M365.FM - Modern work, security, and productivity with Microsoft 365

Mirko Peters - Founder of m365.fm, m365.show and m365con.net
  • 5,0 (3)
  • Notícias de tecnologia
  • Diário

Welcome to the M365.FM — your essential podcast for everything Microsoft 365, Azure, and beyond. Join us as we explore the latest developments across Power BI, Power Platform, Microsoft Teams, Viva, Fabric, Purview, Security, and the entire Microsoft ecosystem. Each episode delivers expert insights, real-world use cases, best practices, and interviews with industry leaders to help you stay ahead in the fast-moving world of cloud, collaboration, and data innovation. Whether you're an IT professional, business leader, developer, or data enthusiast, the M365.FM brings the knowledge, trends, and strategies you need to thrive in the modern digital workplace. Tune in, level up, and make the most of everything Microsoft has to offer. M365.FM is part of the M365-Show Network. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.

  1. From Project Online to AI-Powered Project Delivery: The Evolution of Dynamics 365 Project Operations with Joe Griffin [MVP]

    há 9 h

    From Project Online to AI-Powered Project Delivery: The Evolution of Dynamics 365 Project Operations with Joe Griffin [MVP]

    In this insightful episode of the M365 Podcast, host Mirko Peters welcomes Joe Griffin, Microsoft MVP, CEO of proMX UK, Microsoft Certified Trainer, and one of the most recognized experts in Dynamics 365 Project Operations. With more than 40 Microsoft certifications covering Dynamics 365, Power Platform, Azure, Artificial Intelligence, and the broader Microsoft Cloud ecosystem, Joe brings a unique blend of technical expertise, business leadership, and real-world implementation experience.The conversation explores one of the most important transitions currently happening in the Microsoft project management landscape: the retirement of Microsoft Project Online and the growing adoption of Dynamics 365 Project Operations. Joe explains why organizations should start preparing now, what migration paths are available, and how businesses can use this moment as an opportunity to modernize not only their technology stack but also their project delivery processes. UNDERSTANDING DYNAMICS 365 PROJECT OPERATIONS Joe provides a comprehensive overview of Dynamics 365 Project Operations and explains why it has become a strategic platform for project-based organizations. Unlike traditional project management tools that focus solely on task management and scheduling, Project Operations combines project planning, resource allocation, budgeting, financial management, time tracking, expense management, invoicing, and AI-driven insights into a single solution built on Microsoft Dataverse.The discussion highlights how organizations can gain end-to-end visibility across project lifecycles while improving resource utilization and financial performance. Joe also explains how Project Operations leverages familiar Microsoft technologies such as Planner, Power Platform, and Dataverse to create a connected and scalable project management environment. KEY TAKEAWAYS:What Dynamics 365 Project Operations actually doesWho should consider adopting the platformHow it differs from traditional project management toolsWhy professional services organizations benefit the mostThe role of Dataverse and Power PlatformPROJECT ONLINE RETIREMENT AND MIGRATION STRATEGIES A major focus of the episode is Microsoft's planned retirement of Project Online. Joe explains what the announcement means for existing customers and outlines the options available for organizations currently relying on Project Online for project planning and portfolio management.Drawing from real-world migration projects, Joe shares practical advice on preparing data, simplifying project structures, and avoiding common migration pitfalls. He also discusses the importance of reviewing legacy processes and using the migration as an opportunity to modernize project management practices.The conversation dives into technical considerations such as Project Desktop files, Scheduler APIs, resource mapping, testing environments, and large-scale migration automation. MIGRATION TOPICS COVERED:Project Online retirement implicationsMigration planning and assessmentCommon data migration challengesManaging complex project portfoliosBest practices for successful adoptionHOW AI IS CHANGING PROJECT MANAGEMENT Artificial Intelligence is rapidly transforming business applications, and Dynamics 365 Project Operations is no exception. Joe explores how Microsoft is embedding AI across the platform and shares practical examples of AI-powered capabilities available today.One particularly interesting example is the Time Entry Agent, which can automatically generate draft timesheets based on calendars, resource assignments, and previous activities. Instead of chasing employees for timesheet submissions, organizations can leverage AI to automate much of the process while maintaining human oversight.The discussion also covers AI-generated project status reports, intelligent resource recommendations, project risk identification, and the future potential of autonomous project management capabilities. AI IN PROJECT OPERATIONS:Automated time entry generationAI-powered status reportingIntelligent resource recommendationsRisk detection and forecastingFuture project management agentsPOWER PLATFORM AND AZURE INTEGRATION Joe explains why the real power of Dynamics 365 Project Operations comes from its integration with the wider Microsoft ecosystem. Because the platform is built on Dataverse, organizations can extend functionality using Power Apps, Power Automate, Power BI, Power Pages, and Azure services.Listeners will learn how companies can create custom project experiences, automate business processes, build advanced reporting solutions, and integrate Project Operations with external ERP systems. Joe also discusses how Azure Service Bus, Azure Functions, and modern integration architectures help organizations scale complex project environments.The episode provides valuable guidance for solution architects and technical leaders looking to design enterprise-grade project management solutions that remain scalable and maintainable over time. ARCHITECTURE AND EXTENSIBILITY TOPICS:Power Apps customization strategiesPower Automate workflowsPower BI reporting and analyticsAzure integration patternsEnterprise architecture best practicesTHE ROLE OF MICROSOFT FABRIC AND AI FOUNDRY Looking ahead, the conversation explores emerging technologies such as Microsoft Fabric and Azure AI Foundry. Joe explains how Fabric can serve as a centralized data foundation for AI initiatives by bringing together information from Dynamics 365, Power Platform, and other business systems.The discussion highlights how organizations that establish strong data foundations today will be better positioned to take advantage of future AI capabilities. Joe also shares his perspective on AI Foundry, model selection, fine-tuning opportunities, and the growing importance of enterprise-ready AI governance. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.

