The Rebirth of Canvas Apps Is a Lie: Here's What Microsoft Is Really Building

1
00:00:00,000 --> 00:00:03,360
You've been told canvas apps are back in a cute story, the truth.

2
00:00:03,360 --> 00:00:06,320
Microsoft didn't revive anything. They forked the experience.

3
00:00:06,320 --> 00:00:10,000
App, builder, workflows and agents look like power platform,

4
00:00:10,000 --> 00:00:13,080
but they live in a different lane. Your personal automation layer.

5
00:00:13,080 --> 00:00:15,560
In the next few minutes, I'll show you the architectural split,

6
00:00:15,560 --> 00:00:18,600
the data layer trade-offs, and the governance switches that keep

7
00:00:18,600 --> 00:00:20,200
co-pilot from leaking secrets.

8
00:00:20,200 --> 00:00:23,360
You'll learn exactly where app builder fits why SharePoint lists

9
00:00:23,360 --> 00:00:26,120
are a trap and the one policy that saves your tenant.

10
00:00:26,120 --> 00:00:27,800
Now let's peel back the facade.

11
00:00:28,160 --> 00:00:31,880
Starting with what Microsoft quietly changed, the facade,

12
00:00:31,880 --> 00:00:35,960
why app builder feels like power apps and why that's misleading.

13
00:00:35,960 --> 00:00:38,160
App builder feels familiar on purpose.

14
00:00:38,160 --> 00:00:41,000
Microsoft borrowed pro patterns, defined the schema,

15
00:00:41,000 --> 00:00:43,520
then paint the UI, bind controls, wire actions.

16
00:00:43,520 --> 00:00:46,280
It's the same muscle memory you've built in power apps.

17
00:00:46,280 --> 00:00:48,000
That's not an accident. It's a lure.

18
00:00:48,000 --> 00:00:50,960
The interface signals, this is safe. You know this.

19
00:00:50,960 --> 00:00:53,920
The truth, familiarity is not capability.

20
00:00:53,920 --> 00:00:57,960
Enter the default backend, SharePoint lists, fast to spin up,

21
00:00:58,080 --> 00:00:59,800
already licensed already in your tenant.

22
00:00:59,800 --> 00:01:03,480
It's the office junk drawer handy, reachable and terrifying

23
00:01:03,480 --> 00:01:05,280
when you rely on it to hold anything heavy.

24
00:01:05,280 --> 00:01:09,560
Lists are flat, lookups are limited, delegation rules silently cap

25
00:01:09,560 --> 00:01:12,680
your queries and you discover them the hard way when someone adds data

26
00:01:12,680 --> 00:01:15,120
and your app stops returning complete results.

27
00:01:15,120 --> 00:01:17,520
The average user shrugs you, however,

28
00:01:17,520 --> 00:01:20,880
inherit the outage now compared that to the power platforms grown up posture,

29
00:01:20,880 --> 00:01:24,960
that diverse first, proper relational modeling, field and role level security,

30
00:01:24,960 --> 00:01:27,640
auditing that doesn't feel like a diary written in crayon.

31
00:01:27,960 --> 00:01:31,680
Application lifecycle management with solutions, environments and pipelines,

32
00:01:31,680 --> 00:01:35,080
app, builder, waves at that world from across the parking lot

33
00:01:35,080 --> 00:01:38,640
and then sprints back to SharePoint for snacks, workflows deep in the illusion.

34
00:01:38,640 --> 00:01:44,800
The mental model mirrors power, automate triggers, actions, connectors,

35
00:01:44,800 --> 00:01:48,680
branching, you see familiar shapes and think governance applies the same way.

36
00:01:48,680 --> 00:01:52,360
And yes, many of the same connectors appear, but the scope is personal.

37
00:01:52,360 --> 00:01:56,200
Guardrails are thinner. Early iterations even simulate send operations

38
00:01:56,200 --> 00:01:59,560
so users can test flows without actually shipping email into the wild.

39
00:01:59,560 --> 00:02:03,400
Safety by training wheels, good for experiments, deceptive for architects

40
00:02:03,400 --> 00:02:08,200
who think they're buying enterprise grade behavior, scripting, constrained asset handling.

41
00:02:08,200 --> 00:02:10,680
Often via URLs not managed binaries.

42
00:02:10,680 --> 00:02:15,000
Why these defaults are governance friendly in the sense that they reduce blast radius.

43
00:02:15,000 --> 00:02:16,600
They're also capability light.

44
00:02:16,600 --> 00:02:20,160
You can prototype quickly without detonating your compliance program.

45
00:02:20,160 --> 00:02:24,520
You can also build something deceptively useful that rods the minute it meets real

46
00:02:24,520 --> 00:02:29,400
requirements, reporting across lists, approvals with audit trails or role-based access

47
00:02:29,400 --> 00:02:31,120
that isn't whoever has the link.

48
00:02:31,120 --> 00:02:35,840
Here's the thing most people miss looking like power platform doesn't make it power

49
00:02:35,840 --> 00:02:38,640
platform. Enterprise readiness requires data verse,

50
00:02:38,640 --> 00:02:41,400
entrabact, RBAC and ALM. Period.

