📰 Tech Newsletter

2026-02-26 · Daily Digest

📰 中文版

摘要

给你两篇必读：一篇从实操角度讲 AI agents 的授权治理，演示如何用 Copilot Studio 与 Power Automate 把权限决策交给 Entra ID，实现可审计的 RBAC 流程而非靠 prompt；另一篇汇总了最新模型与能力（FLUX.2‑flex 的文本渲染与 Anthropic 加速 Claude 的电脑操作），对想构建生产级代理的工程师很有参考价值。

Microsoft Blogs

Microsoft Blogs - 2026-02-26

本期汇总了18篇文章（发布日期均为2026-02-25），聚焦 Copilot 与 Copilot Studio 更新、AI 代理与 Foundry 模型发布、Azure 基础设施与安全改进，以及若干开发者工具与治理与成本优化实践。

Microsoft 365 与 Copilot

• 迁移、现代化与代理化工具：提出将迁移变为持续自我优化流程的实践，介绍基于自治代理的发现、现代化建议与自动化迁移波，并指出 Azure Copilot 与 GitHub Copilot 已支持按迁移/现代化/重建分类与自动化迁移执行。 阅读原文

• 在 AI 代理中实施授权与身份治理（含 Copilot Studio 示范）：主张把授权交由身份系统（Entra ID + Microsoft Graph）而非提示词执行，展示用 Copilot Studio + Power Automate 的外部鉴权流水线以实现确定性、可审计的代理操作权限判定。 阅读原文

AI 代理与模型

• FLUX.2 [flex] 在 Microsoft Foundry 的受限公开预览：面向文本密集的设计与 UI 原型，提供行业领先的可读文本渲染、最多八张参考图像的多参考编辑与推理步数/引导尺度控制，并通过 Foundry 提供企业级治理与计费。 阅读原文

• Logic Apps 的新 MCP Server 向导：在门户内将已有 Logic Apps Standard 工作流直接暴露为 MCP 工具，简化把现有 API/连接器转换为可被代理发现与调用的流程，减少协议样板代码。 阅读原文

• PagerDuty / Datadog / Atlassian Rovo MCP Server 与 Azure SRE Agent 集成：分别介绍如何用各自的 MCP 服务器把 PagerDuty、Datadog 与 Atlassian Cloud 数据以受 RBAC 保护的 Streamable‑HTTP 方式连接到 Azure SRE Agent，实现基于自然语言的实时操作与查询。 阅读原文

• Atlassian Rovo 的详细工具集成：Rovo MCP 暴露 46+ 工具，支持 Jira/Confluence/Compass/JSM 的自然语言交互与自动化，并强调使用 API token 与适当 scope 以保持权限一致性。 阅读原文

• Datadog MCP 的接入要点：说明通过 Datadog 托管端点、API/Application Keys 与 MCP scopes 连接 Azure SRE Agent 的步骤以及可用的日志/指标/APM/监控/事件类工具集。 阅读原文

Azure 基础设施与安全

• Azure Monitor Pipeline 公共预览新功能：新增安全摄取（TCP TLS/mTLS 支持）、显式 Pod 放置控制（executionPlacement）与预摄取转换/模式化，解决本地、边缘与大型 Kubernetes 环境的数据摄取与处理需求。 阅读原文

• AKS 升级加速（Fleet Manager 指南）：介绍 update runs、stages 与 groups 的编排模型，给出减少阶段数与增加每阶段并行组数以提速的策略，并讨论并行度、容量与回滚限制的权衡。 阅读原文

• Azure Storage Actions：大规模数据管理自动化：无服务器、声明式的平台通过 Storage Tasks 与 Task Assignments 在 Blob/ADLS 上运行条件评估与动作（如分层、归档、不可变策略），并通过 Azure Monitor 与 CSV 报表提供审计与可观测性。 阅读原文

• 重命名使用数据库级 CMK 的 Azure SQL DB 的风险与缓解：说明在使用 DB-level CMK 时重命名可能导致无法访问 Key Vault 与证书验证错误，并给出验证 Key Vault 密钥、托管身份与重绑流程以及在主库恢复后验证服务器/数据库设置的步骤与建议。 阅读原文

• 在 Azure Functions (Linux) 上为 Java 使用自签名证书的最佳实践：建议在持久化 /home 下创建自定义 truststore 并通过 JVM 参数加载，以避免临时磁盘导致的证书丢失，并给出 keytool 导入与部署注意事项。 阅读原文

