Avsnitt
-
Most Power Platform automations are failing for one simple reason: they were built for a world that no longer exists. Traditional low-code systems depend on rigid “if-then” logic, clean data, and predictable inputs. But modern enterprise data is chaotic, unstructured, and constantly changing. The result is what many organizations are experiencing right now — brittle automations that collapse the moment reality gets messy. This episode explores the massive architectural shift happening across the Power Platform ecosystem as AI transforms automation from deterministic logic into probabilistic design. Instead of asking, “Is this exactly correct?” modern systems ask, “How likely is this to be correct?” That subtle change is rewriting how enterprise workflows are designed, governed, and scaled.
THE DEATH OF DETERMINISTIC AUTOMATION
For years, enterprise automation depended on exact matches and structured logic. If a field matched perfectly, the flow continued. If a single character changed, the system failed. That worked when business data lived inside carefully structured databases. But today, most enterprise information exists in emails, PDFs, Teams chats, voice transcripts, and unstructured documents. Traditional Power Automate flows struggle in this environment because they cannot understand context or intent. A deterministic system sees “Invoice 202” and “Inv-202” as completely unrelated values. AI-powered systems see similarity instead of exactness. That shift changes everything.
KEY TOPICS COVERED
Why rigid low-code automations keep breakingThe rise of probabilistic workflow designHow confidence scores redefine governanceWhy fuzzy matching matters more than exact matchingThe future of automation is not about perfection. It is about resilience.
THE RISE OF CONFIDENCE-BASED ROUTING
One of the biggest changes AI introduces into Power Platform design is the concept of the confidence score. Instead of binary true-or-false logic, AI models return probabilities that quantify uncertainty. That means workflows can finally understand doubt instead of pretending certainty always exists. This episode breaks down the architecture behind confidence-based routing and explains how modern Power Platform solutions now separate actions into Green, Yellow, and Red confidence zones. High-confidence outputs move automatically. Medium-confidence results trigger human review. Low-confidence outputs are rejected or escalated before they damage production systems.
WHY CONFIDENCE SCORES MATTER
They expose uncertainty instead of hiding itThey reduce silent automation failuresThey align business risk with automation logicThey enable scalable human-in-the-loop governanceThis is the foundation of what the episode calls the “Approximate Enterprise” — a world where systems are designed to tolerate ambiguity instead of collapsing because of it.
FUZZY MATCHING AND SEMANTIC LOGIC
The conversation also dives deep into fuzzy matching, semantic reasoning, and the evolution from character-based automation toward meaning-based automation. Traditional systems compare syntax. AI compares concepts. That means a probabilistic system can understand that “IBM” and “I.B.M.” likely refer to the same entity, or that “Customer” and “Client” often represent identical business meaning. This dramatically increases match rates and reduces the amount of manual cleanup required to keep workflows operational. The episode explores how techniques like Levenshtein distance, semantic embeddings, and AI-powered classification are changing the way architects design resilient low-code systems capable of handling imperfect human-generated data.
BUILDING SELF-CORRECTING WORKFLOWS
AI systems are powerful, but they hallucinate. That reality forces architects to rethink reliability from the ground up. Instead of trying to eliminate every error, modern workflow design focuses on recovery, validation, and self-correction. This episode introduces the Dual-Path Validation pattern, where AI handles soft reasoning tasks while deterministic systems enforce hard constraints. Large Language Models extract intent and contextual meaning, while traditional logic validates totals, calculations, compliance rules, and financial accuracy.
MODERN SELF-HEALING DESIGN PRINCIPLES
Never let an LLM handle critical calculations aloneSeparate reasoning layers from validation layersUse deterministic systems as verification enginesDesign recovery paths instead of assuming perfectionThe result is a workflow architecture capable of adapting instead of crashing when the unexpected happens.
THE HUMAN-IN-THE-LOOP REALITY
One of the most important themes in this episode is that AI does not eliminate humans from automation — it changes their role entirely. Most enterprise AI workflows still require human verification, especially for medium-confidence outputs and high-risk decisions. Instead of acting as data-entry operators, humans become reviewers, governors, and exception handlers. Successful automation strategies build verification directly into the architecture instead of treating it like a temporary workaround. This shift transforms productivity models across the enterprise. Teams stop wasting time on repetitive tasks and focus instead on reviewing edge cases that genuinely require human judgment.
THE AGENTIC ENTERPRISE
The episode concludes by exploring the rise of the Agentic Enterprise — a future where AI agents become first-class digital workers operating inside orchestrated low-code environments. Instead of static flows solving narrow problems, intelligent agents dynamically evaluate context, select tools, adapt behavior, and route work autonomously. Power Platform is rapidly evolving from an app builder into an orchestration layer for AI-driven business operations. Governance, security, compliance, and automation are all becoming probabilistic systems driven by confidence, anomaly detection, and behavioral analysis. The organizations that continue building brittle “if-then” systems will spend the next decade trapped in maintenance cycles. The organizations that embrace probabilistic architecture will build workflows capable of adapting at the speed of modern business.
FINAL THOUGHTS
The probability shift is not just another AI trend. It is a fundamental redesign of how enterprise systems think, adapt, and survive uncertainty. Low-code development is moving away from rigid syntax and toward semantic understanding, confidence-driven governance, and resilient self-correcting architectures. If your Power Automate flows are constantly failing because of messy inputs, inconsistent formatting, or unstructured data, this episode provides a blueprint for building systems that bend instead of break. Follow M365FM for deeper conversations on AI architecture, Power Platform governance, automation resilience, Copilot Studio, and the future of intelligent enterprise design.
Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. -
Most IT leaders still believe Microsoft 365 native redundancy equals protection. It doesn’t. High Availability was designed to keep services running, not to recover your business after a destructive attack. The same synchronization engine that delivers collaboration at cloud speed can also replicate corruption, ransomware, and deletion events instantly across your environment. In 2026, the biggest threat isn’t infrastructure failure. It’s the assumption that synchronization equals safety. The reality is brutal. When ransomware hits a tenant, Microsoft 365 replication works perfectly. Every encrypted file, every malicious edit, and every destructive change is synchronized across SharePoint, OneDrive, and Teams before security teams can react. Native redundancy protects uptime, not integrity. And attackers know it.
THE SYNCHRONIZATION TRAP
Modern cloud environments are built around real-time replication. That speed is excellent for productivity but catastrophic during a cyberattack. The moment a malicious script starts modifying data, the platform distributes those changes everywhere. What most organizations think is “backup” is often just another synchronized copy of compromised data. The 501-version attack proves how dangerous this design really is. Many administrators believe version history acts like a recovery vault. It doesn’t. Versioning is simply metadata attached to a file. If attackers perform enough automated edits, the clean versions disappear permanently. Using Microsoft Graph API automation, ransomware groups can wipe recovery history across thousands of files in minutes.
KEY RISKS INSIDE THE SYNC TRAPVersion history can be overwritten intentionallyRecycle Bin protections can be bypassed or emptiedGraph API automation accelerates tenant-wide destructionRecovery points remain connected to production identity systemsThe problem isn’t that Microsoft 365 is broken. The problem is that it performs exactly as designed. The sync engine does not understand intent. It simply moves data faster than humans can respond.
THE SINGLE IDENTITY FAILURE
Most organizations unknowingly place production data and backup systems behind the same identity perimeter: Microsoft Entra ID. That means one compromised Global Admin account can potentially access both the live environment and the “protected” recovery environment. At that point, your backup isn’t isolated. It’s just another room inside the same burning building. This is where the modern ransomware model becomes devastating. Attackers no longer focus only on passwords. They target OAuth consent flows, application registrations, and persistent tokens that bypass MFA entirely. Once malicious applications receive broad Graph API permissions, they can manipulate production data and backup repositories simultaneously.
WHY NATIVE IMMUTABILITY FAILSShared identity boundaries create a single blast radiusBackup systems often trust the same compromised credentialsOAuth abuse bypasses traditional authentication defensesImmutable storage becomes meaningless if attackers can disable itTrue isolation requires a completely separate trust boundary. Without identity separation, there is no air-gap. There is only the illusion of one.
THE COMPLIANCE AND LEGAL EXPOSURE
The regulatory landscape is changing rapidly. Frameworks like SEC Rule 17a-4, NIS2, and DORA increasingly focus on provable resilience and immutable record retention. Regulators don’t just want protected data. They want assurance that compromised administrators cannot manipulate that data retroactively. Native Microsoft 365 retention policies often fail this test because the audit trail lives inside the same operational boundary as the production tenant. If attackers compromise the environment, they can potentially alter retention settings, remove evidence, or destroy chain-of-custody records. The legal implications are becoming personal. CISOs and executives can now face direct accountability for “recovery negligence” if investigators determine that production and recovery systems lacked proper isolation. High Availability is not the same as immutable storage, and regulators increasingly understand the difference.
THE REAL COST OF NATIVE BACKUP
Many organizations assume native backup solutions are cheaper because they are integrated directly into Microsoft 365. But the economics tell a different story. Native environments accumulate massive storage bloat from deleted items, preservation hold libraries, version histories, and duplicate replicas. At enterprise scale, this becomes extremely expensive. Two petabytes of protected Microsoft 365 data can generate hundreds of thousands of dollars annually in Azure storage charges. Meanwhile, isolated vault architectures using object storage platforms can reduce costs dramatically while increasing security and resilience.
THE ADVANTAGES OF ISOLATED VAULT ARCHITECTURESeparate identity perimeter from production systemsWORM-based immutable object storageLower long-term storage costsClean-room recovery capabilitiesIndependent compliance and audit validationThe isolated vault model doesn’t just improve security. It fundamentally changes the economics of long-term recovery strategy.
BUILDING A TRUE ISOLATED VAULT
The future of resilience is identity-first architecture. That means creating a completely separate Entra tenant dedicated solely to backup and recovery operations. No synchronization. No federation. No shared privileged accounts. The recovery environment must remain invisible to compromised production identities. Inside that isolated environment, organizations should implement immutable WORM storage with vault locks that cannot be disabled by administrators. Recovery operations should require multi-party approval workflows, ensuring no single compromised identity can destroy protected recovery data. Modern recovery also requires clean-room restoration. When ransomware compromises a tenant, the production environment becomes contaminated. Organizations must restore data into isolated forensic sandboxes first, validate integrity, scan for dormant threats, and only then reconnect restored workloads to operational systems.
ZERO TRUST FOR BACKUP IDENTITY
Backup infrastructure should behave like a ghost. Invisible, isolated, and inaccessible from the production network. Managed identities eliminate static credentials, Zero Trust Network Access removes public exposure, and behavioral analytics detect anomalous token usage before attackers can pivot deeper into recovery infrastructure. The core principle is simple: if your production identities can see the vault, attackers can too. Isolation isn’t optional anymore. It is the foundation of modern cyber resilience.
FINAL THOUGHTS
The shift from redundancy to resilience is one of the most important architectural transformations facing Microsoft 365 organizations today. Native synchronization protects uptime, but isolated vault architecture protects survival. The organizations that understand this distinction will recover from the next generation of attacks. The ones that don’t may discover too late that their backup was never truly separate from the disaster itself. Subscribe to M365FM for deeper conversations on cyber resilience, Microsoft 365 architecture, compliance strategy, and the future of isolated recovery design.
Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. -
Saknas det avsnitt?
-
Microsoft Copilot is not just another productivity tool. It is a structural stress test for your entire Microsoft 365 environment. Most organizations still operate under a legacy “open by default” mindset built for human navigation, but AI changes the equation completely. Copilot can surface sensitive files, forgotten SharePoint content, orphaned Teams channels, and years of overshared documents within seconds. The challenge is not whether Copilot respects permissions—it does. The real problem is that most enterprise permissions were never designed for machine-speed retrieval. In this episode, we break down why governance—not licensing—is now the single most important factor in successful Copilot deployment.
WHY “OUT-OF-THE-BOX” SECURITY ISN’T ENOUGH
Many organizations assume Copilot is secure because it only shows users content they already have access to. But decades of poor SharePoint hygiene, inherited permissions, and “Everyone except external users” groups have created a massive visibility gap inside most tenants. AI eliminates obscurity. Sensitive documents hidden deep inside legacy sites are no longer difficult to find. Copilot can instantly synthesize and summarize information that employees were never actively searching for before. This episode explains how oversharing becomes exponentially more dangerous in the AI era and why organizations must move from “trust by default” to “verify by context.”
KEY TOPICS COVEREDThe “Oversharing Multiplier” and why legacy SharePoint permissions are now a major AI riskHow indirect prompt injection attacks like EchoLeak and Reprompt change enterprise security modelsWhy traditional DLP is no longer enough for AI-powered workflowsHow Microsoft Purview becomes the governance backbone for Copilot deploymentsTHE NEW AI ATTACK SURFACE
Copilot introduces a completely new category of enterprise risk. Instead of malware or traditional exploits, organizations now face natural-language attacks that manipulate AI behavior through documents, emails, and embedded instructions. The episode explores how Retrieval-Augmented Generation (RAG) pipelines can unintentionally process malicious instructions hidden inside business content. We discuss why prompt injection is becoming the “SQL injection” of the generative AI era and how enterprises must rethink security boundaries around prompts, context windows, and AI interactions themselves.