51
00:02:41,400 --> 00:02:44,520
Without those you have a personal sandbox wrapped in a professional costume.

52
00:02:44,520 --> 00:02:46,080
It's cost play not capability.

53
00:02:46,080 --> 00:02:47,280
Why this matters?

54
00:02:47,280 --> 00:02:49,800
Users will build real apps in the wrong substrate.

55
00:02:49,800 --> 00:02:54,240
They'll stack requirements, relationships, aggregations, external calls on top

56
00:02:54,240 --> 00:02:58,840
of a flat list and wonder why performance collapses or data leaks start to look inevitable.

57
00:02:58,840 --> 00:03:00,720
Then your team gets the inevitable.

58
00:03:00,720 --> 00:03:03,360
Can you make the scale as email translation?

59
00:03:03,360 --> 00:03:06,760
Please migrate our toy into a plane while we're flying it.

60
00:03:06,760 --> 00:03:09,400
Let me spell out the trap so you can spot them early.

61
00:03:09,400 --> 00:03:13,880
Delegation limits mean your filter stop working at scale and the app shows partial data

62
00:03:13,880 --> 00:03:15,200
with alarming confidence.

63
00:03:15,200 --> 00:03:19,240
API limits on list operations, throttle what feels like just a small automation.

64
00:03:19,240 --> 00:03:22,400
Look up ceilings turn your quick join into a dead end.

65
00:03:22,760 --> 00:03:26,720
Performance degradation arrives gradually then suddenly like a misconfigured index

66
00:03:26,720 --> 00:03:31,640
revenge and security personal context inheritance means access looks fine until

67
00:03:31,640 --> 00:03:33,320
the creator leaves or moves roles.

68
00:03:33,320 --> 00:03:38,000
Then permissions evaporate ownership gets muddled and you're running recovery operations

69
00:03:38,000 --> 00:03:41,240
on a tool nobody documented because of course it was just a little app.

70
00:03:41,240 --> 00:03:44,480
This is how shadow it graduates from new sense to incident.

71
00:03:44,480 --> 00:03:46,800
So yes, app builder feels like power apps.

72
00:03:46,800 --> 00:03:47,920
That's the misdirection.

73
00:03:47,920 --> 00:03:52,320
It's optimized for speed, not structure for personal value, not shared

74
00:03:52,320 --> 00:03:53,160
accountability.

75
00:03:53,160 --> 00:03:55,680
It lowers friction so people can think with their hands.

76
00:03:55,680 --> 00:03:56,520
That's good.

77
00:03:56,520 --> 00:03:59,080
It also accumulates that faster than your finance team can say.

78
00:03:59,080 --> 00:04:00,240
Replatform with you.

79
00:04:00,240 --> 00:04:03,840
If you remember nothing else from this section, familiarity is not a feature.

80
00:04:03,840 --> 00:04:07,640
It's a sales tactic treat app builder like a personal automation tool with training

81
00:04:07,640 --> 00:04:10,120
wheels, not a gateway to your enterprise backbone.

82
00:04:10,120 --> 00:04:14,520
Use it to learn to test to draft the minute your requirements with relationships,

83
00:04:14,520 --> 00:04:15,840
audit or growth.

84
00:04:15,840 --> 00:04:19,640
You're out of the junk drawer and into Diterverse will unpack that split next.

85
00:04:20,200 --> 00:04:23,600
The split personal co pilot layer versus enterprise power platform.

86
00:04:23,600 --> 00:04:25,400
Here's the architectural reality.

87
00:04:25,400 --> 00:04:26,520
There are two lanes now.

88
00:04:26,520 --> 00:04:30,240
The personal co pilot layer app builder workflows lightweight automations

89
00:04:30,240 --> 00:04:33,280
exists for one person or a small team to move fast.

90
00:04:33,280 --> 00:04:36,400
The enterprise power platform data verse solutions,

91
00:04:36,400 --> 00:04:41,720
ALM, COE, our back exists to run durable shared systems with accountability.

92
00:04:41,720 --> 00:04:43,640
If you confuse the lanes, you pay for it later.

93
00:04:43,640 --> 00:04:44,920
Start with data.

94
00:04:44,920 --> 00:04:47,680
The personal lane is SharePoint one drive first.

95
00:04:48,040 --> 00:04:52,240
It's quick, permissive and let's be honest, structured like a spreadsheet with delusions of

96
00:04:52,240 --> 00:04:54,640
grandeur. The enterprise lane is data verse first.

97
00:04:54,640 --> 00:04:58,600
It's a real data platform, relational modeling, proper data types, row and field

98
00:04:58,600 --> 00:05:01,000
level security, auditing and API governance.

99
00:05:01,000 --> 00:05:02,080
One is a junk drawer.

100
00:05:02,080 --> 00:05:06,400
The other is a filing system with locks, logs and a librarian who remembers everything.

101
00:05:06,400 --> 00:05:10,320
Security posture follows the substrate, personal automations inherit the user's

102
00:05:10,320 --> 00:05:10,920
context.

103
00:05:10,920 --> 00:05:15,200
If you can see it, your co pilot build thing can see it until you can't because

104
00:05:15,200 --> 00:05:18,720
the roles change people leave or someone cleans up a group and removes access.

