Jon Skeet, the first Stack Overflow user with a million reputation, sits down with Ryan to share his wealth of knowledge on all things development: the deceptively simple but actually complicated problem of timezones, the importance of clear documentation for programmers, handling breaking changes and upgrading legacy systems, and the need for improved communication skills among developers.

PostgreSQL 17 release delivers performance enhancements, improved JSON processing, and support for one-click in-place upgrades of existing servers.

What’s New

• General Availability of PostgreSQL 17 engine
  Benefit from the latest community innovations—improved vacuum performance, JSON functions enhancements, and dynamic logical replication—backed by Azure’s enterprise SLA.
• In-place Major Version Upgrade
  Upgrade your server “in place,” retaining your server name, connection strings, and configuration. No data migration, no downtime for read replicas, and minimal disruption.
  • One-click upgrade via Azure Portal
  • CLI support with az postgres flexible-server upgrade
  • Automated health checks and rollback safety
• Default Version
  PostgreSQL 17 is now the default for new server creations and major version upgrades.

PostgreSQL 17 Feature Highlights

Experience the next level of performance, scalability, and developer productivity with PostgreSQL 17:

• Advanced Vacuum Enhancements: Reduced maintenance overhead with smarter vacuum strategies and faster cleanup.
• JSON Processing Upgrades: New functions and optimizations for querying and transforming JSON data at scale.
• Dynamic Logical Replication: Simplify real-time data distribution with enhanced replication controls and improved throughput.
• Query Planner Improvements: Smarter join ordering and parallel plan enhancements for complex workloads.
• Security and Compliance : Strengthened encryption options and audit logging features to meet enterprise requirements.

Dive deeper into all the new features in the official PostgreSQL 17 release notes.

Why In-Place Upgrades Matter?

Traditional major-version upgrades often require provisioning a new server, copying data, and updating connection strings—steps that introduce complexity and risk. With in-place upgrades, you can:

1. Simplify operations: Keep your existing server endpoint and firewall rules.
2. Reduce downtime: Upgrade faster with built-in “stop, pg_upgrade, restart” workflow.
3. Maintain HA: For HA-enabled servers, we automatically disable HA, upgrade your primary, then recreate the replica—minimizing manual steps.

 

Did you know? Azure Database for PostgreSQL provides a 5-year standard support policy for each major engine version—so you’ll have long-term peace of mind as you plan and execute your upgrades.

How to Upgrade Today?

Portal

• Access your flexible server resource
• On the Overview page, in the toolbar, select Upgrade.
• Under Upgrade, select PostgreSQL 17 and click Upgrade
• In the Upgrade sidebar, in the PostgreSQL version to upgrade text box, verify the major version you want to upgrade to, that is “17”

CLI

az postgres flexible-server upgrade \ --name <your-server> \ --resource-group <your-rg> \ --target-version 17</your-rg></your-server>

 

Storage requirement: Ensure you have at least 10–20% free storage available to accommodate temporary files during pg_upgrade. Downtime advisory: Major version upgrades will incur downtime; the duration varies based on your database size and the number of tables it contains.

Conclusion

PostgreSQL 17 is now the default for new servers and ready for in-place upgrades on your existing flexible servers. Upgrade today to benefit from performance improvements, enhanced JSON support, and simplified major version upgrades. To learn more, read:

• PostgreSQL 17 Preview on Flexible Server (Sep 2024)
• Query Performance Improvements (Oct 2024)
• In-Place Upgrade Public Preview Recap (May 2025)
• Official PostgreSQL 17 Release Notes

Thank you for choosing Azure Database for PostgreSQL.

Please enjoy this encore of Only Malware in the Building.

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is ⁠⁠Selena Larson⁠⁠, ⁠⁠Proofpoint⁠⁠ intelligence analyst and host of their podcast ⁠⁠DISCARDED⁠⁠. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by ⁠⁠N2K Networks⁠⁠ ⁠⁠Dave Bittner⁠⁠ and our newest co-host, ⁠Keith Mularski⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠Qintel⁠.

Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our hosts discuss the growing trend of cybercriminals using legitimate remote monitoring and management (RMM) tools in email campaigns as a first-stage payload. They explore how these tools are being leveraged for data theft, financial fraud, and lateral movement within networks. With the decline of traditional malware delivery methods, including loaders and botnets, the shift toward RMMs marks a significant change in attack strategies. Tune in to learn more about this evolving threat landscape and how to stay ahead of these tactics.

Download audio: https://traffic.megaphone.fm/CYBW2365132376.mp3?updated=1751298309

 

For IT admins and Microsoft 365 admins
7-minute read

 

Overview

Shadow AI is almost certainly happening across your organization—whether you can see it or not. Employees are using tools like ChatGPT and Notion AI to get work done, even without organizational knowledge or approval. This creates real risks like data leakage, compliance violations, and a lack of visibility into how employees are using artificial intelligence.

