Sr. Content Developer at Microsoft, working remotely in PA, TechBash conference organizer, former Microsoft MVP, Husband, Dad and Geek.
157660 stories
·
33 followers

Give your AI agent two memories with Azure App Service

1 Share

Agents feel continuous only when they can operate across two very different time horizons. They need the recent turns that make the current conversation coherent, and they need a smaller set of durable facts that can follow an authenticated user into a new conversation.

This sample implements both horizons on Azure App Service with Microsoft Agent Framework, Azure Managed Redis, Azure Cosmos DB for NoSQL vector search, and Azure OpenAI. It is deployed and available as a complete reference implementation with a browser UI, deterministic local mode, tests, Bicep, and Azure Developer CLI support.

Sample: github.com/seligj95/app-service-agent-memory

Why one memory store is not enough

Conversation history is ordered, session-specific, frequently updated, and naturally short-lived. The agent needs it to resolve statements such as “use the second option” or “what did I just say?”

Durable memory is selective, user-scoped, and useful across sessions. It holds facts such as a preferred deployment region, product name, accessibility need, or writing preference. Retrieval is semantic rather than chronological.

Putting both into one unbounded prompt makes cost, latency, privacy, and deletion harder to reason about. The sample instead gives each horizon a purpose-built store and joins them through the Agent Framework context pipeline.

The Azure architecture

The public FastAPI application runs on one always-on App Service Premium v4 instance with Python 3.13. The browser creates demo user and conversation IDs in local storage. That keeps the sample easy to explore, but it is not production authentication.

For every chat turn, the application:

  1. Validates the user ID, session ID, message, and retrieval limit.
  2. Loads bounded conversation history from Azure Managed Redis.
  3. Creates an embedding for the new input.
  4. Runs a partition-scoped vector query in Cosmos DB for the same user.
  5. Adds relevant durable memories to the Agent Framework context.
  6. Runs gpt-5-mini.
  7. Stores the new conversation messages in Redis and refreshes their TTL.
  8. Extracts conservative durable facts, embeds them, deduplicates them, and upserts them to Cosmos DB.

The chat response also returns memory attribution so the UI can show that a memory influenced the turn.

Short-term history with a custom HistoryProvider

Agent Framework's current Python API makes history a context provider. The custom provider only implements the storage boundary; the framework handles when to load and persist messages.

class RedisHistoryProvider(HistoryProvider):
    def __init__(self, store, ttl_seconds, max_messages=40):
        super().__init__("redis-history")
        self._store = store
        self._ttl_seconds = ttl_seconds
        self._max_messages = max_messages

    async def get_messages(self, session_id, *, state=None, **kwargs):
        user_id = _required_state_value(state, "user_id")
        values = await self._store.load(user_id, session_id)
        return [Message.from_dict(json.loads(value))
                for value in values[-self._max_messages:]]

    async def save_messages(self, session_id, messages, *, state=None, **kwargs):
        user_id = _required_state_value(state, "user_id")
        values = [json.dumps(message.to_dict()) for message in messages]
        await self._store.append(
            user_id, session_id, values, self._ttl_seconds, self._max_messages
        )

The Redis key is session:{user_id}:{session_id}. Each append also trims the list and refreshes the seven-day TTL. Serializing the complete Agent Framework Message preserves tool and attribution metadata instead of reducing history to plain strings.

Durable recall with a custom ContextProvider

The durable provider participates before and after the model call.

class CosmosContextProvider(ContextProvider):
    async def before_run(self, *, agent, session, context, state):
        user_id = _required_state_value(state, "user_id")
        embedding = await self._embeddings.embed(_latest_input_text(context))
        recalled = await self._store.recall(
            user_id, embedding, self._recall_limit
        )
        state["recalled_memories"] = [
            item.model_dump(mode="json") for item in recalled
        ]

        if recalled:
            facts = "\n".join(f"- {item.text}" for item in recalled)
            context.extend_instructions(
                self.source_id,
                "Use these durable memories only when relevant:\n" + facts,
            )

    async def after_run(self, *, agent, session, context, state):
        for fact, category in extract_durable_facts(_latest_input_text(context)):
            embedding = await self._embeddings.embed(fact)
            await self._store.remember(
                state["user_id"],
                fact,
                category,
                state["source_turn"],
                embedding,
            )

The Cosmos container uses /user_id as its partition key and a 1,536-dimension cosine quantizedFlat vector index. Recall is always routed to one user's partition and is bounded to a small result set. A stable ID derived from the user scope and normalized content hash makes writes idempotent.