RISK-TIERED DEPLOYMENT STRATEGIES
Turning Copilot on for everyone at once is one of the biggest mistakes organizations make. Instead, successful enterprises are following a tiered rollout model. Tier 0 focuses entirely on remediation and data cleanup before any licenses are assigned. Tier 1 introduces Copilot to low-risk technical users and Centers of Excellence. Tier 2 expands adoption to broader business units like sales and marketing, while Tier 3 is reserved for highly sensitive domains such as Finance, HR, and Legal. This episode explains how a phased deployment model prevents rollout failures, reduces governance panic, and creates measurable ROI over time.
GOVERNANCE STRATEGIES DISCUSSEDRestricted SharePoint Search as a temporary containment mechanismAdaptive scopes and sensitivity labels inside Microsoft PurviewPrompt-level DLP enforcement for AI interactionsLifecycle management for AI-generated content and summariesPURVIEW, DLP, AND AI GOVERNANCE IN 2026
Microsoft Purview is evolving into the operational control plane for enterprise AI. In this episode, we explore how Purview enables organizations to classify content dynamically, monitor AI interactions in real time, and enforce AI-specific governance policies. We also discuss the rise of Interaction DLP—security controls designed specifically for prompts and generated responses rather than static files. From preventing sensitive prompts from reaching external web grounding to monitoring AI-generated summaries, modern governance now operates directly inside the interaction layer itself.
THE EXECUTIVE TRUST PARADOX
Enterprise leaders understand that AI is strategically necessary, but many still lack confidence in their organization’s data foundation. This creates what we call the “Executive Trust Paradox”—the tension between urgency to deploy AI and fear of catastrophic oversharing or hallucination events. The episode explores why governance maturity—not technology maturity—is now the primary blocker for enterprise-scale Copilot adoption. We also discuss how telemetry, auditability, and measurable controls help organizations move from policy theater to operational reality.
BUILDING A GOVERNANCE-AWARE CULTURE
Technology alone will not solve AI governance challenges. Organizations must also close the “Prompt Literacy” gap by teaching employees how to interact with AI systems responsibly and effectively. We explain why prompting is becoming a core digital skill and why governance frameworks must include training, departmental AI champions, human-in-the-loop verification, and clear accountability standards for AI-generated content. Successful Copilot deployments are ultimately built on a combination of technical controls, operational discipline, and cultural maturity.
IN THIS EPISODE YOU’LL LEARN
Why Copilot exposes existing governance failures instead of creating new onesHow enterprises should structure AI rollout tiers based on riskThe role of Microsoft Purview in AI governance and complianceWhy AI-generated content requires lifecycle management and retention policiesHow organizations can measure realized ROI instead of theoretical productivity gainsWhy governance-aware culture is now a competitive advantageMicrosoft Copilot has the potential to fundamentally transform enterprise productivity, but only if organizations treat governance as infrastructure instead of a compliance afterthought. AI success is no longer determined by who buys the licenses first. It is determined by who builds the safest, cleanest, and most governable digital estate. This episode delivers a practical roadmap for IT leaders, architects, security teams, and executives navigating the future of Microsoft 365 AI governance in 2026 and beyond.
Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. -
In this episode of the m365.fm podcast, Mirko Peters sits down with Microsoft MVP, educator, technical storyteller, and community leader Karinne Diamond Bessette to explore one of the biggest productivity challenges in the modern workplace: information chaos. Between OneNote, Loop, Teams, Copilot, Planner, Whiteboard, Outlook, and SharePoint, employees today have more places than ever to store ideas, tasks, meeting notes, project updates, and collaborative content. The result? Many organizations struggle to decide where information should actually live and how to keep everything organized, searchable, and actionable.
THE EVOLUTION OF MICROSOFT 365 COLLABORATION
Karinne shares her journey from support engineering and operations into the world of enablement, technical storytelling, and Microsoft 365 advocacy. Her experience helping both technical and non-technical users gives her a unique perspective on how collaboration tools should work in real-world environments. Throughout the episode, she repeatedly emphasizes the importance of translating technology into something humans can actually understand and use effectively. One of the central themes in the discussion is the growing complexity of the Microsoft 365 ecosystem. What once started as a productivity suite focused on Word, Excel, and Outlook has evolved into a massive connected collaboration platform with overlapping tools, AI integrations, and constantly changing workflows. Karinne explains that while flexibility is valuable, it also creates a major challenge for users trying to decide where to create notes, how to manage information, and how to avoid duplication.
WHY ONENOTE STILL MATTERS
The conversation dives deeply into the evolution of note-taking itself. Karinne explains how she originally moved from scattered text files on her desktop into OneNote because it allowed her to centralize and search information more effectively. However, she also introduces one of the most memorable quotes of the episode: “OneNote is where notes go to die.” The problem, according to Karinne, is not that OneNote is bad. The issue is that many users capture information inside notebooks but never revisit it, organize it properly, or connect it to actionable workflows. Important ideas often disappear into large personal notebook structures without reminders, visibility, or collaboration.
HOW LOOP IS CHANGING TEAMWORK
This naturally leads into one of the episode’s biggest topics: Microsoft Loop. Karinne explains why Loop has become one of her favorite tools inside the Microsoft ecosystem. She describes Loop as a bridge between email, Teams, tasks, and collaborative content. Rather than creating multiple copies of information across different applications, Loop allows users to maintain a single shared component that stays synchronized everywhere it appears. This creates what she calls a “single source of truth” experience for collaboration. The episode explores several practical use cases where Loop becomes extremely powerful:
Shared meeting notesCollaborative task trackingPersistent project updatesCross-team coordinationOne of the most interesting insights from the discussion is that many organizations are already using Loop without realizing it. Karinne explains how modern Microsoft Teams meeting notes now automatically generate Loop-powered collaborative pages behind the scenes. Instead of meeting notes disappearing inside endless Teams chats, organizations can now maintain persistent collaborative workspaces connected to tasks, updates, and shared action items.
COPILOT PAGES, NOTEBOOKS & AI CONTEXT
The conversation also dives into Microsoft Copilot Pages and Copilot Notebooks, which Karinne sees as the next evolution of contextual AI collaboration. These tools allow organizations to gather multiple information sources into centralized workspaces that can then ground AI responses against a specific project context. Karinne shares a practical example from a large event project where she combined:
EmailsTeams messagesPlanning callsLoop pagesinto one centralized notebook. She was then able to ask Copilot to generate summaries, identify action items, and surface the most relevant information for her specific responsibilities during the event. Tasks that previously would have required hours of manual review were completed in minutes.
THE FUTURE OF ENTERPRISE SEARCH
Another major theme throughout the episode is enterprise search and how AI is fundamentally changing the way organizations retrieve information. Karinne explains that traditional folder structures and file organization are becoming less important because Copilot increasingly understands context, relationships, and semantic meaning rather than relying purely on filenames or locations. She shares an example where she could not manually locate an old PowerPoint presentation but was able to ask Copilot about a presentation tied to a specific event date — and the AI surfaced the correct file almost instantly. This shift toward contextual search represents one of the biggest changes in knowledge management the Microsoft ecosystem has ever seen.
WHY GOVERNANCE & METADATA MATTER MORE THAN EVER
The discussion also highlights the growing importance of metadata, governance, and information hygiene in the AI era. Karinne introduces the concept of “ROT data,” which stands for:
RedundantObsoleteTrivialcontent that pollutes enterprise systems and weakens AI-generated responses. She explains that organizations now face an urgent challenge: AI systems can only be as trustworthy as the information they are trained or grounded on. If outdated documents, duplicated files, poor metadata, or irrelevant content dominate enterprise storage systems, AI tools may surface inaccurate or misleading information. Because of this, Karinne strongly advocates for better governance practices, including document ownership, lifecycle management, expiration reviews, and relevance monitoring. She also discusses how Microsoft is beginning to introduce mechanisms that reduce the importance of stale or untouched content inside AI-powered search experiences.
ENABLEMENT IS THE MISSING PIECE
Another powerful part of the episode focuses on workplace enablement and digital adoption. Karinne believes organizations need more people acting as translators between technical systems and business users. She explains that technology alone does not create productivity. Companies need internal champions who can guide users, simplify concepts, encourage learning, and help teams understand how tools should actually fit into their daily workflows. The episode highlights how organizations often underestimate the importance of:
TrainingAdoption programsInternal championsLearning culturewithout realizing these elements are often the real reason technology projects succeed or fail.
AI, CREATIVITY & HUMAN COLLABORATION
The episode also touches on AI creativity, collaboration, and the fear that AI may reduce human thinking. Karinne strongly disagrees with the idea that AI makes people less intelligent. Instead, she sees AI as a brainstorming partner and creative accelerator that can help users refine ideas, organize concepts, and improve communication. She shares examples of using AI to enhance presentation structures, storytelling, and content development while still relying heavily on human expertise and editing. According to Karinne, AI works best when humans stay actively involved in shaping the final outcome.
THE FUTURE OF WORK INSIDE MICROSOFT 365
Toward the end of the conversation, the discussion shifts toward future Microsoft 365 trends. Karinne highlights how Microsoft is increasingly moving toward AI-grounded collaboration, context-aware productivity, integrated workspaces, and agent-driven workflows. She believes the future of work will rely less on manually navigating applications and more on AI systems capable of understanding intent, surfacing context, and orchestrating workflows automatically. The conversation paints a picture of a future where collaboration becomes:
More contextualMore intelligentMore connectedMore AI-assistedwhile still requiring strong governance, clean information architecture, and
Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. -
In this episode of the m365.fm podcast, Mirko Peters sits down with Microsoft MVP, MCT, cloud security expert, and community leader Martin Dimovski to explore one of the most important topics in modern enterprise IT: securing AI workloads and MLOps environments inside the Microsoft Cloud. Together, they dive deep into secure-by-design architecture, AI security risks, DevSecOps, Prompt Injection attacks, identity protection, Microsoft Defender, GitHub Advanced Security, and the future of AI-driven cyber threats. Martin shares his personal journey from IT support engineer into cloud security and AI security architecture, explaining how years of experience in infrastructure, Azure, DevOps, and Microsoft technologies ultimately pushed him toward cybersecurity and AI governance. The discussion highlights why AI security is no longer optional and why organizations that move too fast without proper security foundations could face major problems in the coming years.
WHY AI SECURITY MATTERS NOW MORE THAN EVER
One of the strongest themes throughout this episode is the speed at which organizations are deploying AI systems without fully understanding the security implications behind them. Martin explains that many companies are currently:
Deploying AI solutions rapidlyExperimenting with LLM integrationsBuilding AI agentsCreating cloud-native AI workloadsUsing open-source AI modelsIntegrating APIs into production environmentsBut at the same time, organizations often forget the security fundamentals that should protect these environments. The conversation explores how AI introduces completely new attack surfaces while simultaneously amplifying existing security problems.
WHAT “SECURE-BY-DESIGN” REALLY MEANS
A major focus of the episode is understanding the concept of secure-by-design architecture. Martin explains that security should never be added after development is complete. Instead, security conversations must begin at the very first design phase of any application or AI project. The discussion covers:
Threat modelingArchitectural reviewsIdentity securityAuthentication planningSecure pipelinesInfrastructure protectionSecure APIsData governanceMartin shares why collaboration between developers, architects, DevOps engineers, and security teams is absolutely essential for building resilient AI systems. One of the key takeaways:
Security teams should not become blockers for innovation — they should become partners in building secure systems.
UNDERSTANDING MLOPS & DEVSECOPS
For listeners newer to AI infrastructure topics, Martin breaks down the differences between:
DevOpsDevSecOpsMLOpsSecure AI pipelinesThe episode explains how machine learning operations combine infrastructure, automation, data engineering, model deployment, and monitoring into one continuous operational process. Martin also highlights why traditional security approaches are no longer enough once organizations start integrating:
Large Language ModelsAI agentsCloud AI servicesAI APIsAI orchestration pipelinesThe discussion shows how modern security must now cover not only infrastructure and applications, but also models, prompts, training data, inference pipelines, and AI-generated outputs.
THE REAL DANGER OF PROMPT INJECTION
One of the most fascinating parts of the episode is Martin’s explanation of Prompt Injection attacks. Using simple real-world analogies, Martin explains how attackers manipulate Large Language Models by overriding or bypassing original system instructions. The conversation explores:
Direct Prompt InjectionIndirect Prompt InjectionAI manipulationLLM instruction abuseMalicious promptsUnsafe AI agentsContext hijackingData extraction risksMartin explains why prompt injection is becoming one of the most discussed attack vectors in AI security today and why organizations need to start thinking about AI trust boundaries immediately.