Fortunately, IT admins are in a unique position to fix the problem at its core.

Today's article is intended to be a practical playbook for helping IT admins lead the charge toward responsible AI use in their organizations by empowering secure, compliant, and easy-to-manage agents for Microsoft 365 Copilot Chat.

What is shadow AI?

Like shadow IT, the term ‘shadow AI’ exists for a reason: it refers to unsanctioned, often hidden, use of AI tools.

In the shadows, artificial intelligence can be hard to detect and even harder to govern. Tools can be browser-based, embedded in SaaS apps, or used on personal devices. Controls that mitigate shadow IT—like app blocking or firewall rules—don’t necessarily translate to AI use.

Both shadow IT and shadow AI involve technical and behavioral elements, however unauthorized use of AI presents deeper behavioral challenges beyond unauthorized tools. These challenges center around how users make decisions and potentially bypass governance in ways that are harder to detect and control.

While employees may not want to go rogue or bypass IT—and they generally don’t want to put the organization at risk—they do want to get their work done efficiently. They turn to public AI tools when they can’t find the capabilities they need inside the tools they have permission to use.

Agents for Microsoft 365 Copilot Chat give you a way to lead AI use into the light and meet your users’ needs with modern AI business tools. By building and deploying task-specific, data-grounded chat experiences that live inside Microsoft 365, users get fast, relevant answers they’re looking for without having to step into the shadows and leave the secure environment you manage.

These agents are part of the broader Microsoft 365 Copilot ecosystem and are designed to automate and execute business processes directly within Copilot Chat. 

Should you ignore or even allow shadow AI?

When employees use public AI tools without oversight, they create risks that are harder to detect, harder to govern, and harder to reverse.

For IT admins, the stakes are high for operational, security, and technical risks:

1. Loss of visibility and control: You can’t protect what you can’t see.

• • Shadow AI obscures oversight. It’s harder to track usage or enforce policies for tools used outside your environment.

• • No centralized monitoring = no control. Without a unified view, you can’t troubleshoot issues, optimize usage, or step in when something goes wrong.
  • Shadow data silos emerge. Generative AI content created outside your tenant isn’t retained or governed, which complicates lifecycle management, legal holds, and compliance requests.

2. Security and compliance risks

• • Enterprise-grade protections are lacking. Most public AI tools don’t support conditional access, audit logs, or data loss prevention (DLP) policies, leaving you with blind spots and increased risk of data leaks.

• • Sensitive data exposure. Employees may unknowingly input proprietary or regulated data into public models, risking violations of GDPR, HIPAA, or internal policies.
  • Compliance gaps. If tools aren’t tracked or documented, they increase the burden of proving compliance and can become major liabilities during audits or regulatory reviews.

3. IT and governance challenges

• • IT is out of the loop. Adoption of unauthorized AI tools sidelines IT, preventing teams from recommending secure, supported alternatives or aligning tools with organizational standards. When users go rogue with AI tools, they aren't using recommended secure, supported options that align with your environment and policies.
  • Tool sprawl = more support tickets. Unapproved tools often lack integration with existing systems, creating support burdens and increasing the risk of misconfigurations. 

Bottom line: Allowing or ignoring shadow AI will make it much harder to manage later. That’s why Copilot Chat agents, combined with strong governance and user education, are such a powerful response: they give you a way to meet end user demand without losing control.

What IT admins are up against

When it comes to eradicating rogue AI, admins have their work cut out for them. Here’s a summary table of how activating Copilot Chat agents at your organization can help stem the tide:

 

 

Copilot Chat agents remove the roadblocks to getting value from AI

Microsoft's chat agents aren’t just another AI tool—they’re designed to work the way IT works.

• Secure by design: Agents run inside your Microsoft 365 tenant and authenticate through Azure AD.
• Compliant by default: They respect DLP and audit policies and retention through Microsoft Purview.
• Customizable and governable: You can define access, data sources, and usage policies.
• Easy to deploy: Agents live inside Teams and Microsoft apps, so users don’t need to install anything new.

Copilot Chat agents strengthen governance

While Copilot for Microsoft 365 helps users work more efficiently inside apps like Word, Excel, and Teams, Copilot's AI agents go a step further. They give IT the ability to create task-specific, role-based, and data-grounded AI experiences that directly replace the kinds of tools employees might otherwise seek out on their own.

Key deployment benefits for IT admins

Take the next step

Like shadow IT, you may not get rid of shadow AI completely or overnight. But you can meet it head-on with tools that work for your users and comply with your policies.

