Microsoft says it has been imposing multifactor authentication (MFA) for Azure Portal sign-ins throughout all tenants since March 2025.
The corporate’s Azure MFA enforcement efforts had been introduced in Might 2024 when Redmond started implementing necessary MFA for all customers signing into Azure to manage sources.
One yr in the past, in August 2024, Microsoft additionally warned Entra world admins to allow MFA for his or her tenants by October 15, 2024, to make sure customers do not lose entry to admin portals.
After finishing the rollout for Azure portal sign-ins, the corporate will start imposing MFA on Azure CLI, PowerShell, SDKs, and APIs in October 2025 to guard customers’ accounts towards assaults.
“We’re proud to announce that multifactor enforcement for Azure Portal sign-ins was rolled out for 100% of Azure tenants in March 2025,” Microsoft stated on Friday.
“By imposing MFA for Azure sign-ins, we goal to offer you the very best safety towards cyber threats as a part of Microsoft’s dedication to boost safety for all clients, taking one step nearer to a safer future.”
These modifications comply with a November 2023 announcement that Microsoft would quickly roll out Conditional Entry insurance policies requiring MFA for all admins when signing into Microsoft admin portals (together with Entra, Microsoft 365, Alternate, and Azure), for customers on all cloud apps, in addition to for high-risk sign-ins.
As a part of the identical effort to spice up MFA adoption, Microsoft-owned GitHub has begun imposing two-factor authentication (2FA) for all energetic builders beginning in January 2024.
A Microsoft research from two years in the past discovered that 99.99% of accounts protected by MFA efficiently fend off hacking makes an attempt and that MFA additionally lowers the chance of account compromise by 98.56%, even when attackers try to make use of stolen credentials.
“Our purpose is 100% multifactor authentication,” former Microsoft VP of Identification Safety Alex Weinert stated on the time. “Provided that formal research present multifactor authentication reduces the danger of account takeover by over 99 %, each consumer who authenticates ought to accomplish that with fashionable robust authentication.”
46% of environments had passwords cracked, practically doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and information exfiltration traits.
Encryption of each knowledge at relaxation and in transit is a non-negotiable characteristic for many organizations. Moreover, organizations working in extremely regulated and security-sensitive environments—resembling these within the monetary sector—usually require full management over the cryptographic keys used for his or her workloads.
Amazon Managed Service for Apache Flink makes it easy to course of real-time knowledge streams with sturdy safety features, together with encryption by default to assist defend your knowledge in transit and at relaxation. The service removes the complexity of managing the important thing lifecycle and controlling entry to the cryptographic materials.
If it’s essential retain full management over your key lifecycle and entry, Managed Service for Apache Flink now helps the usage of buyer managed keys (CMKs) saved in AWS Key Administration Service (AWS KMS) for encrypting software knowledge.
This characteristic helps you handle your individual encryption keys and key insurance policies, so you may meet strict compliance necessities and preserve full management over delicate knowledge. With CMK integration, you may reap the benefits of the scalability and ease of use that Managed Service for Apache Flink gives, whereas assembly your group’s safety and compliance insurance policies.
On this submit, we discover how the CMK performance works with Managed Service for Apache Flink functions, the use instances it unlocks, and key concerns for implementation.
Knowledge encryption in Managed Service for Apache Flink
In Managed Service for Apache Flink, there are a number of facets the place knowledge ought to be encrypted:
Knowledge at relaxation instantly managed by the service – Sturdy software storage (checkpoints and snapshots) and operating software state storage (disk volumes utilized by RocksDB state backend) are mechanically encrypted
Knowledge in transit inside to the Flink cluster – Mechanically encrypted utilizing TLS/HTTPS
Knowledge in transit to and at relaxation in exterior techniques that your Flink software accesses – For instance, an Amazon Managed Streaming for Apache Kafka (Amazon MSK) matter by the Kafka connector or calling an endpoint by a customized AsyncIO); encryption is dependent upon the exterior service, person settings, and code
For knowledge at relaxation managed by the service, checkpoints, snapshots, and operating software state storage are encrypted by default utilizing AWS owned keys. In case your safety necessities require you to instantly management the encryption keys, you need to use the CMK held in AWS KMS.
Key elements and roles
To grasp how CMKs work in Managed Service for Apache Flink, we first must introduce the elements and roles concerned in managing and operating an software utilizing CMK encryption:
Buyer managed key (CMK):
Resides in AWS KMS inside the identical AWS account as your software
Has an connected key coverage that defines entry permissions and utilization rights to different elements and roles
Encrypts each sturdy software storage (checkpoints and snapshots) and operating software state storage
Managed Service for Apache Flink software:
The applying whose storage you need to encrypt utilizing the CMK
The execution function doesn’t have to offer any particular permissions to make use of the CMK for encryption operations
Key administrator:
Manages the CMK lifecycle (creation, rotation, coverage updates, and so forth)
Could be an IAM person or IAM function, and utilized by a human operator or by automation
Requires administrative entry to the CMK
Permissions are outlined by the connected IAM insurance policies and the important thing coverage
Software operator:
Manages the appliance lifecycle (begin/cease, configuration updates, snapshot administration, and so forth)
Could be an IAM Person or IAM function, and utilized by a human operator or by automation
Requires permissions to handle the Flink software and use the CMK for encryption operations
Permissions are outlined by the connected IAM insurance policies and the important thing coverage
The next diagram illustrates the answer structure.
Enabling CMK following the precept of least privilege
When deploying functions in manufacturing environments or dealing with delicate knowledge, you must comply with the precept of least privilege. CMK assist in Managed Service for Apache Flink has been designed with this precept in thoughts, so every part receives solely the minimal permissions essential to perform.
For detailed details about the permissions required by the appliance operator and key coverage configurations, confer with Key administration in Amazon Managed Service for Apache Flink. Though these insurance policies may seem complicated at first look, this complexity is intentional and mandatory. For extra particulars concerning the necessities for implementing probably the most restrictive key administration attainable whereas sustaining performance, confer with Least-privilege permissions.
For this submit, we spotlight some necessary factors about CMK permissions:
Software execution function – Requires no further permissions to make use of a CMK. You don’t want to alter the permissions of an current software; the service handles CMK operations transparently throughout runtime.