THE HIDDEN RISK OF OPEN-SOURCE MODELS
Another major topic is the increasing use of publicly available AI models. Martin shares concerns around:
Downloading unverified modelsCompromised Hugging Face repositoriesMalicious AI packagesUnsafe dependenciesSupply-chain attacksAPI key exposureSecret leakagePublic model poisoningThe discussion highlights how organizations may unknowingly introduce compromised models directly into production environments. This section serves as a major warning for companies rushing into AI adoption without proper governance and validation processes.
WHY IDENTITY SECURITY IS EVERYTHING
Identity and access management become another core theme throughout the episode. Martin strongly emphasizes the importance of:
Microsoft Entra IDPrivileged Identity ManagementJust-In-Time accessLeast privilegeIdentity governanceAccess reviewsRole separationConditional AccessOne of the strongest lessons from the conversation is that attackers often do not need to break systems — they simply abuse existing permissions and weak access configurations. Martin explains why organizations should avoid giving permanent privileged access and instead embrace short-lived administrative permissions wherever possible.
MICROSOFT DEFENDER & AI SECURITY
The episode also dives deeply into the Microsoft security ecosystem and how Microsoft Defender is evolving to protect AI workloads. Martin discusses:
Microsoft Defender for CloudDefender XDRAI workload monitoringReal-time scanningAzure AI Foundry protectionThreat visibilitySecurity telemetryCloud-native protectionAccording to Martin, Microsoft Defender is becoming one of the most powerful unified security platforms for organizations heavily invested in Microsoft technologies.
Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. -
In this episode of the m365.fm podcast, Mirko Peters sits down with cybersecurity expert Viktor Hedberg to explore one of the most critical — and misunderstood — areas of enterprise IT security: Active Directory tiering, privileged access, identity protection, and defending modern hybrid environments. With years of experience in incident response, offensive security, Active Directory hardening, and enterprise defense at Truesec, Viktor brings practical, real-world insights into how organizations can dramatically improve their security posture before attackers exploit their weaknesses. The conversation begins with Viktor sharing his personal journey into cybersecurity. Unlike many traditional security professionals, Viktor did not come from a university background. Instead, he worked his way from helpdesk and system administration into consultancy and incident response, gaining deep technical knowledge of Windows, Active Directory, infrastructure, and enterprise security along the way. That hands-on experience became the foundation for understanding both how to secure systems and how attackers compromise them.
WHY ACTIVE DIRECTORY IS STILL A MASSIVE TARGET
One of the strongest themes throughout the episode is the fact that Active Directory is far from dead. Despite the rise of Microsoft Entra ID, cloud-first environments, and SaaS adoption, Active Directory still remains the backbone of identity and access management in countless organizations worldwide. Viktor explains why attackers continue targeting Active Directory environments:
Cached credentialsPassword hashes stored locallyKerberos ticketsOverprivileged accountsWeak administrative separationPoor tiering implementationExcessive lateral movement opportunitiesThe discussion highlights how many organizations unknowingly expose highly privileged accounts simply by allowing administrators to sign into workstations, laptops, and servers without restrictions. Viktor explains that in many environments, compromising a single endpoint can ultimately lead to full domain compromise because of how Windows authentication and credential storage work internally.
UNDERSTANDING AD TIERING
A major focus of the episode is understanding the concept of Active Directory administrative tiering. Viktor breaks down how organizations can separate systems and administrative responsibilities into different security tiers to limit credential exposure and reduce the blast radius during an attack. The discussion explores:
Tier 0 systemsTier 1 serversEndpoint administrationDomain controllersEntra Connect serversPKI infrastructureAdministrative boundariesCredential isolationOne of the key lessons from the episode is that organizations often underestimate which systems actually belong in Tier 0. Viktor explains why systems like Microsoft Entra Connect, PKI servers, SCCM infrastructure, and identity synchronization services can effectively become equivalent to domain controllers from a security perspective.
THE DANGER OF BUILT-IN ACTIVE DIRECTORY GROUPS
Another critical topic is the misuse of built-in Active Directory groups. Viktor shares real-world examples where organizations accidentally introduced major privilege escalation paths by using groups like:
Print OperatorsBackup OperatorsServer OperatorsAccount OperatorsThe episode explains why many administrators misunderstand the true permissions behind these legacy groups and how attackers can abuse them to gain elevated access inside the domain. This section serves as a strong reminder that convenience and lack of visibility often create the biggest enterprise security risks.
MODERN ATTACKERS ARE CHANGING THEIR STRATEGY
One of the most fascinating discussions in the episode focuses on how modern attackers operate today. According to Viktor, traditional offensive tools like Mimikatz, Metasploit, and obvious malware payloads are becoming less common because modern EDR solutions detect them more effectively. Instead, attackers increasingly:
Use native Windows toolingAbuse PowerShellLeverage SSH on WindowsBlend into normal system activityExploit legitimate administration featuresHide inside normal enterprise trafficViktor shares examples of how attackers can abuse built-in Windows functionality to bypass monitoring while avoiding traditional malware detection methods entirely. The episode highlights why defenders must understand Windows internals — not just security products — to properly defend enterprise environments.
WHY DEFENDER FOR IDENTITY MATTERS
Throughout the conversation, Viktor repeatedly emphasizes the importance of Microsoft Defender for Identity and proper security monitoring. The discussion covers:
Identity-based attack detectionCorrelation between endpoint and identity eventsPrivileged account monitoringThreat visibilityHybrid identity protectionSecurity telemetryCustom indicatorsAdvanced detection strategiesViktor explains why organizations need both endpoint visibility and identity visibility to properly understand modern attacks. The episode also explores why simply purchasing security products is not enough if organizations fail to configure them correctly or actively monitor their environments.
WHAT TO DO DURING A CYBER ATTACK
One of the most practical parts of the episode is Viktor’s advice on incident response. When organizations suspect an attack, Viktor strongly recommends:
Do not shut systems downDisconnect network access if necessaryPreserve forensic evidenceAvoid destroying logsContact incident response professionals quicklyKeep systems intact for investigationHe explains how many organizations accidentally make investigations harder by turning off firewalls, rebooting systems, or deleting evidence before responders arrive. The conversation provides valuable insight into how professional incident response teams approach compromised environments and why preserving evidence is absolutely critical.
Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. -
In this episode of the m365.fm podcast, Mirko Peters sits down with Microsoft MVP Evi van der Velden to discuss one of the most underestimated topics in modern IT: simplicity. Together, they explore Microsoft 365 governance, Copilot adoption, metadata, SharePoint, user adoption, digital stress, AI readiness, and why organizations often make technology far more complicated than it needs to be. Evi shares her unique journey into the Microsoft ecosystem, moving from leisure management and event organization into the world of Microsoft 365, user adoption, and governance. In just five years, she became a recognized Microsoft MVP and one of the strongest voices in the community around practical Microsoft 365 adoption and simplification strategies. The conversation focuses heavily on the human side of technology and why successful Microsoft 365 environments are not built only through technical configurations, but through communication, training, governance, and helping users understand how to work smarter.
WHY MICROSOFT 365 FEELS OVERWHELMING
One of the biggest themes in this episode is the increasing complexity of the Microsoft ecosystem. Evi explains how Microsoft 365 has evolved far beyond Word, Excel, and PowerPoint into a massive connected platform including Teams, SharePoint, OneDrive, Power Platform, Copilot, Viva, and many other services. While the platform offers incredible flexibility and possibilities, many organizations struggle because users simply do not understand how the tools work together. The discussion explores:
Information overloadTool fatigueUser confusionRapid feature changesAI disruptionGovernance complexityEvi shares why simplicity is not about removing functionality, but about helping users focus on the right tools and the right workflows for their daily work.
THE REAL VALUE OF SHAREPOINT
One of the most interesting parts of the episode is Evi’s passion for SharePoint. While many people still think of SharePoint as only a document management platform, Evi explains why she sees SharePoint as the engine behind the entire Microsoft 365 ecosystem. The conversation dives into:
SharePoint ListsDocument librariesMetadataPower Platform integrationPower AppsPower AutomateLifecycle managementKnowledge managementEvi shares practical examples of how SharePoint can be used as a flexible front-end for business solutions and automation without creating unnecessary technical complexity.
WHY COPILOT ADOPTION OFTEN FAILS
The discussion naturally shifts toward Microsoft Copilot and AI adoption. Evi explains that many organizations still approach Copilot completely wrong. They buy licenses, provide one training session, and then expect employees to magically change the way they work. According to Evi, successful Copilot adoption requires:
Continuous enablementHabit creationBusiness-specific use casesAI literacyGovernanceOngoing communicationUser supportThe episode explores why many employees know how to use ChatGPT casually at home but struggle to use AI effectively inside enterprise business scenarios. Evi also explains why organizations need to provide safe AI environments and guidance rather than simply blocking AI usage completely.
AI IS A MIRROR FOR ORGANIZATIONS
One of the strongest insights from the episode is Evi’s perspective that AI does not create organizational problems — it exposes them. The conversation highlights how Microsoft Copilot surfaces:
Poor permissionsOutdated filesOvershared contentWeak governanceUnstructured dataMissing lifecycle managementOrganizations that ignored governance for years are now discovering that Copilot makes those issues visible immediately. Evi explains why AI readiness is not only about licensing or technology but about understanding:
Data qualityPermissionsArchivingInformation architectureGovernance ownershipUser responsibilitiesTHE IMPORTANCE OF METADATA
Another major topic in the episode is metadata and why Evi believes it is one of the most powerful — and most ignored — features inside SharePoint. Instead of relying only on deeply nested folder structures, Evi explains how metadata can create:
Dynamic document viewsRole-based knowledge accessCleaner navigationBetter search experiencesSimplified information managementShe shares practical examples of building knowledge bases using SharePoint libraries and metadata-driven filtering to ensure employees only see information relevant to their role. The episode makes a strong case for moving away from traditional file structures toward modern information architecture.
SIMPLICITY VS CUSTOMIZATION
Evi also shares her thoughts on customization inside Microsoft 365. While many IT professionals enjoy building custom solutions, Evi warns that over-customization often creates long-term maintenance problems and unnecessary complexity. Her philosophy is simple:
“Everything you build can break.” The discussion explores why organizations should first maximize standard Microsoft 365 capabilities before creating heavily customized solutions. Key areas include:
StandardizationGovernanceSustainable architectureNative Microsoft functionalityUser-focused designSimplicity-first thinkingWHY CHANGE MANAGEMENT MATTERS MORE THAN EVER
One of the most important takeaways from this conversation is that modern IT is becoming less technical and more human-focused. Evi explains that administrators and IT teams increasingly need skills in:
CommunicationUser adoptionGovernanceChange managementTrainingOrganizational guidanceTechnology alone no longer guarantees success. The organizations that succeed with Microsoft 365 and AI are the ones that help employees understand how to work differently, not just how to use another tool.
Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. -
In this episode of the m365.fm podcast, Mirko Peters sits down with Craig White, double Microsoft MVP, AI Platform Lead, governance specialist, and co-host of the Power Platform Panic Room podcast. With more than twenty years of experience across SQL Server, SharePoint, Microsoft 365, Power Platform, and Copilot Studio, Craig shares deep insights into governance, citizen development, AI readiness, scalable Power Platform adoption, and the future of low-code inside the Microsoft ecosystem. This conversation goes far beyond generic Power Platform discussions. Instead, it focuses on the real-world operational challenges organizations face when trying to scale Power Platform safely while still empowering makers and enabling innovation.
WHY GOVERNANCE SHOULD ENABLE — NOT BLOCK
One of the strongest themes throughout the episode is Craig’s philosophy around governance. He explains why governance should never be about stopping people from building solutions. Instead, governance should create guardrails that allow organizations to innovate safely at scale. Craig shares how many companies still approach Power Platform with fear, often worrying that citizen developers will create chaos, expose data, or bypass IT processes. But according to Craig, the real danger is not enabling users at all. When organizations completely block innovation, shadow IT simply moves outside the organization. The discussion explores why governance frameworks should feel almost invisible for makers while still protecting the organization through:
Environment strategiesData Loss Prevention policiesSecurity boundariesAPI governanceControlled connectorsLifecycle managementCraig explains that the goal is not to remove freedom but to create safe paths for innovation.
THE REALITY OF POWER PLATFORM GOVERNANCE
Craig highlights how unique Power Platform governance really is compared to traditional Microsoft technologies. Unlike older systems where access was centrally controlled, Power Platform arrived enabled by default. Many organizations never realized employees already had access to build apps, flows, automations, and AI solutions for years. This creates a completely different governance challenge. Craig explains how organizations often discover thousands of apps, flows, and automations already running inside their tenant before governance processes even exist. The episode explores why governance maturity starts with visibility and understanding what already exists inside the environment. The discussion also dives into:
Default environment risksTenant settingsEnvironment provisioningDLP policiesGovernance automationConnector restrictionsEnterprise administrationAI, COPILOT & THE NEXT EVOLUTION OF POWER PLATFORM
The conversation naturally shifts toward AI and Copilot Studio, where Craig shares his excitement about the future of AI inside Power Platform. He explains how organizations are rapidly moving from simple automation into:
AI agentsCopilot StudioSkills-based automationMCP integrationsAI-assisted governanceIntelligent business workflowsCraig also discusses how AI is fundamentally changing administration and governance itself. Instead of manually configuring environments, policies, and settings, future administrators may increasingly rely on AI-powered interfaces and intelligent automation. The episode explores how AI is exposing long-standing governance issues that organizations ignored for years, especially around:
OversharingPermissionsData securityComplianceZero trust architectureInformation governanceCraig emphasizes that AI does not create governance problems — it reveals the ones organizations already had.
