M365.FM - Modern work, security, and productivity with Microsoft 365

Mirko Peters - Founder of m365.fm, m365.show and m365con.net
  • 5.0(3則評分)
  • 科技新聞
  • 每日更新

Welcome to the M365.FM — your essential podcast for everything Microsoft 365, Azure, and beyond. Join us as we explore the latest developments across Power BI, Power Platform, Microsoft Teams, Viva, Fabric, Purview, Security, and the entire Microsoft ecosystem. Each episode delivers expert insights, real-world use cases, best practices, and interviews with industry leaders to help you stay ahead in the fast-moving world of cloud, collaboration, and data innovation. Whether you're an IT professional, business leader, developer, or data enthusiast, the M365.FM brings the knowledge, trends, and strategies you need to thrive in the modern digital workplace. Tune in, level up, and make the most of everything Microsoft has to offer. M365.FM is part of the M365-Show Network. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.

  1. How Enterprises Should Govern Microsoft Copilot

    25 分鐘前

    How Enterprises Should Govern Microsoft Copilot

    Microsoft Copilot is not just another productivity tool. It is a structural stress test for your entire Microsoft 365 environment. Most organizations still operate under a legacy “open by default” mindset built for human navigation, but AI changes the equation completely. Copilot can surface sensitive files, forgotten SharePoint content, orphaned Teams channels, and years of overshared documents within seconds. The challenge is not whether Copilot respects permissions—it does. The real problem is that most enterprise permissions were never designed for machine-speed retrieval. In this episode, we break down why governance—not licensing—is now the single most important factor in successful Copilot deployment. WHY “OUT-OF-THE-BOX” SECURITY ISN’T ENOUGH Many organizations assume Copilot is secure because it only shows users content they already have access to. But decades of poor SharePoint hygiene, inherited permissions, and “Everyone except external users” groups have created a massive visibility gap inside most tenants. AI eliminates obscurity. Sensitive documents hidden deep inside legacy sites are no longer difficult to find. Copilot can instantly synthesize and summarize information that employees were never actively searching for before. This episode explains how oversharing becomes exponentially more dangerous in the AI era and why organizations must move from “trust by default” to “verify by context.”  KEY TOPICS COVEREDThe “Oversharing Multiplier” and why legacy SharePoint permissions are now a major AI riskHow indirect prompt injection attacks like EchoLeak and Reprompt change enterprise security modelsWhy traditional DLP is no longer enough for AI-powered workflowsHow Microsoft Purview becomes the governance backbone for Copilot deploymentsTHE NEW AI ATTACK SURFACE Copilot introduces a completely new category of enterprise risk. Instead of malware or traditional exploits, organizations now face natural-language attacks that manipulate AI behavior through documents, emails, and embedded instructions. The episode explores how Retrieval-Augmented Generation (RAG) pipelines can unintentionally process malicious instructions hidden inside business content. We discuss why prompt injection is becoming the “SQL injection” of the generative AI era and how enterprises must rethink security boundaries around prompts, context windows, and AI interactions themselves.  RISK-TIERED DEPLOYMENT STRATEGIES Turning Copilot on for everyone at once is one of the biggest mistakes organizations make. Instead, successful enterprises are following a tiered rollout model. Tier 0 focuses entirely on remediation and data cleanup before any licenses are assigned. Tier 1 introduces Copilot to low-risk technical users and Centers of Excellence. Tier 2 expands adoption to broader business units like sales and marketing, while Tier 3 is reserved for highly sensitive domains such as Finance, HR, and Legal. This episode explains how a phased deployment model prevents rollout failures, reduces governance panic, and creates measurable ROI over time.  GOVERNANCE STRATEGIES DISCUSSEDRestricted SharePoint Search as a temporary containment mechanismAdaptive scopes and sensitivity labels inside Microsoft PurviewPrompt-level DLP enforcement for AI interactionsLifecycle management for AI-generated content and summariesPURVIEW, DLP, AND AI GOVERNANCE IN 2026 Microsoft Purview is evolving into the operational control plane for enterprise AI. In this episode, we explore how Purview enables organizations to classify content dynamically, monitor AI interactions in real time, and enforce AI-specific governance policies. We also discuss the rise of Interaction DLP—security controls designed specifically for prompts and generated responses rather than static files. From preventing sensitive prompts from reaching external web grounding to monitoring AI-generated summaries, modern governance now operates directly inside the interaction layer itself.  THE EXECUTIVE TRUST PARADOX Enterprise leaders understand that AI is strategically necessary, but many still lack confidence in their organization’s data foundation. This creates what we call the “Executive Trust Paradox”—the tension between urgency to deploy AI and fear of catastrophic oversharing or hallucination events. The episode explores why governance maturity—not technology maturity—is now the primary blocker for enterprise-scale Copilot adoption. We also discuss how telemetry, auditability, and measurable controls help organizations move from policy theater to operational reality.  BUILDING A GOVERNANCE-AWARE CULTURE Technology alone will not solve AI governance challenges. Organizations must also close the “Prompt Literacy” gap by teaching employees how to interact with AI systems responsibly and effectively. We explain why prompting is becoming a core digital skill and why governance frameworks must include training, departmental AI champions, human-in-the-loop verification, and clear accountability standards for AI-generated content. Successful Copilot deployments are ultimately built on a combination of technical controls, operational discipline, and cultural maturity.  IN THIS EPISODE YOU’LL LEARN Why Copilot exposes existing governance failures instead of creating new onesHow enterprises should structure AI rollout tiers based on riskThe role of Microsoft Purview in AI governance and complianceWhy AI-generated content requires lifecycle management and retention policiesHow organizations can measure realized ROI instead of theoretical productivity gainsWhy governance-aware culture is now a competitive advantageMicrosoft Copilot has the potential to fundamentally transform enterprise productivity, but only if organizations treat governance as infrastructure instead of a compliance afterthought. AI success is no longer determined by who buys the licenses first. It is determined by who builds the safest, cleanest, and most governable digital estate. This episode delivers a practical roadmap for IT leaders, architects, security teams, and executives navigating the future of Microsoft 365 AI governance in 2026 and beyond. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.