Software operator permissions – The operator is the person or function who controls the appliance lifecycle. For the permissions required to function an software that makes use of CMK encryption, confer with Key administration in Amazon Managed Service for Apache Flink. Along with these permissions, an operator usually has permissions on actions with the kinesisanalytics prefix. It’s a greatest observe to limit these permissions to a selected software defining the Useful resource. The operator should even have the iam:PassRole permission to go the service execution function to the appliance.
To simplify managing the permissions of the operator, we advocate creating two separate IAM insurance policies, to be connected to the operator’s function or person:
A base operator coverage defining the fundamental permissions to function the appliance lifecycle with no CMK
An extra CMK operator coverage that provides permissions to function the appliance with a CMK
The next IAM coverage instance illustrates the permissions that ought to be included within the base operator coverage:
Separating these two insurance policies has a further advantage of simplifying the method of organising an software for the CMK, because of the dependencies we illustrate within the following part.
Dependencies between the important thing coverage and CMK operator coverage
When you rigorously observe the operator’s permissions and the important thing coverage defined in Create a KMS key coverage, you’ll discover some interdependencies, illustrated by the next diagram.
Particularly, we spotlight the next:
CMK key coverage dependencies – The CMK coverage requires references to each the appliance Amazon Useful resource Title (ARN) and the important thing administrator or operator IAM roles or customers. This coverage have to be outlined at key creation time by the important thing administrator.
IAM coverage dependencies – The operator’s IAM coverage should reference each the appliance ARN and the CMK key itself. The operator function is answerable for numerous duties, together with configuring the appliance to make use of the CMK.
To correctly comply with the precept of least privilege, every part requires the others to exist earlier than it may be accurately configured. This necessitates a rigorously orchestrated deployment sequence.
Within the following part, we show the exact order required to resolve these dependencies whereas sustaining safety greatest practices.
Sequence of operations to create a brand new software with a CMK
When deploying a brand new software that makes use of CMK encryption, we advocate following this sequenced method to resolve dependency conflicts whereas sustaining safety greatest practices:
Create the operator IAM function or person with a base coverage that features software lifecycle permissions. Don’t embrace CMK permissions at this stage, as a result of the important thing doesn’t exist but.
The operator creates the appliance utilizing the default AWS owned key. Preserve the appliance in a stopped state to stop knowledge creation—there ought to be no knowledge at relaxation to encrypt throughout this section.
Create the important thing administrator IAM function or person, if not already out there, with permissions to create and handle KMS keys. Confer with Utilizing IAM insurance policies with AWS KMS for detailed permission necessities.
The important thing administrator creates the CMK in AWS KMS. At this level, you may have the required elements for the important thing coverage: software ARN, operator IAM function or person ARN, and key administrator IAM function or person ARN.
The operator can now modify the appliance configuration utilizing the UpdateApplication motion, to allow CMK encryption, as illustrated within the following part.
The applying is now able to run with all knowledge at relaxation encrypted utilizing your CMK.
When organising CMK encryption in a manufacturing atmosphere, you’ll in all probability use an automation software slightly than the console. These instruments ultimately use the AWS API beneath the hood, and the UpdateApplication motion of the kinesisanalyticsv2 API specifically. On this submit, we analyze the additions to the API that you need to use to manage the encryption configuration.
An extra top-level block ApplicationEncryptionConfigurationUpdate has been added to the UpdateApplication request payload. With this block, you may allow and disable the CMK.
It’s essential to add the next block to the UpdateApplication request:
Theoretically, you may allow the CMK instantly once you first create the appliance utilizing the CreateApplication motion.
A top-level block ApplicationEncryptionConfiguration has been added to the CreateApplication request payload, with a syntax just like UpdateApplication.
Nevertheless, because of the interdependencies described within the earlier part, you’ll most frequently create an software with the default AWS owned key and later use UpdateApplication to allow the CMK.
When you omit ApplicationEncryptionConfiguration once you create the appliance, the default conduct is utilizing the AWS owned key, for backward compatibility.
Pattern CloudFormation templates to create IAM roles and the KMS key
The method you employ to create the roles and key and configure the appliance to make use of the CMK will range, relying on the automation you employ and your approval and safety processes. Any automation instance we will present will doubtless not suit your processes or tooling.
Nevertheless, the next GitHub repository gives some instance CloudFormation templates to generate a number of the IAM insurance policies and the KMS key with the proper key coverage:
IAM coverage for the important thing administrator – Permits managing the important thing
Base IAM coverage for the operator – Permits managing the traditional software lifecycle operations with out the CMK
CMK IAM coverage for the operator – Supplies further permissions required to handle the appliance lifecycle when the CMK is enabled
KMS key coverage – Permits the appliance to encrypt and decrypt the appliance state and the operator to handle the appliance operations
CMK operations
We’ve described the method of making a brand new Managed Service for Apache Flink software with CMK. Let’s now study different frequent operations you may carry out.
Adjustments to the encryption key develop into efficient when the appliance is restarted. When you replace the configuration of a operating software, this causes the appliance to restart and the brand new key for use instantly. Conversely, when you change the important thing of a READY (not operating) software, the brand new key isn’t truly used till the appliance is restarted.
Allow a CMK on an current software
If in case you have an software operating with an AWS owned key, the method is just like what we described for creating new functions. On this case, you have already got a operating software state and older snapshots which can be encrypted utilizing the AWS owned key.
Additionally, if in case you have a operating software, you in all probability have already got an operator function with an IAM coverage that you need to use to manage the operator lifecycle.
The sequence of steps to allow a CMK on an current and operating software is as follows:
When you don’t have already got one, create a key administrator IAM function or person with permissions to create and handle keys in AWS KMS. See Utilizing IAM insurance policies with AWS KMS for extra particulars concerning the permissions required to handle keys.
The important thing administrator creates the CMK. The important thing coverage references the appliance ARN, the operator’s ARN, and the important thing administrator’s function or person ARN.
Create a further IAM coverage that permits the usage of the CMK and fasten this coverage to the operator. Alternatively, modify the operator’s current IAM coverage by including these permissions.