• Nasdaq 用 PostgreSQL（pgvector）与 AKS 在 Azure 上实现面向董事会的治理级 AI：介绍 Boardvantage 的架构——Document Intelligence 分块、嵌入存储于 PostgreSQL、混合 SQL+向量检索并调用模型，实现地域数据驻留与隔离并显著缩短董事会准备时间。 阅读原文

• 重新思考背景任务：Azure Functions 在 Azure Container Apps 上的方案（简要）：探讨将后台工作负载迁移到 Container Apps 上运行 Functions 的方案以提升弹性与管理，但文章需查看原文获取实现细节。 阅读原文

开发者工具与 SDKs

• Fabric 2026 年 2 月功能汇总：宣布对 OneLake Catalog、数据工程、Data Factory 与实时智能的多项增强，重点改进数据发现、治理、开发者体验与流处理互操作性以加速实时决策。 阅读原文

• Logic Apps MCP 向导与 API Center / Foundry 的联动：说明通过门户自动生成 MCP 工具、字段元数据与请求 schema，使现有连接器/工作流可以快速成为代理可调用的工具集合，便于构建端到端的受控自动化。 阅读原文

其他更新

• 微软市场（Microsoft Marketplace）新增 119 个产品：报告 2 月 25 日上线的 119 个新 Offer，示例包括面向金融的 Akkuro 套件，强调 Marketplace 可作为经预审、可计入 Azure 消耗承诺的采购与治理通道。 阅读原文

• 向 AI 首位转型中的云成本与性能优化：把云成本管理定位为持续的 FinOps 职能，介绍 Marketplace 如何通过计入消费承诺、RBAC 与私有市场等功能帮助加速合规采购与成本可视化。 阅读原文

• Reading GPSVC 日志的新视角：说明较新 Windows 构建为 GPSVC 日志加入时间戳，详解 GPSVC 的两阶段（Phase 1/Phase 2）、如何启用详细日志与按线程分析以定位组策略应用失败点并关联网络事件。 阅读原文

3rd Party Blogs

处理了4篇文章（2026-02-25），涵盖世界模型研究、Anthropic 对 Claude 功能的并购与退役承诺，以及 OpenAI 关于 AI 驱动滥用的威胁分析；要点包括 Project Genie 的世界模型解读、Claude 在真实应用中”操作”能力的跃升、模型退役的保留与透明机制，以及面向平台的防御建议。

AI 模型与研究

• Ask a Techspert: What’s a world model? (Google)： 介绍了什么是世界模型及其关键特性（紧凑潜在表示、预测动力学、与感知/控制耦合），阐明 Project Genie 如何把内部仿真用于规划以降低样本复杂度并提升长期表现，建议工程上将内部仿真与规划组件纳入系统设计。 阅读原文

行业动态与产品

• Anthropic acquires Vercept to advance Claude’s computer use capabilities (Anthropic)： 宣布收购 Vercept，将其团队并入以强化 Claude 在真实应用内”看、点、操作”的能力；文章披露 Claude Sonnet 4.6 在 OSWorld 基准从 2024 年末的 An update on our model deprecation commitments for Claude Opus 3 (Anthropic)： 说明 Opus 3 已于 2026-01-05 退役，但对付费 claude.ai 订阅者保持访问，并可按需通过 API 获得，Anthropic 将保留模型权重、开展结构化退役访谈，并以每周博客（Claude’s Corner）呈现 Opus 3 的”反思”，作为一种平衡用户需求、研究与模型保留的实验性退役流程。 阅读原文

• Disrupting malicious uses of AI | February 2026 (OpenAI)： 报告指出恶意行为者正把 AI 模型嵌入网站和社交平台以自动化内容生成与攻击流程，改变威胁格局；建议超越静态信号、构建端到端平台感知监控、采用基于行为的分析，并加强与平台方和安全研究者的协作以应对快速自动化与规避策略。 阅读原文

📰 English Version

Summary

Two quick must-reads: a practical piece on AI agents explains why authorization belongs in identity systems—showing a Copilot Studio + Power Automate pattern that enforces Entra ID RBAC for auditable agent actions instead of prompt checks. Also flagged: fresh model news—FLUX.2‑flex for text-heavy design and Anthropic’s moves to boost Claude’s in-app capabilities, both worth your attention if you’re building agents.

Microsoft Blogs

Microsoft Blogs - 2026-02-26

This digest reviewed 18 articles (all dated 2026-02-25), highlighting Copilot and Copilot Studio guidance, AI agent patterns and Microsoft Foundry model news, Azure infrastructure previews and safeguards, plus developer tooling and governance/cost practices for AI-first adoption.