    43 min
  2. Indirect Injection: The Silent Killer of Enterprise AI

    há 19 h

    Indirect Injection: The Silent Killer of Enterprise AI

    Most organizations believe their biggest AI risk is hallucination. It isn't. The real threat is something far more dangerous. A vulnerability that hides inside trusted documents. A vulnerability that bypasses access controls. A vulnerability that transforms ordinary business content into executable instructions. It's called Indirect Prompt Injection. And if your Microsoft 365 Copilot, Azure AI Foundry implementation, Power Platform solution, or enterprise AI assistant relies on Retrieval-Augmented Generation (RAG), you may already be exposed. In this episode, we explore one of the fastest-growing threats in enterprise AI security and why the architecture behind modern Copilots may contain a fundamental design flaw. We examine how poisoned documents, hidden instructions, malicious metadata, and compromised knowledge bases can manipulate AI systems without ever breaching a firewall or exploiting a traditional software vulnerability. From Microsoft 365 Copilot and SharePoint to Teams, Outlook, Power Platform, Azure OpenAI, and vector databases, we explain why organizations must stop thinking about documents as passive data and start treating them as executable code. If your organization is building AI-powered solutions on proprietary enterprise data, this episode may be one of the most important security discussions you'll hear this year. THE RAG REVOLUTION THAT CHANGED EVERYTHING Retrieval-Augmented Generation transformed enterprise AI. Instead of retraining massive models on internal data, organizations simply connect AI systems to existing knowledge repositories. We explore: Retrieval-Augmented Generation (RAG)Microsoft 365 Copilot architectureMicrosoft Graph integrationSharePoint knowledge retrievalOutlook and Teams contextVector databasesSemantic searchRAG solved the enterprise knowledge problem. It also created a completely new attack surface. WHY DATA IS NO LONGER JUST DATA Traditional software separates data from code. Large Language Models do not. Every piece of text retrieved from a knowledge base becomes part of the model's prompt. The AI cannot reliably distinguish: FactsInstructionsPoliciesCommandsMetadataContextEverything becomes tokens. Everything influences behavior. This episode explains why the phrase "Data is Code" has become one of the most important concepts in modern AI security. UNDERSTANDING INDIRECT PROMPT INJECTION Most organizations understand direct attacks. Few understand indirect ones. Direct prompt injection occurs when an attacker interacts directly with the AI system. Indirect prompt injection happens when malicious instructions are embedded inside content the AI retrieves. We examine: Hidden instructionsPoisoned documentsEmbedded commandsContext manipulationRetrieval abusePrompt hijackingThe attacker never talks to the AI. The document does it for them. WHY SYSTEM PROMPTS ARE NOT A FIREWALL One of the most dangerous misconceptions in enterprise AI is the belief that system prompts provide security boundaries. They don't. We discuss: Prompt hierarchy failuresInstruction conflictsContext competitionAttention mechanismsSystem prompt limitationsSafety override scenariosYour AI's security policies are ultimately competing with every document it reads. And sometimes the documents win. THE OWASP NUMBER ONE AI SECURITY RISK Prompt injection consistently ranks as one of the most serious risks facing AI systems today. This episode explores: OWASP GenAI Top 10LLM01 Prompt InjectionAI threat modelingEnterprise AI vulnerabilitiesSecurity community guidanceEmerging attack patternsPrompt injection isn't theoretical. It's increasingly recognized as the primary security challenge for enterprise AI deployments. POISONING THE KNOWLEDGE BASE Attackers no longer need to compromise the model. They only need to compromise the content. We examine how adversaries weaponize: SharePoint documentsPDFsWiki pagesEmail archivesTeams conversationsKnowledge repositoriesLearn how a single poisoned document can influence thousands of future Copilot interactions. HIDDEN TEXT, METADATA, AND INVISIBLE INSTRUCTIONS The most dangerous attacks aren't visible. Organizations often review documents visually. AI systems don't. We explore: White-on-white textHidden paragraphsPDF metadataDocument propertiesEmbedded commentsUnicode manipulationInvisible instructionsThe content humans ignore may be the content the AI obeys. THE SLEEPER AGENT PROBLEM Some attacks don't activate immediately. They wait. A poisoned document can remain dormant for months before triggering under specific conditions. We discuss: Trigger-based attacksDelayed activationBackdoor behaviorConditional instructionsQuery-based triggersLong-term persistenceThe attack may already exist in your environment. It simply hasn't been activated yet. MICROSOFT 365 ATTACK SURFACES YOU AREN'T MONITORING Enterprise AI reads more than most organizations realize. Potential attack vectors include: SharePoint OnlineOneDriveTeams ChatsOutlook EmailCalendar InvitesWiki PagesPower Platform Data SourcesMicrosoft Graph ContentEvery repository becomes part of the AI security perimeter. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.

    1h 19min
  3. From SharePoint Developer to Power Platform Architect: Building Secure and Scalable Solutions with Michel Mendes [MVP]

    há 1 dia

    From SharePoint Developer to Power Platform Architect: Building Secure and Scalable Solutions with Michel Mendes [MVP]

