You can’t make this up. Microsoft shipped a Windows 11 update yesterday that is supposed to make dark mode more consistent, with dialogs in File Explorer finally getting a dark mode for actions like copying, moving, or deleting files and folders. You get all that, but Microsoft will also treat you with a giant white flash every time you open File Explorer.
“After installing KB5070311, you might experience issues when opening File Explorer in dark mode,” admits Microsoft in the known issues section of its new Windows 11 update. “The window might briefly display a blank white screen before loading files and folders.”
The white flash is like a flash bang if you’re working in the dark with dark mode enabled, and Microsoft says it’s now working on a fix for the problem. If you don’t want to wait for an official fix, you can also use a Windhawk mod to return File Explorer dark mode to normal.
It’s odd that Microsoft didn’t catch this very obvious bug in testing, especially as the company has committed to a more “consistent dark mode experience” generally across Windows 11. The Run dialog in Windows 11 is also getting a dark mode soon, as well improvements to progress bars and charts views, and confirmation and error dialogs.
Scott Smith: Why Great Scrum Masters Create Space for Breaks
Read the full Show Notes and search through the world's largest audio library on Agile and Scrum directly on the Scrum Master Toolbox Podcast website: http://bit.ly/SMTP_ShowNotes.
"Think of the people involved. Put yourself in the shoes of the other." - Scott Smith
Scott found himself in the middle of rising tension as voices escalated between the Product Owner and the development team. The PO was harsh, emotions were running high, and the conflict was intensifying with each exchange. In that moment, Scott knew he had to act.
He stepped in with a simple but powerful reminder: "We're on the same team." That pause—that momentary break—allowed everyone to step back and reset. Both the PO and the team members later thanked Scott for his intervention, acknowledging they needed that space to cool down and refocus on their shared outcome.
Scott's approach centers on empathy and perspective-taking. He emphasizes thinking about the people involved and putting yourself in their shoes. When tensions rise, sometimes the most valuable contribution a Scrum Master can make is creating space for a break, reminding everyone of the shared goal, and helping teams focus on the outcome rather than the conflict. It's not about taking sides—it's about serving the team by being the calm presence that brings everyone back to what matters most.
Self-reflection Question: When you witness conflict between team members or between the team and Product Owner, do you tend to jump in immediately or create space for the parties to find common ground themselves?
Featured Book of the Week: An Ex-Manager Who Believed
"It was about having someone who believed in me." - Scott Smith
Scott's most influential "book" isn't printed on pages—it's a person. After spending 10 years as a Business Analyst, Scott decided to take the Professional Scrum Master I (PSM I) course and look for a Scrum Master position. That transition wasn't just about skills or certification; it was about having an ex-manager who inspired him to chase his goals and truly believed in him. This person gave Scott the confidence to make a significant career pivot, demonstrating that sometimes the most powerful catalyst for growth is someone who sees your potential before you fully recognize it yourself. Scott's story reminds us that great leadership isn't just about managing tasks—it's about inspiring people to reach for goals they might not have pursued alone. The belief and encouragement of a single person can change the trajectory of someone's entire career.
[The Scrum Master Toolbox Podcast Recommends]
🔥In the ruthless world of fintech, success isn't just about innovation—it's about coaching!🔥
Angela thought she was just there to coach a team. But now, she's caught in the middle of a corporate espionage drama that could make or break the future of digital banking. Can she help the team regain their mojo and outwit their rivals, or will the competition crush their ambitions? As alliances shift and the pressure builds, one thing becomes clear: this isn't just about the product—it's about the people.
🚨 Will Angela's coaching be enough? Find out in Shift: From Product to People—the gripping story of high-stakes innovation and corporate intrigue.
Scott Smith is a 53-year-old professional based in Perth, Australia. He balances a successful career with a strong focus on health and fitness, currently preparing for bodybuilding competitions in 2026. With a background in leadership and coaching, Scott values growth, discipline, and staying relevant in a rapidly changing world.
On this episode of Getting Black Women Paid, ‘Tine sits down with Tess Padmore for a powerful conversation about trauma-informed innovation. Tess shares how her lived experiences shaped the way she approaches design, showing us that real solutions must start with the people they’re meant to serve.
This episode is about more than products—it’s about healing, purpose, and creating systems that actually work for us. Tess’s story is inspiring, real, and a reminder that innovation rooted in care has the power to transform communities.
Be sure to follow us wherever you're listening now. And don't forget to share this podcast with the incredible Black women in your life, so we can continue Getting Black Women Paid!