105
00:05:18,720 --> 00:05:22,640
Data verse ties access to enter identities and roles, enforces role level and

106
00:05:22,640 --> 00:05:26,440
column level security and produces audit trails that stand up to scrutiny.

107
00:05:26,440 --> 00:05:30,280
The truth in the personal lane trust is implied in the enterprise lane.

108
00:05:30,280 --> 00:05:32,480
Trust is modeled and forced and verified.

109
00:05:32,480 --> 00:05:34,520
Scale is where the split becomes painful.

110
00:05:34,520 --> 00:05:37,040
SharePoint can handle simple lists and straightforward filters.

111
00:05:37,040 --> 00:05:40,640
But once you need relationships, cascading lookups, rollups or transactional

112
00:05:40,640 --> 00:05:42,240
integrity, you hit the ceiling.

113
00:05:42,240 --> 00:05:44,160
Data verse is built for growth.

114
00:05:44,240 --> 00:05:48,080
Normalized schemas, relationships, calculated and rollup columns,

115
00:05:48,080 --> 00:05:51,960
concurrency controls and yes, service protection limits that keep everyone

116
00:05:51,960 --> 00:05:54,080
honest. You design for scale there.

117
00:05:54,080 --> 00:05:55,400
You hope for it in SharePoint.

118
00:05:55,400 --> 00:05:58,040
Governance surfaces are different by design.

119
00:05:58,040 --> 00:06:01,280
Personal co pilot apps largely bypass your CEO and ALM pipelines.

120
00:06:01,280 --> 00:06:02,000
That's the point.

121
00:06:02,000 --> 00:06:05,840
Reduce I'd backlog let users self serve and keep the blast radius small.

122
00:06:05,840 --> 00:06:08,880
Enterprise power platform writes inside your governance.

123
00:06:08,880 --> 00:06:13,280
Environment solutions managed was unmanaged pipelines approvals and separation of

124
00:06:13,280 --> 00:06:14,960
duties. One feels frictionless.

125
00:06:14,960 --> 00:06:18,600
The other feels like process that friction is what makes it auditable and

126
00:06:18,600 --> 00:06:20,360
supportable. Why does this split exist?

127
00:06:20,360 --> 00:06:23,760
Because Microsoft is optimizing for two contradictory truths users need to

128
00:06:23,760 --> 00:06:26,280
automate without waiting six weeks for a backlog ticket.

129
00:06:26,280 --> 00:06:29,760
IT needs durability compliance and observability.

130
00:06:29,760 --> 00:06:33,920
Copilot's personal layer gives speed power platform gives structure and agents.

131
00:06:33,920 --> 00:06:37,760
Yes, the orchestration brain need fast substrates to experiment iterate and

132
00:06:37,760 --> 00:06:39,160
compose workflows on the fly.

133
00:06:39,160 --> 00:06:42,160
The compromise is deliberate lower friction for creation.

134
00:06:42,280 --> 00:06:46,240
Higher standards for promotion inventory and life cycle tell the same story in

135
00:06:46,240 --> 00:06:50,120
the personal lane ownership is whoever clicked first documentation is optional.

136
00:06:50,120 --> 00:06:53,080
Life cycle is keep it until it breaks in the enterprise lane.

137
00:06:53,080 --> 00:06:56,000
Ownership is explicit metadata is enforced.

138
00:06:56,000 --> 00:06:59,280
Change is packaged and retirement is a controlled event.

139
00:06:59,280 --> 00:07:01,880
You don't send a memo to decommission a personal script.

140
00:07:01,880 --> 00:07:05,880
You absolutely do for a shared app that runs quarter and the thing most people

141
00:07:05,880 --> 00:07:08,240
miss co pilot isn't trying to replace power platform.

142
00:07:08,480 --> 00:07:12,280
It's trying to route personal intent through a fast lane while delegating durable

143
00:07:12,280 --> 00:07:15,920
execution to govern services think of co pilot as the conductor.

144
00:07:15,920 --> 00:07:20,000
It takes your prompt plans a sequence calls tools and returns results.

145
00:07:20,000 --> 00:07:25,640
Power platform is the orchestra API's data connectors that actually plays in

146
00:07:25,640 --> 00:07:27,560
time and keeps records of the performance.

147
00:07:27,560 --> 00:07:31,520
When the piece becomes a staple, you write it into the score, dataverse solutions,

148
00:07:31,520 --> 00:07:34,160
pipelines, so others can play it the same way tomorrow.

149
00:07:34,160 --> 00:07:35,480
Of course, there are trade-offs.

150
00:07:35,680 --> 00:07:39,280
Personal lane speed means fewer guard rails, expect simulated sends,

151
00:07:39,280 --> 00:07:43,040
connector approvals and conservative defaults that avoid blasting your tenant.

152
00:07:43,040 --> 00:07:47,600
Enterprise lane rigor means cost planning and the occasional know that saves you

153
00:07:47,600 --> 00:07:48,720
from public embarrassment.

154
00:07:48,720 --> 00:07:53,000
You need both use the personal lane to ideate and validate use the enterprise lane

155
00:07:53,000 --> 00:07:55,880
to operationalize before we move on put this in policy language.