WHY CITIZEN DEVELOPMENT IS NO LONGER OPTIONAL
Another major focus of the discussion is citizen development. Craig strongly believes modern organizations can no longer rely entirely on centralized IT teams to solve every business problem. Employees closest to the business processes often understand automation opportunities better than anyone else. The episode explores why successful organizations:
Enable internal makersBuild communitiesCreate champions programsSupport experimentationEncourage knowledge sharingProvide safe development environmentsCraig explains that when employees understand the tools and feel empowered to solve problems themselves, innovation accelerates dramatically.
THE IMPORTANCE OF ENVIRONMENT STRATEGY
One of the most practical parts of the episode focuses on environment strategy. Craig explains why mature organizations separate:
Development environmentsTest environmentsProduction environmentsPersonal experimentation spacesHe shares how many organizations skip this step early on and later struggle with governance, deployment processes, licensing, and operational support. The discussion also covers why enterprise Power Platform adoption requires:
Dedicated support structuresGovernance ownershipDeployment processesLifecycle planningSolution managementChange controlPOWER PLATFORM MATURITY IN THE AI ERA
Craig also shares his perspective on what true Power Platform maturity looks like in modern organizations. Interestingly, he explains that maturity is not about having thousands of apps or flows. Instead, maturity is about measurable business value. The real question becomes:
Are people actively using the solutions?Are business processes improving?Are automations saving time?Are employees empowered?Is governance working without friction?Craig believes successful organizations eventually reach a point where Power Platform becomes the natural toolset employees instinctively use to solve problems and automate work.
THE POWER PLATFORM PANIC ROOM
Mirko and Craig also discuss the story behind the Power Platform Panic Room podcast. Craig explains that the rapid pace of AI, Copilot, governance, and Power Platform innovation can feel overwhelming for many administrators and architects. The podcast was created as a safe place for professionals to discuss challenges, learn together, and navigate the rapidly changing Microsoft ecosystem. It is a reminder that even experienced professionals are still learning and adapting alongside the technology itself.
Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. -
In this episode of the m365.fm podcast, Mirko Peters sits down with Ralph Rivas (MVP), also known as the “Copilot Junkie,” to explore the current reality of Microsoft Copilot, AI adoption, governance, automation, and enterprise readiness. Together they go far beyond the marketing demos and discuss what organizations actually need to do to make AI successful inside Microsoft 365. Ralph shares his journey from early SharePoint days into the Power Platform and Microsoft 365 ecosystem, explaining how governance and architecture became critical long before AI entered the conversation. The discussion highlights why many organizations still underestimate the importance of data governance, permissions, security, and information architecture before rolling out Copilot or autonomous agents. The conversation also dives into why Microsoft intentionally released Copilot early, how the platform has matured over time, and why Copilot today is becoming one of the strongest enterprise AI solutions because of its deep integration across Outlook, Teams, SharePoint, Excel, and the broader Microsoft 365 ecosystem.
WHY AI GOVERNANCE IS NOW A BUSINESS REQUIREMENT
One of the biggest topics in this episode is governance. Ralph explains why AI does not create governance problems — it exposes the problems organizations already had. The episode explores how organizations often rush into Copilot deployments without properly reviewing permissions, oversharing risks, compliance requirements, or security controls. Once AI gains access to enterprise content, weak governance quickly becomes visible. Mirko and Ralph discuss:
AI governance strategiesSecurity readiness before Copilot rolloutShadow AI and uncontrolled ChatGPT usageMicrosoft Purview and complianceResponsible AI policiesEnterprise data protectionRalph emphasizes that organizations must prepare their environments before enabling AI at scale and explains why governance teams are now more important than ever.
COPILOT STUDIO, AGENTS & MICROSOFT FOUNDRY
The episode takes a deep technical turn into Copilot Studio, autonomous agents, MCP integrations, and Microsoft Foundry. Ralph explains the differences between:
Copilot StudioCustom CopilotsAutonomous AgentsMicrosoft FoundryAzure AI architecturesThe discussion covers when organizations should use low-code AI solutions versus enterprise Azure-based architectures and why Copilot Studio is rapidly evolving into a serious enterprise automation platform. The conversation also explores the future of autonomous agents and why “human in the loop” governance remains critical as AI systems become more proactive and capable of making decisions independently.
LOW-CODE, PRO-CODE & THE FUTURE OF DEVELOPMENT
Another major topic is the changing relationship between low-code and professional development in the age of AI. Ralph shares why professional developers are not disappearing but instead becoming even more important as enterprise architectures grow more complex. AI-assisted development, vibe coding, automation, and Power Platform solutions all still require strong architectural thinking, governance, and enterprise oversight. The episode explores how citizen developers can create incredible ideas and prototypes, but enterprise-grade solutions still require professional governance, support, and operational ownership.
COMMON COPILOT MISTAKES ORGANIZATIONS MAKE
Throughout the discussion, Ralph shares the most common mistakes organizations make when adopting Microsoft Copilot and AI solutions. Some of the biggest issues include:
Expecting instant ROI without preparationPoor data governanceWeak security modelsMisunderstanding AI demosLack of AI policiesMissing change management strategiesIgnoring compliance requirementsThe episode also highlights why many organizations underestimate the human factor in AI security and why employee awareness and governance remain essential.
KEY TAKEAWAYS FROM THIS EPISODE
Governance is the foundation of successful AI adoptionMicrosoft Copilot has matured rapidly inside Microsoft 365Copilot Studio is evolving into a powerful enterprise AI platformAutonomous agents require strong oversight and governanceAI exposes existing security and permission problemsLow-code and pro-code development will continue to coexistOrganizations must move beyond demos and focus on real business outcomesABOUT RALPH RIVAS
Ralph Rivas is a Microsoft MVP, enterprise architect, governance expert, and Power Platform specialist with deep experience across Microsoft 365, SharePoint, automation, Copilot Studio, and AI-driven enterprise solutions. Known in the community as the “Copilot Junkie,” Ralph regularly shares insights around governance, AI readiness, automation, and enterprise architecture.
LISTEN TO MORE EPISODES
For more deep dives into Microsoft 365, AI, Copilot, Power Platform, governance, automation, and enterprise technology strategy, subscribe to the m365.fm podcast and stay connected with the latest conversations from MVPs, architects, and Microsoft experts around the world.
Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. -
Artificial Intelligence is rapidly transforming the Microsoft 365 ecosystem. Organizations everywhere are deploying Microsoft Copilot, experimenting with AI agents, automating workflows, and integrating intelligent systems into their daily operations. But while companies are rushing toward AI adoption, most are overlooking one critical reality: their governance policies were never designed for AI. In this episode of the m365.fm podcast, Mirko Peters sits down with Microsoft Regional Director, MVP, collaboration strategist, and governance expert Christian Buckley to explore why traditional Microsoft 365 governance approaches are no longer enough in an AI-driven world. This conversation goes far beyond generic AI discussions and dives deep into the operational challenges organizations now face around permissions, compliance, information architecture, metadata, lifecycle management, Copilot readiness, and responsible AI adoption.
WHY AI CHANGES GOVERNANCE COMPLETELY
For years, governance inside Microsoft 365 focused primarily on collaboration management, SharePoint permissions, Teams provisioning, compliance controls, and external sharing. But AI changes the entire equation. Christian explains how tools like Microsoft Copilot can now surface information across multiple systems instantly, making old governance gaps far more visible than ever before. Content that technically existed inside Microsoft 365 for years — but remained difficult to discover — can suddenly become accessible through AI-powered discovery experiences. That creates major risks for organizations with:Poor permissions managementOvershared Teams environmentsBroken SharePoint inheritanceUnmanaged OneDrive contentInconsistent metadata structuresAccording to Christian, AI does not create governance problems. It exposes the governance problems organizations already had.
THE HIDDEN DANGER OF PERMISSIONS SPRAWL
One of the biggest topics throughout the episode is permissions sprawl inside Microsoft 365 environments. Over the years, many organizations accumulated forgotten sharing links, legacy SharePoint permissions, unused Teams workspaces, stale guest accounts, and poorly managed collaboration sites. Before AI, much of this remained hidden because users rarely searched deeply enough to accidentally discover sensitive information. But AI changes discoverability completely. Christian compares this shift to the original impact of Microsoft Delve, where users suddenly realized how much information they already had access to without understanding it beforehand. With Copilot and AI-powered search experiences, this effect becomes dramatically larger because intelligent systems can aggregate information, summarize documents, identify relationships, and surface hidden content instantly. This makes governance maturity one of the most important foundations for successful AI adoption.
AI READINESS IS NOT ABOUT BUYING COPILOT LICENSES
One of the strongest points Christian makes during the episode is that AI readiness is not a licensing project. Organizations often believe they become “AI-ready” the moment they purchase Copilot licenses or deploy AI tooling. But true AI readiness requires clean permissions, structured content, metadata strategies, ownership models, governance automation, classification policies, compliance enforcement, and lifecycle management. Without these foundations, AI systems can become unreliable, risky, and difficult to control. Christian explains that many organizations are now being forced to solve governance problems they ignored for years because AI finally made those weaknesses impossible to hide.
WHY INFORMATION ARCHITECTURE MATTERS MORE THAN EVER
Another major theme throughout the discussion is information architecture. Many organizations underestimate how important structured information becomes once AI enters the environment. AI systems rely heavily on metadata, taxonomy, naming conventions, content organization, classification systems, and relationship mapping. Without structure:AI responses become inconsistentSearch quality suffersRecommendations weakenCompliance risks increaseSensitive content becomes harder to governChristian explains that governance and information architecture are no longer optional operational tasks. They are foundational requirements for effective enterprise AI.
THE RISE OF SHADOW
AI One of the most fascinating parts of the episode focuses on shadow AI. Employees today are already using ChatGPT, Claude, Gemini, Copilot Studio, custom AI agents, and third-party automation platforms — often completely outside official governance frameworks. Christian warns that organizations cannot simply ban AI usage and expect innovation to stop. Instead, companies need responsible AI policies, governance guardrails, approved AI environments, user education, and secure experimentation spaces. The organizations that succeed will be the ones that balance innovation with governance rather than treating them as opposing forces.
GOVERNANCE SHOULD NOT SLOW USERS DOWN
A key insight from the conversation is that good governance should become nearly invisible. Overly restrictive governance models often fail because users eventually work around them through shadow IT, personal cloud storage, external tools, or unmanaged AI workflows. Christian explains that modern governance should enable productivity rather than block it. Automated site provisioning, sensitivity labels, lifecycle automation, controlled sharing policies, and built-in compliance controls allow organizations to create intelligent guardrails without slowing down collaboration. The goal is to support users while still protecting enterprise data.
WHY AI GOVERNANCE IS NOT JUST AN IT PROBLEM
Another important discussion throughout the episode is how governance responsibilities are shifting beyond IT departments. AI governance now impacts:Compliance teamsBusiness leadershipHR departmentsLegal teamsSecurity professionalsEnd usersChristian strongly believes governance must become a shared organizational responsibility. Different business units often have completely different risk profiles, compliance requirements, and collaboration models. That means organizations need governance strategies flexible enough to adapt across departments instead of relying on rigid one-size-fits-all approaches.
THE FUTURE OF AI GOVERNANCE
Looking ahead, Christian believes governance will increasingly become automated, intelligent, and context-aware. Future AI governance models may include AI-assisted compliance monitoring, automated risk detection, intelligent data classification, context-aware permissions, and AI-driven lifecycle automation. But despite all the technology advancements, one principle remains constant: organizations still need strong governance foundations before AI can operate safely at scale.
KEY TOPICS COVERED IN THIS EPISODEMicrosoft 365 governance strategyCopilot readinessAI governance frameworksSharePoint governanceTeams governancePermissions sprawlInformation architectureMetadata and taxonomyShadow AI risksGovernance automationCompliance and securityAI readiness maturityABOUT CHRISTIAN BUCKLEY Christian Buckley is a Microsoft Regional Director, Microsoft MVP, collaboration strategist, governance expert, speaker, author, podcaster, and technology evangelist with more than thirty years of experience in enterprise collaboration and productivity platforms. He is widely recognized in the Microsoft ecosystem for his expertise around SharePoint, Microsoft 365 governance, information architecture, collaboration strategy, and digital workplace transformation.
Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. -
Artificial Intelligence is moving faster than almost any technology wave we have seen before. Every week brings new models, new copilots, new frameworks, new AI agents, and endless promises about autonomous systems replacing repetitive work across the enterprise. But beneath all the hype lies a deeper engineering problem. Too many organizations are building AI systems with Large Language Models at the center of everything — while completely ignoring architecture, orchestration, state management, observability, governance, and deterministic engineering principles. In this episode of the m365.fm podcast, Mirko Peters sits down with Microsoft AI MVP, CTO, international speaker, and author Karthikeyan VK to discuss one of the most important realities of enterprise AI today: why most AI agent architectures are fundamentally flawed from an engineering perspective. This conversation goes far beyond AI hype and dives deep into what actually matters when building scalable, reliable, enterprise-grade AI systems with Microsoft Azure AI Foundry, orchestration patterns, memory management, evaluation pipelines, multi-agent architectures, and domain-specific AI solutions.
WHY MOST AI AGENTS ARE BUILT WRONG
According to Karthikeyan, one of the biggest mistakes organizations make today is trying to use Large Language Models for everything. Instead of treating the LLM as a reasoning engine or orchestration layer, many teams try to make the model itself perform every business operation directly. The result is often a probabilistic system attempting to replace deterministic engineering. And that creates serious reliability problems. Karthikeyan explains that enterprise systems cannot behave unpredictably. If an AI system returns different results for the same financial transaction, customer workflow, or approval process, organizations immediately lose trust. That is why AI agents must still be engineered like traditional enterprise software systems — with architecture, orchestration, retries, validation, observability, and governance built into the foundation.
THE REAL ROLE OF LLMs IN ENTERPRISE SYSTEMS
One of the strongest insights from the episode is the distinction between probabilistic and deterministic systems. Large Language Models are probabilistic by nature. They generate outputs based on probability distributions, context windows, and token prediction patterns. Enterprise workflows, however, are often deterministic:
Financial calculationsInventory managementIdentity systemsCompliance workflowsERP integrationsSecurity processesAccording to Karthikeyan, organizations should stop trying to make LLMs replace deterministic engineering logic. Instead:
The LLM should act as the reasoning layerDeterministic tools should execute workflowsBusiness logic should remain controlledOrchestration should drive executionValidation should happen continuouslyThis architectural mindset dramatically improves reliability and scalability.
WHY ORCHESTRATION IS THE REAL SECRET
One of the biggest missing components in enterprise AI systems today is orchestration. Karthikeyan explains that many organizations simply connect an LLM to a chatbot framework and assume they have built an AI agent platform. But real enterprise systems require orchestration patterns. For example:
Which tools should execute first?Which workflows run in parallel?Which actions require validation?Which systems are allowed to be called?Which failures require retries?Without orchestration, AI systems become unreliable and difficult to scale. The intelligence lies in:
Tool orchestrationWorkflow selectionContext awarenessState managementEvaluation logicMemory handlingThis distinction becomes critical when organizations attempt to move AI systems from proof-of-concept into production environments.
MEMORY MANAGEMENT IS MORE IMPORTANT THAN PEOPLE REALIZE
Another major focus of the episode is memory handling inside AI systems. Most users do not realize that every conversation with an LLM becomes a growing token context window. As conversations grow:
Token costs increaseLatency increasesContext quality degradesImportant information gets lostSystems hallucinate more easilyKarthikeyan explains that enterprises must actively engineer memory strategies:
Session memoryPersistent memoryConversation summarizationContext compressionState trackingToken optimizationWithout proper memory engineering, AI systems eventually lose reliability.
THE BIGGEST PROBLEM: LACK OF OBSERVABILITY
One of the strongest warnings throughout the discussion is around observability. Many AI systems today cannot explain:
Why decisions were madeWhich tools were calledWhich prompts executedWhich memory state existedWhich reasoning path was takenThis creates major problems in enterprise environments where debugging, compliance, and traceability are essential. Karthikeyan strongly recommends tracing reasoning paths, tracking memory states, monitoring token usage, evaluating decision quality, and building proper debugging dashboards from day one. Without observability, enterprise AI becomes impossible to operate safely at scale.
WHY AZURE AI FOUNDRY MATTERS
A major part of the discussion focuses on Microsoft Azure AI Foundry and why Karthikeyan sees it as one of Microsoft’s strongest AI platform evolutions so far. According to him, Foundry solves several foundational AI engineering challenges by providing:
Built-in orchestrationEvaluation pipelinesGovernance toolingMemory handlingObservability featuresSecure enterprise integrationHe explains that Azure AI Foundry is not just another AI toolset — it represents Microsoft’s shift toward becoming a true enterprise AI platform provider.
Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. -
The retirement of Exchange Web Services (EWS) marks one of the biggest transitions in Microsoft messaging development in nearly two decades. For organizations still relying on legacy Exchange integrations, migration is no longer optional — it is urgent. In this episode of the m365.fm podcast, Mirko Peters sits down with longtime Exchange developer, Microsoft MVP, blogger, open-source contributor, and messaging expert Glen Scales to discuss the end of EWS, the future of Microsoft Graph, and what developers and organizations need to do right now before Microsoft permanently disables EWS in Exchange Online. With more than twenty years of experience building against Exchange APIs, Glen has lived through nearly every generation of Microsoft messaging development — from CDO and WebDAV to EWS, OAuth, and Microsoft Graph. His blog posts, GitHub repositories, Stack Overflow answers, and Substack articles have helped thousands of developers solve real-world Exchange and Microsoft 365 challenges. This conversation dives deep into API evolution, migration strategies, Graph limitations, mail architecture, authentication, throttling, notifications, synchronization, PowerShell automation, and the changing future of enterprise messaging development.
WHY THE END OF EWS MATTERS
Microsoft will retire Exchange Web Services in Exchange Online beginning in October 2026, with full removal completed in April 2027. That means:
Applications using EWS against Microsoft 365 will stop workingOrganizations must identify legacy dependencies nowVendors and internal development teams need migration plans immediatelyOld synchronization models may need redesignsSecurity and permission models must be modernizedGlen explains that many organizations still do not realize how deeply EWS is embedded inside older enterprise applications, migration tools, CRM systems, provisioning systems, custom workflows, and legacy automation scripts. Some organizations may even discover unknown EWS dependencies years after original developers left the company.
HOW EXCHANGE DEVELOPMENT EVOLVED
One of the most fascinating parts of the episode is Glen’s perspective on the evolution of Exchange development itself. He describes how messaging development once represented some of the most advanced enterprise programming work available. Back in the early Exchange days, APIs like MAPI and EWS offered developers extremely deep access to mailbox data, calendar structures, public folders, and messaging workflows. Over time, Microsoft shifted toward:
Cloud-first architectureREST APIsJSON payloadsOAuth authenticationGranular permissionsSecurity-first developmentWebhook-based integrationsMicrosoft Graph standardizationThis transition fundamentally changed how developers build integrations and applications around Microsoft 365 workloads.
WHY MICROSOFT GRAPH IS THE FUTURE
According to Glen, Microsoft Graph represents a major architectural shift compared to EWS. While EWS relied heavily on SOAP and XML, Microsoft Graph uses modern REST APIs and JSON payloads, making development easier, faster, and far more compatible with modern frameworks and open-source tooling. Microsoft Graph also introduces:
Better OAuth authenticationGranular permissionsImproved security boundariesModern SDK supportCross-platform developmentWebhook supportDelta synchronizationModern integration patternsGlen explains that the biggest security issue with EWS is impersonation. In many EWS scenarios, applications receive extremely broad mailbox access, creating significant security risks in modern enterprise environments. Graph changes this by allowing applications to request only the minimum permissions required.
THE BIGGEST CHALLENGE: MIGRATION
The core challenge organizations now face is migration. Glen explains that simple email workloads are relatively easy to migrate from EWS to Graph because feature parity is already strong for common CRUD operations and mail handling. However, more complex workloads become significantly harder:
Calendar synchronizationTasks and To-Do integrationsPublic folder accessCustom MAPI property usageLegacy formsNotification architecturesSynchronization enginesEnterprise migration toolingMany older applications were designed around EWS assumptions that no longer exist in Graph.
STREAMING NOTIFICATIONS VS WEBHOOKS
One of the most technical and insightful parts of the discussion focuses on notifications and synchronization. EWS supported:
Pull notificationsPush notificationsStreaming notificationsGraph primarily relies on webhooks. This introduces major architectural changes because organizations now need:
Public endpointsCloud-accessible infrastructureModern event processingQueue-based architecturesNotification deduplicationBetter retry logicGlen explains that older EWS streaming notification systems often struggled in cloud environments because mailbox moves could silently break persistent connections. Modern Graph webhooks behave far better in cloud-native architectures.
DELTA QUERIES, THROTTLING, AND SCALE
Another major topic throughout the episode is scalability. Glen discusses:
Delta queriesSynchronization patternsPaginationMailbox concurrencyBatch limitsAPI throttlingLarge mailbox operationsRetry handlingAccording to Glen, Graph throttling is significantly more restrictive than EWS in some scenarios, especially around large-scale mailbox operations and migrations. This means developers need to:
Design more efficient applicationsQueue operations intelligentlyReduce unnecessary requestsHandle retries correctlyRespect concurrency limitationsAvoid notification stormsHe strongly recommends using Microsoft Graph SDKs because they automatically handle many retry and throttling behaviors.
Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. -
Behind every great Power BI solution is more than just dashboards and data models. There is logic, automation, storytelling, optimization, architecture, and most importantly — community. In this episode of the m365.fm podcast, Mirko Peters sits down with Bernat Agulló Roselló, Microsoft MVP, Senior BI Developer Partner at Sabrina, Tabular Editor contributor, organizer of the Power BI & Fabric Barcelona User Group, and one of the most passionate voices in the Power BI community today. From DAX optimization and semantic model automation to community building and multilingual collaboration, this conversation explores the technical depth and human side of modern Business Intelligence. Bernat shares his journey from Excel macros and reporting automation to becoming a recognized expert in DAX, Tabular Editor scripting, semantic modeling, and enterprise Power BI development. But this episode is not just about technology. It is also about curiosity, learning, international experiences, and the incredible role that community plays in shaping careers, opportunities, and innovation across the Microsoft Data Platform ecosystem.
THE JOURNEY FROM EXCEL TO POWER BI
Bernat’s BI journey started long before he officially realized he was working in Business Intelligence. While working with Excel macros inside manufacturing environments like Nissan, he was already building reporting automation, aggregating data from multiple sources, and solving business reporting challenges long before terms like “semantic modeling” or “data warehousing” became part of his vocabulary. Eventually, after reading Kimball’s Data Warehouse Toolkit and diving deeper into BI concepts, Bernat recognized that he had already been practicing many foundational Business Intelligence principles for years. This realization sparked a deeper passion for analytics, Power BI, DAX, automation, and semantic modeling that continues today.
WHY DAX CHANGES EVERYTHING
One of the strongest technical themes throughout the episode is DAX — Data Analysis Expressions — the language behind Power BI calculations and advanced analytics. According to Bernat, one of the biggest misconceptions people have about DAX is assuming it behaves like Excel formulas. In reality:
DAX depends heavily on semantic modelsRelationships are criticalFilter context changes everythingMeasures and calculated columns behave fundamentally differentlyUnderstanding context transition is essentialBernat explains how learning the foundations of DAX and semantic modeling completely changes how developers approach Power BI solutions. He strongly recommends that anyone serious about Power BI eventually studies “The Definitive Guide to DAX” by Marco Russo and Alberto Ferrari — a book that fundamentally shaped his own understanding of the platform.
THE POWER OF TABULAR EDITOR
Another major focus of the discussion is Tabular Editor and why it has become one of the most important tools for advanced Power BI and semantic model development. Bernat explains how Power BI Desktop works well for getting started, but as enterprise semantic models become larger and more complex, development workflows quickly become difficult to manage. Tabular Editor enables developers to:
Manage large semantic models efficientlyEdit measures fasterAccess advanced model propertiesWork with calculation groupsBuild reusable automation scriptsImprove semantic model governanceOptimize development workflowsAutomate repetitive tasksFor advanced BI developers, Tabular Editor becomes a critical productivity multiplier.
AUTOMATION IS THE FUTURE OF POWER BI DEVELOPMENT
One of the most exciting parts of the episode focuses on automation using C# scripting, Tabular Editor, and semantic model tooling. Bernat shares how his background in Excel macros naturally evolved into Power BI automation and eventually into advanced Tabular Editor scripting. Through automation, developers can:
Generate calculation groups automaticallyBuild reusable semantic model patternsCreate dynamic measuresStandardize formattingReduce manual development workImprove consistencyEliminate repetitive tasksScale semantic model developmentAccording to Bernat, automation does not just save time — it dramatically improves developer experience and mental health by removing repetitive, error-prone tasks. He estimates that automation can realistically save BI teams up to 40% of their development time.
WHY REPETITIVE TASKS SHOULD DISAPPEAR
One of the most practical insights from the conversation is Bernat’s philosophy around repetitive work. He strongly believes developers should spend less time copying logic, recreating measures, and manually repeating patterns — and more time solving meaningful business problems. This includes:
Dynamic measure generationDAX UDF automationCalculation group templatingSemantic model standardizationMetadata-driven developmentDependency analysisMeasure reuse across reportsBy reducing repetitive tasks, teams become faster, more accurate, and more creative.
