Posted by: kurtsh | April 5, 2026

RELEASE: “GitHub Copilot CLI” – AI for the Command Line

GitHub Copilot CLI is an AI-powered assistant that runs directly inside your terminal. Instead of manually writing commands, scripts, or debugging issues, you can simply describe what you want — and Copilot executes it.

Here’s the shift:

Traditional CLICopilot CLI
You write commandsYou describe intent
You debug manuallyAI suggests fixes
You search docsAI brings context


For Cloud and DevOps engineers, this becomes extremely powerful because most of our work already happens in:

  • CLI (Azure CLI, Bash, PowerShell)
  • Infrastructure as Code (Terraform)
  • Pipelines (CI/CD)

Copilot CLI sits right in the middle of all this.

For example:

Instead of:

az group create --name my-rg --location eastus


You can say:

Create a resource group in Azure named my-rg in East US


Licensing:
GitHub Copilot CLI is available with all GitHub Copilot plans. If you receive GitHub Copilot from an organization, the GitHub Copilot CLI policy must be enabled in the organization’s settings.

Read more at:

Leave a Comment

Posted in Uncategorized

Posted by: kurtsh | April 5, 2026

INFO: Microsoft Entra Tenant Governance (Preview)

Announced at RSA Conference 2026, Microsoft Entra Tenant Governance is designed to make tenant relationships visible, governance enforceable, and security posture continuously verifiable—at scale. Tenant Governance provides a centralized model for managing tenants with different workloads, security requirements, and operational owners, enabling consistent governance across tenants without forcing a one-size-fits-all approach.

With Entra Tenant Governance, organizations can:

  • Discover and inventory all related tenants, including production, non-production, and employee-created tenants.
  • Establish governance relationships for least-privilege cross-tenant access.
  • Monitor and enforce consistent tenant policies to maintain a strong security and compliance posture.
  • Securely create new tenants with governance applied from day one.

Licensing:
Microsoft Entra Tenant Governance capabilities are available in Entra ID P1 (also included in Microsoft 365 E3), Entra ID P2 (also included in Microsoft 365 E5), and Microsoft Entra ID Governance (also included in Entra Suite and Microsoft 365 E7). See the Licensing for Microsoft Entra Tenant Governance (preview) & the Microsoft Entra licensing page for more details.

Read more about Entra Tenant Governance here:

Leave a Comment

Posted in Uncategorized

Posted by: kurtsh | April 5, 2026

INFO: Copilot Chat behavior changes for Microsoft 365 users coming April 15, 2026

On April 15, 2026, for Microsoft 365 subscribers with >2000 users, the following changes will take place for “Copilot Chat (Basic)” users, formerly called “Copilot Chat”:

  • “Copilot Chat (Basic)” will not be available directly within Word, Excel, PowerPoint & OneNote applications – meaning there will be no button & no rail panel. See image to the right for what will be removed from these applications.
    • Copilot Chat (Basic) will continue to be available in the Outlook application to reason over email & calendar appointments.
  • Copilot Chat (Basic) users will be granted “Standard Access” which limits performance to service capacity available throughout the day,
  • The label “Copilot Chat (Basic)” will be seen in the Microsoft 365 Copilot App to clearly identify the user’s experience.
  • Word, Excel & PowerPoint Agents will continue to be available however ONLY within the Microsoft 365 Copilot App.

There are no changes for licensed users of Microsoft 365 Copilot – aka “M365 Copilot (Premium)”. For a comparison of “Copilot Chat (Basic)” and “Microsoft 365 Copilot (Premium)”, visit: How Copilot Chat works with and without a Microsoft 365 Copilot license

The following is the Message Center message that describes this change – MC1253858 – sent out on March 16th to Microsoft 365 Commercial customers that belong to subscribers larger than 2000 users. You may have a different Message Center notice depending on your configuration:

  • MC1253856 – Government Community Cloud (G3/G5) over 2000 users
  • MC1253857 – Government Community Cloud (G3/G5) under 2000 users
  • MC1253858 – Commercial (E3/E5) over 2000 users
  • MC1253863 – Commercial (E3/E5) under 2000 users


Microsoft 365 Copilot Chat – Updates to Copilot in Word, Excel, PowerPoint, and OneNote

MC1253858

This post describes changes we’re making for Copilot Chat users without a Microsoft 365 Copilot license. There are no changes for users with a Microsoft 365 Copilot license.

