A Deep Dive Into What’s New, Why It Matters, and How It Improves Your Workflow

Docker Desktop for Windows continues to evolve rapidly, and one of the most impactful additions in the recent releases is the new Logs View, which became generally available in version 4.72.0. This feature significantly improves how developers and operators inspect, filter, and troubleshoot container logs — a daily task for anyone working with containers.

In this post, we’ll explore what’s new, why it’s useful, and how it changes the way you work with Docker on Windows.

What Is the New Logs View?

The Logs View is a built‑in, GUI‑based log explorer inside Docker Desktop that allows you to:

– View logs from running or stopped containers
– Filter logs by container, service, or time
– Search within logs
– Tail logs in real time
– Inspect multi‑container logs side‑by‑side (Compose, Swarm, etc.)

While Docker has always provided logs via CLI (`docker logs`), the new Logs View brings a centralized, visual, searchable experience directly into the Desktop UI.

What’s New in the Latest Release?

General Availability (GA)

The Logs View is no longer experimental — it is now a fully supported, production‑ready feature in Docker Desktop for Windows as of 4.72.0.

This means:
– Better stability
– Improved performance
– Full support across Windows installations
– No feature flags required

Improved Windows Installation Options

Alongside the Logs View GA, Docker Desktop for Windows now offers per‑user or all‑user installation modes.

This matters because:
– Logs View behaves consistently across user profiles
– Enterprise environments can standardize deployments
– Permissions and log access become more predictable

Better Reliability and UI Behavior

Recent releases also fixed several UI issues that indirectly improve the Logs View experience, such as:

– More reliable search input behavior in the sidebar
– Improved refresh behavior
– Better handling of background processes

These improvements contribute to a smoother log‑browsing experience.

Why the New Logs View Is Handy?

1. Centralized Troubleshooting

Instead of switching between terminals, containers, and log files, you now get a single pane of glass for all logs.
This is especially useful when:
– Debugging multi‑container apps
– Investigating startup failures
– Monitoring container behavior in real time

2. Faster Debugging With Search & Filters

The Logs View includes:
– Keyword search
– Time‑range filtering
– Container/service filtering

This dramatically reduces the time needed to find relevant log entries.

3. Real‑Time Log Streaming ( I like this one )

You can tail logs live without running `docker logs -f`.

This is ideal for:
– Watching app startup
– Monitoring background jobs
– Observing container health checks

4. Better for Windows‑First Developers

Windows developers often prefer GUI tools.

The Logs View:

– Removes the need for CLI log commands
– Makes Docker more accessible to developers unfamiliar with Linux tooling
– Integrates naturally with the Desktop dashboard

5. Great for Docker Compose Projects

Compose apps generate logs from multiple services.

The Logs View lets you:
– View all logs together
– Or isolate a single service
– Or compare logs side‑by‑side

This is a huge improvement over juggling multiple terminal windows.

Real‑World Use Cases

Debugging a failing container

Instead of running:
————-
docker ps
docker logs <id>
————–

You simply click the container → Logs.

Investigating a multi‑service Compose app

You can instantly see:
– Which service started first
– Which one failed
– How logs correlate in time

Monitoring long‑running tasks

Tail logs visually while keeping your terminal free for other commands.

Onboarding new developers

New team members can inspect logs without learning Docker CLI syntax.

Final Thoughts:

The new Logs View in Docker Desktop for Windows is more than a UI enhancement — it’s a workflow upgrade.
By making logs easier to access, search, and correlate, Docker has significantly improved the day‑to‑day debugging experience for Windows developers and DevOps engineers.
With it’s general availability in 4.72.0, the feature is now stable, polished, and ready for production use.
If you rely on Docker Desktop for development or operations, the new Logs View is absolutely worth exploring

 

The Rise of Free Hardened Docker Images: A New Security Baseline for Developers and DevOps

Containerization has become the backbone of modern software delivery. But as adoption has exploded, so has the attack surface. Vulnerable base images, outdated dependencies, and misconfigured runtimes have quietly become some of the most common entry points for supply‑chain attacks.

The industry has been asking for a better baseline—something secure by default, continuously maintained, and frictionless for teams to adopt. And now we’re finally seeing it: free hardened Docker images becoming widely available from major vendors and open‑source security communities.

This shift isn’t just a convenience upgrade. It’s a fundamental change in how we think about container security.

Why Hardened Images Matter More Than Ever

A “hardened” image isn’t just a slimmer version of a base OS. It’s a container that has been:

• Stripped of unnecessary packages
  Fewer binaries = fewer vulnerabilities.
• Built with secure defaults
  Non‑root users, locked‑down permissions, and minimized attack surface.
• Continuously scanned and patched
  Automated pipelines ensure CVEs are fixed quickly.
• Cryptographically signed
  So you can verify provenance and integrity before deployment.
• Aligned with compliance frameworks
  CIS Benchmarks, NIST 800‑190, and other standards are increasingly baked in.

For developers, this means fewer surprises during security reviews. For DevOps teams, it means fewer late‑night patch cycles and fewer emergency rebuilds.

What’s New About the Latest Generation of Free Hardened Images

The newest wave of hardened images goes far beyond the “minimal OS” approach of the past. Here’s what’s changing:

1. Hardened Language Runtimes

We’re seeing secure-by-default images for:

• Python
• Node.js
• Go
• Java
• .NET
• Rust

These images often include:

• Preconfigured non‑root users
• Read‑only root filesystems
• Mandatory access control profiles
• Reduced dependency trees

2. Automated SBOMs (Software Bills of Materials)

Every image now ships with a machine‑readable SBOM.
This gives you:

• Full visibility into dependencies
• Faster vulnerability triage
• Easier compliance reporting

SBOMs are no longer optional—they’re becoming a standard part of secure supply chains.

3. Built‑in Image Signing and Verification

Tools like Sigstore Cosign, Notary v2, and Docker Content Trust are now integrated directly into image pipelines.

This means you can enforce:

• “Only signed images may run” policies
• Zero‑trust container admission
• Immutable deployment guarantees

4. Continuous Hardening Pipelines

Instead of waiting for monthly rebuilds, hardened images are now updated:

• Daily
• Automatically
• With CVE‑aware rebuild triggers

This dramatically reduces the window of exposure for newly discovered vulnerabilities.

Read the complete blogpost about a Safer Container Ecosystem with Docker: Free Docker Hardened Images here

Dear Community Members, Friends, and Colleagues,

As I mark my 15th anniversary in the Microsoft MVP program, I’m filled with immense gratitude, humility, and pride. What began as a passion for sharing knowledge and building connections has blossomed into a deeply rewarding journey—one shaped by innovation, collaboration, and the extraordinary people who make this community thrive.

