically crawled the site thousands of times a day. Then suddenly a ticket came in detailing a drastic drop-off in mid-April. Average response times were never great according to Google (700ms) but they'd suddenly jumped to almost double that number (1.3s) with seemingly no explanation. There was absolutely no denying the correlation between crawl requests and average response time, and indeed this is documented behaviour - if response times increase, Google backs off. They claim it's to prevent overloading the site, and I believe that, but I also feel it's likely to ensure they're not wasting their crawl compute resources on long-loading pages. Either way, Google Search Console offered zero explanation as to why. So the team did what most dev/devops teams do - review latest changes, any Azure Front Door configuration changes in particular, as well as wider site changes. And nothing correlated. AFD hadn't been changed for two weeks, it was that stable, and other changes weren't remotely related. Besides, genuine traffic in the UK wasn't seeing the impact. Response times were still good in the P50/P90/P99 metrics. Tracing the cause with Azure Front Door logs and AI As I've touched on in my last post , AI can be fantastic at quick data analysis. That's not to say a hu
AI 资讯
Azure Container Apps Express: The Agent-First Platform You've Been Waiting For
I've been running AI workloads on Azure Container Apps for over a year. Every time I spin up a new agent backend, the ritual is the same: create an environment, configure networking, set scaling rules, wire up health probes, then deploy the actual container. For a prototype agent that might live for a week, that's too much ceremony for what you get. ACA Express, which hit public preview in May 2026, kills most of that ceremony. And a separate but related announcement, Docker Compose for Agents, brings MCP gateways and model serving to standard ACA environments. They solve different problems and run on different infrastructure, but together they cover the full spectrum of agent deployment on Azure. Let me break down both. ACA Express: What It Actually Is Express is a new environment tier within Azure Container Apps. You bring a container image. Express handles provisioning, HTTPS, scaling (including scale-from-zero with subsecond cold starts), and resource allocation. No environment to manually provision through the portal. No networking to configure. No scaling rules to write. Under the hood, Express is built on ACA Sandboxes, a platform primitive that uses prewarmed pools to deliver that subsecond startup. This isn't the standard ACA cold-start experience with a fresh coat of paint. It's a different architecture. The tradeoffs are real. Express is HTTP workloads only, consumption CPU only. No GPU. No VNet integration. No Dapr. No service discovery between apps. No managed identity at runtime. No health probes. If you need any of those, standard ACA environments are still there. But for stateless HTTP agent backends, Express is dramatically faster to deploy and cheaper to run. Here's what it takes to get a container running: # Create an express environment az containerapp env create \ --name my-express-env \ --resource-group rg-my-agents \ --environment-mode express \ --logs-destination none # Deploy your app az containerapp create \ --name my-agent-api \ --resource
AI 资讯
Azure Logic Apps Adds Sandboxed Code Interpreters to Agent Workflows
Microsoft added sandboxed code interpreters to Azure Logic Apps, enabling agents within integration workflows to generate and execute Python, JavaScript, C#, and PowerShell in Hyper-V isolated sessions. Architects get full control over model selection per workflow. The capability positions Logic Apps as an agent platform for integration alongside Foundry and Copilot Studio. By Steef-Jan Wiggers