Join the list! or Get updates on new episodes!
Join 10,000 other listeners and get updates on new episodes.
Copilot Notebooks feel magical — a conversational workspace that pulls context from SharePoint, OneDrive, Teams, decks, sheets, emails — and synthesizes answers instantly. But the moment users trust that illusion, they generate data that has no parents. Every Copilot output — a summary, parag…
Your Power App didn’t get “hacked”—it was over-permitted. Treating Dataverse like SharePoint (big buckets, broad roles) turns guest access into a data breach waiting to happen. Dataverse is a relational fortress built on granular privileges (Create/Read/Write/Delete/Append/Append To/Assign/Share), …
Manual GRC reporting burns time and budget: exporting Purview logs to Excel, reconciling pivots, and hoping nothing changed overnight. Replace that drag with an autonomous GRC agent built entirely on Microsoft 365: Purview for audit truth, Power Automate for scheduled extraction + classification, a…
Copilot Studio agents don’t have their own ethics—or identities. By default they borrow the caller’s token, so any SharePoint, Outlook, Dataverse, or custom API you can see, your bot can see—and say. That’s how “innocent” answers leak context: connectors combine, chat telemetry persists, and analyt…
Turning on Microsoft Copilot isn’t magic—it’s governance in motion. That toggle activates a chain of contractual, technical, and organizational controls that either align…or explode. Contracts (Microsoft Product Terms + DPA) set the legal wiring: data residency, processor role, IP ownership, no tra…
This episode is a practical walk-through of what actually goes wrong when organizations deploy copilots or chatbots without Responsible AI guardrails. It explains why: modern LLMs are non-deterministic prompt injection is not hypothetical bad outputs can cascade across business workflows fast…
AI agents are about to feel like real coworkers inside Teams—fast, tireless, and dangerously literal. This episode gives you a simple framework to keep them helpful and safe: manage their memory, entitlements, and tools, and layer prompting, verification, and human-in-the-loop oversight. You’ll lea…
Hard-coding secrets is the “key under the doormat” of cloud apps. This episode shows how to ditch static passwords and move to short-lived, scoped tokens issued by Microsoft Entra ID, so breaches fizzle instead of cascade. We start with the “Doormat Key Problem”—why credentials proliferate across r…
AI isn’t an edge case in your SIEM anymore—it’s a participant. This episode asks a hard question: when Copilot surfaces a confidential file your user can technically access, is that a breach, a policy gap, or “works as designed”? We walk through why AI access alerts don’t fit classic kill-chain thi…
Autonomous agents stop suggesting and start acting. That’s power—and risk. Give them memory (Cosmos DB), connectors, and broad scopes, and they’ll execute workflows without waiting. The cure is simple but non-negotiable: toggle act vs. suggest, lock scopes with least-privilege RBAC, enforce data cl…
Purview isn’t “set-and-forget.” It enforces whatever information architecture you’ve built—good or bad. This episode shows how sloppy IA + mis-scoped retention turns Purview into a blunt hammer (frozen files, storage bloat, angry users), and how to install guardrails so Purview, Search, and Copilot…
ARM templates promise predictable Azure deployments, but in practice they’re verbose, brittle, and hard to debug—leading to copy-paste sprawl, manual portal fixes, and configuration drift. Bicep fixes those pain points with a concise syntax, real modules, and Azure-verified building blocks that com…
Passwords keep failing not because users are careless, but because the model is broken. Phishing, credential stuffing, and endless resets prove it. Passkeys + WebAuthn fix this by replacing passwords with public-key cryptography: the private key stays on a user’s device (e.g., Windows Hello, Face I…
Cloud outages aren’t rare—they’re inevitable—and most SLAs put the blast radius back on you. When Microsoft 365, Power Apps, or Intune hiccup, the fine print limits a provider’s liability while your teams absorb the missed deadlines, idle hours, and client friction. Outages cascade because of hidde…
Copilot does not break permissions but changes how information moves by blending whatever a user is technically allowed to access into one response, which means sensitive contracts, HR files or forecasts can surface without the user ever opening those files. Classic controls like DLP and folder per…
Microsoft Information Protection fails more often from design mistakes than from technology limits. The biggest collapse pattern is teams ship labels that look neat in the admin center but have no business purpose. Then they over-engineer the taxonomy, build it for IT instead of for real humans, an…
Defender is an excellent day-to-day shield across Microsoft 365—email, identity, and endpoints—correlating signals inside the Microsoft stack and stopping active threats fast. But it has two big gaps that bite you during real incidents and audits: short retention windows (often 30–90 days) and limi…
Moving to Microsoft 365 in KRITIS or government isn’t a tooling exercise—it’s an organizational risk program. Most projects fail compliance in the first 90 days because teams treat M365 like a fast IT rollout instead of a BSI-aligned transformation. Platform certifications don’t make your tenant co…
Your data isn’t the problem—your silos are. CRM, ERP, and databases each hold truth, but they rarely speak the same language fast enough to matter. Microsoft Copilot + Fabric Data Agents flips the model: prebuilt Fabric connectors unify sources (SAP, Dynamics, Salesforce, SQL, files) and Copilot le…
Stronger M365 security doesn’t have to mean Monday-morning meltdowns. Most breaches ride through weak identity, leaky sharing, forgotten guests, and noisy logs—not exotic zero-days. This episode shows how to close the biggest gaps with 10 low-friction settings: enforce MFA via Conditional Access, b…
Your Microsoft 365 tenant is probably full of “guests who never left.” Contractors, vendors, and partners get invited for short projects—and their accounts quietly live on for years. That sprawl creates hidden risk: lingering access to SharePoint and Teams, easy entry for attackers via compromised …
“Zero Trust everywhere” and “freedom for everyone” both fail in production. One grinds work to a halt; the other invites disaster. In this workshop we show how top M365 orgs hit the operating sweet spot—where CISO, GDPR officer, and everyday users all win. You’ll learn how small portal changes casc…
Active Directory was built for office networks that barely exist anymore. Today, identities — not networks — are the real perimeter. Microsoft Entra isn’t “AD in the cloud”; it’s a suite designed for a hybrid, perimeter-less world: Entra ID for auth and conditional access, Permissions Management fo…
Compliance fails when it’s static. Checklists freeze rules in time, but regulations keep moving. In this episode, you’ll learn how to turn compliance from a brittle, manual checklist into a self-updating, feedback-driven system using Power Automate + SharePoint/Dataverse + Power BI. We cover recur…