    In this episode of the M365 Podcast, Mirko Peters sits down with Microsoft MVP Michel Mendes to explore his remarkable journey from traditional SharePoint development to becoming a leading Power Platform Architect. Michel shares how he started his Microsoft technology career in Brazil, transitioned from C# and SharePoint development into the modern Power Platform ecosystem, and eventually moved to Ireland to continue building enterprise-grade solutions for organizations worldwide.Throughout the conversation, Michel provides valuable insights into how the Microsoft ecosystem has evolved over the years, the growing role of AI in software development, and why understanding architecture, governance, and security remains critical even in a low-code world. Whether you're a developer, solution architect, IT leader, or Power Platform enthusiast, this episode delivers practical guidance for building scalable and maintainable business applications. POWER PLATFORM EVOLUTION AND THE FUTURE OF DEVELOPMENT Michel discusses how Power Platform has transformed application development by enabling both professional developers and technically minded business users to build solutions faster than ever before. He also shares his perspective on how AI-powered development tools such as GitHub Copilot are changing the way applications are designed, prototyped, and maintained.Key topics include:• The transition from traditional development to low-code solutions • How AI is accelerating software delivery • Why developers who embrace AI will thrive • The future of Power Apps, Power Pages, and pro-code development • The importance of understanding business problems before building technology BUILDING ENTERPRISE POWER APPS THAT SCALE Creating an app is easy. Creating an app that remains maintainable, performant, and scalable for years is much harder.Michel explains the architectural principles that separate successful Power Platform implementations from those that struggle over time. He shares practical advice on designing reusable components, improving performance, and creating solutions that can grow alongside business requirements.Topics covered:• Power Apps design best practices • Building maintainable applications • Performance optimization strategies • Reusable components and architecture patterns • Measuring business value and user adoption DATAVERSE AS THE FOUNDATION OF MODERN BUSINESS APPLICATIONS A major part of the discussion focuses on Microsoft Dataverse and its role as the foundation for enterprise-grade Power Platform solutions.Michel explains why Dataverse is much more than a database and how it provides built-in governance, security, authentication, and scalability capabilities that help organizations avoid reinventing the wheel.Learn about:• Dataverse architecture fundamentals • Security and governance advantages • Building scalable business applications • Plugins versus Power Automate flows • Designing efficient data models POWER PAGES AND EXTERNAL BUSINESS SOLUTIONS Michel is widely recognized for his expertise in Power Pages, and this episode dives deep into how organizations can create secure, modern, and scalable external-facing websites powered by Dataverse.The conversation explores when Power Pages is the right choice, how it differs from Power Apps, and how recent innovations are making the platform even more attractive for professional developers.Highlights include:• Power Pages fundamentals • External portals and customer-facing applications • React and Angular-based SPA experiences • AI-assisted website development • Modern Power Pages architecture SECURITY, GOVERNANCE, AND WEB API BEST PRACTICES One of the most valuable sections of the episode focuses on security.Michel explains common mistakes developers make when exposing Dataverse data through Power Pages and outlines practical approaches for protecting sensitive information while maintaining usability.Topics include:• Dataverse table permissions • Column-level security • Power Pages Web API security • Common security vulnerabilities • Governance and compliance best practices • Penetration testing and security reviews COMMUNITY, CAREER GROWTH, AND MVP INSIGHTS Michel also shares his experiences as a Microsoft MVP and discusses the importance of contributing back to the Microsoft community through blogging, conference speaking, GitHub projects, and social media engagement.For professionals starting their Power Platform journey, he provides actionable advice on certifications, learning paths, and developing a long-term career strategy within the Microsoft ecosystem.This episode is packed with real-world experience, technical insights, and practical guidance for anyone looking to build secure, scalable, and future-ready solutions with Microsoft Power Platform.Whether you're a SharePoint veteran, a Power Platform developer, a solution architect, or simply curious about the future of low-code and AI-powered development, this conversation with Michel Mendes delivers valuable lessons from someone who has successfully navigated every stage of that journey. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.