156
00:07:55,880 --> 00:08:00,520
Your organization can live with if the thing only serves its creator and a small

157
00:08:00,520 --> 00:08:03,800
cohort has no regulatory data and won't live past a quarter.

158
00:08:03,800 --> 00:08:05,480
It's personal co pilot territory.

159
00:08:05,480 --> 00:08:09,600
If it shares data across teams, touches customer records, requires audit or has

160
00:08:09,600 --> 00:08:13,560
SLAs, it starts or quickly moves in dataverse with ALM draw the line,

161
00:08:13,560 --> 00:08:16,240
publish examples, enforce the hand off.

162
00:08:16,240 --> 00:08:19,040
Once you nail that, everything else clicks.

163
00:08:19,040 --> 00:08:23,800
Co pilot becomes the front door for ideas, power platform becomes the factory that

164
00:08:23,800 --> 00:08:27,240
builds the production version governance stops being a roadblock and becomes a

165
00:08:27,240 --> 00:08:27,760
runway.

166
00:08:27,760 --> 00:08:31,440
And yes, the minute a quick app smells like real business you promote it on

167
00:08:31,440 --> 00:08:33,880
purpose before it collapses under its own cleverness.

168
00:08:33,880 --> 00:08:37,840
The migration cliff from toy app to critical system and the cost.

169
00:08:37,840 --> 00:08:41,880
Great until the personal app becomes the thing sales depends on every Monday.

170
00:08:41,880 --> 00:08:43,520
This is where the toy hits the wall.

171
00:08:43,520 --> 00:08:46,000
A flat list works when you're logging your own tasks.

172
00:08:46,000 --> 00:08:49,640
The moment you need relationships projects to tasks tasks to people, people to

173
00:08:49,640 --> 00:08:52,680
departments, you're forcing a spreadsheet to cosplay as a database.

174
00:08:52,680 --> 00:08:56,520
Spoiler, it can't growth exposes the seams in four ways.

175
00:08:56,520 --> 00:09:00,440
First delegation filters that worked at 500 rows start silently lying at

176
00:09:00,440 --> 00:09:02,480
5,000 users think data is missing.

177
00:09:02,480 --> 00:09:06,320
It is the app returns partial sets because the query exceeded delegation rules.

178
00:09:06,320 --> 00:09:11,040
Second, API limits that cute automation that posts updates every time a record

179
00:09:11,040 --> 00:09:11,520
changes.

180
00:09:11,520 --> 00:09:15,240
It now hammer service limits during payroll week and randomly fails.

181
00:09:15,240 --> 00:09:16,880
Third, look ups.

182
00:09:16,880 --> 00:09:19,520
The ceiling on nested look ups turns your model into spaghetti.

183
00:09:19,520 --> 00:09:20,320
You can't untangle.

184
00:09:20,320 --> 00:09:25,400
Fourth, performance, more joins, more attachments, more users than the UI

185
00:09:25,400 --> 00:09:28,920
crawls and everyone blames co pilot because of course they do audit and

186
00:09:28,920 --> 00:09:30,000
reporting make it worse.

187
00:09:30,000 --> 00:09:33,280
Leadership wants historical changes approvals and who touched what?

188
00:09:33,280 --> 00:09:34,800
SharePoint has version history.

189
00:09:34,800 --> 00:09:39,120
Yes, but try producing a clean audit trail with row feel lineage and you'll

190
00:09:39,120 --> 00:09:40,200
wish you hadn't volunteered.

191
00:09:40,200 --> 00:09:42,560
Dataverse does this natively in the personal lane.

192
00:09:42,560 --> 00:09:46,080
You duct tape exports, pray the timestamps align and call it good enough

193
00:09:46,080 --> 00:09:48,200
until a regulator asks follow up questions.

194
00:09:48,200 --> 00:09:50,080
Ownership is the sneaky failure mode.

195
00:09:50,080 --> 00:09:54,120
Personal context inheritance means the creators permissions are the apps skeleton

196
00:09:54,120 --> 00:09:57,720
key when they change roles or leave your apps access chain collapses.

197
00:09:57,880 --> 00:10:02,680
Files break, flows stop connectors, lose secrets and you discover the bus factor was

198
00:10:02,680 --> 00:10:04,000
one. Congratulations.

199
00:10:04,000 --> 00:10:06,800
You've built a critical system that's literally owned by a person.

200
00:10:06,800 --> 00:10:08,440
Now the migration tax comes to you.

201
00:10:08,440 --> 00:10:11,400
Step one, reverse engineer logic, nobody documented.

202
00:10:11,400 --> 00:10:16,480
You did flows, decipher prompt crafted expressions and guess at intended behavior.

203
00:10:16,480 --> 00:10:21,200
Step two, design a proper dataverse model, tables, relationships,

204
00:10:21,200 --> 00:10:25,800
calculated and roll up columns, security roles, step three, rebuild UI and

205
00:10:25,800 --> 00:10:28,440
automations in solutions, not lose objects.

206
00:10:28,440 --> 00:10:33,840
Step four, establish ALM environments, pipelines, approvals, change control.

