Cloudy with a Chance of Insights | A Microsoft Cloud (Azure, M365) Show for Architects & Engineers

Richard Hogan, David Rowley and Cyrus Irandoust

Cloudy with a Chance of Insights is a practitioner‑led podcast for architects, engineers, and security professionals working with the Microsoft Cloud. In each episode, we take a grounded, experience‑led look at Azure, M365, Copilot, Security, and AI, focusing less on release notes and more on what actually changes in real environments. We discuss what breaks, what gets harder, what’s worth paying attention to, and what can usually wait. Expect opinionated conversation, technical context, and the occasional bit of healthy scepticism rather than marketing hype or surface‑level news summaries.

  1. EP37 | The Off Switch You Don't Control

    Jun 28

    EP37 | The Off Switch You Don't Control

    This week the timing did the talking. Two weeks ago Richard spent a segment encouraging people to try Anthropic's Fable 5 on their GitHub Copilot licences before the pricing changed. By the time that episode published, a US government export control directive had switched Fable off worldwide for every customer. So he comes back to it here, not to repeat the blog post he wrote in the meantime, but to draw out the bit that matters: every data sovereignty control any of us has ever built would have done precisely nothing to keep that model running. Keeping a backup model from another vendor does not help either when Anthropic, OpenAI, Google, and Microsoft all answer to the same export jurisdiction. David opens the episode with two pieces from Microsoft Research. Vega uses zero knowledge proofs to let you prove a fact from a government credential, that you are over eighteen, say, without handing over the document itself, which becomes a great deal more interesting once agents are filling in forms on your behalf. Then MagenticLite and the Fara 1.5 model family, Microsoft Research's attempt to run capable agentic AI on small models locally, and David's own cynical read on why that local capability might not get pushed as hard as it could be when everyone's revenue depends on metered cloud tokens. Richard also covers Akrites, the Linux Foundation effort to coordinate open source vulnerability disclosure now that AI has compressed discovery from weeks to minutes, and the new Frontier Transformation Engineer badge for anyone weighing up Microsoft AI certifications this year. Cyrus takes the second half with his usual sweep through Intune, Entra, Defender, and Purview, including endpoint DLP device scoping for burner devices, plus the RoguePlanet Defender zero day (CVE-2026-50656) that is public and unpatched, and Commando VM as a free Windows offensive lab for testing against Microsoft estates without breaching your contract with Microsoft. Recorded Friday 27 June 2026. A heat wave, four fans, and no melted hosts. LinksAkrites open letterLinux Foundation Akrites announcementVega, zero knowledge proofs for digital identity (Microsoft Research)MagenticLite, MagenticBrain, Fara 1.5 (Microsoft Research)The Off Switch You Don't Control (The Microsoft Cloud Blog)Anthropic statement on Fable 5 and Mythos 5 accessAccelerating Frontier Transformation with Microsoft partnersMicrosoft Partner Skilling HubRoguePlanet Defender zero day, CVE-2026-50656 (Help Net Security)Commando VM (Mandiant, GitHub)FollowX/TwitterBlueskyLinkedInFacebookThreadsMusic: Null Invocation, Monochrome Pulse https://is.gd/b1kNU9

    48 min
  2. EP:36 | Are We Good Enough Yet? AI Governance, Intent-First Development, and Project Solara

    Jun 14

    EP:36 | Are We Good Enough Yet? AI Governance, Intent-First Development, and Project Solara