THE NEXT GENERATION OF SEMANTIC MODEL AUTOMATION
Bernat also shares fascinating insights into one of his latest projects: a system designed to automatically analyze semantic model dependencies and help organizations transfer KPIs, measures, and semantic logic between Power BI models safely. This becomes increasingly important in enterprise environments where:
Reports share common KPIsSemantic models grow rapidlyBusiness logic must stay consistentGovernance becomes more complexTeams struggle with duplicated logicHis approach combines notebooks, DAX queries, metadata analysis, and automation to dramatically simplify enterprise BI management.
AI, FABRIC, AND THE FUTURE OF BUSINESS INTELLIGENCE
The discussion also explores Microsoft Fabric, AI, semantic models, and the future of analytics. Bernat remains both curious and pragmatic about AI in the BI world. While he sees strong potential in automation and AI-assisted workflows, he is also cautious about overhyping “talk to your data” experiences without proper semantic understanding and contextual design. According to Bernat:
Reports still matter deeplyVisualization design remains criticalHuman understanding is irreplaceableContext drives analytics valueSemantic modeling stays foundationalAI should augment — not replace — BI expertiseHe also explains why many organizations still struggle with fundamental data organization and reporting maturity long before advanced AI capabilities become relevant.
Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. -
Deploying Microsoft Copilot is easy. Driving real adoption, measurable impact, and long-term behavioral change across an organization? That is the real challenge. In this episode of the m365.fm podcast, Mirko Peters sits down with Microsoft MVP, Copilot Architect, adoption expert, and Copilot Team Lead at Billennium, Edyta Gorzoń, for a deep and highly practical conversation about what truly makes Copilot adoption successful inside modern organizations. While many companies focus heavily on licensing, governance, and technical rollout, Edyta explains why successful AI transformation is ultimately about people, communication, culture, and change management. Throughout the episode, she shares real-world lessons from customer projects, common mistakes organizations continue to make, and practical strategies that help companies move from simply deploying AI to genuinely transforming the way employees work. With more than a decade of experience in Microsoft technologies and a strong business background, Edyta brings a unique perspective to the AI conversation. Her focus is not just on technology itself, but on understanding users, organizational behavior, productivity patterns, communication strategies, and how businesses can create sustainable adoption models that actually deliver ROI.
WHY COPILOT ADOPTION IS MORE THAN JUST TRAINING
One of the strongest themes throughout the episode is that Copilot adoption cannot be solved through generic feature-based training sessions alone. According to Edyta, many organizations mistakenly believe that purchasing Copilot licenses and scheduling a few training sessions automatically guarantees success. In reality, adoption requires a much broader strategy that includes governance, communication, behavioral change, scenario-based enablement, leadership involvement, and continuous support. She explains that organizations often experience temporary spikes in Copilot usage immediately after training sessions, only to see activity quickly decline again afterward. This happens because users never fully integrate AI into their daily workflows and routines. Building sustainable habits becomes far more important than simply delivering technical knowledge.
CHANGE MANAGEMENT IS THE REAL DIFFERENTIATOR
Edyta believes change management has become one of the most critical success factors for AI transformation projects. In previous Microsoft 365 adoption waves, organizations focused heavily on enabling tools like Teams, SharePoint, and OneDrive. But AI introduces entirely new emotional and cultural challenges:
Fear of job replacementConcerns around data privacyDistrust in AI-generated contentResistance to changing workflowsUncertainty around productivity expectationsSome employees even feel that using AI is somehow “cheating” or replacing their own expertise. Because of this, Edyta emphasizes the importance of understanding user sentiment early in every Copilot project. Organizations need to understand how employees actually feel about AI before they can create effective communication and adoption strategies.
COMMUNICATION IS EVERYTHING
One of the most powerful insights from the episode is the importance of communication. According to Edyta, poor communication remains one of the biggest reasons why digital transformation projects fail. Organizations frequently launch AI initiatives using technical jargon, generic messaging, or overly abstract business language that employees simply do not connect with. Instead, communication must be:
Tailored to different user groupsPractical and scenario-focusedEasy to understandBusiness relevantContinuous and visibleSupported by leadershipEdyta explains that IT professionals often unintentionally speak in highly technical language that business users do not understand. Terms like “tenant,” “connectors,” “governance,” or “grounding” may confuse non-technical employees immediately and create unnecessary resistance from the very beginning.
WHY GOVERNANCE MATTERS BEFORE COPILOT
Another major topic throughout the discussion is governance and technical readiness. Edyta strongly warns organizations against rushing into Copilot deployments without first reviewing their existing Microsoft 365 environments. Oversharing, poorly managed SharePoint permissions, inconsistent governance, and outdated collaboration structures can create major security and compliance risks once AI systems gain access to organizational data. She explains that:
Copilot respects existing permissionsAI surfaces information dramatically fasterLegacy governance problems become visible instantlyPoorly structured data creates AI chaosDocumentation and governance become essentialOne particularly important recommendation is creating clear governance documentation that both technical and business stakeholders can understand. As AI teams increasingly combine IT, security, business, and compliance roles, organizations need a shared “single source of truth” around policies, configurations, responsibilities, and AI readiness.
PROMPTING IS A NEW SKILL
Throughout the conversation, Edyta repeatedly describes prompting as an entirely new professional skillset. Most end users are not naturally comfortable interacting with AI systems. Unlike IT professionals or AI enthusiasts, many employees have never worked with prompt engineering concepts before. That is why Edyta strongly advocates for hands-on prompting workshops that allow users to experiment, learn, and build confidence with AI tools in real-world scenarios. According to Edyta:
Prompting should be treated like a modern workplace skillUsers need practical exercisesGeneric examples rarely workTraining should reflect real business processesHands-on experimentation is criticalShe even describes prompting as an “art” that employees gradually learn through repetition and guided experimentation.
THE POWER OF SCENARIO-BASED TRAINING
One of Edyta’s strongest recommendations is building scenario-oriented adoption programs instead of generic platform training. Rather than showing random demos or disconnected features, organizations should teach Copilot within the context of actual business processes. Examples include:
Teams meeting preparation and follow-upsOutlook email managementPowerPoint presentation creationHR onboarding workflowsSales proposal generationMarketing content productionDaily reporting processesKnowledge management scenariosThe more realistic and tailored the training experience becomes, the more likely users are to integrate Copilot naturally into their daily work.
WHY LEADERSHIP INVOLVEMENT MATTERS
Another major insight from the episode is the importance of leadership visibility. According to Edyta, executives often approve Copilot budgets and then completely disengage from the adoption process afterward. This creates a major problem because employees need visible signals from leadership that AI adoption matters strategically to the organization. Successful organizations involve leadership through:
Town hall communicationChampion programsAI adoption messagingSuccess story sharingTraining participationInternal evangelis
Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. -
Artificial Intelligence is moving faster than most organizations can keep up with. Every week introduces new models, new frameworks, new AI agents, and entirely new ways to build applications. But beyond the hype, one question matters most: how do enterprises actually build secure, scalable, production-ready AI solutions that create real business value? In this episode of the m365.fm podcast, Mirko Peters sits down with Jannik Reinhard — Microsoft MVP, architect, author, speaker, and AI innovator — for an in-depth conversation about Microsoft Foundry, enterprise AI architecture, agentic workflows, orchestration, governance, and the future of AI-powered applications. Jannik is deeply embedded in both the AI and security worlds. He has published more than 200 technical blog posts, speaks internationally at major conferences, contributes heavily to the community, and has built enterprise-grade AI systems used by over 120,000 employees inside BASF. His experience spans Microsoft Azure, Security, Endpoint Management, AI architecture, automation, and next-generation enterprise development. This episode is not another surface-level AI conversation. Instead, it explores the real technical and strategic challenges organizations face when moving from AI demos to fully operational enterprise AI platforms.
WHY MICROSOFT FOUNDRY MATTERS
For many people, Microsoft Foundry is still a relatively new concept. Jannik explains Foundry in simple but powerful terms: it provides organizations with a secure, enterprise-ready way to deploy and manage AI models inside Microsoft’s trusted cloud ecosystem. Through Foundry, organizations can:
Deploy OpenAI and Anthropic models securelyUse enterprise-grade networking and encryptionIntegrate with Azure services and managed identitiesProtect against prompt injection attacksBuild AI agents and workflowsConnect models to business data securelyMonitor AI applications at scaleJannik emphasizes that Foundry is not just about model hosting. It becomes the orchestration layer that enables organizations to safely operationalize AI inside enterprise environments.
AI IS NOT THE STRATEGY
One of the strongest messages throughout the episode is that simply buying AI tools does not equal digital transformation. Jannik explains that many companies mistakenly believe purchasing Copilot licenses automatically gives them an AI strategy. In reality, organizations need much deeper thinking around business processes, governance, security, data quality, orchestration, and automation. According to Jannik, the most successful organizations are not the ones blindly following hype. They are the ones asking:
Which business problems should AI solve?Where does AI create measurable value?How can AI improve workflows?Which processes should become autonomous?How can governance and security scale with AI adoption?This shift in thinking is what separates experimentation from transformation.
THE FUTURE IS AGENTIC WORKFLOWS
A major focus of this episode is the evolution from simple AI chat experiences toward autonomous AI agents. Jannik explains that true AI agents are fundamentally different from reactive chatbot experiences. Instead of simply responding to prompts, modern AI agents can understand goals, execute actions, orchestrate workflows, interact with tools, retrieve information, and operate independently. This creates an entirely new category of enterprise software. Rather than manually completing repetitive work, employees increasingly delegate tasks to intelligent systems capable of:
Researching informationAutomating workflowsInteracting with APIsManaging infrastructureWriting codeGenerating documentationMonitoring systemsExecuting business processes autonomouslyJannik believes orchestration is now becoming one of the most important competitive differentiators in AI application development.
WHY ORCHESTRATION IS THE REAL SECRET
Throughout the discussion, Jannik repeatedly highlights orchestration as the “secret sauce” behind high-quality AI systems. The models themselves are already incredibly powerful. The challenge now is:
Providing the right contextReducing unnecessary informationCoordinating multiple agentsManaging memory effectivelyRouting tasks intelligentlyConnecting the correct tools dynamicallyAccording to Jannik, bad orchestration overwhelms models with excessive context, while good orchestration delivers only the exact information and capabilities needed for a specific task. This becomes especially important in enterprise environments where agents may interact with hundreds of tools, APIs, systems, and data sources simultaneously.
SECURITY, GOVERNANCE, AND COMPLIANCE IN AI
As both an AI and Security MVP, Jannik brings a unique perspective to one of the biggest enterprise AI challenges: governance. He explains why organizations cannot separate AI strategy from security strategy. Without strong governance, data protection, and compliance frameworks, enterprise AI adoption quickly becomes dangerous. The episode explores:
AI governance modelsZero Trust principles for AI agentsPrompt injection protectionIdentity management for AI systemsMicrosoft Purview integrationsSecure AI architecturesData exposure risksEnterprise compliance requirementsEuropean AI regulationsJannik also explains how Microsoft’s ecosystem provides unique advantages because organizations can integrate security, compliance, networking, Purview, Global Secure Access, and AI governance into a unified platform.
DEMO APPS VS PRODUCTION-GRADE AI SYSTEMS
One of the most practical parts of the conversation focuses on the massive difference between demo AI applications and production-ready enterprise solutions. According to Jannik, building a proof-of-concept today is incredibly easy. AI coding tools can generate working applications in minutes. But moving those solutions into production introduces an entirely different set of challenges:
Security validationGovernance approvalWorker councilsRegulatory complianceMonitoringIdentity managementRisk mitigationAI safety testingInfrastructure hardeningOperational scalabilityThis is where many organizations underestimate the complexity of enterprise AI deployment.
Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. -
Artificial Intelligence is transforming the enterprise world faster than most organizations can adapt. Every company wants AI. Every executive wants Copilot. Every IT department is under pressure to modernize. But as AI adoption accelerates, one critical question continues to grow louder: how do organizations stay secure while embracing the future? In this deep-dive episode of the m365.fm podcast, Mirko Peters sits down with Danilo Nogueira from Microsoft to explore the rapidly evolving intersection of AI, security, compliance, insider risk, automation, and data governance. This conversation goes far beyond hype and marketing buzzwords. Instead, it delivers practical, real-world insights directly from someone working inside Microsoft’s security ecosystem every single day. Danilo currently works as a Senior Product Manager at Microsoft focused on Microsoft Purview, Insider Risk Management, Data Security, and AI-driven security experiences. With more than twenty years of experience across productivity, compliance, SharePoint, enterprise architecture, governance, and security, Danilo brings a rare perspective that combines deep technical knowledge with hands-on customer experience. Throughout the episode, Danilo explains why AI is fundamentally changing the way organizations must think about security. Traditional “block everything” approaches no longer work in modern cloud environments. Instead, organizations need visibility, monitoring, intelligent automation, and strong governance strategies that still allow employees to remain productive and innovative.