    44 min
  4. STOP BUILDING SILOED AGENTS: The Logic App Nervous System

    há 1 dia

    STOP BUILDING SILOED AGENTS: The Logic App Nervous System

    Everyone is building AI agents.Very few organizations are building agent architectures.Across Microsoft 365, Copilot Studio, Azure OpenAI, Power Platform, and custom AI solutions, enterprises are racing to deploy copilots, bots, assistants, and autonomous workflows. Teams are creating agents for customer service, IT support, HR onboarding, knowledge discovery, incident management, and business operations.Most of them work.At least in the demo.But something very different happens when organizations move beyond a single agent and attempt to coordinate dozens of AI-powered systems across multiple business units, multiple platforms, and multiple Microsoft 365 tenants.The result is often chaos.Disconnected bots. Duplicate integrations. Credential sprawl. Governance gaps. Broken workflows. Untraceable actions. And increasingly, AI agents that cannot collaborate because they were never designed to operate as part of a larger system.In this episode, we explore why enterprise AI is repeating the same architectural mistakes organizations made during the early API revolution, why point-to-point agent integrations are becoming unsustainable, and how Azure Logic Apps is emerging as the orchestration layer that connects reasoning, execution, governance, identity, and automation into a single enterprise nervous system.If your organization is investing in Copilot Studio, Azure OpenAI, Microsoft 365 Copilot, Power Platform, or custom AI agents, this episode provides a blueprint for building agent ecosystems that actually scale. THE CHATBOT MIRAGE Most enterprise AI projects begin with a simple success story.A team creates a bot.The bot answers questions.The demo works.The project gets funded.Then another department builds another bot.And another.And another.Soon the organization has dozens of isolated AI systems solving local problems but creating enterprise-wide complexity.We explore: Why AI demos rarely reveal architectural weaknessesThe difference between local optimization and enterprise orchestrationHow siloed agents create operational debtWhy successful pilots often fail at scaleThe hidden cost of disconnected automationThe problem isn't the agents.The problem is the architecture beneath them. THE POINT-TO-POINT INTEGRATION TRAP Every agent needs data.Most agents get it the wrong way.Organizations frequently allow agents to connect directly to APIs, databases, SaaS platforms, and Microsoft Graph endpoints.Initially this feels efficient.Eventually it becomes unmanageable.This episode examines: Point-to-point integration sprawlCredential proliferationDuplicate business logicDecentralized error handlingGovernance fragmentationObservability challengesThe more agents you deploy, the more dangerous direct integration becomes. WHY AGENTS FAIL AT ENTERPRISE SCALE The most advanced language model in the world cannot compensate for poor architecture.We discuss why: Reasoning is not orchestrationIntelligence is not governanceConversation is not workflow managementTool calling is not process executionAI is not a replacement for enterprise integrationEnterprise success depends less on model sophistication and more on execution architecture. THE STATEFUL GAPOne of the most important concepts in this episode is the distinction between reasoning and memory.Most AI agents are stateless.Enterprise processes are not.We explore: Stateless automationStateful orchestrationLong-running workflowsProcess persistenceWorkflow recoveryCorrelation and context managementAn employee onboarding process may last days or weeks.A chatbot conversation may last minutes.These are fundamentally different workloads. WHY COPILOTS NEED A NERVOUS SYSTEM Human brains don't directly control every muscle individually.The nervous system coordinates actions.Enterprise AI requires the same model.This episode introduces the Logic App Nervous System architecture where: Agents reasonLogic Apps orchestrateConnectors