    1 小時 3 分鐘
  2. Too Many Places for Notes: Navigating OneNote, Loop, Copilot, and More with Karinne Diamond Bessette [MVP]

    5 小時前

    Too Many Places for Notes: Navigating OneNote, Loop, Copilot, and More with Karinne Diamond Bessette [MVP]

    In this episode of the m365.fm podcast, Mirko Peters sits down with Microsoft MVP, educator, technical storyteller, and community leader Karinne Diamond Bessette to explore one of the biggest productivity challenges in the modern workplace: information chaos. Between OneNote, Loop, Teams, Copilot, Planner, Whiteboard, Outlook, and SharePoint, employees today have more places than ever to store ideas, tasks, meeting notes, project updates, and collaborative content. The result? Many organizations struggle to decide where information should actually live and how to keep everything organized, searchable, and actionable. THE EVOLUTION OF MICROSOFT 365 COLLABORATION Karinne shares her journey from support engineering and operations into the world of enablement, technical storytelling, and Microsoft 365 advocacy. Her experience helping both technical and non-technical users gives her a unique perspective on how collaboration tools should work in real-world environments. Throughout the episode, she repeatedly emphasizes the importance of translating technology into something humans can actually understand and use effectively. One of the central themes in the discussion is the growing complexity of the Microsoft 365 ecosystem. What once started as a productivity suite focused on Word, Excel, and Outlook has evolved into a massive connected collaboration platform with overlapping tools, AI integrations, and constantly changing workflows. Karinne explains that while flexibility is valuable, it also creates a major challenge for users trying to decide where to create notes, how to manage information, and how to avoid duplication. WHY ONENOTE STILL MATTERS The conversation dives deeply into the evolution of note-taking itself. Karinne explains how she originally moved from scattered text files on her desktop into OneNote because it allowed her to centralize and search information more effectively. However, she also introduces one of the most memorable quotes of the episode: “OneNote is where notes go to die.” The problem, according to Karinne, is not that OneNote is bad. The issue is that many users capture information inside notebooks but never revisit it, organize it properly, or connect it to actionable workflows. Important ideas often disappear into large personal notebook structures without reminders, visibility, or collaboration. HOW LOOP IS CHANGING TEAMWORK This naturally leads into one of the episode’s biggest topics: Microsoft Loop. Karinne explains why Loop has become one of her favorite tools inside the Microsoft ecosystem. She describes Loop as a bridge between email, Teams, tasks, and collaborative content. Rather than creating multiple copies of information across different applications, Loop allows users to maintain a single shared component that stays synchronized everywhere it appears. This creates what she calls a “single source of truth” experience for collaboration. The episode explores several practical use cases where Loop becomes extremely powerful: Shared meeting notesCollaborative task trackingPersistent project updatesCross-team coordinationOne of the most interesting insights from the discussion is that many organizations are already using Loop without realizing it. Karinne explains how modern Microsoft Teams meeting notes now automatically generate Loop-powered collaborative pages behind the scenes. Instead of meeting notes disappearing inside endless Teams chats, organizations can now maintain persistent collaborative workspaces connected to tasks, updates, and shared action items. COPILOT PAGES, NOTEBOOKS & AI CONTEXT The conversation also dives into Microsoft Copilot Pages and Copilot Notebooks, which Karinne sees as the next evolution of contextual AI collaboration. These tools allow organizations to gather multiple information sources into centralized workspaces that can then ground AI responses against a specific project context. Karinne shares a practical example from a large event project where she combined: EmailsTeams messagesPlanning callsLoop pagesinto one centralized notebook. She was then able to ask Copilot to generate summaries, identify action items, and surface the most relevant information for her specific responsibilities during the event. Tasks that previously would have required hours of manual review were completed in minutes. THE FUTURE OF ENTERPRISE SEARCH Another major theme throughout the episode is enterprise search and how AI is fundamentally changing the way organizations retrieve information. Karinne explains that traditional folder structures and file organization are becoming less important because Copilot increasingly understands context, relationships, and semantic meaning rather than relying purely on filenames or locations. She shares an example where she could not manually locate an old PowerPoint presentation but was able to ask Copilot about a presentation tied to a specific event date — and the AI surfaced the correct file almost instantly. This shift toward contextual search represents one of the biggest changes in knowledge management the Microsoft ecosystem has ever seen. WHY GOVERNANCE & METADATA MATTER MORE THAN EVER The discussion also highlights the growing importance of metadata, governance, and information hygiene in the AI era. Karinne introduces the concept of “ROT data,” which stands for: RedundantObsoleteTrivialcontent that pollutes enterprise systems and weakens AI-generated responses. She explains that organizations now face an urgent challenge: AI systems can only be as trustworthy as the information they are trained or grounded on. If outdated documents, duplicated files, poor metadata, or irrelevant content dominate enterprise storage systems, AI tools may surface inaccurate or misleading information. Because of this, Karinne strongly advocates for better governance practices, including document ownership, lifecycle management, expiration reviews, and relevance monitoring. She also discusses how Microsoft is beginning to introduce mechanisms that reduce the importance of stale or untouched content inside AI-powered search experiences. ENABLEMENT IS THE MISSING PIECE Another powerful part of the episode focuses on workplace enablement and digital adoption. Karinne believes organizations need more people acting as translators between technical systems and business users. She explains that technology alone does not create productivity. Companies need internal champions who can guide users, simplify concepts, encourage learning, and help teams understand how tools should actually fit into their daily workflows. The episode highlights how organizations often underestimate the importance of: TrainingAdoption programsInternal championsLearning culturewithout realizing these elements are often the real reason technology projects succeed or fail. AI, CREATIVITY & HUMAN COLLABORATION The episode also touches on AI creativity, collaboration, and the fear that AI may reduce human thinking. Karinne strongly disagrees with the idea that AI makes people less intelligent. Instead, she sees AI as a brainstorming partner and creative accelerator that can help users refine ideas, organize concepts, and improve communication. She shares examples of using AI to enhance presentation structures, storytelling, and content development while still relying heavily on human expertise and editing. According to Karinne, AI works best when humans stay actively involved in shaping the final outcome. THE FUTURE OF WORK INSIDE MICROSOFT 365 Toward the end of the conversation, the discussion shifts toward future Microsoft 365 trends. Karinne highlights how Microsoft is increasingly moving toward AI-grounded collaboration, context-aware productivity, integrated workspaces, and agent-driven workflows. She believes the future of work will rely less on manually navigating applications and more on AI systems capable of understanding intent, surfacing context, and orchestrating workflows automatically. The conversation paints a picture of a future where collaboration becomes: More contextualMore intelligentMore connectedMore AI-assistedwhile still requiring strong governance, clean information architecture, and Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.