207
00:10:33,840 --> 00:10:38,440
Step five, move data, fix referential integrity and validate reporting.

208
00:10:38,440 --> 00:10:40,080
This is not a lift and shift.

209
00:10:40,080 --> 00:10:43,840
It's a re platform plus archaeology and yes, service protection limits in

210
00:10:43,840 --> 00:10:45,480
dataverse exists to by design.

211
00:10:45,480 --> 00:10:46,800
There are guardrails, not bugs.

212
00:10:46,800 --> 00:10:50,720
You'll refactor to batch operations, respect, retry after headers and stop

213
00:10:50,720 --> 00:10:53,160
pretending bursty unbounded calls are fine.

214
00:10:53,160 --> 00:10:54,800
This is the price of real scale.

215
00:10:55,080 --> 00:10:58,480
If that sentence hurt good, it means you're finally doing engineering.

216
00:10:58,480 --> 00:11:00,280
Connector fantasies die here.

217
00:11:00,280 --> 00:11:01,960
We'll just email the PDF.

218
00:11:01,960 --> 00:11:06,640
No, you won't, not without approvals, DLP checks and sometimes simulated

219
00:11:06,640 --> 00:11:07,880
sends in the personal lane.

220
00:11:07,880 --> 00:11:10,160
Admins rightfully gate external systems.

221
00:11:10,160 --> 00:11:14,560
Personal workflows let people experiment enterprise workflows require governance.

222
00:11:14,560 --> 00:11:18,040
If emailing customers is a business process, it belongs in government

223
00:11:18,040 --> 00:11:20,560
connectors with audit, not in someone's side project.

224
00:11:20,560 --> 00:11:23,200
So how do you spot the cliff before you drive off it?

225
00:11:23,200 --> 00:11:24,360
Look for these signals.

226
00:11:24,520 --> 00:11:28,240
More than one list and cross list joins approvals that need audit trails.

227
00:11:28,240 --> 00:11:33,080
External API's customer data or finance data reporting that requires consistent

228
00:11:33,080 --> 00:11:33,920
historical truth.

229
00:11:33,920 --> 00:11:37,360
A second team asking to use it any two of those you're already late, graduate to

230
00:11:37,360 --> 00:11:37,880
dataverse.

231
00:11:37,880 --> 00:11:42,240
Here's the shortcut nobody teaches define exit criteria on day one.

232
00:11:42,240 --> 00:11:44,440
Write a dataverse threshold and publish it.

233
00:11:44,440 --> 00:11:48,640
Example, if we need more than one relationship per record, role-based access

234
00:11:48,640 --> 00:11:52,160
beyond site permissions or more than a few thousand rows with reliable filters.

235
00:11:52,160 --> 00:11:52,600
We move.

236
00:11:53,160 --> 00:11:55,920
If it touches regulated data, we start in dataverse.

237
00:11:55,920 --> 00:12:00,640
If it becomes shared beyond a pilot team for more than one quarter, we move simple

238
00:12:00,640 --> 00:12:01,680
and force it.

239
00:12:01,680 --> 00:12:06,840
A micro story to make this concrete, a team builder time tracker with app builder.

240
00:12:06,840 --> 00:12:08,400
It worked until month three.

241
00:12:08,400 --> 00:12:11,920
They needed department level rollups, manager approvals and weekly reporting,

242
00:12:11,920 --> 00:12:16,240
delegation, bit them, lookups maxed out and the flow started hitting limits on

243
00:12:16,240 --> 00:12:16,760
Fridays.

244
00:12:16,760 --> 00:12:20,400
They rebuilt in dataverse across two sprints and never looked back.

245
00:12:20,400 --> 00:12:22,960
The difference wasn't AI got smarter.

246
00:12:23,320 --> 00:12:24,760
The difference was the right substrate.

247
00:12:24,760 --> 00:12:26,520
The truth speed is the appetizer.

248
00:12:26,520 --> 00:12:29,920
Governance is the meal designed for the exit or you'll pay for the rescue.

249
00:12:29,920 --> 00:12:32,120
Now let's put guardrails where they actually work.

250
00:12:32,120 --> 00:12:36,600
Governance that actually works, DLP permissions and restricted surfaces.

251
00:12:36,600 --> 00:12:40,280
You keep speed without detonating compliance by governing the edges, not

252
00:12:40,280 --> 00:12:41,400
micromanaging the middle.

253
00:12:41,400 --> 00:12:43,920
Start with the policy that actually stops leaks.

254
00:12:43,920 --> 00:12:47,800
Label first, DLP sensitivity labels and Microsoft purview are the bounce

255
00:12:47,800 --> 00:12:48,400
are at the door.

256
00:12:48,400 --> 00:12:52,560
If content is labeled confidential or highly confidential, co-pilot respects that

257
00:12:52,560 --> 00:12:56,400
label and either refuses to process, redacts payloads or routes the

258
00:12:56,400 --> 00:12:58,440
request through allowed paths only.

259
00:12:58,440 --> 00:13:02,160
This is how you prevent summarize the merger deck from becoming oops.