    This fortnight the capability conversation takes a back seat to a more awkward one. Cyrus opens on governance, with Anthropic's new Fable 5 model and the reported decision by Microsoft to stop its own staff using it over the data retention terms attached. It is a tidy example of an AI safety choice turning straight into an enterprise governance headache, and the cost and retention profile means the smartest model on the shelf is not always the one you can actually use. He then walks through the June refresh of the Microsoft Cybersecurity Reference Architecture, now sitting inside the Security Adoption Framework, with data finally treated as a pillar in its own right, plus the Entra and Intune changes that will have help desks busy around the July 6 conditional access deadline. David brings his most eclectic set of links yet and ties them to one thread: the model is good enough now, but are we? He gets into HVE Core and its research, plan, implement workflow, the CAIRA composable reference architecture that pairs with it, a sharp piece on scoping security assessments for attack paths rather than org charts, and intent driven specification development as a reply to the spec first orthodoxy. The argument lands somewhere uncomfortable, which is that most of the work now falls to us and most of us are not doing it yet. Richard closes on two Build items. The GitHub Copilot app and its parallel worktree sessions, which behave like five developers on five branches at once, and Project Solara, Microsoft's agent first device platform running on a fork of Android. He looks at Solara through a management and identity lens rather than as a gadget, and asks what an endpoint where an agent acts for the user does to an identity model that quietly assumes a person is there. Links Microsoft Cybersecurity Reference Architecture and Security Adoption FrameworkHVE Core (Hyper Velocity Engineering)CAIRA (Composable AI Reference Architecture)msicons.com architecture icon libraryProject Solara at Microsoft BuildSocials X/TwitterBlueskyLinkedInFacebookThreadsMusic Music: Null Invocation, Monochrome Pulse

    1 hr
  3. EP35 | What Needs to Exist Around a Model

    Jun 1

    EP35 | What Needs to Exist Around a Model

    Richard and David are back together this week, and David has been saving things up. The episode starts with a practical conversation about how both hosts actually manage content discovery, which turns into an honest account of what Richard's Knowledge Hub app does and where it still falls short. David's segment covers a lot of ground but lands in a consistent place. The MCP release candidate gets the most technical treatment, including a walkthrough of what stateless protocol core actually means in architectural terms and why the previous session-pinning behaviour was a genuine infrastructure problem. He follows that with Azure Container Apps Express, positioned as an agent-first runtime that addresses a real friction point in large organisations, and the AI Red Teaming Agent in Microsoft Foundry, which David uses as a way into one of the more important security concepts for agentic systems: indirect prompt injection. The ZoomIt segment wraps it all together, partly because Mark Russinovich's demo went spectacularly wrong on camera and they kept it all in, and partly because David uses it to pull a connecting thread through everything he covered. Richard's soapbox landed mid-conversation, prompted by a Microsoft podcast he'd been listening to that week. The argument: the AI adoption conversation is presenting as fresh insight something that was said word for word about Microsoft 365 in 2017. Same language, same frameworks, same metrics. Richard also covers the Copilot Credit Pre-Purchase Plan, which he discovered the night before recording, including the commercial architecture behind it and the ACD stacking question that the documentation does not answer. The episode closes with computer-using agents going generally available in Copilot Studio, a brief cross-industry tour including Google's shutdown of Project Mariner, the Perplexity/Amazon court case, and what to expect from Build 2026. LinksMCP 2026-07-28 Release CandidateAzure Container Apps Express (Microsoft Learn)AI Red Teaming Agent in Azure AI FoundryMicrosoft 2026 Work Trend IndexWindows 365 and Azure Virtual Desktop expanding accessModern Azure Resilience with Mark RussinovichEventLogExpert on GitHubZoomIt (Sysinternals)Mark and Scott LearnMicrosoft Copilot Credit Pre-Purchase PlanMicrosoft Agent FactoryCopilot Studio computer-using agents GAMicrosoft Build 2026Find usX/TwitterBlueskyLinkedInFacebookThreadsMusicNull Invocation, Monochrome Pulse