Lastly, the operator can replace the appliance and allow the CMK.The next diagram illustrates the method that happens once you execute an UpdateApplication motion on the operating software to allow a CMK.
The workflow consists of the next steps:
Once you replace the appliance to arrange the CMK, the next occurs:
The applying operating state, in the meanwhile it’s encrypted with the AWS owned key, is saved in a snapshot whereas the appliance is stopped. This snapshot is encrypted with the default AWS owned key. The operating software state storage is risky and destroyed when the appliance is stopped.
The applying is redeployed, restoring the snapshot into the operating software state.
The operating software state storage is now encrypted with the CMK.
New snapshots created from this level on are encrypted utilizing the CMK.
You’ll in all probability need to delete all of the previous snapshots, together with the one created mechanically by the UpdateApplication that enabled the CMK, as a result of they’re all encrypted utilizing the AWS owned key.
Rotate the encryption key
As with every cryptographic key, it’s a greatest observe to rotate the important thing periodically for enhanced safety. Managed Service for Apache Flink doesn’t assist AWS KMS computerized key rotation, so you may have two main choices for rotating your CMK.
Possibility 1: Create a brand new CMK and replace the appliance
The primary method includes creating a wholly new KMS key after which updating your software configuration to make use of the brand new key. This methodology gives a clear separation between the previous and new encryption keys, making it simpler to trace which knowledge was encrypted with which key model.
Let’s assume you may have a operating software utilizing CMK#1 (the present key) and need to rotate to CMK#2 (the brand new key) for enhanced safety:
Conditions and preparation – Earlier than initiating the important thing rotation course of, you need to replace the operator’s IAM coverage to incorporate permissions for each CMK#1 and CMK#2. This dual-key entry helps uninterrupted operation throughout the transition interval. After the appliance configuration has been efficiently up to date and verified, you may safely take away all permissions to CMK#1.
Software replace course of – The UpdateApplication operation used to configure CMK#2 mechanically triggers an software restart. This restart mechanism makes certain each the appliance’s operating state and any newly created snapshots are encrypted utilizing the brand new CMK#2, offering speedy safety advantages from the up to date encryption key.
Vital safety concerns – Current snapshots, together with the automated snapshot created throughout the CMK replace course of, stay encrypted with the unique CMK#1. For full safety hygiene and to attenuate your cryptographic footprint, think about deleting these older snapshots after verifying that your software is functioning accurately with the brand new encryption key.
This method gives a clear separation between previous and new encrypted knowledge whereas sustaining software availability all through the important thing rotation course of.
Possibility 2: Rotate the important thing materials of the prevailing CMK
The second possibility is to rotate the cryptographic materials inside your current KMS key. For a CMK used for Managed Service for Apache Flink, we advocate utilizing on-demand key materials rotation.
The advantage of this method is simplicity: no change is required to the appliance configuration nor to the operator’s IAM permissions.
Vital safety concerns
The brand new encryption secret is utilized by the Managed Service for Apache Flink software solely after the subsequent software restart. To make the brand new key materials efficient, instantly after the rotation, it’s essential cease and begin utilizing snapshots to protect the appliance state or execute an UpdateApplication, which additionally forces a stop-and-restart. After the restart, you must think about deleting the previous snapshots, together with the one taken mechanically within the final stop-and-restart.
Change again to the AWS owned key
At any time, you may resolve to change again to utilizing an AWS owned key. The applying state continues to be encrypted, however utilizing the AWS owned key as a substitute of your CMK.
If you’re utilizing the UpdateApplication API or AWS CLI command to change again to CMK, you need to explicitly go ApplicationEncryptionConfigurationUpdate, setting the important thing sort to AWS_OWNED_KEY as proven within the following snippet:
Once you execute UpdateApplication to change off the CMK, the operator should nonetheless have permissions on the CMK. After the appliance is efficiently operating utilizing the AWS owned key, you may safely take away any CMK-related permissions from the operator’s IAM coverage.
Check the CMK in growth environments
In a manufacturing atmosphere—or an atmosphere containing delicate knowledge—you must comply with the precept of least privilege and apply the restrictive permissions described up to now.
Nevertheless, if you wish to experiment with CMKs in a growth setting, resembling utilizing the console, strictly following the manufacturing course of may develop into cumbersome. In these environments, the roles of key administrator and operator are sometimes stuffed by the identical particular person.
For testing functions in growth environments, you may need to use a permissive key coverage like the next, so you may freely experiment with CMK encryption:
This coverage mustn’t ever be utilized in an atmosphere containing delicate knowledge, and particularly not in manufacturing.
Widespread caveats and pitfalls
As mentioned earlier, this characteristic is designed to maximise safety and promote greatest practices such because the precept of least privilege. Nevertheless, this focus can introduce some nook instances try to be conscious of.
The CMK have to be enabled for the service to encrypt and decrypt snapshots and operating state
With AWS KMS, you may disable one key at any time. When you disable the CMK whereas the appliance is operating, it would trigger unpredictable failures. For instance, an software will be unable to revive a snapshot if the CMK used to encrypt that snapshot has been disabled. For instance, when you try and roll again an UpdateApplication that modified the CMK, and the earlier key has since been disabled, you may not have the ability to restore from an previous snapshot. Equally, you may not have the ability to restart the appliance from an older snapshot if the corresponding CMK is disabled.
When you encounter these situations, the answer is to reenable the required key and retry the operation.
The operator requires permissions to all keys concerned
To carry out an motion on the appliance (resembling Begin, Cease, UpdateApplication, or CreateApplicationSnapshot), the operator will need to have permissions for all CMKs concerned in that operation. AWS owned keys don’t require express permission.
Some operations implicitly contain two CMKs—for instance, when switching from one CMK to a different, or when switching from a CMK to an AWS owned key by disabling the CMK. In these instances, the operator will need to have permissions for each keys for the operation to succeed.
The identical rule applies when rolling again an UpdateApplication motion that concerned a number of CMKs.