Starting April 15, 2026, Copilot will no longer be available in Word, Excel, PowerPoint, and OneNote for Copilot Chat users. To ensure a high-quality experience, we are reserving the full Copilot experience in these apps—with advanced reasoning and model choice—for users with a paid Microsoft 365 Copilot license. If you would like users to access these experiences, you can provide a Microsoft 365 Copilot license.

There are no other changes for users without a Microsoft 365 Copilot license. Copilot Chat still offers secure, AI web chat and the Word, Excel, and PowerPoint agents for chat-first content creation within the Microsoft 365 Copilot app. Additionally, users still get Copilot in Outlook with inbox and calendar grounding.

We are also adding in-product labels to help end users and admins identify their user experience. We are labeling the experience for users without a Microsoft 365 Copilot license as “Copilot Chat (Basic)” and labeling the experience for users with a Microsoft 365 Copilot license as “M365 Copilot (Premium)”.

If you would like to further discuss this change, please work with your Microsoft sales representative or Microsoft reseller to learn more.

When will this happen:

These changes will go into effect starting April 15, 2026.

How this affects your organization:

Who is affected:

  • Affected users are those without a Microsoft 365 Copilot license. There are no changes for users with a Microsoft 365 Copilot license.

What will happen:

  • Copilot will no longer be available in Word, Excel, PowerPoint, and OneNote. It will remain available in the Microsoft 365 Copilot app and Outlook.
  • Users will see the “Copilot Chat (Basic)” label in-product to help them identify their experience.

What you can do to prepare:

These changes will take effect April 15, 2026. No action is required for this change.

If you want to enable Copilot in Word, Excel, PowerPoint, and OneNote for these users, you can provide them with Microsoft 365 Copilot licenses.

View in the Microsoft 365 admin center

Leave a Comment

Posted in Uncategorized | Tags: , , , ,

Posted by: kurtsh | April 5, 2026

INFO: Microsoft Entra Newsletter – “Your weekly dose of Microsoft Entra”

If you’re a security or identity specialist leveraging Microsoft Entra identity technologies & services, this is the newsletter for you:

Entra.News helps you stay on top of all the identity and network access related news on Microsoft Entra.

This weekly summary is a curated list of Microsoft Entra related articles, blog posts, links, videos and podcasts from Microsoft, MVPs and the wider infosec community.

Subscribe to get full access to the Entra.News weekly newsletter and website. Never miss an update.

(Note: Entra.News, it’s content and opinions are Microsoft Entra Product Manager, Merill Fernando’s, own and do not reflect the views of his employer, Microsoft. All blog postings are provided “AS IS” with no warranties and is not supported by the author. All trademarks and copyrights belong to their owners and are used for identification only.)

For more information around Microsoft Entra:

Leave a Comment

Posted in Uncategorized

Posted by: kurtsh | April 5, 2026

INFO: Microsoft Weekly Newsletters for Azure & Power BI

Azure Weekly is a summary of the week’s top news to help you build on the Microsoft Azure Platform.
From AI to Zero Trust, it aims to keep you on top of the latest Azure developments

Power BI Weekly is a collation of the week’s top news and articles from the Power BI ecosystem.
From Power Query to Copilot, it aims to keep you on top of the latest Power BI developments

(Note: Both Azure Weekly & Power BI Weekly are independent newsletters not affiliated with Microsoft. Both newsletters are the creation of Endjin, a London-based Microsoft Solutions Partner that curates posts & content largely from the official Microsoft Azure blog & other sources but is not limited to Microsoft sources alone.)

Leave a Comment

Posted in Uncategorized

Posted by: kurtsh | March 13, 2026

INFO: Differences in “Purview Data Security Posture Management for AI” – for Microsoft 365 E3/G3 vs E5/G5

If you’ve got Microsoft 365 E3, the good news is that you do have access to “Purview Data Security Posture Management for AI” – the tool that allows IT to monitor the use of all AI solutions, including 3rd parties like Anthropic Claude, Perplexity.ai, Google Gemini, OpenAI ChatGPT, etc., however it is designed to provide foundational functions, and limited capabilities for more advanced functions.