Over these 15 years, I’ve had the privilege to learn from brilliant minds, contribute to inspiring projects, and witness the transformative power of technology firsthand. Whether through speaking engagements, blog posts, mentoring, or hands-on technical work, being part of the MVP program has continually deepened my commitment to empowering others and fostering open, inclusive collaboration.

To the community: thank you for challenging, supporting, and celebrating with me. Your curiosity, creativity, and kindness are what keep this ecosystem alive and forward-looking.

To Microsoft: thank you for the honor and trust. The MVP program is a unique platform that amplifies voices, nurtures growth, and builds bridges—not just between developers and users, but between ideas and action.

While this milestone is a moment to reflect, it’s also a reminder that there’s always more to explore, create, and share. I look forward to continuing this journey together—with the same spark, but even greater purpose.

With heartfelt appreciation,
James

Here are some photos with Awesome people that I have met during these years:

Here you see Vijay Tewari in the middle who nominated me for the first time
Damian Flynn on the left and me on the right are Microsoft MVPs for Virtual Machine Manager (VMM)
at that time in 2011.

Here you see Tina Stenderup-Larsen in the middle, she is amazing! A Great Microsoft Community Program Manager
supporting all the MVPs in the Nordics & Benelux doing an Awesome Job!
On the right is Robert Smit a Great Dutch MVP and friend.

Mister OMS alias Scripting Guy Ed Wilson.

When there is a Microsoft Windows Server event, there is Jeff Woolsey 
“The three Musketeers”

Meeting Brad Anderson, he had great lunch breaks interviews in his car
with Awesome people.

The Azure Stack Guys on the 25th MVP Global Summit

Mister PowerShell Jeffrey Snover at the MVP Summit having fun

Scott Guthrie meeting him at the Red Shirt Tour in Amsterdam.

Great to meet Yuri Diogenes in 2018 with his book Azure Security Center.
I know him from the early days with Microsoft Security, like ISA Server

Mister Azure, CTO Mark Russinovich meeting at the MVP Global Summit in Redmond.
a Great Technical Fellow with Awesome Azure Adaptive Cloud Solution Talks!

Mister DevOps himself Donovan Brown in Amsterdam for DevOps Days

My friend Rick Claus Mister MS Ignite.

Mister Azure Corey Sanders at the MVP Summit.

Mister Channel 9, MSIgnite, AI Specialist Seth Juarez
He is a funny guy.

Meeting Scott Hanselman in the Netherlands together with MVP Andre van den Berg.
Scott is Awesome in developer innovations and technologies.
Following Azure Friday from the beginning.

Windows Insider friends for ever meeting Scott Hanselman.
With on the left MVP Erik Moreau.

Windows Insiders for Ever
Here together with Dona Sarkar here in the Netherlands

Windows Insider Friends having fun with Ugly Sweater meeting.
On the right my friend Maison da Silva and on the upper right Erik Moreau and Andre van den Berg.
Friends for Life

Microsoft Global MVP 15 Years Award disc is in the House
on Monday the 14th of July 2025.

Thank you All

Unleashing the Future: Windows Server 2025’s Hyper‑V Virtualization & Advanced Security

Microsoft Windows Server 2025 is rewriting the playbook on enterprise virtualization. With its Hyper‑V solution at the core, it delivers not only powerful computing and storage capabilities but also a resilient security foundation that addresses today’s rapidly evolving threat landscape. In this post, we’ll explore the architectural advances, enhanced virtualization features, and robust security mechanisms baked into this release.

Hyper‑V in Windows Server 2025: A New Paradigm in Virtualization

A Strategic and Integrated Platform

Hyper‑V remains Microsoft’s flagship hardware virtualization technology—now scaled to meet modern data center demands. In Windows Server 2025, Hyper‑V serves as the backbone for a wide array of Microsoft solutions, from on‑premises infrastructures to cloud integrations via Azure and Azure Arc. This unified approach ensures seamless orchestration across hybrid environments, providing flexibility and cost efficiencies to businesses switching between workloads on Windows Server Standard and Datacenter editions. Notably, while the Standard edition grants licensing rights to run two Windows Server guest operating systems, the Datacenter edition offers unlimited virtualization rights, empowering enterprises with a dramatic boost in scalability.

Virtual Machines Optimized for Modern Workloads

Hyper‑V’s modern enhancements are not just about quantity but also quality. The solution supports a diverse catalog of guest operating systems—including not only Windows but also leading Linux distributions such as Red Hat Enterprise Linux, CentOS, Debian, Oracle Linux, SUSE, and Ubuntu, with integration services natively updated within the Linux kernel. Even FreeBSD gets its own integration enhancements for improved performance. By offering this extensive compatibility, Microsoft ensures that organizations can integrate heterogeneous environments without sacrificing performance or support.

Innovative Tools and Performance Enhancements

Windows Server 2025 embraces innovative management and performance tools:

• DTrace Integration: A native tool for dynamic system instrumentation, DTrace’s inclusion allows administrators to conduct real‑time performance monitoring and troubleshooting at both the kernel and user levels without modifying source code.
• Storage and Networking Virtualization: Integrated with technologies like Software‑Defined Storage (Storage Spaces Direct) and Software‑Defined Networking (SDN), Hyper‑V enables efficient resource utilization across modern storage infrastructures—whether local, SAN, or hyperconverged solutions. SDN Multisite allows you to expand the capabilities of traditional SDN deployed at different physical locations. SDN Multisite enables native Layer 2 and Layer 3 connectivity across different physical locations for virtualized workloads
• Enhanced Desktop Integration and Hybrid Cloud Capabilities: The new desktop shell and advanced upgrade paths from previous Windows Server versions ensure a smooth transition, bolstering both administrative efficiency and user experience.

Together, these capabilities position Hyper‑V as a strategic tool in the IT arsenal of enterprises worldwide.

Fortifying Infrastructure with Advanced Security

Multilayered Security Architecture

On the security front, Windows Server 2025 represents a major leap forward. At a time when cyber threats are increasingly sophisticated, Microsoft has embedded multiple security layers directly into the operating system. Hyper‑V plays a central role in virtualization‑based security (VBS), where hardware virtualization creates isolations that serve as roots of trust—from the hypervisor to the kernel. This design reduces the attack surface significantly, even if core components are compromised.

Active Directory and SMB Improvements

Primary security staples such as Active Directory have seen significant security enhancements. New protocols, improved encryption standards, and hardened configurations offer a resilient defense against credential-based attacks. In addition, file sharing services in Windows Server 2025 benefit from SMB hardening techniques, including support for SMB over QUIC. This ensures that file sharing remains secure against man‑in‑the‑middle attacks, brute force attempts, and spoofing threats while providing seamless access over the internet.

Delegate Managed Service Accounts (dMSA)

Microsoft has also overhauled the approach to service identity management. By introducing delegate Managed Service Accounts (dMSA), Windows Server 2025 eliminates the need for manual password management on service accounts. This automated process not only simplifies administrative overhead but also tightens security by ensuring that every account has the minimal privileges required—and every access is logged for better accountability.