    47 分鐘
  3. Secure-by-Design AI: Protecting MLOps in the Microsoft Cloud with Martin Dimovski [MVP-MCT]

    1 天前

    Secure-by-Design AI: Protecting MLOps in the Microsoft Cloud with Martin Dimovski [MVP-MCT]

    In this episode of the m365.fm podcast, Mirko Peters sits down with Microsoft MVP, MCT, cloud security expert, and community leader Martin Dimovski to explore one of the most important topics in modern enterprise IT: securing AI workloads and MLOps environments inside the Microsoft Cloud. Together, they dive deep into secure-by-design architecture, AI security risks, DevSecOps, Prompt Injection attacks, identity protection, Microsoft Defender, GitHub Advanced Security, and the future of AI-driven cyber threats. Martin shares his personal journey from IT support engineer into cloud security and AI security architecture, explaining how years of experience in infrastructure, Azure, DevOps, and Microsoft technologies ultimately pushed him toward cybersecurity and AI governance. The discussion highlights why AI security is no longer optional and why organizations that move too fast without proper security foundations could face major problems in the coming years. WHY AI SECURITY MATTERS NOW MORE THAN EVER One of the strongest themes throughout this episode is the speed at which organizations are deploying AI systems without fully understanding the security implications behind them. Martin explains that many companies are currently: Deploying AI solutions rapidlyExperimenting with LLM integrationsBuilding AI agentsCreating cloud-native AI workloadsUsing open-source AI modelsIntegrating APIs into production environmentsBut at the same time, organizations often forget the security fundamentals that should protect these environments. The conversation explores how AI introduces completely new attack surfaces while simultaneously amplifying existing security problems. WHAT “SECURE-BY-DESIGN” REALLY MEANS A major focus of the episode is understanding the concept of secure-by-design architecture. Martin explains that security should never be added after development is complete. Instead, security conversations must begin at the very first design phase of any application or AI project. The discussion covers: Threat modelingArchitectural reviewsIdentity securityAuthentication planningSecure pipelinesInfrastructure protectionSecure APIsData governanceMartin shares why collaboration between developers, architects, DevOps engineers, and security teams is absolutely essential for building resilient AI systems. One of the key takeaways: Security teams should not become blockers for innovation — they should become partners in building secure systems. UNDERSTANDING MLOPS & DEVSECOPS For listeners newer to AI infrastructure topics, Martin breaks down the differences between: DevOpsDevSecOpsMLOpsSecure AI pipelinesThe episode explains how machine learning operations combine infrastructure, automation, data engineering, model deployment, and monitoring into one continuous operational process. Martin also highlights why traditional security approaches are no longer enough once organizations start integrating: Large Language ModelsAI agentsCloud AI servicesAI APIsAI orchestration pipelinesThe discussion shows how modern security must now cover not only infrastructure and applications, but also models, prompts, training data, inference pipelines, and AI-generated outputs. THE REAL DANGER OF PROMPT INJECTION One of the most fascinating parts of the episode is Martin’s explanation of Prompt Injection attacks. Using simple real-world analogies, Martin explains how attackers manipulate Large Language Models by overriding or bypassing original system instructions. The conversation explores: Direct Prompt InjectionIndirect Prompt InjectionAI manipulationLLM instruction abuseMalicious promptsUnsafe AI agentsContext hijackingData extraction risksMartin explains why prompt injection is becoming one of the most discussed attack vectors in AI security today and why organizations need to start thinking about AI trust boundaries immediately. THE HIDDEN RISK OF OPEN-SOURCE MODELS Another major topic is the increasing use of publicly available AI models. Martin shares concerns around: Downloading unverified modelsCompromised Hugging Face repositoriesMalicious AI packagesUnsafe dependenciesSupply-chain attacksAPI key exposureSecret leakagePublic model poisoningThe discussion highlights how organizations may unknowingly introduce compromised models directly into production environments. This section serves as a major warning for companies rushing into AI adoption without proper governance and validation processes. WHY IDENTITY SECURITY IS EVERYTHING Identity and access management become another core theme throughout the episode. Martin strongly emphasizes the importance of: Microsoft Entra IDPrivileged Identity ManagementJust-In-Time accessLeast privilegeIdentity governanceAccess reviewsRole separationConditional AccessOne of the strongest lessons from the conversation is that attackers often do not need to break systems — they simply abuse existing permissions and weak access configurations. Martin explains why organizations should avoid giving permanent privileged access and instead embrace short-lived administrative permissions wherever possible. MICROSOFT DEFENDER & AI SECURITY The episode also dives deeply into the Microsoft security ecosystem and how Microsoft Defender is evolving to protect AI workloads. Martin discusses: Microsoft Defender for CloudDefender XDRAI workload monitoringReal-time scanningAzure AI Foundry protectionThreat visibilitySecurity telemetryCloud-native protectionAccording to Martin, Microsoft Defender is becoming one of the most powerful unified security platforms for organizations heavily invested in Microsoft technologies.  Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.