Microsoft 365 G5 provides the FULL compliment of capabilities for “Purview DSPM for AI”. See below for a comparison of what is available in “Purview DSPM for AI”, depending on the Microsoft 365 suite that you own.

DSPM for AI CapabilityMicrosoft 365 E3Microsoft 365 E5
DSPM for AI availability✅ Available (AI Hub / DSPM for AI experience)✅ Available (full experience) [m365admin….sontek.net]
Visibility into Copilot & AI interactions✅ View AI activity and sensitive data signals✅ Same visibility, plus deeper investigation support [learn.microsoft.com]
Insights into sensitive data used in AI prompts✅ Insights based on existing labeling and classification✅ Same insights, enriched with advanced labeling and risk signals [learn.microsoft.com]
Ready‑to‑use AI protection policies (one‑click)✅ Available (uses baseline Purview policies)✅ Available with broader enforcement scope [learn.microsoft.com]
Data risk assessments for AI (oversharing detection)✅ Included (limited by E3 classification & labeling)✅ Included with higher fidelity due to automatic labeling and analytics [learn.microsoft.com]
Sensitivity labeling used by DSPM for AIManual labeling onlyManual + automatic labeling, default labels, container labels [syskit.com]
DLP enforcement for AI promptsExchange, SharePoint, OneDriveAll E3 locations plus Teams and Endpoint DLP (devices, browsers) [learn.microsoft.com], [syskit.com]
Protection for third‑party AI (e.g., ChatGPT via Edge)Limited (no Endpoint DLP)✅ Supported via Endpoint DLP and browser enforcement [learn.microsoft.com]
Adaptive Protection (risk‑based controls for AI use)❌ Not available✅ Available – adjusts controls based on user risk level [learn.microsoft.com]
Activity Explorer for AI investigations❌ Not available✅ Available – detailed AI‑related activity analysis [learn.microsoft.com]
End‑to‑end AI investigation workflowsBasic visibility only✅ Advanced workflows using eDiscovery, Insider Risk, Investigations [linkedin.com]
Overall DSPM for AI maturityFoundational visibility and controlsAdvanced, automated, risk‑driven AI governance [learn.microsoft.com], [linkedin.com]

Comments Off on INFO: Differences in “Purview Data Security Posture Management for AI” – for Microsoft 365 E3/G3 vs E5/G5

Posted in Uncategorized

Posted by: kurtsh | March 12, 2026

TRAINING: Digital skills education for Government leaders

Are your executives & managers asking about training geared more for their roles as leaders of your Public Sector organization?

Microsoft has sessions like,  AB-731T00: Drive AI Transformation in Your Organization (formerly AI-3017 AI for business leaders) for sponsored organizations that are members of the Enterprise Skills Initiative, however often times leaders have concerns about finding the time for live, instructor-led sessions – preferring pre-recorded training sessions that they can take advantage of at their own pace and schedule.

Well, you’re in luck! Direct them to our digital skills site for Public Sector:

Additionally, we provide various on-demand trainings for management & executives via Microsoft’s LinkedIn Learning at no cost to Government leaders:

  • FREE LinkedIn Learning training courses for Public Sector customers
    • AI for Managers by Microsoft and LinkedIn
      In this learning path, managers at all levels of the organization will learn practical ways to enhance their effectiveness with generative AI—from making team and one-on-one meetings more effective to giving feedback that gets results. You’ll also learn how to have meaningful career conversations with employees in an AI context, build a collaborative team culture with generative AI, and use AI responsibly.
    • AI for Organizational Leaders by Microsoft and LinkedIn
      In this learning path, you’ll learn how to make informed decisions about AI adoption and application as an organizational leader. You’ll evaluate the business implications of generative AI and learn how to integrate AI into business strategy, lead responsible AI, build organization-wide AI aptitude, and drive long-term business growth in the age of AI.
    • Build Your Generative AI Productivity Skills with Microsoft and LinkedIn
      Learn the art of prompt engineering, and how AI can automate tasks and enhance creativity. Discover how to use tools like Copilot, ChatGPT, and DALL·E to craft effective prompts, make presentations, and perform data analyses.
    • Career Essentials in Cybersecurity by Microsoft and LinkedIn
      Discover the skills needed for a career in cybersecurity. Gain a solid understanding of commonly used cybersecurity terms. Explore the current threat landscape and learn the core concepts of cybersecurity.