This blog post is part of The C# Advent Calendar 2025, a series of 50 posts about C#. Be sure to check out the rest of the blog posts in the calendar! Over the years, I've relied on Meziantou.DotNet.CodingStandard, a NuGet package, to establish a consistent baseline across all my .NET projects. This approach includes style enforcement, essential analyzers, sensible build defaults, and additional tooling.…
Microsoft has released one of the most significant updates to Azure Virtual Desktop architecture in years: Azure Files now supports Entra ID–only authentication for SMB access (preview).
This means FSLogix profiles hosted in Azure Files no longer require:
Active Directory Domain Controllers
Azure AD Domain Services
Hybrid identity
NTLM/Kerberos authentication paths
This update unlocks true cloud-native AVD with zero Windows Servers.
Why This Matters
Historically, FSLogix demanded a domain-joined identity backend for SMB access. Even in cloud-first AVD deployments, organizations were forced to maintain either Active Directory Domain Services or rely on Storage Account Keys as a workaround. The root causes were straightforward:
SMB authentication depended on Kerberos or NTLM
Azure Files SMB only supported AD-backed identities
Session hosts required domain credentials to authenticate
With this update, Azure Files can now authenticate SMB clients directly using Entra ID OAuth tokens—completely eliminating the need for legacy directory services.
For AVD architects, this changes everything.
What’s New
Azure Files now supports:
Entra ID–based OAuth tokens for SMB
RBAC-based permissioning
No reliance on Kerberos or NTLM
Entra ID Joined VM support for FSLogix
Token-based access that aligns with Zero Trust principles
Directory and file-level permissions configurable via the Azure Portal (no more icacls from domain-joined machines!)
This is the first time Microsoft officially supports FSLogix profiles on Azure Files without any AD.
Architecture: Before vs After
🏢 Before: FSLogix on Azure Files (Traditional Model)
Traditional architecture requiring domain controllers, Azure AD DS, or hybrid identity for FSLogix profile access.
☁️ After: Cloud-Native FSLogix Using Entra ID Only (Preview)
Simplified cloud-native architecture: Entra joined session hosts authenticate directly to Azure Files via OAuth tokens.
Before You Begin: Prerequisites
For Cloud-Only Identities (Preview):
Windows 11 Enterprise/Pro (single or multi-session)
Windows Server 2025 with latest cumulative updates
Clients must be Microsoft Entra joined (not hybrid joined or AD-only)
For Hybrid Identities:
Windows 11 Enterprise/Pro (single or multi-session)
Windows 10 Enterprise/Pro, version 2004 or later with KB5007253
Windows Server 2022/2025 with latest cumulative updates
AD DS with Microsoft Entra Connect or Entra Connect cloud sync
Important Considerations:
You can only use one identity source per storage account
MFA must be disabled for the storage account’s service principal
The WinHTTP Web Proxy Auto-Discovery Service must be running
The IP Helper service (iphlpsvc) must be running
Configuration Guide
For the full step-by-step instructions, see the official Microsoft documentation:
No more deploying and maintaining domain controllers or Azure AD Domain Services just for FSLogix. Your identity layer is fully managed by Microsoft Entra ID.
2. Enables Serverless AVD
Build complete AVD environments with zero Windows Server infrastructure. Session hosts, storage, and identity—all cloud-native PaaS/SaaS.
3. Simplifies Networking
Eliminate the need for site-to-site VPNs or ExpressRoute connections to on-premises AD. No more firewall rules for Kerberos/LDAP traffic.
4. Reduces Cost
No domain controller VMs to run 24/7
No Azure AD DS monthly fees (~$109+/month)
Reduced networking costs
Less operational overhead
5. Future Aligned (Zero Trust)
Token-based authentication with RBAC aligns perfectly with Zero Trust principles. No legacy protocols, no persistent credentials on the wire.
🌍 Regional Availability
Hybrid Identities: Available in Azure Public, Azure US Gov, and Azure China 21Vianet clouds.
Cloud-Only Identities (Preview): Currently available only in Azure Public cloud, limited to default share-level permissions for all authenticated identities.
