Cloudy with a Chance of Insights | A Microsoft Cloud (Azure, M365) Show for Architects & Engineers

Richard Hogan, David Rowley and Cyrus Irandoust
  • 0.0 (0)
  • Technology
  • Updated Biweekly

Cloudy with a Chance of Insights is a practitioner‑led podcast for architects, engineers, and security professionals working with the Microsoft Cloud. In each episode, we take a grounded, experience‑led look at Azure, M365, Copilot, Security, and AI, focusing less on release notes and more on what actually changes in real environments. We discuss what breaks, what gets harder, what’s worth paying attention to, and what can usually wait. Expect opinionated conversation, technical context, and the occasional bit of healthy scepticism rather than marketing hype or surface‑level news summaries.

  1. EP35 | What Needs to Exist Around a Model

    6d ago

    EP35 | What Needs to Exist Around a Model

    Richard and David are back together this week, and David has been saving things up. The episode starts with a practical conversation about how both hosts actually manage content discovery, which turns into an honest account of what Richard's Knowledge Hub app does and where it still falls short. David's segment covers a lot of ground but lands in a consistent place. The MCP release candidate gets the most technical treatment, including a walkthrough of what stateless protocol core actually means in architectural terms and why the previous session-pinning behaviour was a genuine infrastructure problem. He follows that with Azure Container Apps Express, positioned as an agent-first runtime that addresses a real friction point in large organisations, and the AI Red Teaming Agent in Microsoft Foundry, which David uses as a way into one of the more important security concepts for agentic systems: indirect prompt injection. The ZoomIt segment wraps it all together, partly because Mark Russinovich's demo went spectacularly wrong on camera and they kept it all in, and partly because David uses it to pull a connecting thread through everything he covered. Richard's soapbox landed mid-conversation, prompted by a Microsoft podcast he'd been listening to that week. The argument: the AI adoption conversation is presenting as fresh insight something that was said word for word about Microsoft 365 in 2017. Same language, same frameworks, same metrics. Richard also covers the Copilot Credit Pre-Purchase Plan, which he discovered the night before recording, including the commercial architecture behind it and the ACD stacking question that the documentation does not answer. The episode closes with computer-using agents going generally available in Copilot Studio, a brief cross-industry tour including Google's shutdown of Project Mariner, the Perplexity/Amazon court case, and what to expect from Build 2026. LinksMCP 2026-07-28 Release CandidateAzure Container Apps Express (Microsoft Learn)AI Red Teaming Agent in Azure AI FoundryMicrosoft 2026 Work Trend IndexWindows 365 and Azure Virtual Desktop expanding accessModern Azure Resilience with Mark RussinovichEventLogExpert on GitHubZoomIt (Sysinternals)Mark and Scott LearnMicrosoft Copilot Credit Pre-Purchase PlanMicrosoft Agent FactoryCopilot Studio computer-using agents GAMicrosoft Build 2026Find usX/TwitterBlueskyLinkedInFacebookThreadsMusicNull Invocation, Monochrome Pulse

    1 hr
  2. EP34 | Harness Engineering, and the Configuration Drift Problem With Defender

    May 18

    EP34 | Harness Engineering, and the Configuration Drift Problem With Defender

    David is away this week, so it is just Richard and Cyrus. The episode ended up covering more ground than planned, and a couple of conversations went in directions that were not on the outline and were probably better for it. Richard opens with harness engineering, the concept he thinks explains why AI agent projects look so good in the demo and fall apart in production, then moves on to Agent 365 going generally available and what it does and does not actually provide. Cyrus has a segment on Defender antivirus and Intune that reframes a question most security teams are asking in a way that is, in Richard's view, considerably more useful. And there is an unplanned conversation about vibe coding and SonarCloud that produced a finding neither of them had expected. LinksHarness Engineering (Red Hat Developer, April 2026)Microsoft Agent 365 GAMicrosoft 365 E7 and Agent 365 GACopilot Flex Routing (Microsoft Learn)IBM Bob GA (IBM Newsroom, April 2026)IBM Bob product pageFind usX/TwitterBlueskyLinkedInFacebookThreadsMusicNull Invocation, Monochrome Pulse