Passwordless by default

App Service uses its system-assigned managed identity for every data service.

  • Azure OpenAI: Cognitive Services OpenAI User
  • Cosmos DB: native built-in data contributor
  • Key Vault: Key Vault Secrets User
  • Azure Managed Redis: database-scoped Entra access-policy assignment

Azure OpenAI and Cosmos DB local authentication are disabled. Redis requires TLS and Entra authentication, and its access keys are disabled. The application explicitly selects ManagedIdentityCredential in Azure and AzureCliCredential for local real-service development. It does not use a broad production credential chain.

Key Vault remains the secrets boundary for future extensions, although this passwordless sample does not need a runtime secret.

Try it locally without Azure

The deterministic fake mode exercises the real provider pipeline and complete UI without an Azure subscription:

uv sync --python 3.13 --all-groups
uv run uvicorn app.main:app --reload

Open http://127.0.0.1:8000, tell the agent “My favorite launch color is teal,” start a new conversation, and ask for the color. You can inspect attribution, list the stored memory, and forget it.

Deploy with Azure Developer CLI

After creating an azd environment and setting its subscription and supported region, deployment is one command:

azd up --no-prompt

The Bicep creates App Service, Managed Redis, Cosmos DB, Azure OpenAI model deployments, Key Vault, Application Insights, and Log Analytics. A smoke test then checks health, same-session history, explicit remember, new-session recall, list, forget, and absence after forget.

Azure Managed Redis availability is subscription- and region-dependent. The deployed reference uses East US 2 after the service preflight rejected East US for this subscription.

What the demo deliberately does not hide

The browser identity is anonymous and user-controlled. That is useful for understanding the data flow, but a production application must replace it with authenticated claims and authorization on every memory operation.

The sample also keeps one App Service instance. Before scaling out, replace the in-process conversation lock with a distributed lock so concurrent requests cannot reorder one session's history.

Other production work includes private endpoints and VNet integration, consent and retention policy, user export and deletion, content safety, prompt-injection defenses, abuse throttling, per-user quotas, and evaluation of retrieval thresholds.

Learn more

Two memory horizons make the agent easier to operate and easier to trust: session history remains temporary, durable memory remains selective and user-scoped, and both have explicit lifecycle controls.

Read the whole story
alvinashcraft
just a second ago
reply
Pennsylvania, USA
Share this story
Delete

Episode 432: AI-Era Consulting Billing for Microsoft Cloud Delivery

1 Share

Welcome to Episode 432 of the Microsoft Cloud IT Pro Podcast. In this episode, Ben and Scott discuss how AI is not eliminating Microsoft 365 and Azure consulting, but it is changing what clients think they are buying.

Your support makes this show possible! Please consider becoming a premium member for access to live shows and more. Check out our membership options.

Show Notes

Sponsors

Nasuni logo

Nasuni is a leading unstructured data platform for enterprises where file data is mission-critical for both people and AI. Nasuni powers the operational file layer where work happens — helping organizations manage, protect, and activate data so teams can work smarter, reduce costs, and operate securely without limits.

Intelligink logo

Intelligink — Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let us know!





Download audio: https://dts.podtrac.com/redirect.mp3/media.blubrry.com/msclouditpropodcast/content.blubrry.com/msclouditpropodcast/E432.mp3
Read the whole story
alvinashcraft
45 seconds ago
reply
Pennsylvania, USA
Share this story
Delete

The Silence Test — How to Know Your Team Doesn't Need You Anymore | Mirco Gerling

1 Share

Mirco Gerling: The Silence Test — How to Know Your Team Doesn't Need You Anymore

Read the full Show Notes and search through the world's largest audio library on Agile and Scrum directly on the Scrum Master Toolbox Podcast website: http://bit.ly/SMTP_ShowNotes.