    55 分鐘
  4. Inside Enterprise Security: AD Tiering & Privileged Access with Viktor Hedberg [MVP - MCT]

    1 天前

    Inside Enterprise Security: AD Tiering & Privileged Access with Viktor Hedberg [MVP - MCT]

    In this episode of the m365.fm podcast, Mirko Peters sits down with cybersecurity expert Viktor Hedberg to explore one of the most critical — and misunderstood — areas of enterprise IT security: Active Directory tiering, privileged access, identity protection, and defending modern hybrid environments. With years of experience in incident response, offensive security, Active Directory hardening, and enterprise defense at Truesec, Viktor brings practical, real-world insights into how organizations can dramatically improve their security posture before attackers exploit their weaknesses. The conversation begins with Viktor sharing his personal journey into cybersecurity. Unlike many traditional security professionals, Viktor did not come from a university background. Instead, he worked his way from helpdesk and system administration into consultancy and incident response, gaining deep technical knowledge of Windows, Active Directory, infrastructure, and enterprise security along the way. That hands-on experience became the foundation for understanding both how to secure systems and how attackers compromise them. WHY ACTIVE DIRECTORY IS STILL A MASSIVE TARGET One of the strongest themes throughout the episode is the fact that Active Directory is far from dead. Despite the rise of Microsoft Entra ID, cloud-first environments, and SaaS adoption, Active Directory still remains the backbone of identity and access management in countless organizations worldwide. Viktor explains why attackers continue targeting Active Directory environments: Cached credentialsPassword hashes stored locallyKerberos ticketsOverprivileged accountsWeak administrative separationPoor tiering implementationExcessive lateral movement opportunitiesThe discussion highlights how many organizations unknowingly expose highly privileged accounts simply by allowing administrators to sign into workstations, laptops, and servers without restrictions. Viktor explains that in many environments, compromising a single endpoint can ultimately lead to full domain compromise because of how Windows authentication and credential storage work internally. UNDERSTANDING AD TIERING A major focus of the episode is understanding the concept of Active Directory administrative tiering. Viktor breaks down how organizations can separate systems and administrative responsibilities into different security tiers to limit credential exposure and reduce the blast radius during an attack. The discussion explores: Tier 0 systemsTier 1 serversEndpoint administrationDomain controllersEntra Connect serversPKI infrastructureAdministrative boundariesCredential isolationOne of the key lessons from the episode is that organizations often underestimate which systems actually belong in Tier 0. Viktor explains why systems like Microsoft Entra Connect, PKI servers, SCCM infrastructure, and identity synchronization services can effectively become equivalent to domain controllers from a security perspective. THE DANGER OF BUILT-IN ACTIVE DIRECTORY GROUPS Another critical topic is the misuse of built-in Active Directory groups. Viktor shares real-world examples where organizations accidentally introduced major privilege escalation paths by using groups like: Print OperatorsBackup OperatorsServer OperatorsAccount OperatorsThe episode explains why many administrators misunderstand the true permissions behind these legacy groups and how attackers can abuse them to gain elevated access inside the domain. This section serves as a strong reminder that convenience and lack of visibility often create the biggest enterprise security risks. MODERN ATTACKERS ARE CHANGING THEIR STRATEGY One of the most fascinating discussions in the episode focuses on how modern attackers operate today. According to Viktor, traditional offensive tools like Mimikatz, Metasploit, and obvious malware payloads are becoming less common because modern EDR solutions detect them more effectively. Instead, attackers increasingly: Use native Windows toolingAbuse PowerShellLeverage SSH on WindowsBlend into normal system activityExploit legitimate administration featuresHide inside normal enterprise trafficViktor shares examples of how attackers can abuse built-in Windows functionality to bypass monitoring while avoiding traditional malware detection methods entirely. The episode highlights why defenders must understand Windows internals — not just security products — to properly defend enterprise environments. WHY DEFENDER FOR IDENTITY MATTERS Throughout the conversation, Viktor repeatedly emphasizes the importance of Microsoft Defender for Identity and proper security monitoring. The discussion covers: Identity-based attack detectionCorrelation between endpoint and identity eventsPrivileged account monitoringThreat visibilityHybrid identity protectionSecurity telemetryCustom indicatorsAdvanced detection strategiesViktor explains why organizations need both endpoint visibility and identity visibility to properly understand modern attacks. The episode also explores why simply purchasing security products is not enough if organizations fail to configure them correctly or actively monitor their environments. WHAT TO DO DURING A CYBER ATTACK One of the most practical parts of the episode is Viktor’s advice on incident response. When organizations suspect an attack, Viktor strongly recommends: Do not shut systems downDisconnect network access if necessaryPreserve forensic evidenceAvoid destroying logsContact incident response professionals quicklyKeep systems intact for investigationHe explains how many organizations accidentally make investigations harder by turning off firewalls, rebooting systems, or deleting evidence before responders arrive. The conversation provides valuable insight into how professional incident response teams approach compromised environments and why preserving evidence is absolutely critical. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.