    45 min

  3. May 4

    EP33 | Is Your Environment Readable Enough for AI to Reason About?1

    **THANKS FOR EVERYONE WHO NOTICED THE AUDIO GLITCH. THIS HAS NOW BEEN RESOLVED** This week, David pulls a thread across six seemingly unrelated Microsoft GitHub repos and lands on a question the industry keeps skipping: whether the systems we're asking AI to reason about are actually readable enough for that reasoning to mean anything. It's a more durable framing than the usual "what can AI do for you" conversation, and it connects to everything from security posture to delivery backlogs to architectural fragility. Cyrus covers a run of Microsoft security and identity updates. Entra license usage insights hitting GA, cross-tenant security group sync, Global Secure Access B2B support for AVD and Windows 365, macOS recovery lock, Defender promotional email handling, new advanced hunting tables, incident graph filtering, and Sentinel repositories reaching GA. He also highlights Chrome's rollout of device-bound session credentials, a hardware-backed fix to browser token theft that has been trivially exploitable for over a decade. Richard covers a Microsoft Research paper on red teaming networks of AI agents. Over a hundred autonomous agents interacting through forums and messages, and four failure modes that only emerge when agents interact at scale: propagation, amplification, trust capture, and proxy chain invisibility. The researchers also observed emergent defences, with a small number of agents spontaneously developing security-conscious behaviour. The episode closes with GitHub's shift from premium request units to token-based AI credits from June, and a shared comparison of what happens when agentic coding tools decide to ignore you.

    43 min
  4. EP32 | Agents, Memory, and the Demo That Didn't Need a Design Tool

    Apr 22

    EP32 | Agents, Memory, and the Demo That Didn't Need a Design Tool

    This week Richard, David, and Cyrus cover agent governance, Copilot adoption pressures, AI memory architecture, and a prototyping workflow that bypassed design tools entirely. David walks through two tools from Merrill Fernando for querying Microsoft Graph via MCP, Microsoft's open source Agent Governance Toolkit and its response to the OWASP agentic AI top ten, and MemPalace, an AI memory project with an unexpected connection to The Fifth Element. Richard looks at what the Copilot adoption numbers mean going into Microsoft's Q3 earnings, shares a prototyping workflow that produced a high-fidelity demo using GitHub Copilot and Claude instead of PowerPoint or Visio, and notes the Sentinel portal migration deadline has moved again to March 2027. Cyrus covers the security updates at pace, closing with a striking data point: 61% of C-suite leaders surveyed say their AI model assets or data have already been compromised. BlogThe Microsoft Cloud Blog YouTubeCloudy with a Chance of Insights - YouTube SoicialsTwitter / XBlueSkyLinkedInThreadsFacebook MusicNull Invocation: Monochrome PulseMonochrome Pulse on Soundcloud For all the links to the articles etc, please visit the companion blog site.The Microsoft Cloud Blog

    50 min
  5. EP31 | Servers, Security and Vibe Coding

    Apr 6

    EP31 | Servers, Security and Vibe Coding

    Episode 31 of Cloudy with a Chance of Insights, the fortnightly Microsoft Cloud podcast with Richard Hogan, Cyrus Irandoust, and David Rowley. This week: a cluster of end-of-support deadlines that deserve more attention than they're getting, IBM and Microsoft private preview work on Sentinel Lake and custom security graphs that Richard can finally talk about, why Power Platform's own governance team admitted the model is broken, and an honest first-week account of Claude Code from someone who burnt through the daily token limit in 90 minutes. Windows Server 2016 and the Azure Arc questionExtended support for Windows Server 2016 ends January 12, 2027, and the Microsoft article announcing Extended Security Updates references Azure Arc as the delivery mechanism — which David flagged as either an intentional positioning move or a drafting oversight worth questioning. Also in the frame: SQL Server 2016 ESU ending July 2026, Server 2012 extended security updates ending October 2026, and SQL Server 2014 following in July 2027. These workloads are stable, quiet, and being systematically deprioritised in favour of AI projects. That combination rarely ends well. Sentinel Lake and custom security graphs: the IBM private previewSince October last year, IBM has been working with Microsoft on the private preview for Sentinel Lake and custom graph builds — ingesting asset data from Tenable, Qualys, and ServiceNow to surface connections that standard KQL queries would never surface. Richard covers the architecture, the friction points (VS Code as the only real interface, GQL instead of KQL, scheduled jobs, cost implications for data freshness), and what the Graph Explorer in Defender is going to change when it arrives. Custom graphs moved to public preview on April 1st. Power Platform admits governance can't keep pace with AIA blog post from Ryan Jones on the Power Apps team published April 1st effectively acknowledged that traditional governance models break down when something can be built and deployed in a day. Pair that with figures suggesting nearly 30% of enterprise employees are already using unsanctioned AI agents, and Agent 365 heading toward GA in May, and the gap becomes difficult to ignore. Defender XDR and Intune updatesCyrus covers proactive user containment reaching general availability as part of Defender XDR's predictive shielding feature — containment at the endpoint layer, not a simple Entra disable — and the shift from MDM to declarative device management for Apple devices in Intune, a change driven by Apple but with real implications for anyone managing iOS, iPadOS, or macOS at scale. Claude Code vs GitHub CopilotRichard's unfiltered first-week take on Claude Code: token consumption, peak and off-peak limits, VS Code integration differences, and why coming from a GitHub Copilot world will catch you off guard faster than you expect. LinksWindows Server 2016 end of support announcementMicrosoft Sentinel custom graphs public previewPower Platform adaptive governance frameworkWhat's new in Microsoft Defender XDRSubscribe for a new episode every two weeks. Recorded this week with Cyrus and David technically on annual leave, which probably explains the vibe.