260
00:13:02,160 --> 00:13:05,880
And yes, the co pilot policy location matters, put your allow deny for

261
00:13:05,880 --> 00:13:10,000
processing under the co pilot specific DLP controls, not just generic exchange

262
00:13:10,000 --> 00:13:12,800
or share point DLP or you'll miss the runtime that matters.

263
00:13:12,800 --> 00:13:14,360
Permission hygiene is next.

264
00:13:14,360 --> 00:13:15,840
These privilege isn't a slogan.

265
00:13:15,840 --> 00:13:20,360
It's the break pedal run access reviews on key sites use tools like site access

266
00:13:20,360 --> 00:13:23,760
management and data access governance to surface oversharing you already

267
00:13:23,760 --> 00:13:24,440
forgot about.

268
00:13:24,440 --> 00:13:28,280
Fix broken inheritance, kill everyone except external users where it never

269
00:13:28,280 --> 00:13:30,920
belonged and tag your crown jewels with sensitivity labels.

270
00:13:30,920 --> 00:13:34,640
So DLP has teeth co pilot aggregates what permissions allow.

271
00:13:34,640 --> 00:13:38,200
If your baseline is sloppy, co pilot will be a megaphone for your mistakes.

272
00:13:38,200 --> 00:13:41,200
Restricted SharePoint search is your containment switch during rollout waves.

273
00:13:41,200 --> 00:13:44,960
You temporarily limit co pilots indexable scope to approved sites while you

274
00:13:44,960 --> 00:13:45,880
remediate the mess.

275
00:13:45,880 --> 00:13:50,320
That buys you time to relabel content, correct permissions and standardize

276
00:13:50,320 --> 00:13:53,440
ownership without turning co pilot into a tenant whites, Belanca.

277
00:13:53,440 --> 00:13:54,680
No, it's not a forever state.

278
00:13:54,680 --> 00:13:55,480
It's triage.

279
00:13:55,480 --> 00:13:57,920
Close the doors, clean the room, then reopen what's ready.

280
00:13:57,920 --> 00:14:00,760
Now the playbook use this verbatim if you like brevity.

281
00:14:00,760 --> 00:14:04,760
One, enable co pilot DLP and explicitly block processing of confidential

282
00:14:04,760 --> 00:14:07,760
and highly confidential content unless the destination and agent are in your

283
00:14:07,760 --> 00:14:08,440
allow list.

284
00:14:08,440 --> 00:14:12,720
Two, require labels on document libraries that feed co pilot or app builder

285
00:14:12,720 --> 00:14:16,600
assets auto label where feasible manual for the weird edge cases.

286
00:14:16,600 --> 00:14:20,200
Three, permission hygiene, quarterly access reviews on

287
00:14:20,200 --> 00:14:24,240
high value sites, immediate cleanup of open links and a ban on orphaned owners.

288
00:14:24,240 --> 00:14:28,400
Four, scope control, turn on restricted SharePoint search for pilot groups,

289
00:14:28,400 --> 00:14:30,240
widen as remediation completes.

290
00:14:30,240 --> 00:14:34,240
Five, connectors require admin approvals for email and external systems.

291
00:14:34,240 --> 00:14:36,880
Lock new connector use review weekly.

292
00:14:36,880 --> 00:14:41,560
Six, monitoring, watch the purview audit stream for co pilot activity and

293
00:14:41,560 --> 00:14:45,280
tune policies based on reality, not vibes licensing matters because features

294
00:14:45,280 --> 00:14:46,080
aren't imaginary.

295
00:14:46,080 --> 00:14:49,880
Advanced DLP and richer analytics live in E5 or E5 compliance.

296
00:14:49,920 --> 00:14:53,480
E3 gives you core DLP, which is enough to enforce labels and block obvious

297
00:14:53,480 --> 00:14:57,480
exfiltration but lighter on granularity translate budget into reach.

298
00:14:57,480 --> 00:15:01,040
If you want fine grained policies broader coverage and better reporting,

299
00:15:01,040 --> 00:15:04,520
funded, otherwise constraint scope and be honest about what you can't see.

300
00:15:04,520 --> 00:15:06,760
Guard rails are not the enemy of velocity.

301
00:15:06,760 --> 00:15:11,520
They're how velocity becomes sustainable allow personal automations by default

302
00:15:11,520 --> 00:15:15,760
inside the low risk lane block sensitive processing by default until you

303
00:15:15,760 --> 00:15:19,320
explicitly allow it, put approvals in front of risky connectors, email external

304
00:15:19,320 --> 00:15:22,040
storage custom APIs, but that slows people down.

305
00:15:22,040 --> 00:15:22,720
Correct.

306
00:15:22,720 --> 00:15:24,680
It slows down the parts that create incidents.

307
00:15:24,680 --> 00:15:28,200
Everything else stays fast migration governance needs a line in the sand.

308
00:15:28,200 --> 00:15:32,480
Declare what's personal versus enterprise document the hand off to data

309
00:15:32,480 --> 00:15:37,240
verse criteria templates and the process to promote ownership gets reassigned

310
00:15:37,240 --> 00:15:38,400
from a person to a team.

311
00:15:38,400 --> 00:15:43,120
Entra rolls replace ad hoc permissions and agents or flows move into environments

312
00:15:43,120 --> 00:15:44,360
with solutions and pipelines.