A brand new encryption key takes impact solely after restart
A brand new encryption secret is solely used after the appliance is restarted. That is necessary once you rotate the important thing materials for a CMK. Rotating the important thing materials in AWS KMS doesn’t require updating the Managed Flink software’s configuration. Nevertheless, you need to restart the appliance as a separate step after rotating the important thing. When you don’t restart the appliance, it should proceed to make use of the previous encryption key for its operating state and snapshots till the subsequent restart.
Because of this, it is suggested to not allow computerized key rotation for the CMK. When computerized rotation is enabled, AWS KMS may rotate the important thing materials at any time, however your software won’t begin utilizing the brand new key till it’s subsequent restarted.
CMKs are solely supported with Flink runtime 1.20 or later
CMKs are solely supported if you find yourself utilizing the Flink runtime 1.20 or later. In case your software is at the moment utilizing an older runtime, you must improve to Flink 1.20 first. Managed Service for Apache Flink makes it easy to improve your current software utilizing the in-place model improve.
Conclusion
Managed Service for Apache Flink gives sturdy safety by enabling encryption by default, defending each the operating state and persistently saved state of your functions. For organizations that require full management over their encryption keys (usually as a consequence of regulatory or inside coverage wants), the flexibility to make use of a CMK built-in with AWS KMS gives a brand new degree of assurance.
By utilizing CMKs, you may tailor encryption controls to your particular compliance necessities. Nevertheless, this flexibility comes with the necessity for cautious planning: the CMK characteristic is deliberately designed to implement the precept of least privilege and powerful function separation, which may introduce complexity round permissions and operational processes.
On this submit, we reviewed the important thing steps for enabling CMKs on current functions, creating new functions with a CMK, and managing key rotation. Every of those processes offers you higher management over your knowledge safety but in addition requires consideration to entry administration and operational greatest practices.
Over the previous decade, I’ve witnessed the explosion of shopper and enterprise purposes producing more and more huge quantities of knowledge, which helped speed up the evolution of numerous knowledge heart architectures. The brand new designs enabled agile software innovation at scale whereas sustaining robust safety.
However assembly numerous international software calls for meant that knowledge facilities different tremendously in dimension, capabilities, and geographic attain, which in flip created new operational challenges. The arrival of software-defined networking (SDN) marked a significant development in addressing these different software wants and created new alternatives for innovation.
Differing implementations, nonetheless, launched new operational complexities, reminiscent of the necessity to optimize productiveness and handle prices extra successfully. Moreover, the fast adoption of AI additional sophisticated the panorama by introducing workloads with distinctive and demanding community necessities.
Inside this dynamic setting, knowledge heart operations groups are more and more searching for constant and cohesive experiences for managing and working quite a lot of knowledge heart networks. These groups search a unified answer that streamlines provisioning, presents complete visibility, and allows proactive and reactive diagnostics. Additionally they need a answer that delivers sturdy automation and minimizes the assault floor throughout knowledge heart perimeters.
Complete assist for numerous community materials
With these priorities in thoughts, Nexus Dashboard 4.1 (now common availability) allows full lifecycle administration of a number of knowledge heart networks by way of a single unified interface.
Nexus Dashboard 4.1 helps a variety of environments, together with:
NX-OS VXLAN EVPN materials
ACI materials
AI materials
Basic LAN materials
Media materials
SANs
Combos of those and extra
As well as, Nexus Dashboard goes past knowledge heart networks by enabling VXLAN EVPN automation on Cisco Catalyst switches working Cisco IOS XE.
Determine 1. Cisco Nexus Dashboard bodily or digital cluster
Unified software expertise
The Nexus Dashboard 4.1 launch marks a major milestone, because it has been fully redesigned and rebuilt. Nexus Dashboard 4.1 unifies Cisco Nexus Material Controller, Orchestrator, and Insights right into a single cohesive and intuitive software. The entire capabilities at the moment are accessible by way of an built-in navigation menu and commensurate software programming interface (API) endpoint construction.
Determine 2. Nexus Dashboard 4.1 simplification by way of unification
Unified administration aircraft for the Cisco Nexus one cloth answer
The platform now serves because the unified administration system for the Cisco Nexus one cloth answer. It streamlines safety and segmentation insurance policies for group coverage object (GPO)-aware VXLAN materials, automates multi-fabric connectivity and interoperability between NX-OS VXLAN Ethernet digital personal community (EVPN) and application-centric infrastructure (ACI) by way of software coverage infrastructure controller (APIC) federation, and allows seamless Layer 2/Layer 3 community extension with constant end-to-end coverage administration.
Determine 3. Cisco Nexus one cloth expertise
NetOps for Cisco N9300 Collection Sensible Switches
Cisco N9300 Collection Sensible Switches with built-in knowledge processing items (DPUs) deliver safety and the community collectively like by no means earlier than. With Nexus Dashboard 4.1, N9300 Collection Sensible Switches can now be onboarded into the Nexus Dashboard, which supplies NetOps companies, together with DPU well being monitoring, whereas Cisco Hypershield from the Hybrid Mesh Firewall suite supplies SecOps companies.
Determine 4. Nexus Dashboard DPU cloth stock
Centralized automation and visibility for AI materials
Cisco Nexus 9364E 800G switches act because the foundational constructing block of AI materials and at the moment are supported by Nexus Dashboard, enabling superior AI cloth automation. Additionally they provide Cisco Clever Packet Stream algorithms to maximise efficiency for each AI coaching and inferencing workloads.
Determine 5. Powering AI materials with Nexus Dashboard
Deployment flexibility and optimization
Nexus Dashboard now helps administration of a number of knowledge heart cloth sorts in the identical cluster. This permits versatile mixtures reminiscent of NX-OS VXLAN EVPN and ACI materials or VXLAN EVPN and media materials. There isn’t any limitation to cloth sort mixtures. The one exception is (SAN) materials, which at the moment require a separate set up and shall be built-in into future releases.
Scale up, scale down, and scale out
Expanded Nexus Dashboard kind issue choices can be found for each massive and small knowledge facilities, together with:
1-, 3-, or 6-node bodily or digital equipment clusters
Digital equipment clusters in AWS
The brand new Cisco ND-NODE G5S bodily equipment primarily based on Cisco UCS M8 servers for better scalability
Federation of a number of Nexus Dashboard clusters for scale-out
Dedicated to your knowledge heart journey
Nexus Dashboard adoption has grown considerably prior to now few quarters, with knowledge heart operations groups appreciating its robust technical and enterprise worth. We’ve obtained nice suggestions on Nexus Dashboard 4.1 throughout area trials and in one-on-one interactions and we’re dedicated to supporting your knowledge heart journey and simplifying your operations.