And we have two repositories for training that may also be relevant to them:

Comments Off on TRAINING: Digital skills education for Government leaders

Posted in Uncategorized | Tags: , , , , , ,

Posted by: kurtsh | March 11, 2026

EVENT: “Windows Server Summit” – Virtual – May 11-13, 2026

Are you responsible for your Windows Server footprint in your organization?

Come to the “Windows Server Summit“, a virtual event taking place May 11-13, 2026.

[taken from the Windows Server News & Best Practices blog]

Save the date: Windows Server Summit – May 11-13, 2026

Windows Server Summit 2026 builds on the strong momentum of last year’s event—where you told us you want less marketing and more practical, engineering‑led guidance. If you’re responsible for keeping Windows Server environments secure, resilient, and up to date, this year’s summit is designed with you in mind.

What you’ll learn

Windows Server Summit 2026 returns with a deeper, more forward‑looking agenda focused on real-world operations, security, and hybrid scenarios. Across three days of expert‑led sessions, Microsoft engineers and product leaders will share scenario‑based deep dives, architecture guidance, and actionable takeaways you can apply immediately.

The content is organized around three core pillars:

  • What’s new in Windows Server – Get a practical walkthrough of recent innovations and updates in Windows Server 2025, including hotpatch updates, management improvements, security enhancements, and what’s coming next. Find out what’s changed, why it matters, and how to operationalize it in production environments.
  • Windows Server + Azure: Better together – Explore real hybrid and multicloud scenarios enabled by Azure Arc, with guidance that goes beyond theory. Learn how to extend management, security, and governance across on‑premises and cloud infrastructure—and get clear, experience‑based advice for planning migrations and modernization paths that fit your organization’s technical and business needs.
  • Hands‑on technical depth and operational excellence – Expect best practices, operational insights, and hard‑earned lessons from the field—covering topics like security hardening, resiliency, lifecycle management, and keeping environments compliant and current.

The 2026 Summit will also serve as an early engagement moment for Windows Server v.Next, giving you visibility into Microsoft’s direction and upcoming investments. Just as importantly, it provides a dedicated forum to share feedback directly with the product team, continuing the Summit’s role as a trusted, two‑way conversation between Microsoft engineering and the Windows Server community.

We’ll reveal the full agenda here on March 20, 2026.

Add it to your calendar

Visit the Windows Server Summit 2026 event page today to save the dates. Follow the event and you’ll be notified when roll out the full, day‑by‑day agenda later this month.

Designed for enterprise IT professionals, architects, and technical decision‑makers, Windows Server Summit 2026 delivers actionable, scenario‑driven content to help you secure, modernize, and extend your Windows Server environments—on‑premises, in Azure, and across hybrid infrastructure. We hope to see you there!

Comments Off on EVENT: “Windows Server Summit” – Virtual – May 11-13, 2026

Posted in Uncategorized | Tags: , , , , ,

Posted by: kurtsh | March 11, 2026

INFO: Microsoft Entra ID “auto-enabling” Passkey profiles, beginning March 2026

Jukka Niiranen just shared this infographic he generated based of the Entra Chat podcast episode with Ewelina Paczkowska and Daniel Bradley. Per Merill Fernando’s podcast:

Passkey Profiles Are Becoming the Default

Starting March 2026:

  • Passkey profiles will be auto-enabled
  • Tenants that haven’t configured profiles will be migrated
  • Registration campaigns will shift from Authenticator-first to passkey-first

This is a major shift toward phishing-resistant authentication.

You’ll now be able to:

  • Separate hardware-backed vs synced passkeys
  • Apply granular group-based controls
  • Enforce stronger authentication for privileged users

Read & listen to Merill’s Entra Chat episode here:

For more information about this change, read the Message Center message:

Here’s the content from the message:

Updated March 11, 2026: We have updated the content. Thank you for your patience.

Introduction

Starting in March 2026, Microsoft Entra ID will introduce passkey profiles and synced passkeys to General Availability (GA). This update allows administrators to opt in to a new passkey profiles experience that supports group-based passkey configurations and introduces a new passkeyType property.