313
00:15:44,360 --> 00:15:46,760
You're not punishing experimentation.

314
00:15:46,760 --> 00:15:48,680
You're upgrading it to a supported service.

315
00:15:48,880 --> 00:15:53,280
Agent governance deserves its own checklist inventory agents centrally export

316
00:15:53,280 --> 00:15:57,400
metadata owner capabilities connected data sensitivity exposure assigned

317
00:15:57,400 --> 00:15:58,400
entry agent IDs.

318
00:15:58,400 --> 00:16:03,280
So access is auditable and revocable tag capabilities who can email who can post

319
00:16:03,280 --> 00:16:06,840
externally who can touch finance and force least privilege permissions for agents

320
00:16:06,840 --> 00:16:07,640
just like users.

321
00:16:07,640 --> 00:16:11,320
And when someone leaves reassigned agent ownership and secrets immediately,

322
00:16:11,320 --> 00:16:14,640
deprovision on a schedule, not after the outage to micro warnings.

323
00:16:14,640 --> 00:16:18,240
Most people ignore first simulated send is a training wheel, not a hall pass.

324
00:16:18,320 --> 00:16:20,520
Don't treat it like a sandbox to bypass approvals.

325
00:16:20,520 --> 00:16:24,280
Second, URL based asset handling is not content management.

326
00:16:24,280 --> 00:16:27,360
If it matters, bring it into governed repositories with labels.

327
00:16:27,360 --> 00:16:30,200
Don't duct tape links into prompts and call it hardened.

328
00:16:30,200 --> 00:16:32,120
The truth, you don't need perfect governance.

329
00:16:32,120 --> 00:16:34,400
You need consistent and forced boundaries.

330
00:16:34,400 --> 00:16:37,560
Labels drive decisions permissions reflect reality.

331
00:16:37,560 --> 00:16:42,080
Search scope limits blast radius approvals gate risk do that and co pilot

332
00:16:42,080 --> 00:16:45,080
can accelerate the right work without turning your tenant into a very efficient

333
00:16:45,080 --> 00:16:49,280
leak. What Microsoft is really building agents as the new runtime.

334
00:16:49,280 --> 00:16:53,560
Now the real agenda, enter agents, the runtime that plans calls tools and checks

335
00:16:53,560 --> 00:16:57,000
its own work, not a single chatbot with good manners, a multi agent system

336
00:16:57,000 --> 00:17:01,640
with specialization, one agent that knows HR policy, another that understands

337
00:17:01,640 --> 00:17:05,600
finance workflows, another that can negotiate calendars without starting a small

338
00:17:05,600 --> 00:17:07,040
war. They coordinate.

339
00:17:07,040 --> 00:17:07,840
They hand off.

340
00:17:07,840 --> 00:17:08,680
They keep receipts.

341
00:17:08,680 --> 00:17:12,680
Co pilot studio is the cockpit low code tuning lets you define capabilities

342
00:17:12,680 --> 00:17:17,320
with your data and workflows pro code toolkits wire in API's and custom skills

343
00:17:17,320 --> 00:17:18,360
when local tabs out.

344
00:17:18,360 --> 00:17:19,680
The result isn't a bot.

345
00:17:19,680 --> 00:17:23,560
It's a governed operator that understands your processes and executes them

346
00:17:23,560 --> 00:17:28,120
repeatedly. And yes, human in the loop is built in agents show steps.

347
00:17:28,120 --> 00:17:31,200
You approve. They continue control isn't optional.

348
00:17:31,200 --> 00:17:34,840
It's the default identity matters agents get entry agent IDs.

349
00:17:34,840 --> 00:17:39,080
So access is role based, auditable and revocable compliance isn't bolted on

350
00:17:39,080 --> 00:17:44,200
later. Per view labels flow through DLP policies apply and when an agent touches

351
00:17:44,200 --> 00:17:48,400
data verse, information protection rides along the data layer is deliberate.

352
00:17:48,400 --> 00:17:52,600
Durable records live in data verse transient scaffolding can live in

353
00:17:52,600 --> 00:17:55,880
SharePoint while you prototype compare that to random macros on someone's

354
00:17:55,880 --> 00:17:59,720
desktop. This is civilization operationally copilot plans,

355
00:17:59,720 --> 00:18:03,640
assembles and orchestrates power platform provides durable services data

356
00:18:03,640 --> 00:18:06,240
connectors APIs that stand the test of Monday mornings.

357
00:18:06,320 --> 00:18:10,480
The reason SharePoint first keeps showing up in app builder is speed agents need

358
00:18:10,480 --> 00:18:13,640
a low friction substrate to sketch solutions iterate and discard.

359
00:18:13,640 --> 00:18:17,840
When a pattern proves valuable, you promoted data verse tables, solutions,

360
00:18:17,840 --> 00:18:20,880
pipelines. So the agents plan runs against governed back ends.

361
00:18:20,880 --> 00:18:23,000
Your new job isn't to paint every screen.

362
00:18:23,000 --> 00:18:25,280
It's to govern connection points classified data.

363
00:18:25,280 --> 00:18:28,880
So agents know what they can touch approve connectors with real oversight.