    47 分鐘
  5. Why Simplicity Wins in Microsoft 365 with Evi van der Velden [MVP]

    2 天前

    Why Simplicity Wins in Microsoft 365 with Evi van der Velden [MVP]

    In this episode of the m365.fm podcast, Mirko Peters sits down with Microsoft MVP Evi van der Velden to discuss one of the most underestimated topics in modern IT: simplicity. Together, they explore Microsoft 365 governance, Copilot adoption, metadata, SharePoint, user adoption, digital stress, AI readiness, and why organizations often make technology far more complicated than it needs to be. Evi shares her unique journey into the Microsoft ecosystem, moving from leisure management and event organization into the world of Microsoft 365, user adoption, and governance. In just five years, she became a recognized Microsoft MVP and one of the strongest voices in the community around practical Microsoft 365 adoption and simplification strategies. The conversation focuses heavily on the human side of technology and why successful Microsoft 365 environments are not built only through technical configurations, but through communication, training, governance, and helping users understand how to work smarter. WHY MICROSOFT 365 FEELS OVERWHELMING One of the biggest themes in this episode is the increasing complexity of the Microsoft ecosystem. Evi explains how Microsoft 365 has evolved far beyond Word, Excel, and PowerPoint into a massive connected platform including Teams, SharePoint, OneDrive, Power Platform, Copilot, Viva, and many other services. While the platform offers incredible flexibility and possibilities, many organizations struggle because users simply do not understand how the tools work together. The discussion explores: Information overloadTool fatigueUser confusionRapid feature changesAI disruptionGovernance complexityEvi shares why simplicity is not about removing functionality, but about helping users focus on the right tools and the right workflows for their daily work. THE REAL VALUE OF SHAREPOINT One of the most interesting parts of the episode is Evi’s passion for SharePoint. While many people still think of SharePoint as only a document management platform, Evi explains why she sees SharePoint as the engine behind the entire Microsoft 365 ecosystem. The conversation dives into: SharePoint ListsDocument librariesMetadataPower Platform integrationPower AppsPower AutomateLifecycle managementKnowledge managementEvi shares practical examples of how SharePoint can be used as a flexible front-end for business solutions and automation without creating unnecessary technical complexity. WHY COPILOT ADOPTION OFTEN FAILS The discussion naturally shifts toward Microsoft Copilot and AI adoption. Evi explains that many organizations still approach Copilot completely wrong. They buy licenses, provide one training session, and then expect employees to magically change the way they work. According to Evi, successful Copilot adoption requires: Continuous enablementHabit creationBusiness-specific use casesAI literacyGovernanceOngoing communicationUser supportThe episode explores why many employees know how to use ChatGPT casually at home but struggle to use AI effectively inside enterprise business scenarios. Evi also explains why organizations need to provide safe AI environments and guidance rather than simply blocking AI usage completely. AI IS A MIRROR FOR ORGANIZATIONS One of the strongest insights from the episode is Evi’s perspective that AI does not create organizational problems — it exposes them. The conversation highlights how Microsoft Copilot surfaces: Poor permissionsOutdated filesOvershared contentWeak governanceUnstructured dataMissing lifecycle managementOrganizations that ignored governance for years are now discovering that Copilot makes those issues visible immediately. Evi explains why AI readiness is not only about licensing or technology but about understanding: Data qualityPermissionsArchivingInformation architectureGovernance ownershipUser responsibilitiesTHE IMPORTANCE OF METADATA Another major topic in the episode is metadata and why Evi believes it is one of the most powerful — and most ignored — features inside SharePoint. Instead of relying only on deeply nested folder structures, Evi explains how metadata can create: Dynamic document viewsRole-based knowledge accessCleaner navigationBetter search experiencesSimplified information managementShe shares practical examples of building knowledge bases using SharePoint libraries and metadata-driven filtering to ensure employees only see information relevant to their role. The episode makes a strong case for moving away from traditional file structures toward modern information architecture. SIMPLICITY VS CUSTOMIZATION Evi also shares her thoughts on customization inside Microsoft 365. While many IT professionals enjoy building custom solutions, Evi warns that over-customization often creates long-term maintenance problems and unnecessary complexity. Her philosophy is simple: “Everything you build can break.” The discussion explores why organizations should first maximize standard Microsoft 365 capabilities before creating heavily customized solutions. Key areas include: StandardizationGovernanceSustainable architectureNative Microsoft functionalityUser-focused designSimplicity-first thinkingWHY CHANGE MANAGEMENT MATTERS MORE THAN EVER One of the most important takeaways from this conversation is that modern IT is becoming less technical and more human-focused. Evi explains that administrators and IT teams increasingly need skills in: CommunicationUser adoptionGovernanceChange managementTrainingOrganizational guidanceTechnology alone no longer guarantees success. The organizations that succeed with Microsoft 365 and AI are the ones that help employees understand how to work differently, not just how to use another tool.  Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.