Hotpatching: Zero‑Downtime Security Updates

Among the innovations, hot patching stands out as a “game changer.” In traditional systems, applying security patches often necessitated reboots—a disruptive process in today’s always‑on environments. Windows Server 2025 now supports hot patching, enabling administrators to apply updates to live systems without interruption. By leveraging Azure Arc, Windows Server 2025 brings a level of agility to on‑premises deployments similar to that found in cloud environments. It’s important to note, however, that for on‑premises solutions, hot patching is currently offered under a paid subscription model, while Azure customers get this capability as part of standard service offerings.

Hotpatch process

Bridging Cloud and On‑Premises with Seamless Integration

Hybrid Cloud Flexibility

Windows Server 2025’s hybrid cloud capabilities offer the best of both worlds. When integrated with Microsoft Azure Arc, Hyper‑V not only extends its virtualization benefits but also ensures that on‑premises deployments continuously receive cutting‑edge cloud agility. This seamless integration paves the way for dynamic scaling, improved disaster recovery, and unified management across multi‑cloud environments.

Cost Efficiency and Licensing Strategies

The licensing approach is designed with flexibility in mind. Whether you opt for the Standard edition or embrace the unlimited potential of the Datacenter edition, you receive enterprise‑grade virtualization at no additional cost for Hyper‑V. This cost model proves particularly attractive for organizations extending their operations to include Linux guests or multiple virtualized servers, streamlining operational costs without compromising security or performance.
Here you find more about Comparison of Windows Server editions.

Conclusion

Microsoft Windows Server 2025, with its powerhouse Hyper‑V virtualization solution, redefines how enterprises approach infrastructure management in an era of constant digital transformation. By combining advanced virtualization techniques with multilayered security features—ranging from VBS to hot patching—this release is a testament to Microsoft’s commitment to high performance and resilient, adaptive security.

For IT professionals eager to modernize their data centers and streamline hybrid cloud deployments, exploring the latest improvements in Hyper‑V and the overarching security framework in Windows Server 2025 is not just recommended—it’s imperative.

If you’re looking to experiment with these features and integrate them into your infrastructure, consider diving deeper into hot patching subscription details, exploring Linux guest integrations, or even benchmarking Hyper‑V performance against legacy virtualization systems. Each step uncovers further opportunities to optimize and secure your IT environment for the future.

JOIN the Microsoft Windows Server Insider Program

Test and Innovate with the New Windows Server Insider features!
It’s Awesome and Hyper-V Rocks

Docker Desktop version 4.41 available

Unleashing AI Development with Docker Desktop 4.41: NVIDIA GPU Support and Model Runner Beta

The world of AI development is evolving rapidly, and Docker Desktop 4.41 is here to accelerate that journey. With the introduction of the Model Runner Beta and NVIDIA GPU support, Docker has taken a significant leap forward in making AI development more accessible, efficient, and integrated. Let’s dive into the highlights of this groundbreaking release.

What’s New in Docker Desktop 4.41?

Docker Desktop 4.41 introduces the Model Runner Beta, a feature designed to simplify the process of running and managing AI models locally. This release also brings NVIDIA GPU support to Windows users, enabling developers to harness the power of GPU acceleration for their machine learning tasks. Here’s a closer look at the key updates:

1. Model Runner Beta:
   • The Model Runner Beta allows developers to run AI models as part of their Docker Compose projects. This integration streamlines the orchestration of model pulls and the injection of model runner services into applications.
   • A dedicated “Models” section in the Docker Desktop GUI provides a user-friendly interface for browsing, running, and managing models alongside containers, volumes, and images.
2. NVIDIA GPU Support:
   • Windows users can now leverage NVIDIA GPUs for AI workloads, significantly boosting performance and reducing training times for machine learning models.
   • This feature is a game-changer for developers working on resource-intensive AI applications, as it enables seamless integration of GPU acceleration into their workflows.
3. Enhanced Integration with Docker Compose and Testcontainers:
   • Docker Compose now supports the declaration of AI services within a single Compose file, allowing teams to manage models like any other service in their development environment.
   • Testcontainers integration extends testing capabilities to AI models, with initial support for Java and Go, making it easier to create automated tests for AI-powered applications.

Why This Matters for AI Developers

The introduction of the Model Runner Beta and NVIDIA GPU support in Docker Desktop 4.41 addresses several pain points faced by AI developers:

• Simplified Workflows: By treating models as first-class artifacts, Docker enables developers to version, distribute, and deploy models using familiar tools and workflows.
• Improved Performance: GPU acceleration ensures faster training and inference times, allowing developers to iterate and innovate more quickly.
• Seamless Collaboration: The ability to push models directly to Docker Hub fosters collaboration and sharing across teams, eliminating the need for custom registries or additional infrastructure.

Getting Started with Docker Model Runner

Enable GPU-backed Inference

docker model status

docker model help

docker model pull ai/smollm2

ai/smollm2 model pulled successfully

docker model list

docker model run ai/smollm2

This is a small example, but it’s really fast with answering my questions

The Future of AI Development with Docker

Docker Desktop 4.41 is more than just an update; it’s a step towards democratizing AI development. By integrating powerful tools like the Model Runner Beta and NVIDIA GPU support, Docker is empowering developers to build, test, and deploy AI applications with unprecedented ease and efficiency.

Whether you’re a seasoned AI researcher or a developer exploring the possibilities of machine learning, Docker Desktop 4.41 is your gateway to a faster, smarter, and more collaborative AI development experience.

Ready to transform your AI workflows? Dive into Docker Desktop 4.41 and experience the future of AI development today!

50 years of Microsoft

A Legacy of Innovation and Transformation

Half a century ago, on April 4th, 1975, two young visionaries, Bill Gates and Paul Allen, co-founded Microsoft with a bold ambition: to make computing accessible and essential for everyone. What began as a small software company has grown into a global technology leader, continuously transforming industries and empowering billions of lives. As we celebrate Microsoft’s 50-year journey, let’s explore its milestones, innovations, and impact, including its contributions to datacenters, Windows Server, Hyper-V, Azure, and the leadership of its CEOs.

The Early Years: Coding the Future

Microsoft’s first big breakthrough came with the creation of an operating system for the fledgling personal computer market. In 1980, the company introduced MS-DOS, laying the groundwork for the revolutionary Windows operating system, launched in 1985. This graphical interface transformed computing, making it accessible to both businesses and individuals.