executePolicies governIdentity securesObservability monitorsThe result is coordinated intelligence instead of isolated automation. AZURE LOGIC APPS AS THE ORCHESTRATION LAYER Azure Logic Apps was originally designed for enterprise integration.It is rapidly becoming one of the most important foundations for agentic workflows.We examine: HTTP-triggered orchestrationsEvent-driven automationWorkflow persistenceLong-running process supportEnterprise connectorsBusiness process orchestrationLogic Apps becomes the central coordination layer between agents and enterprise systems. STANDARD VS CONSUMPTION ot all Logic Apps are equal.Choosing the wrong hosting model can limit scalability before your architecture even launches.We compare: Logic Apps ConsumptionLogic Apps StandardStateful workflowsStateless workflowsDevOps integrationNetworking capabilitiesPerformance characteristicsFor serious agent orchestration, the answer becomes increasingly clear. STATEFUL WORKFLOWS: THE MEMORY LAYER Memory is what transforms automation into orchestration.Stateful workflows provide: CheckpointingPersistenceRecoveryWaiting statesApproval handlingCross-system coordinationWe explain why workflow memory is often more important than model memory. THE AGENT LOOP ACTION One of Microsoft's most important innovations for agentic workflows is the Agent Loop action.This episode explores: Think-Act-Learn cyclesTool executionIterative reasoningMemory retentionAI-assisted orchestrationWorkflow-native agentsRather than bolting AI onto workflows, Agent Loop embeds reasoning directly into the orchestration layer. CONNECTORS AS NEURAL PATHWAY SIn the nervous system analogy, connectors become the nerves.They connect orchestration to execution.We discuss: Microsoft GraphSharePointTeamsOutlookDataverseDynamics 365Azure ServicesCustom APIsThe orchestrator becomes the central intelligence that routes activity across the enterprise. CUSTOM CONNECTORS AND LOGIC-IN-API Modern enterprises cannot expose proprietary business logic directly to agents.Instead, they need contracts.We explore: OpenAPI specificationsCustom connectorsInternal APIsEnterprise service layersReusable business capabilitiesGovernance boundariesCustom connectors become the contract layer between AI and enterprise systems. THE CROSS-TENANT CHALLENGE Most organizations no longer operate in a single Microsoft 365 tenant.Mergers, acquisitions, regional operations, and regulatory requirements have changed the landscape.This episode examines: Multi-tenant architecturesCross-tenant identityMicrosoft Entra collaborationSovereign boundariesTenant isolationEnterprise coordinationCross-tenant orchestration is becoming the default, not the exception. MANAGED IDENTITIES EXPLAINED Secrets are one of the biggest weaknesses in enterprise automation.We explain how managed identities eliminate: Client secretsCredential sprawlManual rotationShared credentialsConfiguration riskIdentity becomes a platform capability instead of an operational burden. WORKLOAD IDENTITY FEDERATION Cross-tenant automation introduces a new challenge.How do workloads authenticate without secrets?This episode explores: Workload identity federationAzure AD Token ExchangeFederated credentialsCross-tenant trustSecretless authenticationZero Trust architecturesThis becomes one of the most important building blocks for enterprise-scale agent ecosystems. MICROSOFT ENTRA AGENT ID Identity is becoming a first-class concern for AI agents.We examine how Microsoft Entra Agent ID enables: Agent governanceAgent identitiesBlueprint-driven permissionsSecurity boundariesAuthorization controlsAI accountabilityThe future of AI governance begins with identity. ERROR HANDLING AS INTELLIGENCE Failures are inevitable.Resilience is optional.We explore advanced orchestration patterns including: Scoped error handlingAdaptive retriesCompensating transactionsAI-assisted error triageSelf-healing workflowsRecovery orchestrationThe goal is not preventing failure.The goal is surviving failure intelligently. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.