364
00:18:28,880 --> 00:18:31,680
Define agent permissions like you would a service account,

365
00:18:31,680 --> 00:18:34,920
least privilege capability tags separation of duties.

366
00:18:35,200 --> 00:18:38,760
Keep an inventory. You can export reassign ownership when people move.

367
00:18:38,760 --> 00:18:42,440
Deprovision on purpose future proofing is policy, not prophecy,

368
00:18:42,440 --> 00:18:44,160
publish your data verse threshold.

369
00:18:44,160 --> 00:18:48,400
So promotion isn't an argument template common agent patterns on boarding.

370
00:18:48,400 --> 00:18:50,720
QBR prep incident triage.

371
00:18:50,720 --> 00:18:53,480
So teams don't reinvent brittle flows document.

372
00:18:53,480 --> 00:18:54,640
ALM for escalation.

373
00:18:54,640 --> 00:18:57,000
So personal becomes enterprise without a bonfire.

374
00:18:57,000 --> 00:19:00,720
The truth agents are the new runtime power platform is the backbone.

375
00:19:00,720 --> 00:19:04,160
Your governance is the circulatory system that keeps the organism alive.

376
00:19:05,120 --> 00:19:07,840
Rapid implementation checklist define the lanes,

377
00:19:07,840 --> 00:19:11,920
publish criteria and examples for personal co pilot apps versus enterprise

378
00:19:11,920 --> 00:19:14,880
power platform. If it's personal short lived and low risk,

379
00:19:14,880 --> 00:19:16,400
it's fine to live in the personal lane.

380
00:19:16,400 --> 00:19:20,000
Everything else gets data verse and ALM said data verse thresholds.

381
00:19:20,000 --> 00:19:25,160
Relationship count record volume external APIs audit needs role-based access cross

382
00:19:25,160 --> 00:19:29,880
any two you promote turn on co pilot DLP use the co pilot policy location.

383
00:19:29,880 --> 00:19:33,360
Block processing for confidential and highly confidential by default,

384
00:19:33,680 --> 00:19:35,960
allow only approved agents and destinations.

385
00:19:35,960 --> 00:19:40,480
Expand label coverage auto label at scale require manual labels for edge libraries.

386
00:19:40,480 --> 00:19:46,240
Audit monthly for gaps fix permissions run access reviews remediate oversharing and kill

387
00:19:46,240 --> 00:19:51,520
open links on sensitive sites make ownership explicit control scope enable restricted

388
00:19:51,520 --> 00:19:53,240
SharePoint search for all out waves.

389
00:19:53,240 --> 00:19:55,160
Why then only after remediation.

390
00:19:55,160 --> 00:19:59,880
Govon connectors require approvals for email and external systems lock new connector

391
00:19:59,880 --> 00:20:04,400
usage and review weekly. Govon agents inventory and export metadata assign

392
00:20:04,400 --> 00:20:08,880
and our agent IDs tech capabilities define the provision steps and ownership reassignment

393
00:20:08,880 --> 00:20:10,880
build a migration runway document.

394
00:20:10,880 --> 00:20:14,960
Replatform steps provide data verse data templates estimate rebuild costs.

395
00:20:14,960 --> 00:20:19,520
So teams understand the tax teach the exit train power users on thresholds.

396
00:20:19,520 --> 00:20:24,160
Hold office hours titled should this move to data verse micro stories and a harm

397
00:20:24,160 --> 00:20:29,200
moments a team builder time tracker in app builder 12 weeks later delegation and

398
00:20:29,200 --> 00:20:33,640
look up ceilings forced a data verse rebuild to sprints problem solved speed returned

399
00:20:33,640 --> 00:20:39,280
because the substrate was right DLP prevented a near miss co pilot refuse to summarize

400
00:20:39,280 --> 00:20:43,240
a highly confidential contract labels did the work while humans took the credit.

401
00:20:43,240 --> 00:20:48,080
An access review revealed an overshared side powering a co pilot workflow restricted

402
00:20:48,080 --> 00:20:51,840
SharePoint search contained the blast radius while permissions were fixed and

403
00:20:51,840 --> 00:20:56,440
onboarding agent coordinated HR and IT using govern connectors and data verse outputs

404
00:20:56,440 --> 00:20:58,040
were auditable hand offs clean.

405
00:20:58,520 --> 00:21:01,920
If you remember nothing else define lanes and force labels plan the exit.

406
00:21:01,920 --> 00:21:06,480
Here's the takeaway copilot didn't resurrect canvas apps it created a personal

407
00:21:06,480 --> 00:21:10,400
automation lane while agents become the runtime and data verse remains the

408
00:21:10,400 --> 00:21:11,280
governed backbone.

409
00:21:11,280 --> 00:21:15,920
Do the smart thing this week publish your lane policy enable copilot DLP with

410
00:21:15,920 --> 00:21:19,480
label based blocking and set data verse thresholds of promotions aren't debates.

411
00:21:19,480 --> 00:21:23,360
If this saved you clean up our subscribe and catch the next deep dive on agent

412
00:21:23,360 --> 00:21:25,560
governance identity permissions and life cycle.

413
00:21:25,560 --> 00:21:27,320
So your tenant scales without drama.