Guiding Microsoft Through Its Evolution: The CEOs Who Shaped the Company

Microsoft’s trajectory has been shaped by its visionary leadership. From the founders to the present, each CEO has left an indelible mark:

1. Bill Gates (1975–2000): As co-founder and first CEO, Gates spearheaded the company’s initial growth, launching pivotal products like MS-DOS, Windows, and Office. His focus on innovation and accessibility built the foundation of Microsoft’s success.
2. Steve Ballmer (2000–2014): During his tenure, Ballmer led Microsoft through massive expansion, particularly in enterprise solutions and cloud computing. He introduced Windows Server and laid the groundwork for services like Azure. Ballmer’s energy and passion defined his leadership style and kept Microsoft competitive in a rapidly changing market.
3. Satya Nadella (2014–Present): Nadella ushered in a cloud-first, AI-driven era, transforming Microsoft’s culture and business model. His emphasis on inclusivity, empathy, and sustainability revitalized the company. Under his leadership, Azure became one of the world’s leading cloud platforms, and Microsoft made transformative acquisitions like LinkedIn, GitHub, and Activision Blizzard.

Lake Bill on Redmond Campus

Redefining Enterprise Technology: Datacenters, Windows Server, and Virtualization

As businesses increasingly relied on technology, Microsoft expanded its offerings to support enterprise needs. Windows Server, introduced in 1993, became a cornerstone for server management and networking. It evolved over the decades, incorporating features such as Active Directory, high availability, and security enhancements.

Microsoft played a pivotal role in virtualization with Hyper-V, launched in 2008. Hyper-V allowed organizations to maximize resource efficiency and reduce costs by running multiple virtual machines on a single physical server. Modern datacenters powered by Microsoft’s hardware and software solutions now form the backbone of its cloud services.

Embracing the Cloud: The Azure Revolution

Microsoft’s Azure cloud platform, launched in 2010, redefined computing. It enabled organizations to access scalable infrastructure, deploy applications globally, and harness artificial intelligence with ease. Azure spans over 60 regions worldwide, making it one of the most comprehensive cloud platforms. Its ecosystem includes hybrid cloud solutions, advanced analytics, and IoT technologies.

Gaming, Devices, and Consumer Innovation

Microsoft entered the gaming industry with the Xbox in 2001, creating a thriving gaming ecosystem. Beyond gaming, the company innovated with devices like the Surface lineup, combining sleek design with productivity. Its integration of hardware and software demonstrated Microsoft’s versatility.

Shaping the Future: AI, Sustainability, and Datacenters

Microsoft continues to lead in artificial intelligence with tools like Microsoft Copilot. Its pledge to be carbon-negative by 2030 highlights environmental responsibility, with sustainable datacenter operations playing a central role.

Conclusion: A Legacy Built to Inspire

Microsoft’s 50-year journey is a testament to the power of innovation and visionary leadership. From Bill Gates to Steve Ballmer to Satya Nadella, each CEO has steered the company to new heights. With contributions ranging from datacenters and Windows Server to Hyper-V and Azure, Microsoft’s impact has been profound. As the company looks ahead, it remains dedicated to empowering people and organizations to achieve more, ensuring the next 50 years are as groundbreaking as the last.

Here’s to Microsoft—a company built to inspire and shape the future.

at Building 92 of the Microsoft Campus in Redmond.

 

Introduction to Windows 11 with Copilot on Microsoft Surface Devices

Welcome to the exciting world of Windows 11, where innovation meets productivity with the combined power of Copilot and Microsoft’s Surface devices. In this blogpost, we’ll explore how Windows 11 enhances the user experience, and how pairing it with Copilot on a Surface Laptop or Surface Pro creates an unmatched synergy that transforms the way you work and play.

Microsoft Copilot + PC for Business

User Interface and Design

Windows 11 introduces a sleek, modern interface with a centered Start menu, rounded corners, and new iconography. The redesigned taskbar, Action Center, and widgets provide a more intuitive and streamlined experience, making navigation a breeze on the stunning high-resolution displays of Surface devices. With the Surface’s touch and pen capabilities, the new themes and wallpapers can be tailored to fit your unique style.

New Features and Improvements

Enhanced Touch and Pen Support

Surface devices are known for their exceptional touch and pen support, making Windows 11’s enhanced touch features even more impactful. Whether you’re using the Surface Pen for precise drawing or multitouch gestures to navigate seamlessly, the combination offers unparalleled interactivity.

Virtual Desktops and Snap Layouts

With Windows 11, organizing your workspace becomes effortless. The introduction of Snap Layouts and Snap Groups allows for better multitasking, perfectly complemented by the Surface’s spacious screen real estate. Virtual desktops let you create customized workspaces for different projects, maximizing productivity on the go.

Improved Gaming Capabilities

Gaming on a Surface Laptop or Surface Pro reaches new heights with Windows 11’s optimized gaming features. From DirectStorage for faster load times to Auto HDR for vibrant visuals, your gaming experience becomes more immersive and enjoyable.

What is the NPU, and how does it enhance performance.

The Neural Processing Unit (NPU) is a newer addition to modern Windows devices and plays a key role in handling tasks related to artificial intelligence (AI) and machine learning. It is designed to speed up complex processes such as facial recognition, voice assistance, and data analysis, which require advanced computation. The NPU’s ability to offload these tasks from the CPU and GPU allows for faster, more efficient operation of the entire system.

Unlocking the power of NPU on Surface: Our “Hello World” journey for DevOps and developers

AI Integration

Copilot – Your AI Companion

Integrating Copilot into Windows 11 on Surface devices brings a new level of intelligence and assistance. Copilot can help you with tasks like setting reminders, generating content, and providing insights. With improved speech recognition and the power of the Surface’s microphones and speakers, interacting with Copilot feels natural and efficient.

Microsoft Office and AI

Windows 11 leverages AI to enhance productivity tools like Microsoft Office. Copilot can offer intelligent suggestions and insights, helping you create polished documents, manage emails, and stay organized, all while utilizing the Surface’s powerful hardware.

Security Enhancements

Security is paramount in Windows 11, with features like Windows Hello, Microsoft Defender, and BitLocker providing robust protection. The new Windows Security Center offers a comprehensive overview of security settings, ensuring your Surface device is always secure. Windows Hello takes full advantage of the Surface’s IR camera for quick and secure logins.

Windows 11 Security

Hyper-V and Virtualization

Windows 11 includes advanced virtualization capabilities through Hyper-V, allowing you to create and manage virtual machines with ease. This feature is particularly useful for developers, IT professionals, and power users who need to run multiple operating systems or isolated environments on their Surface devices.

Windows Subsystem for Linux (WSL)

The Windows Subsystem for Linux (WSL) in Windows 11 provides a seamless way to run Linux distributions natively on your Surface device. WSL offers improved performance, compatibility, and integration with Windows tools, making it an essential feature for developers and tech enthusiasts.

WSL

Performance and Optimization

Windows 11 is designed to deliver improved performance and efficiency, with faster boot times, enhanced battery life, and better resource management. Surface devices leverage hardware advancements to provide a smoother and more responsive experience, ensuring you can work and play without interruptions.