    47 分鐘
  6. Secure, Scalable, Governed: Power Platform Best Practices with Craig White [MVP]

    2 天前

    Secure, Scalable, Governed: Power Platform Best Practices with Craig White [MVP]

    In this episode of the m365.fm podcast, Mirko Peters sits down with Craig White, double Microsoft MVP, AI Platform Lead, governance specialist, and co-host of the Power Platform Panic Room podcast. With more than twenty years of experience across SQL Server, SharePoint, Microsoft 365, Power Platform, and Copilot Studio, Craig shares deep insights into governance, citizen development, AI readiness, scalable Power Platform adoption, and the future of low-code inside the Microsoft ecosystem. This conversation goes far beyond generic Power Platform discussions. Instead, it focuses on the real-world operational challenges organizations face when trying to scale Power Platform safely while still empowering makers and enabling innovation. WHY GOVERNANCE SHOULD ENABLE — NOT BLOCK One of the strongest themes throughout the episode is Craig’s philosophy around governance. He explains why governance should never be about stopping people from building solutions. Instead, governance should create guardrails that allow organizations to innovate safely at scale. Craig shares how many companies still approach Power Platform with fear, often worrying that citizen developers will create chaos, expose data, or bypass IT processes. But according to Craig, the real danger is not enabling users at all. When organizations completely block innovation, shadow IT simply moves outside the organization. The discussion explores why governance frameworks should feel almost invisible for makers while still protecting the organization through: Environment strategiesData Loss Prevention policiesSecurity boundariesAPI governanceControlled connectorsLifecycle managementCraig explains that the goal is not to remove freedom but to create safe paths for innovation. THE REALITY OF POWER PLATFORM GOVERNANCE Craig highlights how unique Power Platform governance really is compared to traditional Microsoft technologies. Unlike older systems where access was centrally controlled, Power Platform arrived enabled by default. Many organizations never realized employees already had access to build apps, flows, automations, and AI solutions for years. This creates a completely different governance challenge. Craig explains how organizations often discover thousands of apps, flows, and automations already running inside their tenant before governance processes even exist. The episode explores why governance maturity starts with visibility and understanding what already exists inside the environment. The discussion also dives into: Default environment risksTenant settingsEnvironment provisioningDLP policiesGovernance automationConnector restrictionsEnterprise administrationAI, COPILOT & THE NEXT EVOLUTION OF POWER PLATFORM The conversation naturally shifts toward AI and Copilot Studio, where Craig shares his excitement about the future of AI inside Power Platform. He explains how organizations are rapidly moving from simple automation into: AI agentsCopilot StudioSkills-based automationMCP integrationsAI-assisted governanceIntelligent business workflowsCraig also discusses how AI is fundamentally changing administration and governance itself. Instead of manually configuring environments, policies, and settings, future administrators may increasingly rely on AI-powered interfaces and intelligent automation. The episode explores how AI is exposing long-standing governance issues that organizations ignored for years, especially around: OversharingPermissionsData securityComplianceZero trust architectureInformation governanceCraig emphasizes that AI does not create governance problems — it reveals the ones organizations already had. WHY CITIZEN DEVELOPMENT IS NO LONGER OPTIONAL Another major focus of the discussion is citizen development. Craig strongly believes modern organizations can no longer rely entirely on centralized IT teams to solve every business problem. Employees closest to the business processes often understand automation opportunities better than anyone else. The episode explores why successful organizations: Enable internal makersBuild communitiesCreate champions programsSupport experimentationEncourage knowledge sharingProvide safe development environmentsCraig explains that when employees understand the tools and feel empowered to solve problems themselves, innovation accelerates dramatically. THE IMPORTANCE OF ENVIRONMENT STRATEGY One of the most practical parts of the episode focuses on environment strategy. Craig explains why mature organizations separate: Development environmentsTest environmentsProduction environmentsPersonal experimentation spacesHe shares how many organizations skip this step early on and later struggle with governance, deployment processes, licensing, and operational support. The discussion also covers why enterprise Power Platform adoption requires: Dedicated support structuresGovernance ownershipDeployment processesLifecycle planningSolution managementChange controlPOWER PLATFORM MATURITY IN THE AI ERA Craig also shares his perspective on what true Power Platform maturity looks like in modern organizations. Interestingly, he explains that maturity is not about having thousands of apps or flows. Instead, maturity is about measurable business value. The real question becomes: Are people actively using the solutions?Are business processes improving?Are automations saving time?Are employees empowered?Is governance working without friction?Craig believes successful organizations eventually reach a point where Power Platform becomes the natural toolset employees instinctively use to solve problems and automate work. THE POWER PLATFORM PANIC ROOM Mirko and Craig also discuss the story behind the Power Platform Panic Room podcast. Craig explains that the rapid pace of AI, Copilot, governance, and Power Platform innovation can feel overwhelming for many administrators and architects. The podcast was created as a safe place for professionals to discuss challenges, learn together, and navigate the rapidly changing Microsoft ecosystem. It is a reminder that even experienced professionals are still learning and adapting alongside the technology itself.  Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.

    47 分鐘
  7. Maximizing Microsoft Copilot: Beyond the Demo with Ralph Rivas [MVP]

    3 天前

    Maximizing Microsoft Copilot: Beyond the Demo with Ralph Rivas [MVP]