Final week I shared some prompts to point out the ability of Microsoft 365 Copilot and GPT-5, when it is grounded in your work knowledge, and requested to your personal.
Beloved the responses from prospects and colleagues, and wished to share a few of my favorites:
• “I want to answer this electronic mail. Please learn it, summarize the important thing factors, after which ask me one query at a time to assist craft a reply that matches my tone and intent” (H/T Ryan Roslansky – I have been utilizing this one on a regular basis with Copilot Chat in Outlook)
• “Generate a 20-question quiz to assist digest info from [meeting name]”
• “Spotlight rising alternatives for impression, each inside my group and thru cross-team or cross-discipline collaboration that will additional advance our firm’s mission and objective”
• “Evaluate potential danger in my mission, [project name]”
• “Assist me write concerning the impression I delivered from [date] till [date]. This could showcase: my key particular person accomplishments that contribute to group, enterprise, or buyer outcomes; my contributions to the success of others; my outcomes that construct on the work, concepts or effort of others”
It’s been a couple of weeks since we introduced GPT-5 to Microsoft 365 Copilot, and it’s rapidly grow to be a part of my on a regular basis workflow, including a brand new layer of intelligence spanning all my apps.
Listed here are 5 prompts that present what’s now attainable:
Teledyne FLIR OEM, a part of Teledyne Applied sciences Integrated (NYSE: TDY) and the worldwide chief in thermal imaging innovation, in the present day introduced the launch of the Boson®+ IQ Improvement Equipment. The great answer combines reference {hardware} with Prism™ software program, empowering integrators to quickly develop edge AI capabilities utilizing superior thermal sensing throughout protection, safety, and industrial platforms.
On the coronary heart of the equipment is the Teledyne FLIR OEM AVP, powered by the Qualcomm® Dragonwing™ QCS8550 system-on-chip (SoC), which delivers an industry-leading 50 trillion operations per second (TOPS) with a typical energy draw of simply 2.5 watts. Its multicore structure helps Prism AI object detection fashions and Prism ISP options, together with denoising and tremendous decision to offer distinctive picture readability in difficult environments.
“The Boson+ IQ Dev Equipment represents a significant leap ahead for integrators constructing smarter, extra environment friendly thermal programs on the edge with AI notably for autonomy functions similar to aerial drones, loitering munitions, and ground-based robotics,” mentioned Jared Faraudo, vp of product administration and applications, Teledyne FLIR OEM. “By combining our high-performance Boson+ thermal digital camera with Prism AI and ISP software program on a cutting-edge Qualcomm compute platform, we’re enabling sooner growth cycles, industry-best picture high quality, and longer mission endurance with minimal energy consumption.”
Designed for flexibility and scalability, the equipment contains interface and provider boards with three MIPI interfaces, permitting builders to combine seen or different sensor sorts into their programs. It additionally comes with the Boson+ and Prism SDKs, {hardware} interface management documentation (ICD), and skilled engineering assist, offering a seamless growth expertise from prototype to deployment.
The Boson+ IQ Improvement Equipment is future-ready, with compatibility for upcoming additions, together with Prism SKR and Prism Supervisor. Prism SKR facilitates autonomous goal detection and terminal steerage, whereas Prism Supervisor affords autonomous operation to designated means factors by way of GPS or visual-based navigation (VBN) location expertise. These software-enabled options can add highly effective capabilities to mission-critical functions in protection, safety, and industrial automation.
Expertise the Boson+ IQ Improvement Equipment in motion on the Teledyne FLIR stand (#S3-110) throughout DSEI UK at ExCeL London, Sept. 9–12, one of many world’s premier protection and safety exhibitions. For extra data, go to https://oem.flir.com/boson-plus-iq/.
Associated
Uncover extra from sUAS Information
Subscribe to get the most recent posts despatched to your e-mail.
The annual clock of the seasons—winter, spring, summer time, autumn—is commonly taken as a given. However our new research in Nature, utilizing a brand new strategy for observing seasonal progress cycles from satellites, exhibits that this notion is much too easy.
My colleagues and I current an unprecedented and intimate portrait of the seasonal cycles of Earth’s land-based ecosystems. This reveals “hotspots” of seasonal asynchrony all over the world—areas the place the timing of seasonal cycles will be out of sync between close by areas.
We then present these variations in timing can have stunning ecological, evolutionary, and even financial penalties.
Watching the Seasons From House
The seasons set the rhythm of life. Dwelling issues, together with people, alter the timing of their annual actions to take advantage of sources and situations that fluctuate via the yr.
With decades-long archives of satellite tv for pc imagery, we are able to use computing to raised perceive seasonal cycles of plant progress. Nevertheless, strategies for doing this are sometimes based mostly on the assumption of easy seasonal cycles and distinct rising seasons.
This works effectively in a lot of Europe, North America, and different high-latitude locations with sturdy winters. Nevertheless, this technique can battle within the tropics and in arid areas. Right here, satellite-based estimates of plant progress can fluctuate subtly all year long, with out clear-cut rising seasons.
Stunning Patterns
By making use of a brand new evaluation to twenty years of satellite tv for pc imagery, we made a greater map of the timing of plant progress cycles across the globe. Alongside anticipated patterns, corresponding to delayed spring at larger latitudes and altitudes, we noticed extra stunning ones too.
Common seasonal cycles of plant progress all over the world. Every pixel varies from its minimal (tan) to its most (darkish inexperienced) all year long.
One stunning sample occurs throughout Earth’s 5 Mediterranean local weather areas, the place winters are delicate and moist and summers are scorching and dry. These embody California, Chile, South Africa, southern Australia, and the Mediterranean itself.
These areas all share a “double peak” seasonal sample, beforehand documented in California, as a result of forest progress cycles are likely to peak roughly two months later than different ecosystems. Additionally they present stark variations within the timing of plant progress from their neighboring drylands, the place summer time precipitation is extra widespread.