Important: Only tenants that already have Passkeys (FIDO2) enabled are affected by this update. 

The passkeyType property enables admins to configure:

  • Device-bound passkeys
  • Synced passkeys
  • Both

If your tenant already has Passkeys (FIDO2) enabled and you do not opt in to passkey profiles during the initial rollout window, your tenant will be automatically migrated to the passkey profiles schema at the date range specified below. When this occurs: 

  • Existing Passkey (FIDO2) authentication method configurations will be moved into a Default passkey profile. 
  • The passkeyType value will be set based on the tenant’s current attestation settings.
  • For tenants that have synced passkeys enabled, Microsoft-managed registration campaigns will update to target passkeys.
  • No new authentication methods are enabled as part of this migration. 

Authentication Methods Registration Campaign changes (Microsoft-Managed Only)

For tenants with passkeys (FIDO2) enabled and active Authentication methods registration campaign set to “Microsoft-managed” state, the registration campaign settings may change after passkey profile automatic migration. 

When this will happen

  • General Availability (Worldwide): Rollout begins in early March 2026 and is expected to complete by late March 2026.
    • Automatic migration for existing Passkeys (FIDO2) enabled tenants (Worldwide): Rollout begins in early April 2026 and is expected to complete by late May 2026.
  • General Availability (GCC, GCC High, and DoD): Rollout begins in early April 2026 and is expected to complete by late April 2026.
    • Automatic migration for existing Passkeys (FIDO2) enabled tenants (GCC, GCC High, and DoD): Rollout begins in early June 2026 and is expected to complete by late June 2026. 

How this affects your organization

Who is affected: Microsoft Entra ID tenants with Passkeys (FIDO2) enabled

What will happen:

If you have not opted in to passkey profiles by your automatic enablement period, your tenant will be migrated to passkey profiles.

  • Your existing Passkey (FIDO2) configurations will be migrated into a Default passkey profile
  • New passkeyType property will be auto-populated
    • If enforce attestation is enabled, then device-bound allowed
    • If enforce attestation is disabled, then device-bound and synced allowed
  • Any existing key restrictions will remain intact
  • Any existing user targets will be assigned to the Default passkey profile

Who is affected for Authentication Methods Registration Campaign changes:

Microsoft Entra ID tenants with passkeys (FIDO2) enabled and active Authentication methods registration campaign set to “Microsoft-managed” state.

What will happen:

If your tenant has passkey profiles that allow both device-bound and synced passkeys, does not have attestation enforcement, and does not have AAGUID‑specific key restrictions, your Microsoft-managed registration campaign settings will be updated.

Resulting Microsoft-managed registration campaign changes:

  • “Targeted authentication method” will change from Microsoft Authenticator to “passkeys (FIDO2)”.
  • “Days allowed to snooze” setting will change from 3days to “1 day”. This setting will no longer be configurable.
  • “Limited number of snoozes” setting will change from Enabled to “Disabled”. This setting will no longer be configurable.
  • The default user targeting will be updated from voice call or text message users to all multifactor authentication (MFA) capable users. 

What is the end user impact:

Once the above changes have taken effect, users targeted in the registration campaign will begin to receive passkey registration nudges during sign-in flows after they have completed multifactor authentication.

What you can do to prepare

If you want a configuration different from the migration defaults, review the timeline above and opt in to passkey profiles before your tenant’s automatic enablement window begins. Then configure the Default passkey profile’s passkeyType to your preferred values.

We also recommend:

  • Review your registration campaign configuration, especially if its set to Microsoft-managed. If you want synced passkeys enabled in your tenant but do not want registration campaign to target passkeys, you can:
    • Switch the registration campaign state to Enabled and continue targeting Microsoft Authenticator, or 
    • Set the registration campaign state to Disabled.
  • Update runbooks and help content so your help desk and end users understand any changes in passkey availability or behavior. 

Learn more:

Compliance considerations

No compliance considerations identified. Review as appropriate for your organization.

Comments Off on INFO: Microsoft Entra ID “auto-enabling” Passkey profiles, beginning March 2026

Posted in Uncategorized | Tags: , , , , , ,

Posted by: kurtsh | March 11, 2026

EVENT: “Microsoft Technical Takeoff 2026” – Windows 11 + Intune – March 2, 9, 16 & 23, 2026

Mondays in March. Deep dives. AMAs. Windows 11, Intune, Windows 365, and Azure Virtual Desktop.