Tips and Tricks

Here are some tips and tricks to help you get the most out of Windows 11 on your Surface device:

• Keyboard Shortcuts: Utilize the Surface’s keyboard shortcuts to navigate quickly and efficiently.
• Customization: Personalize your device with themes, wallpapers, and widgets that reflect your style.
• Pen Shortcuts: Take advantage of Surface Pen shortcuts for quick access to apps and features.
• Battery Optimization: Manage power settings to maximize battery life and keep your Surface running longer.
• Troubleshooting: Use the Windows Security Center and Device Manager to diagnose and fix common issues.
• Become a Windows Insider: Here you can test almost every week a new Windows 11 Insider Preview Build

Conclusion

Windows 11, combined with Copilot on Microsoft Surface devices, represents a significant leap forward in terms of design, functionality, and performance. The innovative features and improvements make it the operating system of choice for users around the world, providing a seamless and powerful experience that enhances every aspect of your digital life.

Here you find more information about Microsoft Windows 11

The New Microsoft Surface Laptop Copilot + PC

Microsoft Windows 11 Free training on MS-Learn

Microsoft Windows 11 Security Book for free

Enjoy your New Microsoft Surface Device with Copilot!
It’s Awesome

Install the Newest Docker Desktop version 4.38.0

Docker released a New Docker Desktop version 4.38.0 with new features:

• nstalling Docker Desktop via the PKG installer is now generally available.
• Enforcing sign-in via configuration profiles is now generally available.
• Docker Compose, Docker Scout, the Docker CLI, and Ask Gordon can now be updated independently of Docker Desktop and without a full restart (Beta).
• The new update command has been added to the Docker Desktop CLI (Mac only).
• Bake is now generally available, with support for entitlements and composable attributes.
• You can now create multi-node Kubernetes clusters in Docker Desktop.
• Ask Gordon is more widely available. It is still in Beta.

In the following steps I’m upgrading my Docker Desktop Kubernetes 1-Node Cluster to a 4-Node Kubernetes Cluster:

Go to Settings in Docker Desktop and click on Kubernetes

Click on Kind.
Here you can select the Kubernetes version and how much nodes you need.

IMPORTANT: This will create a new Kubernetes Cluster!
(the old 1-node cluster will be gone)

Creating 4-Node Kubernetes Cluster in Docker Desktop

4-Node Kubernetes Cluster running in Docker Desktop

When you have “Show System Containers” in Settings at Kubernetes on
then you see these 4-Nodes here in VSCode.

Happy Coding

 

In the dynamic world of cloud computing, Microsoft continues to innovate with solutions that empower organizations to manage hybrid and multi-cloud environments effectively. One such groundbreaking solution is Azure Container Storage enabled by Azure Arc. This technology is designed to simplify and enhance the management of persistent storage for Kubernetes clusters, providing a unified and adaptive approach to cloud storage.

What is Azure Container Storage Enabled by Azure Arc?

Azure Container Storage enabled by Azure Arc is a first-party storage system designed for Arc-connected Kubernetes clusters. It serves as a native persistent storage solution, offering high availability, fault tolerance, and seamless data synchronization to Azure Blob Storage. This system is crucial for making Kubernetes clusters stateful, especially for Azure IoT Operations and other Arc services.

Key Features and Benefits

1. High Availability and Fault Tolerance: When configured as a 3-node cluster, Azure Container Storage enabled by Azure Arc replicates data between nodes (triplication) to ensure high availability and tolerance to single node failures.
2. Data Synchronization to Azure: Data written to volumes is automatically tiered to Azure Blob Storage, including block blob, ADLSgen-2, or OneLake. This ensures that data is securely stored and easily accessible in the cloud.
3. Low Latency Operations: Arc services, such as Azure IoT Operations, can expect low latency for read and write operations, making it ideal for real-time applications.
4. Simple Connection: Customers can easily connect to an Azure Container Storage enabled by Azure Arc volume using a CSI driver to start making Persistent Volume Claims against their storage.
5. Flexibility in Deployment: Azure Container Storage enabled by Azure Arc can be deployed as part of Azure IoT Operations or as a standalone solution, providing flexibility to meet various deployment needs.
6. Platform Neutrality: This storage system can run on any Arc Kubernetes supported platform, including Ubuntu + CNCF K3s/K8s, Windows IoT + AKS-EE, and Azure Stack HCI + AKS-HCI and Azure Local.

Microsoft Azure Local solution

 

Azure Container Storage Offerings

Azure Container Storage enabled by Azure Arc offers two main storage options:

1. Cache Volumes: The original offering, providing a reliable and fault-tolerant file system for Arc-connected Kubernetes clusters.
2. Edge Volumes: The newest offering, which includes Local Shared Edge Volumes and Cloud Ingest Edge Volumes. Local Shared Edge Volumes provide highly available, failover-capable storage local to your Kubernetes cluster, while Cloud Ingest Edge Volumes facilitate limitless data ingestion from edge to Blob storage.

Use Cases and Applications

Azure Container Storage enabled by Azure Arc is particularly beneficial for organizations with hybrid and multi-cloud environments. It supports various use cases, including:

• IoT Applications: Ensuring data integrity and synchronization in disconnected environments, making it ideal for IoT operations.
• Edge Computing: Providing local storage for scratch space, temporary storage, and locally persistent data unsuitable for cloud destinations.
• Data Ingestion: Facilitating seamless data transfer from edge to cloud, optimizing local resource utilization and reducing storage requirements.

Conclusion

Azure Container Storage enabled by Azure Arc represents the future of hybrid cloud storage, offering seamless onboarding, unified management, and adaptive capabilities. By leveraging this technology, organizations can overcome the challenges of hybrid and multi-cloud environments, streamline operations, and drive innovation.

Whether you’re just starting your cloud journey or looking to optimize your existing infrastructure, Azure Container Storage enabled by Azure Arc provides the tools and guidance you need to succeed. Embrace the power of this transformative solution and unlock new possibilities for your organization.

Jumpstart Drops is a good begin in your test environment, before you begin in production. Here you find a Jump start drop about “Create an Azure Container Storage enabled by Azure Arc Edge Volumes with CloudSync” by Anthony Joint.

More information:

Introducing Azure Local by Cosmos Darwin

Microsoft Adaptive Cloud

Announcement! Edge Storage Accelerator YouTube video. 

What is Microsoft Azure Arc Services?

Once upon a time, in a world where technology and holiday cheer intertwined, there was a bustling community of developers eagerly awaiting the latest updates from the Microsoft Windows 11 and Windows Server Insider programs. As the festive season approached, the air was filled with excitement and anticipation.

In the heart of this community were the Microsoft MVPs (Most Valuable Professionals) and Docker Captains, who were known for their expertise and passion for technology. They decided to come together to create something truly magical for developers around the world.