📌 Preview Limitations
Before diving in, be aware of these current limitations:
Limitation
Details
Windows Build Requirements
Cloud-only requires Windows 11 or Server 2025; hybrid needs Win10 2004+ or Server 2022+ with specific KBs
Single Identity Source
You can’t mix Entra Kerberos with AD DS or Entra Domain Services on the same storage account
MFA Exclusion Required
The storage account service principal must be excluded from MFA policies
Cloud-Only RBAC
Cloud-only identities can only use default share-level permissions (no per-user/group RBAC yet)
File Explorer Permissions
Configuring ACLs via Windows File Explorer isn’t supported for cloud-only identities
External Identity Limits
FSLogix on AVD is supported for external B2B users, but cross-cloud guests are not
Not Yet GA
This is still in preview—expect changes before general availability
🧭 What This Means for FSLogix
This update fundamentally changes how you can architect FSLogix profile storage:
Old Requirement
New Reality
AD DS domain controllers
❌ Not required
Azure AD Domain Services
❌ Not required
Hybrid domain join
❌ Not required
On-premises network connectivity
❌ Not required
Kerberos/NTLM protocols
❌ Not required
What Works Today:
✅ FSLogix profile containers on Azure Files
✅ MSIX App Attach from Azure Files
✅ Entra ID joined session hosts
✅ Cloud-only user accounts
✅ Azure Portal-based ACL management
Cross-Platform VDI Impact: While this announcement is most impactful for AVD, the underlying Azure Files capability benefits any VDI platform that supports Entra ID joined session hosts, including:
Citrix DaaS (with Entra joined VDAs)
VMware Horizon (with Entra joined desktops)
Third-party VDI solutions
🔧 Troubleshooting
If you encounter issues, Microsoft provides a debugging cmdlet:
This cmdlet performs basic checks on your Entra ID configuration and helps identify common misconfigurations.
Common Issues:
Service principal password expired (for manual preview setups)
MFA not properly excluded
Missing admin consent on API permissions
Client not configured for cloud Kerberos ticket retrieval
📣 Final Thoughts
This is the biggest identity improvement for AVD since Azure AD Join. For the first time, you can build a 100% cloud-native AVD environment without any Active Directory dependency.
The ability to configure directory and file-level permissions directly in the Azure Portal is a massive quality-of-life improvement—no more spinning up domain-joined jump boxes just to run icacls commands.
If you’re planning a greenfield AVD deployment or looking to modernize an existing environment, this preview is worth evaluating today.
Today we are excited to announce the launch of Policies to all Enterprise customers. Policies enable users to easily enforce deployment standards across their Octopus instance without manual effort.
What are Policies?
Policies in Octopus are designed to ensure compliance and governance by default, making it easier to enforce deployment controls at scale. This approach allows you to shift compliance left, alleviating the burden of manual audits and enabling you to maintain high standards across your organization. With policies, you can enforce organization-wide compliance across teams and regions, moving governance out of Confluence docs and Slack threads and into the heart of your delivery pipeline.
Using Rego, you can write custom policy checks that align with your requirements, block non-compliant deployments, and access detailed audit logs of policy evaluation events. This method ensures compliance is not an afterthought; it is embedded within every deployment pipeline, providing a seamless and efficient way to uphold governance standards across all activities.
Why use Policies?
Policies streamline the enforcement of standards across all deployments by automating compliance checks and governance measures.
Consider implementing policies if:
You want to ensure that every deployment conforms to predefined standards without manual effort.
You wish to manage these standards centrally, allowing for consistent application across your organization and easy updating of standards.
While policies may not be necessary in every deployment scenario, they are invaluable if maintaining compliance and security is a priority. By embedding policies into your deployments, you can minimize risks and ensure that all teams are aligned with your organizational standards.
What policies can I enforce?
Check that a deployment step is present when deploying to production
This policy can check that any step (Octopus step, Custom step template, Community Step template, or Process Template) exists in a deployment process (or runbook process), and:
Is not skipped
Is enabled
Is at a certain position in the deployment process (or runbook process)
Is a certain version (for custom step templates, community step templates, and process templates)
Isn’t run in parallel with another step.
when deploying to any environment.
Example:
I can check that all deployments to production must have my “Security-Scan” process template present at the end of every deployment and is of version 2.0.0.
Check that a package, container image, or deployment process from a version-controlled deployment process is from the main / master branch when deploying to production.
This policy can check that a:
Package
Container Image
Deployment process from a version-controlled process
are from the main / master branch when deploying to any environment.
Example:
I want to ensure that all deployment processes in my version controlled project are from the main / master branch so that only approved deployment processes are being used to deploy to production.
To get started, please visit our documentation, which contains examples of common scenarios that you can use as a reference.
Conclusion
Policies are now available to all Enterprise customers. If you are on Enterprise Cloud, you can click the Platform Hub icon to get started. If you are using a self-hosted version of Octopus, please upgrade to the 2025.4 server release to adopt Policies.
Log in