 

"Don't talk too much. And only talk if it's necessary." - Mirco Gerling

 

For Mirco, success as a Scrum Master starts with a simple rule he had to fight for: don't try to be someone else. Early in his career, when people kept saying "Mirco, you decide, you're the Scrum Master," he had to do the hard work of pushing back — "no, we decide together." That instinct shapes his whole definition of success. Be authentic. Wait before you speak. Ask before you instruct. And when a discussion stalls, sit with the silence — because in most cases, someone in the team has a better idea than you do. The cleanest test of whether a team is truly self-managing? Disappear. When Mirco took two months of parental leave, his team kept running every Scrum event without him. That's the signal. If you stop sending the sprint review invite, stop preparing the retrospective, stop nudging — and the team picks it up because they own it — your work is showing.

 

Self-reflection Question: What's one thing you currently do for your team that you suspect they would do themselves if you simply stopped doing it?

Featured Retrospective Format for the Week: 1-2-4-All from Liberating Structures

Mirco's universal tool is Liberating Structures, and within that toolbox, 1-2-4-All is his go-to. The pitch: "involve everybody, especially in large groups. And there's nearly no preparation needed." His proof point — facilitating a retrospective for 60 people at the Agile by Nature bar camp in just 20 minutes. The format scales from a team of five to a room of sixty without changing its shape: one minute alone, two minutes in pairs, four minutes in small groups, then a share-back with the whole group. During a 30°C COVID summer in Hamburg, Mirco even ran retros walking outdoors with his team — station to station, down to the lake for ice cream, then back. "It was a very good and constructive retrospective." The lesson: the right structure makes you portable.

 

[The Scrum Master Toolbox Podcast Recommends]

🔥In the ruthless world of fintech, success isn't just about innovation—it's about coaching!🔥

Angela thought she was just there to coach a team. But now, she's caught in the middle of a corporate espionage drama that could make or break the future of digital banking. Can she help the team regain their mojo and outwit their rivals, or will the competition crush their ambitions? As alliances shift and the pressure builds, one thing becomes clear: this isn't just about the product—it's about the people.

 

🚨 Will Angela's coaching be enough? Find out in Shift: From Product to People—the gripping story of high-stakes innovation and corporate intrigue.

 

Buy Now on Amazon

 

[The Scrum Master Toolbox Podcast Recommends]

 

About Mirco Gerling

 

Mirco is an experienced Scrum Master in the public sector. With a strong IT background, he has spent 25 years developing software and driving agile transformations. Passionate about innovation and teamwork, Mirco brings expertise and dedication to every project.

 

You can link with Mirco Gerling on LinkedIn.

 





Download audio: https://traffic.libsyn.com/secure/scrummastertoolbox/20260716_Mirco_Gerling_Thu.mp3?dest-id=246429
Read the whole story
alvinashcraft
53 seconds ago
reply
Pennsylvania, USA
Share this story
Delete

Microsoft 365 Enclave vs. Separate Tenant: Understanding the Difference and Why It Matters

1 Share

One of the questions I hear most frequently from organizations beginning their CMMC journey is whether they should build a CMMC Level 2 enclave or create a completely separate Microsoft 365 tenant. It’s a good question, but I often think it’s the wrong one to ask first. Before discussing architecture, licensing, or technology, organizations should first understand what each approach is trying to achieve. The real decision isn’t about which design is technically better. It’s about understanding the business problem you’re trying to solve.

Too often, conversations jump immediately to GCC High, Microsoft 365 licensing, identity architecture, or migration projects. Those are all important discussions, but they come much later. Whether you’re pursuing CMMC Level 2, protecting Controlled Unclassified Information (CUI), or simply trying to improve your overall security posture, understanding the purpose behind an enclave or a separate tenant is far more valuable than understanding the technical implementation.

Start with the Assessment Boundary

One of the most important concepts to understand is that CMMC does not prescribe a particular architecture. It doesn’t require every organization to build an enclave, nor does it require a separate Microsoft 365 tenant. Instead, the Department of Defense focuses on something much more fundamental: the scope of assessment.