Start by deploying a few AI Chat agents in high-impact areas. Use the resources in this article to guide your rollout.

With Copilot Chat agents, you’re not just solving a technical problem. You’re leading your organization toward safer, smarter AI adoption.

Tools that make it easier

When it comes to Microsoft 365 deployments, you’re never alone. FastTrack for Microsoft 365 offers a full set of resources to help you learn about, build, manage, and instruct end users on Copilot Chat agents:

Credentialed access, sign in required:

• Microsoft 365 advanced deployment guides and assistance
• Microsoft 365 Copilot onboarding hub
• Microsoft 365 Copilot: Quickstart, Copilot Chat licensing

Open access, no sign-in required:

• Get started with Microsoft 365 Copilot extensibility
• Microsoft 365 Copilot ADG: Streamlining your Copilot journey (video)
• Copilot Chat Success Kit – Microsoft Adoption
• Microsoft Copilot AI setup and usage guides
• AI in business: Artificial intelligence tools & solutions (blog)
• Request assistance from FastTrack

Deployment blueprint: Get started today

Remember: You don’t need to roll out everything at once. Start small, build momentum, and scale responsibly.

Here’s a blueprint that will get you to the finish line:

Copilot Chat agent deployment checklist

Step 1: Prepare your environment

☐ Set up Copilot Studio and review licensing.

☐ Create Power Platform environments that reflect your data boundaries and governance needs.

☐ Identify early declarative agent use cases (e.g., HR FAQs, IT help desk).

Note: Only declarative agents are currently supported in Copilot Chat. Agents that access tenant data (e.g., SharePoint, Graph) require pay-as-you-go billing.

Step 2: Define governance policies

☐ Use role-based access control (RBAC) to manage who can create, publish, and use agents.

☐ Apply naming conventions, approval workflows, and publishing guidelines.

☐ Set up guardrails for data access, agent behavior, and knowledge sources.

☐ Assign maker permissions via Microsoft Entra groups or Copilot Studio user licenses.

Step 3: Deploy and monitor

☐ Use the Microsoft admin center and Power Platform admin center to manage billing and access.

☐ Monitor usage with audit logs, analytics, and the Copilot Control System.

☐ Identify which teams are still using unauthorized AI tools and guide them toward approved Copilot agents.

Step 4: Support and scale

☐ Offer training, templates, and office hours to support agent creators and users.

☐ Establish a Center of Excellence (CoE) to share best practices and governance.

☐ Highlight successful use cases to drive adoption and build momentum.

☐ Encourage feedback loops to refine agent behavior and expand scenarios.

Shadow AI prevention checklist

What else should you do to discourage shadow AI? Here's a handy checklist of actions to take:

Data protection

     ☐ Apply Microsoft Purview DLP policies to monitor and restrict sensitive data.

     ☐ Use sensitivity labels and encryption to protect data at rest and in transit.

     ☐ Set up conditional access policies to limit AI tool usage by role, device, or location.

Acceptable use

     ☐ Publish clear guidance on approved AI tools and data usage.

     ☐ Include AI-specific clauses in acceptable use and security policies.

     ☐ Reinforce policies through onboarding, training, and regular reminders.

Monitoring and detection

     ☐ Use Microsoft Defender for Cloud Apps (MCAS) to detect unsanctioned AI usage.

     ☐ Analyze browser traffic and app usage patterns for high-risk behavior.

     ☐ Set up alerts for uploads to known AI endpoints (e.g., ChatGPT, Claude).

Education and empowerment

     ☐ Run awareness campaigns about shadow AI risks and approved alternatives.

     ☐ Offer training on how to use Copilot and Copilot Chat agents effectively.

     ☐ Create a feedback loop for users to request new AI capabilities.

Internal partnerships

     ☐ Collaborate with HR, legal, and other teams to understand AI needs.

     ☐ Support business units in building Copilot Chat agents with IT oversight.

     ☐ Use shadow AI behavior as a signal for unmet needs and prioritize accordingly.

Governance alignment

     ☐ Align Copilot deployment with your organization’s responsible AI principles.

     ☐ Document how Copilot Chat agents support ethical and regulatory standards.

     ☐ Use audit logs and analytics to support transparency and accountability.

 

 

 

 

 

 

 

 

 

 

 

 

Discover the latest enhancements in Planner, designed to help you manage your work more efficiently. This month, we’re excited to highlight new features and updates that make planning, organizing, and tracking tasks simpler than ever. 

Get real-time task notifications for Project Manager agent via email 

In May, we introduced real-time task notifications for Project Manager agent in Planner in Teams, alerting you when a task is completed and ready for review or when your input is needed to move it forward. We’re now expanding these capabilities to send you notifications via email. 