THE REAL CHALLENGE OF AI ADOPTION
One of the biggest misconceptions around AI adoption is that deploying Copilot or enabling AI tools automatically creates productivity gains. Danilo explains that many organizations are rushing into AI without understanding the security implications hidden underneath their existing environments. Oversharing in SharePoint, poorly managed permissions, weak governance strategies, uncontrolled file access, and missing classification policies can suddenly become massive risks once AI systems gain access to organizational data. What employees previously struggled to find manually can now be surfaced instantly through AI-powered discovery. This is why Danilo repeatedly emphasizes the importance of “AI readiness.” AI readiness is not about licensing. It is not about deploying a chatbot. It is about understanding your data, your permissions, your governance model, and your organizational culture before AI becomes deeply integrated into daily operations.
WHY OVERSHARING IS THE BIGGEST RISK
According to Danilo, oversharing remains one of the most dangerous and underestimated problems inside Microsoft 365 environments today. Many organizations have spent years granting broad permissions across SharePoint sites, Teams, file shares, and collaboration platforms without fully understanding the long-term consequences. Now AI changes everything. An employee who never manually searched through thousands of documents can suddenly ask Copilot simple questions that expose highly sensitive information. Financial data, salary information, contracts, confidential business plans, or executive communications may become discoverable if permissions are not properly governed. Danilo shares how organizations are only now waking up to the importance of proper data governance, classification, and access management because AI dramatically increases visibility into enterprise content.
MICROSOFT PURVIEW EXPLAINED
For organizations unfamiliar with Microsoft Purview, Danilo offers one of the simplest and most relatable explanations imaginable. He compares Purview to a baby monitor. You do not completely block a baby from moving around the room. Instead, you monitor activity, understand behavior, and intervene when necessary. According to Danilo, modern enterprise security works the same way. Microsoft Purview enables organizations to monitor user activity, investigate insider risks, classify sensitive data, prevent data leakage, automate compliance workflows, and gain visibility into how information moves throughout the company. The platform becomes even more critical in the age of AI because organizations now need to understand:
Who can access sensitive informationWhich data is classified as confidentialHow employees interact with AI toolsWhat information AI systems can surfaceWhere data is stored and sharedHow risky behavior can be detected automaticallyINSIDER RISK IN THE AGE OF AI
The conversation also explores how insider risk management is evolving rapidly because of AI-powered systems. Danilo explains that organizations can no longer rely only on manual investigations or static policies. Modern environments generate enormous volumes of activity, alerts, and behavioral signals. AI agents and automation now play an increasingly important role in helping security teams prioritize what matters most. Examples include:
Monitoring unusual file downloadsDetecting suspicious data transfersIdentifying abnormal user behaviorBlocking risky actions automaticallyAlerting managers and HR teamsTracking long-term behavioral patternsDanilo even shares real-world examples where organizations believed they had fully secured their environments, only to discover employees transferring sensitive data through Bluetooth or alternative methods that were never monitored properly.
THE SHIFT FROM BLOCKING TO MONITORING
One of the most important themes throughout the episode is the shift away from traditional security thinking. For years, enterprise security focused heavily on blocking access, restricting behavior, and locking down environments. But in cloud-first and AI-powered organizations, that model becomes increasingly difficult to maintain. Danilo argues that the future belongs to intelligent monitoring and adaptive security strategies. Instead of blocking everything, organizations must understand context, user behavior, risk patterns, and productivity requirements. This philosophy represents a major cultural transformation for many companies and security teams.
AI AGENTS, AUTOMATION, AND THE FUTURE OF COMPLIANCE
Another major topic in this episode is the future of autonomous AI agents. Danilo explains how Microsoft is increasingly investing in AI-powered systems that can help organizations:
Prioritize security alertsAnalyze insider risksInvestigate suspicious activitySurface critical incidents automaticallyRecommend remediation actionsImprove compliance operations at scaleThese systems are not designed to replace security professionals. Instead, they enhance productivity and help teams focus on the highest-priority issues faster than ever before. The discussion also explores how automation tools like Power Automate combined with AI can fundamentally transform business operations and security workflows.
BUILDING A REAL AI CULTURE
One of the strongest insights from Danilo is that organizations must build a true AI culture instead of simply deploying AI tools. Companies need to decide:
What is acceptable AI usage?Which AI systems are approved?How should employees interact with AI?What data can AI access?What governance rules exist?How should sensitive information be protected?Danilo believes the future workplace will increasingly attract talent based on AI maturity. Employees will actively look for organizations that embrace AI effectively, securely, and responsibly.
Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. -
In this episode of the m365.fm podcast, Mirko Peters sits down with Azure MVP and Microsoft Certified Trainer Vladimir Stefanovic to discuss one of the most underestimated topics in modern cloud architecture: Azure Governance at Scale. With more than twenty years of IT experience, Vladimir shares real-world lessons from enterprise cloud environments, large-scale Azure architectures, networking, identity, automation, and governance projects that either succeeded because of strong planning — or failed because of poor early decisions. The conversation starts with Vladimir’s journey from installing operating systems, configuring printers, and building small local networks to becoming a globally recognized Azure expert focused on governance, networking, infrastructure, and cloud strategy. He explains why understanding the foundations of infrastructure and networking is still critical today, even in a cloud-first and AI-driven world where many engineers jump directly into modern services without understanding the basics underneath.
WHY GOVERNANCE MUST START ON DAY ZERO
One of the core themes of this episode is that governance cannot be an afterthought. Vladimir explains why organizations often focus on applications, features, and rapid growth first, while governance, landing zones, permissions, automation, and security are pushed aside until systems become too large and too complex to fix easily. He compares poor cloud planning to building a house without designing the foundation first. The episode dives into:
Why governance decisions become exponentially harder laterThe risks of unmanaged Azure growthWhy “temporary” environments often become permanent production systemsTHE REAL COST OF BAD AZURE DECISIONS
Vladimir explains how early architectural mistakes can create enormous operational and financial problems later. From incorrect networking models and weak permission structures to unmanaged subscriptions and missing automation, the episode explores how technical debt grows inside cloud environments over time. The discussion also covers:
Brownfield vs greenfield Azure environmentsWhy fast-growing companies struggle to redesign cloud architecturesThe operational impact of scaling without governanceWhy companies often prioritize new features over infrastructure stabilitySECURITY, COSTS & CLOUD CHAOS
One of the strongest warning signs of weak governance is cloud chaos. Vladimir explains why security incidents and uncontrolled Azure costs are usually the first visible indicators that governance has failed. The conversation explores how organizations frequently underestimate governance because leadership often struggles to see immediate business value in preventive architecture work. The episode highlights:
Why security breaches become business-critical eventsHow governance reduces attack surfacesWhy cost optimization starts with proper architectureThe relationship between governance, automation, and operational stabilityAZURE NETWORKING, LANDING ZONES & ENTERPRISE DESIGN
The discussion goes deep into Azure networking strategies, hybrid environments, landing zones, hub-and-spoke architectures, governance models, and enterprise connectivity planning. Vladimir explains why every organization requires a different architectural approach depending on workload type, scale, operational maturity, and future business goals. Topics include:
Hybrid networking architecturesVPN vs ExpressRoute decisionsAzure Firewall and virtual appliance strategiesSubscription structures and management groupsEnterprise landing zone planningTHE IMPORTANCE OF NAMING CONVENTIONS & TAGGING
One surprisingly important part of the episode focuses on naming conventions and tagging strategies. Vladimir explains why proper naming standards are massively underrated in enterprise cloud environments and how strong conventions enable automation, governance, and scalable infrastructure deployment. The conversation explores:
Automated landing zone deploymentsResource organization strategiesStandardized workload managementGovernance through automationPOLICY-DRIVEN GOVERNANCE & AUTOMATION
Another major topic is Azure Policy and policy-driven governance. Vladimir explains how organizations can automate governance controls, security standards, logging, resource deployment, and operational guardrails using Azure-native tooling and Infrastructure as Code approaches. The episode discusses:
Policy-driven governance at enterprise scaleRole-Based Access Control (RBAC)Least privilege principlesAutomation-first infrastructureFour-eyes approval modelsDevOps and DevSecOps governanceZERO TRUST, IDENTITY & SECURITY GOVERNANCE
Security governance is another major focus of this episode. Vladimir shares his perspective on Zero Trust, identity management, Entra ID governance, private networking, privileged access, and operational security. He explains why identity is the foundation of everything inside Microsoft Cloud environments and why many organizations still underestimate its importance. The discussion covers:
Identity governance challengesZero Trust principlesMFA and privileged accessMicrosoft Defender and SentinelOperational security at scaleGovernance for Microsoft 365 and Azure togetherAI, COPILOT & THE FUTURE OF GOVERNANCE
The conversation also explores how AI is starting to impact Azure operations, governance, and cloud management. Vladimir shares his thoughts on AI-powered automation, Copilot, Azure OpenAI, cloud agents, and AI-assisted operations. He explains both the opportunities and the risks of relying on AI systems without having enough technical expertise to validate the results.
Topics include:
AI-assisted cloud operationsAutomation with AI agentsGovernance for AI-driven environmentsThe risks of unmanaged AI actionsCloud cost analysis using AIEXPERIENCE, SIMPLICITY & GOOD DECISIONS
One of the strongest messages from this episode is that simplicity usually wins. Vladimir explains why the best architectures are often the simplest ones and why overengineering creates unnecessary complexity, operational overhead, and governance problems. The discussion highlights how experience plays a massive role in making good architectural decisions. The episode also explores:
Why simplicity is difficult to achieveLearning through bad decisionsThe value of experienced architectsT-shaped engineers and cross-functional expertiseDesigning systems for operational teams
Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. -
In this episode of the m365.fm podcast, Mirko Peters sits down with Microsoft MVP and MCT Nick Doelman to explore one of the most important technology shifts happening right now: the evolution of Agentic Coding and the future of AI-driven software development. From low-code platforms and Power Platform solutions to natural language interfaces and autonomous AI agents, this conversation dives deep into how developers, makers, consultants, and enterprise organizations must adapt to a completely new way of building business applications. Nick shares his incredible journey from programming on a Commodore 64 and working with C++ and Microsoft Dynamics CRM to becoming one of the leading voices in the Microsoft Power Platform ecosystem. He explains how his technical background, combined with years of real-world consulting and Microsoft experience, shaped his perspective on modern development, automation, governance, and AI-powered engineering.
FROM TRADITIONAL DEVELOPMENT TO AI-POWERED ENGINEERING
The conversation explores how software development has rapidly evolved over the past few years. Nick explains how Visual Studio Code, GitHub Copilot, Claude, MCP servers, and AI agents are transforming development workflows and dramatically increasing productivity. Instead of manually creating every field, table, and process inside Power Platform, developers can now use natural language prompts to generate data models, business logic, and application structures in minutes instead of hours. Nick also shares practical examples of how he now spends most of his time working with AI-assisted tooling rather than traditional development interfaces. The episode highlights how developers are increasingly collaborating with AI systems instead of simply writing code manually from scratch.
WHAT AGENTIC CODING REALLY MEANS
One of the central topics of this episode is the meaning of Agentic Coding. Nick explains why Agentic Development is much more than simple vibe coding or asking AI to generate random applications. Instead, it is a structured collaboration between humans and intelligent agents where developers guide, supervise, validate, and refine AI-generated solutions. The discussion breaks down how developers can:
Build structured product requirement documents with AIGenerate reusable prompts and workflowsCreate data models through natural languageUse AI for testing, documentation, and architectureImprove application quality through iterative collaborationTHE FUTURE OF POWER PLATFORM
Nick shares his vision for the future of Microsoft Power Platform and explains how tools like Power Apps, Power Pages, Dataverse, and Copilot Studio are evolving in the AI era. The discussion explores how Code Apps, Generative Pages, Single Page Applications, and AI-assisted development are changing the role of makers and enterprise developers. The episode also explains why Dataverse remains critically important as the secure and governed data foundation for AI-driven enterprise applications. Even in a world of autonomous agents and AI-generated apps, governance, security, compliance, and business logic remain essential.
NATURAL LANGUAGE AS THE NEW PROGRAMMING LANGUAGE
One of the most fascinating parts of the episode focuses on how natural language is becoming the purest form of low-code development. Nick explains how developers are moving away from traditional syntax-heavy coding and toward conversational interfaces powered by AI systems. The conversation explores:
Prompt engineering for enterprise developmentVoice-driven coding workflowsAI-generated architecture diagramsReusable AI skills and prompt librariesThe evolution of developer productivityNick also explains why AI coding assistants are becoming more like pair-programming partners rather than simple autocomplete tools.
WHY GOVERNANCE AND DOCUMENTATION MATTER MORE THAN EVER
As AI-generated development accelerates, the importance of governance, documentation, and reusable prompts becomes even more critical. Nick explains why organizations must maintain control over:
Source code repositoriesAI-generated promptsDocumentation assetsTest casesSecurity configurationsGovernance standardsThe discussion highlights why future enterprise projects will require not only source code management, but also prompt management and AI workflow governance.