The official CMMC Level 2 Scoping Guide explains how organizations identify the people, technology, facilities, and assets that fall within their CMMC assessment boundary. That boundary is determined by where CUI is stored, processed, or transmitted, as well as the assets that directly support those activities. Once that scope has been defined, the organization is responsible for demonstrating that the required security controls have been implemented within that boundary.

This distinction is important because many discussions about enclaves and separate tenants begin with architecture. In reality, architecture is simply one way of supporting a well-defined assessment boundary. The assessment boundary comes first; the technical design follows.

Understanding a CMMC Enclave

At its core, a CMMC enclave is a defined assessment boundary within an organization’s existing environment, intended to limit where CUI is stored, processed, or transmitted. Rather than bringing the entire enterprise into scope for a CMMC Level 2 assessment, an organization can establish a smaller, clearly defined environment where sensitive work takes place.

The primary objective is to reduce assessment scope. By limiting the number of systems, users, and supporting assets that interact with CUI, organizations can reduce the size of the environment that must demonstrate compliance with the applicable CMMC practices. That doesn’t necessarily make compliance easy, but it can make it significantly more manageable than attempting to include an entire enterprise that has little or no interaction with CUI.

It’s important to recognize that an enclave is not simply a collection of technical controls. It’s a business decision about where sensitive information belongs and who genuinely needs access to it. Once those decisions have been made, the technology is used to enforce those boundaries.

Understanding a Separate Microsoft 365 Tenant

A separate Microsoft 365 tenant approaches the problem from a different direction. Rather than defining a smaller assessment boundary within an existing environment, it creates an entirely separate cloud environment with its own identities, administration, workloads, security policies, and operational boundaries.

Organizations often consider this approach when they have distinct business operations, such as commercial and government contracting, or when contractual obligations, operational requirements, or long-term strategy justify maintaining complete separation between different parts of the business.

It’s important not to think of an enclave and a separate tenant as competing solutions. An enclave is commonly used to reduce the assessment scope around CUI, while a separate tenant is an architectural decision that may also provide organizational and administrative separation. In some cases, the two concepts overlap. In others, they solve entirely different business problems.

Microsoft’s Perspective

Microsoft addresses this question directly in its CMMC guidance under the heading “Should I build a data enclave or should I go all in?” Rather than recommending a single architecture, Microsoft presents the tradeoffs organizations should consider.

For some organizations, a data enclave can reduce costs by limiting the number of users and workloads that require migration into Microsoft 365 GCC High. At the same time, Microsoft cautions that organizations need to think carefully about where information flows outside that enclave. Email, file sharing, collaboration platforms, and personal storage locations can all affect the assessment boundary if they allow CUI to move beyond the intended environment.

That balanced approach reflects the reality facing most organizations. There is rarely a single correct answer. The right decision depends on the organization’s business model, contractual obligations, operational complexity, existing investments, and long-term strategy.

CMMC Doesn’t Require an Enclave

This is one of the biggest misconceptions I encounter. Many organizations assume that achieving CMMC Level 2 automatically means building an enclave or deploying a separate Microsoft 365 tenant. The official guidance doesn’t say that.

The Department of Defense requires organizations to clearly define their CMMC assessment scope and demonstrate that the applicable security requirements have been implemented within that scope.

For some organizations, that assessment boundary may include the entire enterprise. For others, it may consist of a dedicated business unit, an enclave within an existing environment, or another well-defined area for handling CUI. The architecture itself is not the requirement. The requirement is to protect CUI within a clearly defined assessment scope.

What Actually Belongs Inside a CMMC Enclave?

Once organizations understand that an enclave is really about defining an assessment boundary, the next question naturally becomes, “What actually belongs inside it?”

The answer is surprisingly straightforward. Anything that stores, processes, or transmits Controlled Unclassified Information (CUI), along with the people and supporting systems required to perform that work, should be considered when defining the enclave. The emphasis is not on placing as much as possible inside the boundary, but rather on ensuring that everything necessary to securely handle CUI is included while avoiding unnecessary expansion of the assessment scope.