One snowy evening, as the MVPs and Docker Captains gathered around a virtual fireplace, they began to brainstorm ideas. “What if we could combine the power of Windows 11, Windows Server, and Docker Containers to create a seamless development experience?” suggested one MVP, their eyes twinkling with excitement.

The idea quickly gained momentum, and soon, the group was hard at work. They envisioned a world where developers could effortlessly build, test, and deploy applications using the latest features of Windows 11 and Windows Server, all within the flexible and scalable environment of Docker Containers.

With the help of the Insider programs, they gained early access to cutting-edge features and updates. The MVPs and Docker Captains worked tirelessly, sharing their knowledge and expertise to create a series of tutorials, guides, and sample projects. These resources were designed to help developers harness the full potential of Windows 11, Windows Server, and Docker Containers.

As the holiday season progressed, the community began to see the fruits of their labor. Developers from all corners of the globe started to adopt the new tools and techniques, marveling at the ease and efficiency they brought to their workflows. The combination of Windows 11’s sleek interface, Windows Server’s robust capabilities, and Docker Containers’ flexibility created a harmonious symphony of technology.

To celebrate their success, the MVPs and Docker Captains organized a virtual holiday party. Developers joined from far and wide, sharing stories of their experiences and the innovative projects they had created. The virtual room was filled with laughter, camaraderie, and a shared sense of accomplishment.

As the night drew to a close, one of the Docker Captains raised a toast. “Here’s to the power of collaboration, the spirit of innovation, and the joy of the holiday season. May we continue to push the boundaries of technology and inspire developers everywhere.”

And so, the story of the Microsoft Windows 11 and Windows Server Insider Christmas, made possible by the dedication and expertise of the MVPs and Docker Captains, became a cherished tale in the developer community. It was a reminder that, with passion and teamwork, even the most ambitious dreams could come true.

Happy holidays, and may your coding adventures be merry and bright!

New Docker Desktop for Windows version Available

• You can now perform key operations such as starting, stopping, restarting, and checking the status of Docker Desktop directly from the command line.
• The AI Catalog in Docker Hub is directly available through Docker Desktop.

More information about this release 4.37.0 on Docker docs.

Installing new release

Enable Docker AI (Beta feature) here

Click on Apply & Restart

The New AI Docker Beta feature known as Gordon

The new AI Docker beta feature, known as “Ask Gordon,” allows you to interact with Docker’s AI assistant to get help, guidance, and answers to your Docker-related questions. Here’s how you can use it:

1. Using “Ask Gordon” in Docker CLI

• Open your terminal or command line interface.
• Use the command: docker ai.
• This will activate the “Ask Gordon” feature, and you can type your questions or commands directly.

2. Using “Ask Gordon” in Docker Desktop

• Open Docker Desktop.
• Look for the “Ask Gordon” feature, which is integrated into the interface.
• You can type your questions or requests in the provided input field.

3. Requirements

• Ensure you have an active internet connection.
• Make sure your system allows communication to https://ai-backend-service.docker.com/.

4. Enabling or Disabling “Ask Gordon”

• For Individual Users:
  • Open Docker Desktop.
  • Go to Settings > Features in development > Beta features.
  • Tick or untick the “Enable Docker AI” option.
  • Click “Apply and restart” to save changes.
• For Organizations:
  • Administrators can disable “Ask Gordon” for the entire organization using the “Cloud Settings” feature.

5. What You Can Do with “Ask Gordon”

• Ask questions about Docker commands, configurations, and best practices.
• Get help troubleshooting Docker issues.
• Learn about Docker features and updates.

Docker Public Roadmap on GitHub

 

 

Docker Desktop Software Update 4.36.0 (175267)

Mark Russinovich and Scott Hanselman on Stage talking about Copilot, ChatGPT and AI

Scott and Mark learn responsible AI

Always check the output of AI

Microsoft Azure Local 

NEW Microsoft Introducing disconnected Operations (Preview)

Azure Local with disconnected Operations
Awesome!

NSG with Azure Local

Security in Azure Local video

 

Defender for Cloud

Get Started Today

Azure Linux 3.0 on AKS kubernetes in Preview

QuickStart

AKS Automatic
Dynamic System Node pool in Preview

More Buit-in policies for AKS

Auto-Instrumentation with Application Insights
Preview in January 2025

Enhanced Risk & Attack Path Analysis for Containers

Microsoft Azure Container Registry – Image Auto Patching in Private Preview
Security on Vulnerabilities

Network Isolated Cluster in Public Preview
Here you find Best practices for cluster isolation in Azure Kubernetes Service (AKS)

Microsoft Container Vulnerabilities Management

Container Vulnerabilities Assessment throughout the software development lifecycle.

Defender for Cloud Container Security
Continuously reduce risks.

Attack path and remediation on your AKS Kubernetes Cluster Inside overview

Container Security posture from Code to runtime is important!

Microsoft Azure Kubernetes Fleet Manager Auto-Upgrade

Microsoft AKS Static Egress Gateway for Pod-level Access Control.

Block pod access to the Azure Instance Metadata Service (IMDS) endpoint (preview)

Trusted launch for Azure Kubernetes Service (AKS)

Seccomp Default Public Preview

Node Auto Provisioning GA January 2025

Comprehensive Security Controls overview

Experience Security Copilot Today

My Conclusion

Always start small with New innovative features like Azure Copilot or making your Adaptive Cloud first in a test environment.
Do your own experiences, testing and make your Secure architecture designs for your production. Keep it simple because it can be quick complex with a lot of dependencies. Microsoft works hard to make your life more easy in this changing IT landscape
I like to thank all the people who supported the Microsoft Ignite 2024 event, it was Awesome with a lot of Great News.

Here you find the Microsoft Ignite 2024 Book of News.

 

Microsoft Azure Adaptive Cloud approach enabled by Azure Arc.

Adaptive Cloud approach Key Services and Products.

Operate everywhere with AI-enhanced management and security

AI-enhanced Central Management & Security

Get Started with Azure Arc Jumpstart here

Welcome to the heart of our mission at Azure Arc Jumpstart, where we strive to transform your learning experience into a smooth and empowering journey. Our commitment is rooted in the principles that drive us forward:

1. Enabling immediate engagement: Arc Jumpstart is designed to offer a seamless “zero to hero” experience. We understand the value of your time, and our goal is to enable you to dive right into Azure Arc, eliminating barriers and complexities.

2. Comprehensive guidance: We provide more than just guides; we offer comprehensive, step-by-step instructions tailored for various independent Azure Arc scenarios. Our content is meticulously detailed, incorporating extensive automation, vivid screenshots, and insightful code samples. This ensures that your learning journey is not just informative but also visually enriching and deeply engaging.