THE FUTURE OF BUSINESS APPLICATIONS
The episode also explores how enterprise users may soon interact with AI systems differently than today. Instead of opening separate applications for CRM, ERP, ticketing, or reporting, Nick predicts that users will increasingly interact through Microsoft 365 Copilot, Teams, conversational interfaces, and intelligent agents. This future includes:
AI-driven customer support experiencesConversational business applicationsAgent-to-agent communicationAutomated workflows powered by natural languageIntelligent enterprise collaboration systemsPOWER PLATFORM, AI, AND THE NEXT GENERATION OF MAKERS
Nick also discusses how Power Platform makers must evolve in the AI era. Instead of focusing only on app creation, modern makers will increasingly need skills in:
Business process analysisAI supervisionGovernance managementPrompt engineeringSolution architectureSystem thinkingThe episode highlights how AI will not replace skilled developers or makers, but instead amplify creativity, productivity, and innovation for those who understand how to collaborate effectively with intelligent systems.
IN THIS EPISODE
The rise of Agentic Coding and AI-assisted engineeringHow GitHub Copilot and Claude change software developmentWhy Visual Studio Code is becoming central for Power Platform developmentThe future of Power Apps, Power Pages, and DataversePrompt engineering and reusable AI skillsGovernance, compliance, and enterprise AI developmentNatural language as the future programming interfaceThe evolution of makers, developers, and solution architectsABOUT NICK DOELMAN
Nick Doelman is an independent Power Platform specialist, trainer, coach, Microsoft MVP, and Microsoft Certified Trainer. He previously worked at Microsoft as a Senior Content Developer focused on Power Pages, Power Automate, and Power Platform documentation and enablement. Nick is also a content creator, podcast co-host, and international competitive powerlifter representing Team Canada.
Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. -
Finance departments are entering one of the biggest technological transformations in decades. Artificial Intelligence, autonomous agents, Copilot experiences, automation platforms, and modern ERP systems are rapidly changing how organizations manage accounting, reporting, forecasting, procurement, compliance, and financial operations. But what does this transformation actually look like inside real Dynamics 365 Finance & Operations environments? In this episode of the m365.fm podcast, Mirko Peters sits down with Microsoft MVP and Microsoft Certified Trainer Billur Samdancioglu to explore the future of finance in D365FO, AI-powered business applications, Copilot experiences, autonomous agents, cloud ERP modernization, and how Microsoft is reshaping enterprise finance workflows. Billur Samdancioglu is a Dynamics 365 Finance & Operations expert, Microsoft MVP, Microsoft Certified Trainer, public speaker, and business applications specialist with deep experience helping organizations modernize financial systems and enterprise operations. Throughout the episode, Billur shares practical insights from working with enterprise customers, implementing D365FO projects, and helping finance teams navigate the growing impact of AI inside Microsoft business applications.
HOW FINANCE TRANSFORMATION IS ACCELERATING
The conversation begins with Billur sharing her journey into the Microsoft ecosystem and how Dynamics 365 Finance & Operations evolved into one of the most powerful ERP platforms inside modern enterprises. What was once viewed primarily as an accounting system has transformed into a fully connected digital operations platform capable of integrating finance, procurement, logistics, reporting, analytics, automation, and AI-driven decision support. Billur explains that many organizations are now facing increasing pressure to modernize legacy ERP systems because older platforms simply cannot keep pace with modern cloud expectations, automation requirements, AI integrations, compliance demands, and real-time reporting needs. Companies want faster processes, more visibility, better forecasting, lower operational overhead, and smarter financial insights — all while maintaining strong governance and security. One of the strongest themes throughout the episode is that finance modernization is no longer only about replacing software. It is about redesigning how finance teams actually work. AI is changing workflows themselves, not just the tools being used.
WHAT COPILOT REALLY MEANS FOR D365FO
A major focus of the discussion centers around Microsoft Copilot and how AI assistants are being integrated directly into Dynamics 365 Finance & Operations. Billur explains that Copilot is far more than a chatbot inside ERP systems. It represents a shift toward contextual AI assistance where users can interact with business systems using natural language rather than navigating deeply complex enterprise interfaces. The episode explores how Copilot can already assist finance professionals with:
Invoice analysis and validationFinancial summarizationProcurement assistanceReporting generationData explorationWorkflow accelerationProcess guidanceForecasting supportBillur shares how many repetitive operational tasks inside finance departments are ideal candidates for AI-assisted automation because they involve structured processes, predictable data patterns, and repetitive validation activities. Mirko and Billur discuss how finance professionals increasingly interact with ERP systems conversationally instead of manually searching through dozens of menus, forms, and reports. Rather than spending time locating data, employees can ask business questions directly and receive actionable insights instantly.
AI AGENTS, COWORK, AND AUTONOMOUS BUSINESS PROCESSES
One of the most exciting parts of the episode focuses on autonomous agents and Microsoft’s vision for “Cowork” experiences inside enterprise applications. Billur explains that AI agents are evolving beyond passive assistants toward systems capable of independently executing tasks, monitoring workflows, identifying anomalies, and assisting departments proactively. The discussion explores scenarios where AI agents may eventually:
Monitor overdue invoices automaticallyDetect unusual financial activityRecommend procurement optimizationsGenerate operational summariesTrigger workflows independentlyEscalate compliance risksAssist with budgeting processesCoordinate cross-department processesBillur explains that Microsoft’s broader AI strategy increasingly revolves around collaborative AI systems where humans and AI agents work together rather than fully replacing employees. Instead of eliminating finance professionals, AI will likely remove repetitive administrative work and allow teams to focus more heavily on strategy, analysis, and business decision-making. The episode also examines the growing relationship between Dynamics 365, Microsoft Fabric, Power Platform, Copilot Studio, and Microsoft’s broader AI ecosystem. Modern finance environments are becoming increasingly interconnected, with data flowing across multiple systems simultaneously.
WHY DATA QUALITY BECOMES EVEN MORE IMPORTANT WITH AI
One of the most important insights from the conversation is Billur’s strong emphasis on data quality. AI systems are only as effective as the underlying data powering them. Poor ERP configurations, inconsistent business processes, incomplete records, or inaccurate financial information can quickly create unreliable AI outputs. Billur explains that organizations rushing into AI adoption without first cleaning up their ERP environments may face major operational problems later. Before deploying advanced AI capabilities, companies need:
Structured master dataConsistent business processesStrong governanceProper permissionsSecure integrationsReliable reporting structuresAccurate financial recordsMirko and Billur discuss how many organizations underestimate the preparation required before AI can deliver meaningful business value. AI is not magic — it amplifies the quality of existing systems and processes.
THE ROLE OF FINANCE PROFESSIONALS IS CHANGING
Another major theme throughout the episode is how the role of finance professionals is evolving. Traditional accounting work increasingly becomes automated through ERP systems, AI tooling, robotic process automation, and intelligent workflows. Billur believes the future finance professional will require a broader combination of:
Financial expertiseTechnology understandingData literacyAI awarenessProcess optimization skillsBusiness analysis capabilitiesStrategic thinkingRather than spending entire days performing repetitive transactional work, finance teams increasingly focus on interpreting insights, improving operations, supporting strategic decisions, and collaborating across departments. The conversation also highlights how younger professionals entering finance careers are already expecting modern digital tooling, automation, cloud-based collaboration, and AI-assisted workflows as standard workplace experiences.
be compromised. The episode explores concerns around:
AI governance
Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. -
What does secure cloud automation actually mean in modern Microsoft environments? How can organizations automate user management, identity workflows, Microsoft 365 operations, and Azure infrastructure without creating massive security risks? And why is Microsoft Graph becoming one of the most important technologies every Microsoft administrator should understand? In this episode of the m365.fm podcast, Mirko Peters sits down with Microsoft MVP Ahmed Uzejnovic to explore secure Azure automation, Microsoft Graph API, identity-driven automation, hybrid cloud infrastructure, PowerShell scripting, and the future of enterprise automation inside Microsoft ecosystems. Ahmed Uzejnovic is an IT automation and infrastructure specialist from Salzburg with a strong focus on PowerShell, Azure Automation, Microsoft Graph, identity security, hybrid environments, and enterprise-scale automation. Throughout the conversation, Ahmed shares practical real-world insights from building secure automation systems for onboarding, offboarding, identity synchronization, cloud governance, and operational management across hybrid Microsoft environments.
HOW A SIMPLE USER OFFBOARDING SCRIPT STARTED EVERYTHING
Ahmed’s automation journey started in local IT support where repetitive manual tasks quickly became impossible to ignore. One of the earliest examples he shares is user onboarding and offboarding. Administrators were spending multiple hours every day manually disabling accounts, updating systems, configuring permissions, handling Exchange tasks, and managing repetitive operational work. Instead of accepting repetitive manual work as “normal,” Ahmed started building small PowerShell scripts step-by-step to automate individual tasks. What began as tiny automation scripts eventually evolved into a fully automated user offboarding process that is still running successfully years later. This became the starting point for a much larger automation career focused on solving operational problems at scale. One of the strongest themes throughout the episode is Ahmed’s belief that automation is not really about scripts — it is about process thinking. Before automation can work effectively, organizations first need stable, repeatable, and clearly defined operational processes. Bad processes create bad automation. Good processes create scalable automation systems.
WHY MICROSOFT GRAPH IS BECOMING ESSENTIAL FOR MODERN ADMINS
A major focus of the episode is Microsoft Graph API and why it is rapidly becoming one of the most important technologies inside Microsoft 365 and Azure administration. Ahmed explains that Microsoft Graph is essentially the backend operating layer behind Microsoft cloud services. Nearly every action performed inside Microsoft 365 admin portals, Azure portals, Intune, Entra ID, Teams, and Exchange eventually translates into API calls against Microsoft Graph. The discussion explores how Microsoft administrators can use Graph API to automate:
User managementGroup managementIntune administrationDevice managementMicrosoft Teams operationsAzure identity workflowsAuthentication managementAzure Automation processesEnterprise onboarding and offboardingAhmed explains why learning Graph API gives administrators deeper visibility into Microsoft services compared to only using graphical portals. Instead of clicking through interfaces manually, administrators gain the ability to programmatically manage workloads, build scalable automation systems, deploy repeatable configurations, and integrate Microsoft services into broader enterprise processes. One particularly interesting section focuses on how Ahmed uses Microsoft Graph documentation to discover what is technically possible inside Microsoft ecosystems. Before starting any automation project, he first investigates whether Graph endpoints already exist for the workload he wants to automate.
THE BIGGEST SECURITY MISTAKE IN AUTOMATION
When the conversation shifts toward automation security, Ahmed becomes very direct about one of the most common and dangerous mistakes organizations still make today: hardcoded secrets and passwords. Ahmed explains that many organizations still store credentials directly inside scripts, configuration files, or automation systems without properly securing them. While this may have been common practice years ago, modern cloud security threats make this approach extremely dangerous. A compromised script containing hardcoded secrets can potentially expose entire Microsoft tenants, identity systems, or enterprise infrastructure. The episode explores why organizations should instead adopt modern security practices such as:
Azure Key VaultManaged identitiesLeast privilege permissionsRole-based access controlSecure app registrationsIdentity-based authenticationFederated credentialsAhmed strongly emphasizes the importance of designing automation systems under the assumption that attackers may eventually gain access to scripts or infrastructure components. Because of that, automation systems should always minimize permissions and reduce blast radius wherever possible.
MANAGED IDENTITIES, APP REGISTRATIONS & ZERO TRUST
One of the most valuable parts of the conversation is Ahmed’s explanation of managed identities and secure authentication patterns in Azure automation environments. He explains how managed identities eliminate the need for storing passwords or secrets by allowing Azure services to authenticate securely using Microsoft-managed credentials. The discussion dives deep into app registrations, service principals, permissions, and Graph API authentication. Ahmed explains why many organizations incorrectly create single “super-powered” app registrations with excessive permissions that become extremely dangerous if compromised. Instead, he recommends splitting automation workloads into separate app registrations with tightly scoped permissions designed only for their specific purpose. Mirko and Ahmed also discuss several core security principles including:
Zero Trust securityIdentity-first security modelsLeast privilege accessConditional accessPermission managementSecure token handlingConsent managementSecure cloud governanceAhmed strongly believes that identity has become the new security perimeter inside cloud environments. Rather than relying only on traditional network boundaries, organizations increasingly secure access through identity validation, conditional access policies, and tightly controlled authentication systems.
HYBRID CLOUD AUTOMATION IS STILL THE REALITY
Another important topic throughout the episode is the reality of hybrid infrastructure. While cloud adoption continues accelerating, Ahmed explains that most organizations still operate hybrid environments combining on-premises systems with Azure and Microsoft 365 services. Rather than completely replacing on-premises infrastructure overnight, many enterprises gradually extend workloads into Azure while continuing to maintain Active Directory, local databases, internal systems, and hybrid identity architectures. This creates new automation challenges where systems must securely exchange data across cloud and on-premises boundaries. Ahmed explains how Azure Automation hybrid workers, Azure Arc, Microsoft Graph, and secure identity models help organizations bridge these environments while maintaining operational consistency and security.
Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. - Visa fler