That doesn’t mean every employee, every application, or every server suddenly becomes part of the enclave. If a department has no interaction with CUI, there may be little reason for it to fall within the assessment boundary. Likewise, users who never need access to CUI generally don’t need to be included simply because they work for the same organization.

This is one of the reasons the official CMMC Level 2 Scoping Guide categorizes assets based on their relationship to CUI and the assessment boundary. Rather than viewing the environment as a single collection of systems, the guidance encourages organizations to identify which assets directly handle CUI, which support those systems, and which fall completely outside the assessment scope. That structured approach allows organizations to make informed decisions about what should, and just as importantly, should not, become part of the enclave.

Ultimately, the objective isn’t to build the smallest enclave possible. The objective is to build the correct enclave. A boundary that is too large increases cost, operational complexity, and assessment effort. A boundary that is too small may fail to include systems that genuinely support the handling of CUI. Finding the right balance is one of the most important architectural decisions an organization will make during its CMMC journey.

When Does a Separate GCC High Tenant Make Sense?

One question that often follows is whether an organization should move directly to a separate Microsoft 365 GCC High tenant or build an enclave within its existing environment.

There isn’t a universal answer because this decision is driven far more by business requirements than by technology. Some organizations have only a relatively small number of users working with CUI, making an enclave an effective way to reduce the assessment scope while allowing the remainder of the business to continue operating in its existing Microsoft 365 environment. For others, particularly those whose primary business centers on Department of Defense contracts, maintaining separate environments may offer a cleaner operational model.

A separate GCC High tenant may also make sense when an organization wants clear separation between commercial and government operations, has contractual obligations that require stronger isolation, or is planning for long-term growth in its defense business. In these situations, maintaining independent identities, administration, collaboration services, and security policies can simplify governance by creating an obvious boundary between different areas of the business.

However, it’s important not to assume that a separate tenant automatically makes an organization more compliant. A separate tenant is simply another architectural approach. It still requires careful planning, governance, identity management, data protection, and operational processes. Likewise, an enclave inside an existing tenant isn’t inherently better or worse. Both approaches can be successful when they are designed around clearly defined business objectives and an accurate understanding of the organization’s CMMC assessment scope.

Rather than asking whether GCC High is always the right answer, organizations should first ask a much simpler question:

“What is the most appropriate architecture for the way our business operates?”

Once that question has been answered, the technology decisions become significantly easier.

Looking Beyond CMMC

This is where I think the conversation becomes much more interesting. The principles behind enclaves have value even if your organization has absolutely no intention of pursuing CMMC certification. Every business has information that deserves a higher level of protection than everything else. Financial information, legal documents, executive communications, intellectual property, customer records, and employee data all carry different levels of business risk.

Many organizations already apply these principles without referring to them as enclaves. Human Resources naturally limits access to personnel files. Finance teams restrict payroll systems. Legal departments protect privileged communications. Research and development teams often work within secure environments separate from day-to-day business operations.

None of those decisions is driven by CMMC. They’re driven by sound governance and an understanding that not all information should be treated the same.

Security Should Follow the Data

In my experience, one of the best ways to think about security is to follow the data rather than the technology.

Organizations often begin by asking how to secure an application or a platform, but the more useful questions are usually much simpler.

  • What information are we trying to protect?
  • Who genuinely needs access to it?
  • Where does it live?
  • How does it move?
  • What would happen if it were exposed?

Answering those questions naturally leads to better security decisions. Instead of applying the strongest possible controls everywhere, organizations can apply the appropriate controls where they provide the greatest risk reduction.

That way of thinking isn’t unique to CMMC. It’s a principle that aligns with many modern security frameworks, including Zero Trust, in which protecting sensitive information and minimizing unnecessary access are primary design goals.

Reducing Risk Without Increasing Complexity

One unintended consequence of compliance programs is that organizations sometimes believe every security control should be applied equally across the entire business. While that may sound like the safest approach, it often introduces unnecessary complexity without providing meaningful reductions in risk.