3. Unparalleled user experience: Our dedication lies in delivering a rich and immersive experience. We go beyond the basics, curating a user-centric environment that resonates with both beginners and seasoned professionals. Whether you’re setting up your environment on-premises or in the cloud, our guides empower you to focus on Azure Arc’s core values without being bogged down by technical intricacies.

4. Embracing platform flexibility: We recognize the diversity of your infrastructure, and our mission is to provide a platform-agnostic approach. Arc Jumpstart accommodates your infrastructure, whether it resides on-premises or in the cloud. Our focus is to ensure that regardless of your setup, you can harness the true potential of the Azure Arc platform effortlessly.

Investments to further the Adaptive Cloud Approach

Introducing Microsoft Azure Local enabled by Azure Arc

Scott Hanselman about Visual Studio and Copilot

More AI development in Visual Studio or VSCode

Microsoft Windows 365 Link

This is Awesome, my next question is:
How fast will this solution be on Mobile?

Windows Hotpatch will be Available Spring 2025
for Windows 11 and Windows 365.

Windows Resilient Security Platform

Quick Machine Recovery in Insider program early 2025.

Microsoft working together with Cybersecurity & Infrastructure Security Agency

Smart App Control only Verified apps are allowed.

Windows Hello for Business Update with support for passkey.

Administrator Protection.

Personal Data Encryption to Windows Enterprise
Only decrypted via Windows Hello

Microsoft 365 in File Explorer

Windows Search is Cool
Coming in 2025

My Conclusion

Make your own test environment and become a Windows Insider to be one of the first to test these Awesome New features!
You can make this of course in Microsoft Azure Cloud or in your own Azure Local environment
There are so much possibilities, to keep yourself up-to-date with this changing IT landscape.

 

 

Photo of the Day Rick Claus at the Microsoft MVP – RD Wall at MS Ignite 2024

Keynote by CEO Satya Nadella

Love this Windows 365 Link Device (Preview)

The world’s Computer

Microsoft Azure Local announcement

Microsoft Azure Integrated HSM

for Security first

Microsoft Azure Boost DPU Chip

Microsoft adopts NVIDIA Blackwell to power the next frontier of AI supercomputing

Security is a Team Effort

Microsoft Security Exposure Management

Scott Guthrie on Stage with the Most Developer Tools

Microsoft Azure AI Foundry Announcement 

Microsoft SQL Server 2025 Preview Announcement by Scott

Microsoft SQL Overview Slide with Fabric

Jeremy Winter about Azure and staying ahead of evolving threats at every layer

Microsoft Windows Server 2025 Hyper-V

This was my first day impression of Microsoft Ignite 2024 Event, It was Awesome to see and hear all the News!

Here you find the Microsoft Ignite 2024 Book of News

Let’s go for Day 2 of Microsoft Ignite 2024

 

Use Enhanced Container Isolation

Enhancing Security with Docker Container Isolation

In today’s digital landscape, securing applications and data is paramount. Docker container isolation plays a crucial role in ensuring that applications run securely, without interference from other containers or the host system. This blog post delves into the importance of container isolation for security purposes and compares the security features of Docker’s Hyper-V engine and WSL 2 Docker engine.

The Importance of Container Isolation

Container isolation involves creating a protective boundary around each container to prevent interference between containers and the host system. This helps maintain a secure environment and avoid potential issues. Docker provides several mechanisms to enhance container isolation, including:

• Namespaces: Isolate processes, network interfaces, and file systems.
• Control Groups (cgroups): Limit and isolate resource usage (CPU, memory, disk I/O).
• Seccomp: Restrict system calls that containers can make.
• AppArmor and SELinux: Apply mandatory access control policies.

Here you find more information about AppArmor and SELinux

These mechanisms ensure that containers operate independently, reducing the risk of security breaches.

Use Docker Scout for Security vulnerability management to keep secure Container images

Enhanced Container Isolation (ECI)

Docker’s Enhanced Container Isolation (ECI) provides an additional layer of security to prevent malicious workloads from compromising Docker Desktop or the host. ECI uses advanced techniques to harden container isolation without impacting developer productivity. These techniques include:

• Running all containers unprivileged through the Linux user-namespace.
• Ensuring Docker Desktop VM immutability.
• Vetting critical system calls to prevent container escapes.
• Partially virtualizing portions of /proc and /sys inside the container.

Docker Hyper-V Engine vs. WSL 2 Docker Engine

When it comes to running Docker on Windows, users have two main options: the Hyper-V engine and the WSL 2 Docker engine. Both have their own security implications.

Docker Hyper-V Engine:

• Isolation: Hyper-V provides strong isolation by running each container in a separate virtual machine (VM). This ensures that containers are isolated from each other and the host.
• Security: Hyper-V’s dedicated kernel for Docker Desktop ensures that the integrity of kernel-level configurations is maintained. This makes it harder for malicious workloads to breach the Docker Desktop Linux VM and host.
• User Access: Docker Desktop users cannot easily access the Docker Desktop Linux VM, preventing them from modifying Docker Engine settings inside the VM.

WSL 2 Docker Engine:

• Isolation: WSL 2 uses a lightweight Linux kernel inside a Windows VM, providing a more integrated experience with the Windows operating system.
• Security: While WSL 2 offers good isolation, it shares the same instance of the Linux kernel across all WSL 2 distributions on the same Windows host. This means that Docker Desktop cannot ensure the integrity of the kernel in the Docker Desktop Linux VM, as another WSL 2 distribution could modify shared kernel settings.
• User Access: Docker Desktop users can trivially access the Docker Desktop Linux VM with the wsl -d docker-desktop command, allowing them to bypass Docker Desktop security settings.

Conclusion

Both Docker Hyper-V and WSL 2 engines offer unique advantages and trade-offs in terms of security. Hyper-V provides stronger isolation and security by running containers in separate VMs with dedicated kernels, while WSL 2 offers a more integrated and performant experience with some security limitations. Choosing the right engine depends on your specific security requirements and use cases.

Important

Before you are going to use Docker Container Isolation in production environments, always test your Docker configurations in a Test environment first and do some experience first with your own Container scenarios.

For more detailed information, you can visit the official Docker documentation.

Enhanced Container Isolation (ECI) FAQs

Docker Scout Command Line Reference

Docker Scout is a tool designed to enhance the security of your software supply chain by analyzing your container images. It creates a detailed inventory of the components within your images, known as a Software Bill of Materials (SBOM). This SBOM is then checked against a continuously updated vulnerability database to identify any security weaknesses.

Docker Scout is versatile and can be used with Docker Desktop, Docker Hub, the Docker CLI, and the Docker Scout Dashboard. It also integrates with third-party systems like container registries and CI platforms. Essentially, it helps you proactively manage and mitigate vulnerabilities in your container images, ensuring your applications are more secure before they hit production.