Recognizing Hotspots
This advanced mixture of seasonal exercise patterns explains one main discovering of our work: The Mediterranean climates and their neighboring drylands are hotspots of out-of-sync seasonal exercise. In different phrases, they’re areas the place the seasonal cycles of close by locations can have dramatically completely different timing.
Contemplate, for instance, the marked distinction between Phoenix, Arizona (which has comparable quantities of winter and summer time rainfall) and Tucson solely 160 kilometers away (the place most rainfall comes from the summer time monsoon).
Hotspots of seasonal asynchrony: brighter colours present areas the place the timing of seasonal exercise varies quite a bit over brief distances. Picture Credit score: Terasaki Hart et al. / Nature
Different world hotspots happen largely in tropical mountains. The intricate patterns of out-of-sync seasons we observe there could relate to the advanced methods during which mountains can affect airflow, dictating native patterns of seasonal rainfall and cloud. These phenomena are nonetheless poorly understood, however could also be basic to the distribution of species in these areas of outstanding biodiversity.
Seasonality and Biodiversity
Figuring out world areas the place seasonal patterns are out of sync was the unique motivation for our work. And our discovering that they overlap with lots of Earth’s biodiversity hotspots—locations with giant numbers of plant and animal species—might not be a coincidence.
In these areas, as a result of seasonal cycles of plant progress will be out of sync between close by locations, the seasonal availability of sources could also be out of sync, too. This is able to have an effect on the seasonal reproductive cycles of many species, and the ecological and evolutionary penalties could possibly be profound.
One such consequence is that populations with out-of-sync reproductive cycles could be much less prone to interbreed. In consequence, these populations could be anticipated to diverge genetically and, maybe, ultimately even break up into completely different species.
If this occurred to even a small proportion of species at any given time, then over the lengthy haul these areas would produce giant quantities of biodiversity.
Again Right down to Earth
We don’t but know whether or not this has actually been taking place. However our work takes the primary steps in direction of discovering out.
We present that, for a variety of plant and animal species, our satellite-based map predicts stark on-ground variations within the timing of plant flowering and in genetic relatedness between close by populations.
Our map even predicts the advanced geography of espresso harvests in Colombia. Right here, espresso farms separated by a day’s drive over the mountains can have reproductive cycles as out of sync as in the event that they have been a hemisphere aside.
Understanding seasonal patterns in area and time isn’t simply necessary for evolutionary biology. Additionally it is basic to understanding the ecology of animal motion, the results of local weather change for species and ecosystems, and even the geography of agriculture and different types of human exercise.
OpenAI is reorganizing its Mannequin Conduct group, a small however influential group of researchers who form how the corporate’s AI fashions work together with individuals, TechCrunch has realized.
In an August memo to employees seen by TechCrunch, OpenAI’s chief analysis officer Mark Chen stated the Mannequin Conduct group — which consists of roughly 14 researchers — can be becoming a member of the Put up Coaching group, a bigger analysis group liable for enhancing the corporate’s AI fashions after their preliminary pre-training.
As a part of the modifications, the Mannequin Conduct group will now report back to OpenAI’s Put up Coaching lead Max Schwarzer. An OpenAI spokesperson confirmed these modifications to TechCrunch.
The Mannequin Conduct group’s founding chief, Joanne Jang, can also be transferring on to begin a brand new undertaking on the firm. In an interview with TechCrunch, Jang says she’s constructing out a brand new analysis group known as OAI Labs, which will likely be liable for “inventing and prototyping new interfaces for a way individuals collaborate with AI.”
The Mannequin Conduct group has change into one in every of OpenAI’s key analysis teams, liable for shaping the persona of the corporate’s AI fashions and for decreasing sycophancy — which happens when AI fashions merely agree with and reinforce consumer beliefs, even unhealthy ones, slightly than providing balanced responses. The group has additionally labored on navigating political bias in mannequin responses and helped OpenAI outline its stance on AI consciousness.
Within the memo to employees, Chen stated that now’s the time to carry the work of OpenAI’s Mannequin Conduct group nearer to core mannequin growth. By doing so, the corporate is signaling that the “persona” of its AI is now thought of a crucial consider how the know-how evolves.
In current months, OpenAI has confronted elevated scrutiny over the conduct of its AI fashions. Customers strongly objected to persona modifications made to GPT-5, which the corporate stated exhibited decrease charges of sycophancy however appeared colder to some customers. This led OpenAI to revive entry to a few of its legacy fashions, similar to GPT-4o, and to launch an replace to make the newer GPT-5 responses really feel “hotter and friendlier” with out growing sycophancy.
Techcrunch occasion
San Francisco | October 27-29, 2025
OpenAI and all AI mannequin builders should stroll a positive line to make their AI chatbots pleasant to speak to however not sycophantic. In August, the mother and father of a 16-year-old boy sued OpenAI over ChatGPT’s alleged position of their son’s suicide. The boy, Adam Raine, confided a few of his suicidal ideas and plans to ChatGPT (particularly a model powered by GPT-4o), in line with court docket paperwork, within the months main as much as his dying. The lawsuit alleges that GPT-4o did not push again on his suicidal ideations.
The Mannequin Conduct group has labored on each OpenAI mannequin since GPT-4, together with GPT-4o, GPT-4.5, and GPT-5. Earlier than beginning the unit, Jang beforehand labored on initiatives similar to Dall-E 2, OpenAI’s early image-generation device.
Jang introduced in a put up on X final week that she’s leaving the group to “start one thing new at OpenAI.” The previous head of Mannequin Conduct has been with OpenAI for almost 4 years.
Jang informed TechCrunch she is going to function the final supervisor of OAI Labs, which is able to report back to Chen for now. Nonetheless, it’s early days, and it’s not clear but what these novel interfaces will likely be, she stated.
“I’m actually excited to discover patterns that transfer us past the chat paradigm, which is at present related extra with companionship, and even brokers, the place there’s an emphasis on autonomy,” stated Jang. “I’ve been pondering of [AI systems] as devices for pondering, making, enjoying, doing, studying, and connecting.”