    1h 18min
  5. Building Multi-Agent AI Systems with Copilot Studio: From Ideas to Intelligent Automation with David Lorenzo Lopez [MVP]

    há 2 dias

    Building Multi-Agent AI Systems with Copilot Studio: From Ideas to Intelligent Automation with David Lorenzo Lopez [MVP]

    Artificial Intelligence is rapidly evolving from simple chatbots into sophisticated multi-agent systems capable of automating complex business processes, collaborating across services, and delivering real business value. In this episode of the M365 Podcast, Mirko Peters sits down with Microsoft MVP David Lorenzo Lopez to explore the future of intelligent automation and how organizations can leverage Microsoft Copilot Studio, Azure AI Foundry, and the Microsoft Agent Framework to build scalable AI solutions.David shares his journey from web development and .NET programming to becoming a leading voice in AI-driven automation. He explains how the arrival of GPT models transformed the technology landscape and why the real challenge today is no longer generating impressive demos but creating measurable business outcomes with AI. WHAT ARE MULTI-AGENT AI SYSTEMS? One of the core topics of this conversation is the concept of multi-agent systems. David compares modern AI architectures to the evolution from monolithic applications to microservices. Instead of building one giant AI agent responsible for everything, organizations can create specialized agents focused on individual tasks and orchestrate them through a central coordinator.Key benefits include:Improved scalability and maintainabilityBetter task specialization and accuracyEasier testing and optimizationReusable AI components across multiple business scenariosGreater control over automation workflowsCOPILOT STUDIO VS AZURE AI FOUNDRY Microsoft now offers multiple ways to build AI-powered solutions, and David explains when to choose each platform.The discussion covers how Copilot Studio enables rapid low-code development using Power Platform integrations, while Azure AI Foundry provides greater flexibility, customization, and scalability for advanced AI implementations. As Microsoft continues to integrate these platforms, organizations have more options than ever to match their technical and business requirements.Topics covered include:Copilot Studio connected agentsAzure AI Foundry orchestrationMCP connectorsKnowledge integrationLow-code versus pro-code developmentAI workflow design patternsHUMAN-IN-THE-LOOP AND RESPONSIBLE AI While autonomous AI systems are becoming more capable, David strongly advocates for maintaining human oversight in critical business processes. He explains why AI should support decision-making rather than completely replace it, especially when financial, legal, or operational risks are involved.The conversation explores:Approval workflowsHuman validation processesGovernance strategiesCompliance considerationsRisk mitigation for AI automationMICROSOFT AGENT FRAMEWORK AND THE FUTURE OF AI DEVELOPMENT A major highlight of the episode is Microsoft's new Agent Framework. David explains how the framework combines capabilities from Semantic Kernel and other Microsoft AI initiatives to create a powerful platform for building enterprise-grade agents.Listeners will learn how developers can:Create custom AI agentsBuild complex orchestration workflowsDeploy scalable AI solutionsIntegrate with Azure servicesDevelop reusable intelligent systemsGOVERNANCE, SECURITY, AND THE EU AI ACT As AI adoption accelerates across Europe, governance and compliance have become