    37 min

  6. Mar 23

    EP30: Why “Vibe Coding” Exposes the Real Problem with AI Assisted Development

    As AI tools make it increasingly easy to build something “good enough”, this episode asks an uncomfortable question: where does real differentiation actually sit now? We use recent Microsoft Cloud updates as a starting point, including certification changes, early moves to treat AI agents as identities within Zero Trust, and a series of security and governance shifts across Purview, Defender, Entra, and Intune. Those threads lead into a deeper discussion about identity as the real perimeter, post breach tooling built on Microsoft Graph, and why AI assisted development is starting to flatten outcomes rather than improve them. The conversation then turns toward vibe coding and the future of applications. If building tools is this easy, what does an app even mean anymore, and how do organisations avoid repeating old governance mistakes, just at AI speed? Blog The Microsoft Cloud Blog YouTube Cloudy with a Chance of Insights - YouTube Soicials Twitter / X BlueSky LinkedIn Threads Facebook Music Null Invocation: Monochrome Pulse Monochrome Pulse on Soundcloud For all the links to the articles etc, please visit the companion blog site. The Microsoft Cloud Blog

    50 min

  7. Mar 9

    EP29 | M365 E7 Speculation, Project Silica, and the AI Model Race Inside Microsoft

    In this episode of *Cloudy with a Chance of Insights*, Richard, Cyrus, and David return from a brief hiatus to deliver all the latest around the Microsoft Cloud ecosystem. The team dives into the evolving world of Microsoft 365, including speculation about the highly anticipated E7 license. They break down what this next-level license could mean for organizations, discuss the potential pricing, and debate whether the new bundled approach makes sense for enterprises navigating an increasingly fragmented Microsoft licensing landscape. Cyrus and Richard also unpack the newest updates across Intune and Purview, giving listeners an inside look at recent announcements and how these tools are adapting to modern security and compliance demands. The conversation expands to cover the latest in AI, with a spotlight on Microsoft’s strategy of leveraging external frontier models like Claude, Gemini, and Grok, plus hands-on impressions of GitHub Copilot’s recent improvements. Blog The Microsoft Cloud Blog YouTube Cloudy with a Chance of Insights - YouTube Soicials Twitter / X BlueSky LinkedIn Threads Facebook Music Null Invocation: Monochrome Pulse Monochrome Pulse on Soundcloud For all the links to the articles etc, please visit the companion blog site. The Microsoft Cloud Blog

    51 min

  8. Jan 12

    EP27 | AI Agents, Data Engineering, and the Future of Cloud Careers

    In this episode of Cloud OverChance Insights, Richard Hogan, David Rowley, and Cyrus Irandoust discuss the latest developments in Microsoft Cloud, focusing on the acquisition of Osmos, the implications of AI in data engineering, and the evolving landscape of work and skills in the tech industry. They explore the importance of design responsibility, the integration of AI across Microsoft products, and the critical role of data security through Microsoft Purview. The conversation emphasizes the need for patience and understanding when working with AI technologies, as well as the necessity for compliance in AI governance. Blog The Microsoft Cloud Blog YouTube Cloudy with a Chance of Insights - YouTube Soicials Twitter / X BlueSky LinkedIn Threads Facebook For all the links to the articles etc, please visit the companion blog site. The Microsoft Cloud Blog

    43 min
See All (35)

About

Cloudy with a Chance of Insights is a practitioner‑led podcast for architects, engineers, and security professionals working with the Microsoft Cloud. In each episode, we take a grounded, experience‑led look at Azure, M365, Copilot, Security, and AI, focusing less on release notes and more on what actually changes in real environments. We discuss what breaks, what gets harder, what’s worth paying attention to, and what can usually wait. Expect opinionated conversation, technical context, and the occasional bit of healthy scepticism rather than marketing hype or surface‑level news summaries.

Information

You Might Also Like