1. Attack chain targeting Azure Blob Storage — Microsoft Threat Intelligence Microsoft’s Threat Intelligence team published a detailed analysis of an active attack chain that targets Azure Blob Storage. The report describes how adversaries pivot from initial compromise to enumerate storage accounts, abuse SAS tokens and credential leaks, run code to exfiltrate blobs, and use legitimate Azure tooling to stay stealthy. Microsoft outlines detection indicators, mitigation steps (harden storage access, rotate keys, enforce least-privilege SAS policies, and enable Defender for Cloud protections), and recommended hunting queries. If you run blob storage at scale, this is operationally urgent: follow the guidance and audit recent access/logs immediately. Microsoft 2. Microsoft’s Scott Guthrie: ‘Explosion’ of agentic AI and Azure growth In a wide-ranging interview, Scott Guthrie (Microsoft EVP, Cloud + AI) said we’re entering an “explosion” of agentic AI — systems that act on behalf of users — and described Azure’s strategy to support multiple model providers, diversified chip partnerships, and disciplined capacity build-outs. Guthrie framed the change as comparable in scale to the Industrial Revolution, and emphasized customer choice (OpenAI, Anthropic, in-house models) and investments to keep Azure resilient and performant as demand surges. For architects, the message is clear: design for agentic workflows, flexible model routing, and capacity variability. Barron's 3. October Patch Tuesday: broad Microsoft security fixes (important for Azure customers) October’s Patch Tuesday was unusually large, with vendors and security firms flagging ~170+ CVEs fixed across Microsoft products including Entra ID, Windows Server, SQL Server, and components used in Azure services. Analysts urged Azure customers to prioritize critical updates, validate managed services patching windows, and confirm that platform-provided resources (PaaS services, managed VMs) have received vendor patches. The cadence and scale of fixes mean cloud teams should verify automation, test in staging, and ensure monitoring alerts for unpatched service components.

1. Azure delivers first large‑scale GB300 NVL72 supercluster for OpenAI workloads Microsoft announced deployment of a massive Azure cluster featuring 4,608 NVIDIA GB300 NVL72 GPUs, designed as a unified accelerator system capable of 92.1 exaFLOPS for FP4 inference. The multi‑rack cluster uses NVLink 5 and NVIDIA InfiniBand fabric to tightly interconnect GPUs and supports large‑scale AI model training and inference workloads. Microsoft positions this as the first in a series, scaling toward hundreds of thousands of next‑gen GPUs across its datacenters, directly supporting OpenAI and Frontier AI workloads. 2. Microsoft starts migrating GitHub to Azure infrastructure Microsoft has begun a large‑scale effort to move GitHub’s infrastructure onto its Azure cloud over the next ~18 months. The migration is framed as “existential” by the GitHub CTO, signaling that sustaining its AI, Copilot, and developer tool demands requires tighter integration into Microsoft’s cloud core. The move accelerates GitHub’s alignment with Microsoft’s cloud and AI strategy, but it also raises questions about GitHub’s independence, resilience, and operational risk during migration phases. 3. Azure AI Foundry adds multimodal mini‑models + Agent Framework preview Azure AI Foundry’s October updates introduced GPT‑image‑1‑mini, GPT‑realtime‑mini, and GPT‑audio‑mini, enabling cost‑efficient multimodal AI capabilities in image, voice, and video contexts. Alongside that, Microsoft launched the Microsoft Agent Framework in public preview: a unified SDK/runtime to orchestrate multi‑agent systems, merging research efforts (AutoGen, Semantic Kernel) into production tooling. These updates strengthen Foundry’s positioning as a full‑stack AI orchestration and deployment layer.