Microsoft 365 & Copilot

• Migration, Modernization & Agentic Tools: Argues migration is becoming a continuous, self-improving process using agentic tools; Azure Copilot and GitHub Copilot now help classify workloads (migrate/modernize/rebuild) and run automated migration waves with governance. Read more

• Authorization and Identity Governance Inside AI Agents (Copilot Studio patterns): Recommends identity-first authorization enforced by Entra ID + Microsoft Graph (not prompts), and provides a Copilot Studio + Power Automate reference flow for deterministic, auditable RBAC checks. Read more

AI Agents & Models

• FLUX.2 [flex] on Microsoft Foundry: Introduces a text- and UI-focused FLUX.2 model in gated Public Preview for readable typography, multi-reference editing (up to 8 refs), and fine-grained inference controls; Foundry provides enterprise governance and pay-as-you-go pricing. Read more

• New Logic Apps MCP Server wizard: Portal workflow that converts Logic Apps Standard flows into MCP servers/tools, greatly reducing plumbing and making connectors/actions discoverable by agents. Read more

• PagerDuty MCP Server in Azure SRE Agent: How to connect PagerDuty via its MCP endpoint using a User API Token and the generic User-provided connector to enable real-time, RBAC-respecting agent interactions. Read more

• Datadog MCP Server in Azure SRE Agent: Walkthrough of Datadog MCP setup (region endpoints, DD_API_KEY & DD_APPLICATION_KEY), available tools (Logs, Metrics, APM, Monitors, Incidents, etc.), and required MCP scopes and allowlisting. Read more

• Atlassian Rovo MCP Server: Connects Atlassian Cloud to Azure SRE Agent via Streamable-HTTP and token auth; exposes 46+ tools across Jira/Confluence/Compass/JSM while respecting Atlassian permissions and scopes. Read more

Azure Infrastructure & Security

• Azure Monitor pipeline public preview: Adds secure TCP ingestion with TLS/mTLS, executionPlacement for explicit pod placement, and pre-ingestion transformations/schema standardization to better support on-prem, edge, and large K8s deployments. Read more

• Accelerating AKS upgrades with Fleet Manager: Describes update runs, stages, and groups model; advises reducing sequential stages and increasing per-stage parallel groups (up to trade-offs) while warning about validation windows, capacity, and no built-in rollback. Read more

• Azure Storage Actions for large-scale automation: Serverless, declarative Storage Tasks and Task Assignments let operators evaluate blobs and run tiering, immutability, and movement workflows at scale with built-in previews, metrics, and CSV reports. Read more

• Renaming Azure SQL DB encrypted with DB-level CMK can break access: Documents the failure modes and concrete mitigations (validate KV key, managed identity roles, reassign identity sequence) and notes server/db settings that may be lost, with recovery steps for geo-replicas/failover groups. Read more

• Java + self-signed certs on Azure Functions (Linux): Best practice is to create a custom truststore in persistent /home and configure the JVM to use it (avoid ephemeral cacerts), with keytool commands and deployment caveats provided. Read more

• Nasdaq Boardvantage: governance-first AI with PostgreSQL + pgvector: Describes a production pipeline using Document Intelligence, embeddings in Azure Database for PostgreSQL, hybrid SQL+vector search and AKS tenant isolation to deliver accurate, regionally resident AI features. Read more

• Rethinking background workloads (Functions on Container Apps): Explores patterns for running background workloads by combining Azure Functions with Container Apps to improve resilience and operational model (see article for implementation details). Read more

Developer Tools & SDKs

• Fabric February 2026 feature summary: Highlights upgrades across OneLake Catalog, data engineering, Data Factory and real-time intelligence plus developer experience improvements to speed development, deployment and observability. Read more

• Logic Apps MCP tooling (developer workflow): The MCP Server wizard auto-generates request schemas and metadata from existing workflows so developers can quickly expose actions as agentable tools and iterate on business logic or connectors. Read more

Other Updates

• New in Microsoft Marketplace (Feb 25, 2026): Announces 119 new offers including Akkuro financial modules, signaling broader Marketplace supply for pre-vetted, integrable solutions that can count toward Azure consumption commitments. Read more

• Cloud cost optimization in an AI-first transition: Positions FinOps as continuous practice, and describes how Marketplace, RBAC, private markets and consumption commitments help align procurement, governance and spend for AI workloads. Read more

• Reading GPSVC like a crime novel: Explains new GPSVC timestamps and how to enable verbose logging, follow PID/TID threads, and correlate Group Policy phases with network/service waits to debug GPO application issues. Read more

3rd Party Blogs

Processed 4 articles (all dated Feb 25, 2026) covering a world-model explainer, Anthropic’s moves to improve Claude’s in-app operation and model-retirement policy, and an OpenAI report on AI-enabled abuse. Key updates include Project Genie’s rationale, Vercept acquisition and OSWorld benchmark gains for Claude, Opus 3 retention/communication plans, and platform-aware defenses against AI-driven threats.