This enhancement gives you more flexibility in how you stay informed, helping you maintain momentum on critical tasks—even when you’re away from Teams. Whether you prefer to manage your day from your inbox or your Activity feed, these notifications ensure you never miss a beat on the tasks assigned to Project Manager agent.

Boost efficiency with Planner's bulk editing feature 

Planner’s new bulk editing feature is here to simplify task management. In the Grid view of any basic plan, you can now update multiple tasks simultaneously—assign tasks, adjust priorities, update progress, and modify start and due dates—all in one go. 

To get started, navigate to a basic plan and select the Grid view. Then, select a set of tasks you want to update by either selecting and dragging the tasks or by using Ctrl + the up arrow or down arrow.

A screenshot of Planner in Teams displaying the Grid view of a basic plan, where users can now edit multiple tasks at once. In this example, the user is updating the due date for all selected tasks.

Use Project Manager agent to generate status reports - now in public preview

The new Status Reports feature in Planner in Teams enables you to auto-synthesize your plan's progress, milestones, risks, and next steps, ensuring everyone on your team has shared visibility. All report features, including the ability to share the status report as a newsletter, are now available in public preview for all English users. Support for additional languages is being rolled out in the coming days. Learn more about how to generate status reports in minutes with Project Manager agent in Planner.

Project Manager agent now supported in 40+ languages 

We’re excited to share that Project Manager agent is now multi-lingual! With this update, you can now use the Project Manager agent to generate and execute on tasks in any language that is also available for Microsoft 365 Copilot, excluding Arabic and Hebrew for now. Note that Arabic and Hebrew support, as well as the ability to generate status reports in these languages, will be available later this week. See the full list of supported languages for Microsoft 365 Copilot. 

ICYMI: A look back at what we shipped earlier this year 

Now that we’re halfway through the year, our team would love to recap some of our favorite Planner features that have shipped recently: 

• Project Manager agent in public preview: The Project Manager agent is an AI-powered virtual project manager designed to enhance your planning experience by streamlining workflows and handling tasks on your behalf. The Project Manager agent integrates AI directly into your plans, empowering you to focus on strategy, while enabling smarter team collaboration. See our announcement blog post to learn more. 

• Custom backgrounds: Personalize your workspace with images or themes, enhancing visual appeal and organization. To add a background, open the Plan details of any basic plan by either selecting the plan name or the dropdown menu next to it in the plan header. 

• Board view in My Day and My Tasks: With Board view now available in My Day and My Tasks, you can manage and prioritize your tasks in a more visual way. 

• Reorder columns across all plans: Previously, reordering columns was only available in premium plans. With this update, reordering columns is available across all Grid views. To try it out, simply select and drag the column headers to rearrange them, or use the CTRL + Shift + < and CTRL + Shift + > keyboard shortcuts. 

• Generate status reports using Project Manager agent: The new Status Reports feature in Planner in Teams enables you to auto-synthesize your plan's progress, milestones, risks, and next steps, ensuring everyone on your team has shared visibility. Learn more about how to generate status reports in minutes with Project Manager agent in Planner.
• Retirement of Microsoft Project for the web: We also wanted to take this opportunity to remind everyone that starting August 1st, 2025, we will be transitioning all users to Microsoft Planner. As an effort to provide a unified work management experience, we are retiring Project for the web, as well as the Project and Roadmap apps in Microsoft Teams. No actions are necessary in preparation for this change as all licensing should carry over seamlessly. Learn more about this change in our announcement blog post.

Do you have a Planner feature you’ve been enjoying recently? Let us know in the comments! 

Share your feedback  

Tell us what you think about the new Planner using the Feedback button in the top right corner of the app. We also encourage you to share any feature requests by adding your ideas to the Planner Feedback Portal. Your feedback helps inform our feature updates, and we look forward to hearing from you as you try Planner’s new and existing capabilities!  

Resources  

• Check out the Planner adoption page.  

• Sign up to receive future communication about Planner.  

• Check out the Microsoft 365 roadmap for feature descriptions and estimated release dates for Planner. 

• Watch Planner demos for inspiration on how to get the most out of Planner in Teams. 

• Visit the Planner help page to learn more about the new Planner. 

David Singleton says coding agents have crossed a chasm, Anton Zaides explains how SWEs should approach the “squeeze”, Matt Duggan has ideas for Kubernetes 2.0, Sean Goedecke does a nice job elucidating the coding agent commoditization, and one more good reason to write, even though it’s hard.

View the newsletter

Join the discussion

Changelog++ members support our work, get closer to the metal, and make the ads disappear. Join today!

Featuring:

• Jerod Santo – GitHub, LinkedIn, Mastodon, X

Download audio: https://op3.dev/e/https://cdn.changelog.com/uploads/news/150/changelog-news-150.mp3