    In this episode of the m365.fm podcast, Mirko Peters sits down with Ralph Rivas (MVP), also known as the “Copilot Junkie,” to explore the current reality of Microsoft Copilot, AI adoption, governance, automation, and enterprise readiness. Together they go far beyond the marketing demos and discuss what organizations actually need to do to make AI successful inside Microsoft 365. Ralph shares his journey from early SharePoint days into the Power Platform and Microsoft 365 ecosystem, explaining how governance and architecture became critical long before AI entered the conversation. The discussion highlights why many organizations still underestimate the importance of data governance, permissions, security, and information architecture before rolling out Copilot or autonomous agents. The conversation also dives into why Microsoft intentionally released Copilot early, how the platform has matured over time, and why Copilot today is becoming one of the strongest enterprise AI solutions because of its deep integration across Outlook, Teams, SharePoint, Excel, and the broader Microsoft 365 ecosystem. WHY AI GOVERNANCE IS NOW A BUSINESS REQUIREMENT One of the biggest topics in this episode is governance. Ralph explains why AI does not create governance problems — it exposes the problems organizations already had. The episode explores how organizations often rush into Copilot deployments without properly reviewing permissions, oversharing risks, compliance requirements, or security controls. Once AI gains access to enterprise content, weak governance quickly becomes visible. Mirko and Ralph discuss: AI governance strategiesSecurity readiness before Copilot rolloutShadow AI and uncontrolled ChatGPT usageMicrosoft Purview and complianceResponsible AI policiesEnterprise data protectionRalph emphasizes that organizations must prepare their environments before enabling AI at scale and explains why governance teams are now more important than ever. COPILOT STUDIO, AGENTS & MICROSOFT FOUNDRY The episode takes a deep technical turn into Copilot Studio, autonomous agents, MCP integrations, and Microsoft Foundry. Ralph explains the differences between: Copilot StudioCustom CopilotsAutonomous AgentsMicrosoft FoundryAzure AI architecturesThe discussion covers when organizations should use low-code AI solutions versus enterprise Azure-based architectures and why Copilot Studio is rapidly evolving into a serious enterprise automation platform. The conversation also explores the future of autonomous agents and why “human in the loop” governance remains critical as AI systems become more proactive and capable of making decisions independently. LOW-CODE, PRO-CODE & THE FUTURE OF DEVELOPMENT Another major topic is the changing relationship between low-code and professional development in the age of AI. Ralph shares why professional developers are not disappearing but instead becoming even more important as enterprise architectures grow more complex. AI-assisted development, vibe coding, automation, and Power Platform solutions all still require strong architectural thinking, governance, and enterprise oversight. The episode explores how citizen developers can create incredible ideas and prototypes, but enterprise-grade solutions still require professional governance, support, and operational ownership.  COMMON COPILOT MISTAKES ORGANIZATIONS MAKE Throughout the discussion, Ralph shares the most common mistakes organizations make when adopting Microsoft Copilot and AI solutions. Some of the biggest issues include: Expecting instant ROI without preparationPoor data governanceWeak security modelsMisunderstanding AI demosLack of AI policiesMissing change management strategiesIgnoring compliance requirementsThe episode also highlights why many organizations underestimate the human factor in AI security and why employee awareness and governance remain essential. KEY TAKEAWAYS FROM THIS EPISODE Governance is the foundation of successful AI adoptionMicrosoft Copilot has matured rapidly inside Microsoft 365Copilot Studio is evolving into a powerful enterprise AI platformAutonomous agents require strong oversight and governanceAI exposes existing security and permission problemsLow-code and pro-code development will continue to coexistOrganizations must move beyond demos and focus on real business outcomesABOUT RALPH RIVAS Ralph Rivas is a Microsoft MVP, enterprise architect, governance expert, and Power Platform specialist with deep experience across Microsoft 365, SharePoint, automation, Copilot Studio, and AI-driven enterprise solutions. Known in the community as the “Copilot Junkie,” Ralph regularly shares insights around governance, AI readiness, automation, and enterprise architecture.  LISTEN TO MORE EPISODES For more deep dives into Microsoft 365, AI, Copilot, Power Platform, governance, automation, and enterprise technology strategy, subscribe to the m365.fm podcast and stay connected with the latest conversations from MVPs, architects, and Microsoft experts around the world. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.

    55 分鐘
  8. Your Governance Policies Were Not Built for AI with Christian Buckley [MVP]

    3 天前

    Your Governance Policies Were Not Built for AI with Christian Buckley [MVP]