🧪 i’m beginning oai labs: a research-driven group centered on inventing and prototyping new interfaces for a way individuals collaborate with ai.
i’m excited to discover patterns that transfer us past chat and even brokers — towards new paradigms and devices for pondering, making,…
When requested whether or not OAI Labs will collaborate on these novel interfaces with former Apple design chief Jony Ive — who’s now working with OpenAI on a household of AI {hardware} gadgets — Jang stated she’s open to a number of concepts. Nonetheless, she stated she’ll seemingly begin with analysis areas she’s extra accustomed to.
This story was up to date to incorporate a hyperlink to Jang’s put up saying her new place, which was launched after this story printed. We additionally make clear the fashions that OpenAI’s Mannequin Conduct group labored on.
X-Ray on Kindle reveals characters, locations, phrases, pictures and fast context contained in the ebook.
Entry X-Ray from the in-book menu: faucet high, open stop-light menu, then choose X-Ray.
Works offline, hyperlinks to exterior sources typically, nice for giant casts and maps.
As soon as a bookworm, all the time a bookworm. In the event you’re the identical, then you understand the ache of selecting between rereading an outdated favourite novel, beginning a brand new collection, or going to the bookstore to stack one other title atop the TBR pile. At one level or one other, you’ve got certainly picked up multiple story at a time and tried to do a tandem learn, which will get complicated quick in the event you’re mixing up one fantasy world with one other. Iron may kill fairies in Terrasen, nevertheless it does not do squat in Prythian.
Typically, you go weeks (or months… and even years) with out ending a ebook, and if you lastly decide it again up, you are utterly misplaced. You flip open to a chapter full of characters you barely bear in mind. Are they brothers, or simply greatest mates? Who’s that aspect character, and the place did she come from?
Or possibly you are totally immersed within the collection, however there are simply so many characters that maintaining observe feels unattainable. Sticky notes between pages may also help, however in the event you’re studying on a Kindle or different e-reader, you possibly can’t precisely wedge Publish-its between digital pages. Thankfully, there is a sensible characteristic that handles all of that for you — maintaining characters organized and simple to reference: X-Ray.
Amazon
Model
Amazon
Display
7-inch E-ink, 300ppi, 16-level grey scale
Storage
16GB
What’s X-Ray on Kindle e-readers?
Seeing between the traces
X-Ray is a reference software constructed proper into your Kindle. It allows you to faucet on the title of a personality or place and immediately get contextual data on them. It even works with obscurer phrases particular to that ebook.
Typically, relying on the ebook, there’ll even be hyperlinks to Goodreads, Wikipedia, or one other exterior supply that may present extra of an index on whichever time period you select. Nonetheless, some customers point out that some books’ X-Ray characteristic have subsequent to no data whereas others function a complete index in and of itself.
As for the non-hyperlinked sources, you possibly can even entry them with out an web connection, similar to on airplane mode or out and about with out Wi-Fi. The data is saved inside the e-book itself, and authors may even go in and add, edit, or just allow X-Ray entries for his or her Kindle e-books by way of Amazon Direct Publishing.
A few of the issues a ebook’s X-Ray will present embrace:
Biographies
Associated passages
Further context
Notes that the writer added themselves
Easy methods to entry an e-book’s X-Ray
It is a bit of hidden
Similar to most of Kindle’s settings and options, X-Ray is simple to make use of and comparatively intuitive to seek out. Nonetheless, in contrast to altering the font dimension and margin sizes, X-Ray is in a unique menu. This is the best way to discover it:
Begin inside the ebook you are at present studying. Faucet the high of the web page to tug up the highest menu.
Faucet the stop-light menu within the higher right-hand nook.
Faucet X-Ray.
Relying in your ebook, sure tabs will seem on the high. For instance: Notable clips, Individuals, Phrases, and Pictures populated for the prequel to Throne of Glass, known as Murderer’s Blade, by Sarah J Maas. This explicit ebook is principally a group of tales in varied locations, so it appears like there are dozens of characters to maintain observe of always, so I believed it good to make use of it to showcase the X-Ray characteristic.
The Notable clips part consists of precisely that — X-Ray pulls varied sentences and paragraphs from throughout the ebook which might be essential to the story or principal characters themselves. You should use the tiny arrows on the left and proper sides of the display to toggle by way of them, and above the quote itself, there’s a progress bar that tells you the placement of every of the quotes, in addition to the chapter or part title.
Below Individuals, you will first see the point out of characters in your present web page. Then, you possibly can scroll all the way down to see different characters within the ebook, in addition to every of their mentions. The principle character of Murderer’s Blade, Celaena Sardothien, was talked about 1,081 instances. Once I clicked her title, I received entry to tabs that confirmed me her particular person notable clips, in addition to all mentions of her title on the whole. For a principal character, this might not be as useful. Nonetheless, for a personality talked about solely a few times at the start who makes a shock look on the finish, this characteristic is extremely helpful.
Phrases is extra hit-or-miss, however for collection that characteristic completely different sorts of individuals and/or magic methods, just like the Grishaverse books by Leigh Bardugo, it is additional useful. Lastly, Pictures is one other part that can both be useful or not — some books solely have a picture for the duvet of the ebook itself. Nonetheless, in case your ebook encompasses a map at the start or finish, X-Ray is a good way to shortly reference it in the event you’re attempting to get a lay of the land — it positively helped me once I tried to grasp the logistics of Sam and Frodo’s journey to Mordor.
Positive, you should utilize the built-in Photographs app to edit photos in your iPhone, however an AI picture editor can open up a world of superior prospects. Apple’s inventory photo-editing instruments have come a good distance in recent times, however they nonetheless make it laborious to get the image you initially thought you’d get.
Luminar Cellular, an AI picture editor for iPhone, iPad or Imaginative and prescient Professional, is one way or the other each easy and feature-rich. With it, you possibly can simply notice your visions. And you may get a lifetime subscription for simply $19.99 per system (MSRP $47.99).
No Apple Intelligence? Now it doesn’t matter.