A well-defined assessment boundary allows organizations to focus resources where they matter most. Users who never interact with CUI don’t necessarily need to operate under the same restrictions as those who work with sensitive defense information every day. By aligning security controls with business risk, organizations can strengthen security while avoiding unnecessary operational overhead.

That balance between protection and productivity is something every organization should strive for, regardless of whether CMMC is a business requirement.

Final Thoughts

Whether you’re considering a CMMC Level 2 enclave or a completely separate Microsoft 365 tenant, don’t start by asking which architecture is better. Start by asking what you’re trying to achieve.

  • Are you trying to reduce the scope of your CMMC assessment?
  • Are you separating commercial and government operations?
  • Are you protecting Controlled Unclassified Information?
  • Are you simplifying administration?
  • Are you reducing organizational risk?

Those answers will naturally guide the architectural decisions that follow.

Perhaps the biggest takeaway is this: the concepts behind enclaves are valuable far beyond CMMC. Defining clear security boundaries, reducing unnecessary exposure, limiting access to sensitive information, and aligning security controls with business risk strengthen almost every organization.

CMMC has certainly brought the concept of enclaves into the spotlight, but the underlying principle isn’t unique to defense contractors. Protect the information that matters most, define clear boundaries around it, and apply the appropriate security controls where they have the greatest impact. That’s simply good security.

Official References

Microsoft Learn

Microsoft and the Cybersecurity Maturity Model Certification (CMMC)
Microsoft’s official guidance for organizations evaluating CMMC, including the section “Should I build a data enclave or should I go all in?” and considerations around Microsoft 365 GCC and GCC High.
https://learn.microsoft.com/en-us/compliance/us-government/gov-cmmc

Cybersecurity Maturity Model Certification (CMMC) for Azure
Overview of how Azure services support organizations working toward CMMC requirements.
https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-cmmc

Department of War

CMMC Resources and Documentation
The official repository for CMMC guidance, assessment guides, scoping guides, and supporting documentation.
https://dodcio.defense.gov/CMMC/Resources-Documentation/

CMMC Level 2 Scoping Guide
The definitive guidance on defining the assessment scope, assessment boundary, and asset categorization for a Level 2 assessment.
https://dodcio.defense.gov/Portals/0/Documents/CMMC/ScopingGuideL2v2.pdf

32 CFR Part 170 – Cybersecurity Maturity Model Certification Program
The official regulation that establishes the CMMC Program and its associated assessment requirements.
https://www.ecfr.gov/current/title-32/subtitle-A/chapter-I/subchapter-D/part-170

Read the whole story
alvinashcraft
1 minute ago
reply
Pennsylvania, USA
Share this story
Delete

A Beginner's Guide to Python: Hands-On Projects to Get You Coding

1 Share

Have you been wanting to learn how to code but found it a bit too overwhelming or confusing? We just published a brand new course on the freeCodeCamp.org YouTube channel that is designed specifically for absolute beginners. This comprehensive Python tutorial, created by Sunny Damalu, takes you from beginner to building your own functional real-world applications.

In this course, you will learn the fundamentals of Python programming in a logical, step-by-step sequence. You will start with the absolute basics, learning how to install Python, set up the Zed code editor, and write your very first "Hello World" program. As you progress, you will master essential concepts like working with variables, data types, string manipulation, and operators. You will also learn how to build dynamic programs using user inputs, if statements, and loops.

Once you have a firm grasp on the fundamentals, you will apply your new skills by building several hands-on projects from scratch. You will write a dynamic calculator, create a secure random password generator, build a MAC address generator, and even explore networking by writing a script to check your internet connectivity using Python's socket module.

You can watch the full course on the freeCodeCamp.org YouTube channel (9-hour watch).



Read the whole story
alvinashcraft
1 minute ago
reply
Pennsylvania, USA
Share this story
Delete

AI Natural Language Document Generation with MCP and TX Text Control .NET

1 Share
This article explains how AI agents can use natural language to create documents through an MCP server. Instead of letting a language model generate documents directly, the AI translates prompts into structured tool calls while TX Text Control performs the actual document processing.

Read the whole story
alvinashcraft
2 minutes ago
reply
Pennsylvania, USA
Share this story
Delete
Next Page of Stories