    1 hr
  4. May 4

    EP33 | Is Your Environment Readable Enough for AI to Reason About?1

    **THANKS FOR EVERYONE WHO NOTICED THE AUDIO GLITCH. THIS HAS NOW BEEN RESOLVED** This week, David pulls a thread across six seemingly unrelated Microsoft GitHub repos and lands on a question the industry keeps skipping: whether the systems we're asking AI to reason about are actually readable enough for that reasoning to mean anything. It's a more durable framing than the usual "what can AI do for you" conversation, and it connects to everything from security posture to delivery backlogs to architectural fragility. Cyrus covers a run of Microsoft security and identity updates. Entra license usage insights hitting GA, cross-tenant security group sync, Global Secure Access B2B support for AVD and Windows 365, macOS recovery lock, Defender promotional email handling, new advanced hunting tables, incident graph filtering, and Sentinel repositories reaching GA. He also highlights Chrome's rollout of device-bound session credentials, a hardware-backed fix to browser token theft that has been trivially exploitable for over a decade. Richard covers a Microsoft Research paper on red teaming networks of AI agents. Over a hundred autonomous agents interacting through forums and messages, and four failure modes that only emerge when agents interact at scale: propagation, amplification, trust capture, and proxy chain invisibility. The researchers also observed emergent defences, with a small number of agents spontaneously developing security-conscious behaviour. The episode closes with GitHub's shift from premium request units to token-based AI credits from June, and a shared comparison of what happens when agentic coding tools decide to ignore you.

    43 min
  5. EP31 | Servers, Security and Vibe Coding

    Apr 6

    EP31 | Servers, Security and Vibe Coding

    Episode 31 of Cloudy with a Chance of Insights, the fortnightly Microsoft Cloud podcast with Richard Hogan, Cyrus Irandoust, and David Rowley. This week: a cluster of end-of-support deadlines that deserve more attention than they're getting, IBM and Microsoft private preview work on Sentinel Lake and custom security graphs that Richard can finally talk about, why Power Platform's own governance team admitted the model is broken, and an honest first-week account of Claude Code from someone who burnt through the daily token limit in 90 minutes. Windows Server 2016 and the Azure Arc questionExtended support for Windows Server 2016 ends January 12, 2027, and the Microsoft article announcing Extended Security Updates references Azure Arc as the delivery mechanism — which David flagged as either an intentional positioning move or a drafting oversight worth questioning. Also in the frame: SQL Server 2016 ESU ending July 2026, Server 2012 extended security updates ending October 2026, and SQL Server 2014 following in July 2027. These workloads are stable, quiet, and being systematically deprioritised in favour of AI projects. That combination rarely ends well. Sentinel Lake and custom security graphs: the IBM private previewSince October last year, IBM has been working with Microsoft on the private preview for Sentinel Lake and custom graph builds — ingesting asset data from Tenable, Qualys, and ServiceNow to surface connections that standard KQL queries would never surface. Richard covers the architecture, the friction points (VS Code as the only real interface, GQL instead of KQL, scheduled jobs, cost implications for data freshness), and what the Graph Explorer in Defender is going to change when it arrives. Custom graphs moved to public preview on April 1st. Power Platform admits governance can't keep pace with AIA blog post from Ryan Jones on the Power Apps team published April 1st effectively acknowledged that traditional governance models break down when something can be built and deployed in a day. Pair that with figures suggesting nearly 30% of enterprise employees are already using unsanctioned AI agents, and Agent 365 heading toward GA in May, and the gap becomes difficult to ignore. Defender XDR and Intune updatesCyrus covers proactive user containment reaching general availability as part of Defender XDR's predictive shielding feature — containment at the endpoint layer, not a simple Entra disable — and the shift from MDM to declarative device management for Apple devices in Intune, a change driven by Apple but with real implications for anyone managing iOS, iPadOS, or macOS at scale. Claude Code vs GitHub CopilotRichard's unfiltered first-week take on Claude Code: token consumption, peak and off-peak limits, VS Code integration differences, and why coming from a GitHub Copilot world will catch you off guard faster than you expect. LinksWindows Server 2016 end of support announcementMicrosoft Sentinel custom graphs public previewPower Platform adaptive governance frameworkWhat's new in Microsoft Defender XDRSubscribe for a new episode every two weeks. Recorded this week with Cyrus and David technically on annual leave, which probably explains the vibe.

    37 min

About

Cloudy with a Chance of Insights is a practitioner‑led podcast for architects, engineers, and security professionals working with the Microsoft Cloud. In each episode, we take a grounded, experience‑led look at Azure, M365, Copilot, Security, and AI, focusing less on release notes and more on what actually changes in real environments. We discuss what breaks, what gets harder, what’s worth paying attention to, and what can usually wait. Expect opinionated conversation, technical context, and the occasional bit of healthy scepticism rather than marketing hype or surface‑level news summaries.