1. Azure begins Phase‑2 mandatory MFA enforcement for Resource Manager (Oct 1 start) Microsoft started Phase‑2 of its mandatory multifactor authentication rollout for Azure Resource Manager on October 1, 2025. Phase‑1 (portal sign‑ins) reached 100% earlier; Phase‑2 enforces MFA for resource‑management operations, including CLI and PowerShell flows, via Azure Policy. The rollout is gradual and follows Microsoft’s “safe deployment” patterns, but tenants must ensure modern CLI/SDK versions and conditional access policies are in place to avoid disruption. Administrators should validate MFA configuration, update automation credentials, and confirm any postponed enforcement windows. 2. Microsoft publishes Microsoft Agent Framework — public preview for multi‑agent orchestration Microsoft announced the Microsoft Agent Framework in public preview: an open‑source SDK + runtime aimed at simplifying orchestration of multi‑agent systems (bringing research projects like AutoGen and Semantic Kernel together). The framework targets enterprise scenarios where multiple AI agents coordinate to perform complex tasks, with built‑in patterns for orchestration, safety boundaries, and developer tooling. The preview is positioned to accelerate agentic application development on Azure and tie into Microsoft’s broader AI platform roadmap. Developers should evaluate the preview for pilot projects and security controls. 3. Azure Databricks October release adds hosted Anthropic Claude Sonnet 4.5 model and platform updates Azure Databricks’ October 2025 release notes show platform updates including Mosaic model serving additions and Anthropic Claude Sonnet 4.5 available as a Databricks‑hosted model (Oct 3). The release also includes performance and integration improvements for mission‑critical workloads and staged feature rollouts. For Azure Databricks customers, hosted access to new foundation models simplifies experimentation and production deployment while raising considerations for model‑governance, cost, and data egress controls. Review the release notes and staged availability for tenant timing.

1. Microsoft disables certain Azure/AI services used by an Israeli military unit. Following investigative reporting and an internal review, Microsoft says it has ceased and disabled a set of Azure and AI services used by a unit of the Israel Ministry of Defense (IMOD). Microsoft says the decision targets particular services used by that unit after finding evidence consistent with the reporting; the company also emphasized it did not access customer content during the review. The move follows employee protests and public pressure and represents a rare case of a major cloud provider limiting customer access on human-rights grounds. 2. Critical Entra ID (Azure AD) elevation-of-privilege patched (CVE-2025-55241) Microsoft patched a severe Entra ID vulnerability (tracked as CVE-2025-55241) that could lead to cross-tenant token impersonation and global privilege escalation. The flaw — tied to legacy token/actor-token validation paths — received a top severity rating and prompted an emergency patch; Microsoft reports no confirmed exploitation in the wild but urged tenant owners to validate fixes. Security teams are advised to audit token issuance, rotate high-value credentials, and retire deprecated Graph flows.

1) Microsoft commits $30 billion to the UK for AI & cloud infrastructure Microsoft announced a $30 billion investment in the United Kingdom to be spent across 2025–2028, with roughly $15 billion earmarked for capital expenditures to build cloud and AI infrastructure (including a UK supercomputer). The commitment includes partnering with local data-centre firms, deploying thousands of advanced AI GPUs, and expanding operations and talent in the UK. Microsoft framed the move as a long-term bet on British AI capacity and digital sovereignty; UK officials welcomed the investment as a major jobs and infrastructure boost. This announcement dominated last week’s cloud headlines and will reshape local Azure capacity and AI compute availability. 2) Azure launches at-cost data transfer between Azure and external endpoints (GA) Azure announced general availability of an “at-cost data transfer” option for customers and CSP partners in Europe moving data between Azure and external endpoints. The new pricing option aims to reduce barriers for hybrid and multi-provider architectures by lowering the cost penalty for cross-provider data flows. Microsoft’s docs and the Azure updates feed explain how customers can request and configure at-cost transfer for supported scenarios—an important change for architects balancing vendor portability, data gravity, and cost. Expect this to influence multi-cloud designs and edge workflows in the region. 3) Databricks updates: Runtime 17.2 GA + Delta Sharing on Lakehouse Federation (beta) Databricks published September release notes (Sept 16) announcing Databricks Runtime 17.2 is now generally available and that Delta Sharing on Lakehouse Federation is in public beta. These updates improve performance and interoperability for data teams using Azure Databricks—allowing easier schema federation and table sharing across lakehouses. For Azure customers, the release streamlines large-scale data collaboration and reduces friction when sharing analytics across teams, partners, or cloud providers.