Organizations moving to the cloud often face a critical challenge: maintaining seamless authentication for legacy applications without compromising security or user experience. Today, we’re excited to announce support for Windows Authentication for Microsoft Entra principals on Azure SQL Managed Instance, enabling cloud-native identities to authenticate using familiar Windows credentials.

Why This Matters

Traditionally, Windows Authentication relied on on-premises Active Directory, making it difficult for businesses adopting a cloud-only strategy to preserve existing authentication models. With this new capability:

• Hybrid Identity Support: Users synchronized between on-premises AD DS and Microsoft Entra ID can continue using a single set of credentials for both environments.
• Cloud-Only Identity (Preview): Identities that exist only in Microsoft Entra ID can now leverage Kerberos-based Windows Authentication for workloads like Azure SQL Managed Instance—without requiring domain controllers.

This means organizations can modernize infrastructure while maintaining compatibility with legacy apps, reducing friction during migration.

Key Benefits

• Seamless Migration: Move legacy applications to Azure SQL Managed Instance without rewriting authentication logic.
• Passwordless Security: Combine Windows Authentication with modern credentials like Windows Hello for Business or FIDO2 keys, enabling MFA and reducing password-related risks.
• Cloud-Native Integration: Microsoft Entra Kerberos acts as a cloud-based Key Distribution Center (KDC), issuing Kerberos tickets for cloud resources such as Azure SQL Managed Instance and Azure Files

Breaking Barriers to Cloud Migration

Many enterprises hesitate to migrate legacy apps because they depend on Windows Authentication. By extending this capability to cloud-native identities, we remove a major barrier—allowing customers to modernize at their own pace while leveraging familiar authentication models.

Learn More

• https://learn.microsoft.com/en-us/azure/azure-sql/managed-instance/winauth-azuread-overview?view=azuresql
• Microsoft Entra Kerberos Overview

The code referenced in this blog can be found here ! There are still moments when Azure catches me by surprise. Back when I first moved away from traditional on-prem environments, I was convinced the Contributor  role was almost identical to Owner , just without the ability to manage access or view billing. Simple, right? Turns out that was completely wrong, and what I learned since then keeps saving me headaches every time I spin up a new environment. My goal of this post is that it...

Building your own email server is a rite of passage for many developers. It’s also a fantastic way to learn exactly how internet email works. In this post, we’re going to cover the code contained in my BlazorSMTPServer repository . We will walk through how email actually works, why sending it is so much harder than receiving it, and how to build a casual solution using Blazor and Azure. Important Note: This project is for educational purposes and personal experimentation. This is n

When using immutable collections in .NET, remember that the Add() method creates a new instance rather than mutating the original. Ignoring the return value leads to ineffective loops. Instead, use a builder for efficiency, as it offers faster performance and lower memory allocation while still ensuring immutability in the final result.

A complete guide to choosing the best AI agent framework for your project. Learn the differences between LangChain, LangGraph, AutoGen, Semantic Kernel, and CrewAI, and discover which one fits your use case, technical requirements, and scalability goals.

First-up in Analytics: Turning everyday documents from SharePoint and OneDrive into analytics ready data with OneLake shortcuts – Microsoft Fabric now enables OneLake shortcuts to SharePoint and OneDrive, bringing productivity documents like Word, Excel, and PDFs into analytics workflows without copying data. Serverless Workspaces are live in Azure Databricks – Azure Databricks Serverless workspaces are now in public preview, allowing instant workspace creation without managing VNets, compute, or storage infrastructure. Foundry IQ for Multi-Source AI Knowledge Bases – Foundry IQ enables AI agents to automatically search and retrieve information across multiple data sources using AI-powered query planning and orchestration.

In DevOps: Experiment, Prototype, and Validate Azure Bicep with the Bicep Console – The new experimental Bicep console provides a REPL environment for prototyping and validating Bicep expressions interactively without requiring Azure connections. Automatically Signing a Windows EXE with Azure Trusted Signing, dotnet sign, and GitHub Actions – A comprehensive guide to using Azure Trusted Signing with GitHub Actions to automatically code-sign Windows executables without managing certificate files. Azure Blob Storage SFTP - Resumable Uploads (GA) – Azure Blob Storage SFTP resumable uploads is now generally available, enabling users to continue failed partial file transfers from the point of failure.

Finally, View Microsoft Ignite sessions on demand – All Microsoft Ignite 2025 sessions are now available on demand for catching up on announcements and technical content.