Join us for Microsoft Technical Takeoff 2026 for Windows + Intune! This FREE virtual technical skilling event takes you deep inside the latest features, capabilities, and scenarios for commercial organizations and the IT professionals that support them. Skill up and get answers to your questions from the engineering and product teams behind the features.

View the schedule below:
(Past sessions are recorded & available on-demand)

MONDAY
MARCH 2		MONDAY 
MARCH 9		MONDAY
MARCH 16		MONDAY
MARCH 23
7:00 AM Let’s talk Windows and Intune: 2026 edition7:00 AM The latest in security for Windows 365 and Azure Virtual Desktop7:00 AM Why smarter Windows management starts with Intune7:00 AM AMA: The latest in Windows hardware security
7:30 AM The latest in Windows 11 security7:30 AM Secure Boot certificate updates explained7:30 AM Reporting at scale with Windows Autopatch update readiness7:30 AM Zero Trust DNS: Securing Windows one connection at a time
8:00 AM Uplevel business continuity with Windows 365 Reserve8:00 AM Feedback wanted: App management in the enterprise8:00 AM User experience updates: Windows 365 Boot and more8:00 AM AMA: Secure and manage AI and agentic capabilities in Windows
8:30 AM Hotpatch updates demystified: answers to real-world questions8:30 AM Ready day one: how to get Windows users up and running fast8:30 AM AI roundup: Intune agents for outcome-oriented innovation8:30 AM Deploy and manage Windows 365 with Microsoft Intune
9:00 AM Zero Trust in action: securing endpoints with Intune9:00 AM Making the most of your Intune data 9:00 AM AMA: Getting the most from Security Copilot in Intune9:00 AM Unpacking Endpoint Management: Live from Tech Takeoff 2026
9:30 AM AMA: Windows Autopilot9:30 AM Windows 365 reporting and monitoring updates9:30 AM Manage Apple devices at scale: Intune security best practices9:30 AM Azure Virtual Desktop for hybrid environments
10:00 AM The AI‑powered admin: emerging trends in endpoint management10:00 AM Least privilege on Windows with Endpoint Privilege Management10:00 AM Click less, manage more: simplify app deployment with Intune10:00 AM Protect users, stop attacks: Passkeys on Windows
10:30 AM Eliminating NTLM in Windows10:30 AM Windows 365 Frontline expands with Cloud Apps and more10:30 AM App Control for Business: same roots, new playbook10:30 AM AMA: AI and agentic features for Windows 365
11:00 AM One platform, many industries: smart Android management with Intune11:00 AM From panic to productive: point-in-time restore in Windows11:00 AM Intune timing demystified: what really happens behind the scenes11:00 AM Transitioning to post-quantum cryptography
11:30 AM Resiliency with Windows 365 and Azure Virtual Desktop11:30 AM The Intune playbook for iOS management at scale11:30 AM Migrating from VDI to Windows 36511:30 AM Resilience for the modern era: Windows quick machine recovery

How do I participate?

Go to the event page.  Create your own agenda. Select “Add to Calendar” on a session page to save the date, then click the “Attend” button to save your spot, receive event reminders, and participate in the Q&A. If you can’t make the live session, don’t worry. You can post your questions in advance and catch up on the answers and insights later in the week. All sessions for Tech Takeoff will be recorded and available on demand immediately after airing.

Don’t see the “Attend” button or the ability to post Comments? Make sure to first sign in on the Tech Community!
(You cannot attend or post comments with logging in first)

Dates:
March 2, 9, 16 & 23, 2026 (Past sessions are recorded and available on-demand)
Add the “Technical Takeoff 2026 ” to your calendar
https://techcommunity.microsoft.com/t5/s/gxcuf89792/attachments/gxcuf89792/TechCommunityLive/206/1/Technical%20Takeoff%202026%20-%20Windows%20and%20Intune.ics

Registration/viewing:

Comments Off on EVENT: “Microsoft Technical Takeoff 2026” – Windows 11 + Intune – March 2, 9, 16 & 23, 2026

Posted in Uncategorized | Tags: , , , , , , , ,

Older Posts »

Categories