With Skylum’s Luminar Cellular, even individuals with an iPhone or iPad that doesn’t help Apple Intelligence can make the most of AI-powered picture enhancing options proper on their system. Positive, all that visible wizardry received’t occur proper within the Photographs app. However with Luminar Cellular, you’re actually getting far more than Apple gives — with future updates included.
Check out the spectacular instruments in Luminar Cellular, the one AI picture editor you want in your Apple system:
SkyAI: Give your photographs the right backdrop
Suppose again to that shot you thought can be nice. You understand, the one with the sky that ended up turning out boring as a substitute of vibrant and dramatic. With this AI picture editor, you possibly can exchange that boring backdrop with a sundown or dramatic clouds in only a faucet, quite than fussing with Photographs’ lackluster lighting and saturation instruments.
EnhanceAI: Prompt pro-level edits
OK, possibly the sky isn’t the issue along with your unhappy shot — it’s all the pieces else. Luminar Cellular’s EnhanceAI characteristic can work its magic to enhance colour, tone and readability, giving your photographs a sophisticated, skilled really feel. You’ll get a lot better outcomes than with Photographs’ computerized characteristic that awkwardly simply brightens issues up.
SkinAI and BodyAI: Nice portraits each time
Are you in that image, and also you need just a little touch-up? We get it. Attempt SkinAI to easy pores and skin or take away blemishes. For those who actually need to make some adjustments, there’s an AI-powered picture enhancing software referred to as BodyAI. It helps you to reshape midsections realistically. (Simply don’t go too loopy.)
Different useful options you’ll love on this AI picture editor
Luminar Cellular isn’t nearly AI tips. It’s an app you possibly can go to anytime it is advisable edit photos in your iPhone. It’s nice if you randomly must:
Costs topic to vary. All gross sales dealt with by StackSocial, our accomplice who runs Cult of Mac Offers. For buyer help, please electronic mail StackSocial straight. We initially printed this put up on AI picture editor Luminar Cellular on August 13, 2025. We up to date the information.
There are many tech merchandise on the market. Some are nice buys providing glorious worth, however others aren’t. Most fall someplace within the center.
Until you will have the means to purchase considered one of every thing, it’s a must to resolve if one thing is the best match for you. That may be exhausting; the businesses making them will inform you that you just want one to make your life full, individuals who received a lemon or simply did not like it’s going to say the product is rubbish, and reviewers merely cannot cowl every thing.
(Picture credit score: Future)
So many tech merchandise! It could assist should you take a breath, a step again, and take into consideration what you actually want. We’re right here that will help you do exactly that!
Typically, it is good to take a step again and see what you are going to get inside that fairly bundle. Was it price what you paid for it? Will you get sufficient use from it to justify the acquisition? Or possibly it is best to maintain off and see what’s coming subsequent.
We will not make these selections for you, however we are able to inform you what we predict and possibly the place it is best to begin your decision-making course of.
That is about the identical worth because the supposed funds mannequin Galaxy S25 FE. This does not repair something that you just may assume is “improper” with the S25 Edge, besides now the value is not stupidly loopy costly. That could possibly be sufficient purpose to make it your subsequent new telephone.
Let’s dive in.
Get the most recent information from Android Central, your trusted companion on this planet of Android
Samsung makes plenty of completely different telephones at nearly each “stage” of high quality. The S25 Edge is clearly designed to be on the premium aspect of all of it.
It is quick. Samsung will take the magic inside a Qualcomm Snapdragon chip and sprinkle some additional secret stuff on it, and make extremely responsive telephones. Inside, the S25 Edge has principally the identical elements as its thicker brother, the “common” S25, and meaning it is going to be good and snappy to make use of.
The show is superior. Samsung makes a few of the greatest shows, each phone-sized and massive previous TV-sized, which you could purchase. That is why many different corporations purchase them from the Korean tech large. The S25 Edge has a ravishing show, and that is the a part of the telephone you pay probably the most consideration to.
It is skinny and light-weight. Titanium is just not a terrific materials for something that may run sizzling, like a telephone, however its different properties – specifically, its sturdiness and light-weight weight- make it fascinating. The S25 Edge is a very skinny telephone that solely weighs about 160 grams. It is the spotlight of the product and the place it takes its title.
Three issues immediately come to thoughts right here, and no worth discount will “repair” them.
The digital camera. I will not try to inform you the digital camera system on the Galaxy S25 Edge sucks, as a result of it does not. The truth is, I am going to wager it is higher than plenty of different telephones you should purchase at this time. Nevertheless it’s not so good as the cheaper “common” mannequin and nowhere close to nearly as good as what you will discover on the Galaxy S25 Extremely, Pixel 10, or iPhone 16. That was a a lot greater downside when the value was the identical or larger than any of these telephones, however it’s nonetheless missing in terms of getting up shut and private.
The battery. A skinny telephone means a skinny battery, and even Samsung hasn’t been capable of change physics to permit in any other case. The battery life on the S25 Edge might be respectable, however it will also be a catastrophe relying on how a lot you employ it all through the day and what you are attempting to do with it. It should not be a shock to anybody, smaller batteries equal much less time between costs.
The thinness and warmth. The Snapdragon 8 Elite contained in the S25 Edge will get sizzling as Hades. It’s purported to get that sizzling; there’s nothing improper with it. The problem is that with a telephone so skinny, shifting that warmth away quick sufficient can develop into a problem. Samsung did every thing proper, however with out the sheer mass and being made with titanium, the telephone might want to throttle down the pace extra typically than others. When you reside within the Yukon, this won’t be a problem. When you reside in Arizona, properly …
My verdict
This Amazon deal fixes the largest, most evident challenge with the Galaxy S25 Edge: its price ticket. Nevertheless it does not change the rest.
When you actually desire a tremendous skinny telephone, for no matter purpose, properly, that is the telephone you need to be shopping for. Do it now, whereas it is on sale, so you will not should spend approach an excessive amount of cash on it.
When you want a terrific digital camera with an outstanding telephoto lens system, this telephone is just not for you, and no worth discount can change that. Most every thing else is in place, however digital zoom is so 2010.
When you prefer to always verify your telephone or play video games for hours on finish, you are not going to like the battery life. No mincing phrases right here, it is made smaller and may’t present as a lot juice as different S25 fashions.