Container Images in the Cloud

When you pulled the Image into Docker, you want to know is it secure before using it.
Here is Docker Scout Security in place.

With Docker Scout we will analyze the Container Image.

Scan vulnerabilities results is 0 and can be used

SBOM with 135 packages and no vulnerabilities found.

Now I can run my Kali Linux Container after Security vulnerability check with Docker Scout.

But there are also images available which have vulnerabilities in the SBOM in some of the packages because they are not up-to-date and behind patching for example. This is why Docker Scout is a very handy security tool to keep your images secure and warn you if security remediation is needed. So don’t pull and run container images fast because you are in a hurry, first check your container image with Docker Scout!

This Container is also pulled from the Cloud and has vulnerabilities because software packages are not up-to-date in the Container image.

Important vulnerabilities found by Docker Scout analyzer!
Click on View Packages and CVEs

The vulnerabilities in this Container image.
You can go deeper into the CVEs.

Here you see the links to the CVEs

Here you see the Fix version of the vulnerability

Click on the CVE-2024-5535 link for more info.

Remediation with Docker Scout is currently in Beta at the moment when I’m writing this blogpost. Here you find more information on docker docs

 

Conclusion

I always say Security by Design. Docker Scout supports you to keep your Container images as secure as possible before your containers are in a running state.
Keep your images in your Cloud registries up-to-date and clean from vulnerabilities in your packages (SBOM). I really like how docker is improving the product in a secure way with Docker Scout and make it easy to understand for DevOps, developers and security people to keep compliance in place and why it’s important not to run public images right away from the Cloud because of the risks.  Here you find more information about Docker Scout:

Docker Scout documentation

Docker Scout integration with other Systems or Container repositories

Get started with Policy Evaluation in Docker Scout

Docker Scout Demo and Q&A

 

 

CBL-Mariner Linux is a lightweight operating system, containing only the packages needed for a cloud environment. CBL-Mariner can be customized through custom packages and tools, to fit the requirements of your application. CBL-Mariner undergoes Azure validation tests, is compatible with Azure agents, and is built and tested by the Azure Edge & Platform to power various use cases, ranging from Azure services to powering IoT infrastructure. CBL-Mariner is the internally recommended Linux distribution for use with Microsoft cloud services and related products.

In the following steps we are going to install CBL-Mariner 2.0 on Hyper-V as a virtual Docker Container Host.
First you have to download CBL-Mariner 2.0 (Azure Linux) ISO here

Enable Secure Boot Template: Microsoft UEFI Certificate Authority

When you have made your Virtual Machine on Microsoft Hyper-V, you have to change the Security Boot Template from Microsoft Windows to Microsoft UEFI Certificate Authority and then you can boot from the ISO.

Select the Installation Experience
I used the Graphical Installer,
Select Next.

Default is the installation type: CBL-Mariner Core

I selected Installation type: CBL-Mariner Full

Read and Accept the CBL-Mariner Eula.

Here you can Partition your Storage.

 

Enter the Computer hostname and Create a User account.

Install Now.

Installing CBL-Mariner 2.0 on the VM.

And yes It’s fast

Login with your new created user account.

It’s a habbit of my to update always the OS before doing other installations, so in the next steps we are going to upgrade to the latest updates since the ISO is released. Then we are going to install Azure-CLI and Docker Host for Containers.

Type the Command: Sudo dnf upgrade

The OS is now asking a couple of times if it’s OK to install.

Installing of Packages to update the System.

Upgrade of CBL-Mariner 2.0 is Completed.

Installing Microsoft Azure-CLI on CBL-Mariner 2.0

The Azure Command-Line Interface (CLI) is a cross-platform command-line tool to connect to Azure and execute administrative commands on Azure resources. It allows the execution of commands through a terminal using interactive command-line prompts or a script. Here you can find more about Microsoft Azure-CLI

 

First, we install the ca-certificates
then
we install Microsoft Azure-CLI 

       type Y if this is OK.

Azure-CLI is installed.

The Latest Microsoft Azure-CLI is running on your up-to-date CBL-Mariner VM.

Type command: cat /etc/os-release
and you can see the exact version of CBL-Mariner 2.0

Installing Docker Container host on CBL-Mariner 2.0

Docker provides the ability to package and run an application in a loosely isolated environment called a container. The isolation and security lets you run many containers simultaneously on a given host. Containers are lightweight and contain everything needed to run the application, so you don’t need to rely on what’s installed on the host. You can share containers while you work, and be sure that everyone you share with gets the same container that works in the same way.

Docker provides tooling and a platform to manage the lifecycle of your containers:

• Develop your application and its supporting components using containers.
• The container becomes the unit for distributing and testing your application.
• When you’re ready, deploy your application into your production environment, as a container or an orchestrated service. This works the same whether your production environment is a local data center, a cloud provider, or a hybrid of the two.

Now we are going to install the Docker Container host software on Microsoft CBL-Mariner 2.0 (Azure Linux):

Type Command: sudo tdnf install moby-engine moby-cli ca-certificates -y

Type command: sudo systemctl enable docker.service

Type command: sudo systemctl start docker.service
and then
type command: sudo systemctl status docker.service

Now you can pull or create your containers from here for example:
Type Command: docker run -it -d –name my_container ubuntu bash

Here I’m inside the Ubuntu Linux Container running on CBL-Mariner 2.0 with Docker Container Host.

Docker Container Ubuntu image.

More information about Microsoft CBL-Mariner 2.0 you can find here:

Microsoft CBL-Mariner 2.0 (Azure Linux) on Github

Microsoft CBL-Mariner 2.0 (Azure Linux) Security

Microsoft CBL-Mariner 2.0 (Azure Linux) Toolkit docs

Conclusion

Running Microsoft CBL-Mariner 2.0 (Azure Linux) on Azure Stack HCI Hyper-V Cluster or in Microsoft Azure Cloud can be very powerfull as a lightweight Linux operating system at the Edge. Now we did running Docker Container Host on CBL-Mariner 2.0 (AzureLinux) but you can also install Microsoft Azure Arc agent to use this Operating System in a Adaptive Cloud way for Azure Hybrid Management and security. Try it yourself first in your test lab and when you have build a great security by design solution, use it in production for your business.

Join Containers in the Cloud LinkedIn Community Group for Free

All the recordings of the Microsoft Windows Server Summit 2024 event sessions are available on YouTube.
You can watch them on demand here

Here are some highlights of the Windows Server Summit 2024 event which I picked out:

Full Stack Native NVMe Support

Container Flexibility

SMB in Windows and Windows Server 2025

The Intel Xeon Processor Designed for AI

You can Upgrade to Windows Server 2025 via Windows Update.

Windows Server 2025 Security.

Delegated Managed Service Account.

Hotpatching for Windows Server 2025

Watch The evolution of Windows Authentication by Ned Pyle