    Artificial Intelligence is rapidly transforming the Microsoft 365 ecosystem. Organizations everywhere are deploying Microsoft Copilot, experimenting with AI agents, automating workflows, and integrating intelligent systems into their daily operations. But while companies are rushing toward AI adoption, most are overlooking one critical reality: their governance policies were never designed for AI. In this episode of the m365.fm podcast, Mirko Peters sits down with Microsoft Regional Director, MVP, collaboration strategist, and governance expert Christian Buckley to explore why traditional Microsoft 365 governance approaches are no longer enough in an AI-driven world. This conversation goes far beyond generic AI discussions and dives deep into the operational challenges organizations now face around permissions, compliance, information architecture, metadata, lifecycle management, Copilot readiness, and responsible AI adoption. WHY AI CHANGES GOVERNANCE COMPLETELY For years, governance inside Microsoft 365 focused primarily on collaboration management, SharePoint permissions, Teams provisioning, compliance controls, and external sharing. But AI changes the entire equation. Christian explains how tools like Microsoft Copilot can now surface information across multiple systems instantly, making old governance gaps far more visible than ever before. Content that technically existed inside Microsoft 365 for years — but remained difficult to discover — can suddenly become accessible through AI-powered discovery experiences. That creates major risks for organizations with:Poor permissions managementOvershared Teams environmentsBroken SharePoint inheritanceUnmanaged OneDrive contentInconsistent metadata structuresAccording to Christian, AI does not create governance problems. It exposes the governance problems organizations already had. THE HIDDEN DANGER OF PERMISSIONS SPRAWL One of the biggest topics throughout the episode is permissions sprawl inside Microsoft 365 environments. Over the years, many organizations accumulated forgotten sharing links, legacy SharePoint permissions, unused Teams workspaces, stale guest accounts, and poorly managed collaboration sites. Before AI, much of this remained hidden because users rarely searched deeply enough to accidentally discover sensitive information. But AI changes discoverability completely. Christian compares this shift to the original impact of Microsoft Delve, where users suddenly realized how much information they already had access to without understanding it beforehand. With Copilot and AI-powered search experiences, this effect becomes dramatically larger because intelligent systems can aggregate information, summarize documents, identify relationships, and surface hidden content instantly. This makes governance maturity one of the most important foundations for successful AI adoption.  AI READINESS IS NOT ABOUT BUYING COPILOT LICENSES One of the strongest points Christian makes during the episode is that AI readiness is not a licensing project. Organizations often believe they become “AI-ready” the moment they purchase Copilot licenses or deploy AI tooling. But true AI readiness requires clean permissions, structured content, metadata strategies, ownership models, governance automation, classification policies, compliance enforcement, and lifecycle management. Without these foundations, AI systems can become unreliable, risky, and difficult to control. Christian explains that many organizations are now being forced to solve governance problems they ignored for years because AI finally made those weaknesses impossible to hide.  WHY INFORMATION ARCHITECTURE MATTERS MORE THAN EVER Another major theme throughout the discussion is information architecture. Many organizations underestimate how important structured information becomes once AI enters the environment. AI systems rely heavily on metadata, taxonomy, naming conventions, content organization, classification systems, and relationship mapping. Without structure:AI responses become inconsistentSearch quality suffersRecommendations weakenCompliance risks increaseSensitive content becomes harder to governChristian explains that governance and information architecture are no longer optional operational tasks. They are foundational requirements for effective enterprise AI. THE RISE OF SHADOW AI One of the most fascinating parts of the episode focuses on shadow AI. Employees today are already using ChatGPT, Claude, Gemini, Copilot Studio, custom AI agents, and third-party automation platforms — often completely outside official governance frameworks. Christian warns that organizations cannot simply ban AI usage and expect innovation to stop. Instead, companies need responsible AI policies, governance guardrails, approved AI environments, user education, and secure experimentation spaces. The organizations that succeed will be the ones that balance innovation with governance rather than treating them as opposing forces.  GOVERNANCE SHOULD NOT SLOW USERS DOWN A key insight from the conversation is that good governance should become nearly invisible. Overly restrictive governance models often fail because users eventually work around them through shadow IT, personal cloud storage, external tools, or unmanaged AI workflows. Christian explains that modern governance should enable productivity rather than block it. Automated site provisioning, sensitivity labels, lifecycle automation, controlled sharing policies, and built-in compliance controls allow organizations to create intelligent guardrails without slowing down collaboration. The goal is to support users while still protecting enterprise data.  WHY AI GOVERNANCE IS NOT JUST AN IT PROBLEM Another important discussion throughout the episode is how governance responsibilities are shifting beyond IT departments. AI governance now impacts:Compliance teamsBusiness leadershipHR departmentsLegal teamsSecurity professionalsEnd usersChristian strongly believes governance must become a shared organizational responsibility. Different business units often have completely different risk profiles, compliance requirements, and collaboration models. That means organizations need governance strategies flexible enough to adapt across departments instead of relying on rigid one-size-fits-all approaches. THE FUTURE OF AI GOVERNANCE Looking ahead, Christian believes governance will increasingly become automated, intelligent, and context-aware. Future AI governance models may include AI-assisted compliance monitoring, automated risk detection, intelligent data classification, context-aware permissions, and AI-driven lifecycle automation. But despite all the technology advancements, one principle remains constant: organizations still need strong governance foundations before AI can operate safely at scale. KEY TOPICS COVERED IN THIS EPISODEMicrosoft 365 governance strategyCopilot readinessAI governance frameworksSharePoint governanceTeams governancePermissions sprawlInformation architectureMetadata and taxonomyShadow AI risksGovernance automationCompliance and securityAI readiness maturityABOUT CHRISTIAN BUCKLEY Christian Buckley is a Microsoft Regional Director, Microsoft MVP, collaboration strategist, governance expert, speaker, author, podcaster, and technology evangelist with more than thirty years of experience in enterprise collaboration and productivity platforms. He is widely recognized in the Microsoft ecosystem for his expertise around SharePoint, Microsoft 365 governance, information architecture, collaboration strategy, and digital workplace transformation. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.

    1 小時 1 分鐘
顯示全部 (608)

評分與評論

5
(滿分 5 顆星)
3 則評分

簡介

Welcome to the M365.FM — your essential podcast for everything Microsoft 365, Azure, and beyond. Join us as we explore the latest developments across Power BI, Power Platform, Microsoft Teams, Viva, Fabric, Purview, Security, and the entire Microsoft ecosystem. Each episode delivers expert insights, real-world use cases, best practices, and interviews with industry leaders to help you stay ahead in the fast-moving world of cloud, collaboration, and data innovation. Whether you're an IT professional, business leader, developer, or data enthusiast, the M365.FM brings the knowledge, trends, and strategies you need to thrive in the modern digital workplace. Tune in, level up, and make the most of everything Microsoft has to offer. M365.FM is part of the M365-Show Network. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.

資訊

  • 創作者
    Mirko Peters - Founder of m365.fm, m365.show and m365con.net
  • 活躍年代
    2025年 - 2026年
  • 集數
    608
  • 年齡分級
    兒少適宜
  • 版權
    © Copyright Mirko Peters / m365.fm - Part of the m365.show Network - News, tips, and best practices for Microsoft 365 admins
  • 節目網站
    M365.FM - Modern work, security, and productivity with Microsoft 365

你可能也會喜歡