AI Models & Research

• Ask a Techspert: What’s a world model? (Google): Explains what a world model is and Project Genie’s approach—compact latent environment representations, predictive dynamics, and coupling with perception/control to run imagined rollouts—arguing these simulations reduce sample complexity versus model-free RL and recommending integrating internal simulation/planning into systems. Read more

Industry & Products

• Anthropic acquires Vercept to advance Claude’s computer use capabilities (Anthropic): Announces the acquisition of Vercept to accelerate Claude’s ability to operate inside live applications and perform multi-step workflows; highlights Claude Sonnet 4.6’s OSWorld benchmark improvement from under 15% in late 2024 to 72.5%, signaling near-human performance on tasks like multi-tab spreadsheets and web forms. Read more

• An update on our model deprecation commitments for Claude Opus 3 (Anthropic): Details Opus 3’s retirement (Jan 5, 2026) and the commitments to preserve access for paid claude.ai subscribers and API access by request, retain weights, conduct structured retirement interviews, and publish Opus 3’s weekly essays (Claude’s Corner) as an experimental, user- and research-conscious retirement process. Read more

• Disrupting malicious uses of AI | February 2026 (OpenAI): Argues that malicious actors are integrating AI models into websites and social platforms to automate content, amplify persuasion, and streamline attacks, shifting the threat landscape; recommends platform-aware, end-to-end monitoring, behavior-based analytics, and stronger collaboration with platform operators and security researchers. Read more

📚 All Articles 所有文章

• Announcing new public preview capabilities in Azure Monitor pipeline (Techcommunity.Microsoft) 2026-02-25

• Migration, Modernization & Agentic Tools (Techcommunity.Microsoft) 2026-02-25

• Meet FLUX.2 [flex] for Text‑Heavy Design and UI Prototyping Now Available on Microsoft Foundry (Techcommunity.Microsoft) 2026-02-25

• Renaming an Azure SQL DB encrypted with DB level-CMK can render it Inaccessible (Techcommunity.Microsoft) 2026-02-25

• Automating Large‑Scale Data Management with Azure Storage Actions (Techcommunity.Microsoft) 2026-02-25

• Cloud cost optimization and performance in a transition to AI-first (Techcommunity.Microsoft) 2026-02-25

• Reading GPSVC Like a Crime Novel (Techcommunity.Microsoft) 2026-02-25

• Accelerating AKS Upgrades with Fleet Manager: Finding the Right Balance (Techcommunity.Microsoft) 2026-02-25

• Authorization and Identity Governance Inside AI Agents (Techcommunity.Microsoft) 2026-02-25

• Get started with PagerDuty MCP server in Azure SRE Agent (Techcommunity.Microsoft) 2026-02-25

• Get started with Datadog MCP server in Azure SRE Agent (Techcommunity.Microsoft) 2026-02-25

• Get started with Atlassian Rovo MCP server in Azure SRE Agent (Techcommunity.Microsoft) 2026-02-25

• Stop Writing Plumbing! Use the New Logic Apps MCP Server Wizard (Techcommunity.Microsoft) 2026-02-25

• New in Microsoft Marketplace: February 25, 2026 (Techcommunity.Microsoft) 2026-02-25

• Best Practice: Using Self-Signed Certificates with Java on Azure Functions (Linux) (Techcommunity.Microsoft) 2026-02-25

• Rethinking Background Workloads with Azure Functions on Azure Container Apps (Techcommunity.Microsoft) 2026-02-25

• Nasdaq builds thoughtfully designed AI for board governance with PostgreSQL on Azure (Techcommunity.Microsoft) 2026-02-25

• Fabric February 2026 Feature Summary (Fabric.Microsoft) 2026-02-25

• Disrupting malicious uses of AI | February 2026 (OpenAI) 2026-02-25

• Ask a Techspert: What’s a world model? (Google) 2026-02-25

• Anthropic acquires Vercept to advance Claude’s computer use capabilities (Anthropic) 2026-02-25

• An update on our model deprecation commitments for Claude Opus 3 (Anthropic) 2026-02-25

感谢阅读！Thank you for reading!

Stay tuned for more tech insights. 敬请期待更多技术见解。

This newsletter is automatically generated. | 本简报由系统自动生成