essential topics. David discusses how Microsoft addresses security, data residency, privacy, and regulatory requirements through Azure AI services and emerging governance tools such as Agent 365 Control Plane.The discussion also covers:Data protection requirementsEuropean AI regulationsAzure OpenAI complianceModel selection strategiesAI governance best practicesCONTROLLING AI COSTS AND FINOPS One of the biggest challenges organizations face is understanding and controlling AI costs. David explains why estimating AI consumption is difficult and how businesses can establish practical monitoring and optimization strategies. Learn about:Token consumptionCopilot Studio creditsPay-as-you-go modelsCost optimization techniquesAI FinOps best practicesKEY TAKEAWAYS This episode delivers practical insights for architects, developers, IT leaders, and business decision-makers looking to move beyond AI hype and create sustainable business value through intelligent automation.David's final message is simple yet powerful: AI is a wave that is transforming every industry. Organizations and individuals can either let it pass over them or learn how to ride it. Those who embrace AI responsibly, strategically, and thoughtfully will be best positioned for the future.CONNECT WITH M365 FMIf you enjoyed this episode, subscribe to M365 FM on Apple Podcasts, Spotify, YouTube, and your favorite podcast platform. Don't forget to leave a review and share the episode with colleagues interested in Microsoft Copilot, AI Agents, Azure AI Foundry, and the future of intelligent automation. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.

    55 min
  6. The Rise of Private LoRA: Architecting Secure AI on Proprietary Data

    há 2 dias

    The Rise of Private LoRA: Architecting Secure AI on Proprietary Data

    Everyone is talking about AI adoption. Far fewer are talking about AI sovereignty. Organizations have rushed to deploy Microsoft Copilot, Azure OpenAI, ChatGPT Enterprise, Claude, Gemini, and dozens of AI-powered productivity tools. The results have been impressive. Productivity has increased. Development cycles have accelerated. Knowledge discovery has improved. But beneath the excitement lies a growing concern. What happens when your organization's most valuable asset—its proprietary knowledge—starts flowing into AI systems you don't fully control? In this episode, we explore the rise of Private LoRA (Low-Rank Adaptation), why data sovereignty is rapidly becoming one of the most important architectural challenges in enterprise AI, and how organizations can build secure, domain-specific AI models without training foundation models from scratch. We examine the convergence of AI governance, regulatory compliance, Microsoft cloud architecture, sovereign AI, LoRA fine-tuning, quantization, federated learning, and enterprise security. If your organization views proprietary data as a strategic advantage, this episode explains why the future of AI may not belong to the biggest models—but to the most specialized ones. THE SHADOW AI CRISIS Most organizations believe their AI strategy is governed. The reality is very different. Employees routinely paste sensitive information into public AI systems because they are faster and easier than approved tools. This phenomenon has a name: Shadow AI. We explore how: Proprietary business data leaks into public modelsInternal documents are shared outside governance boundariesCompetitive intelligence leaves the organizationCustomer information becomes exposedSecurity teams lose visibilityThe risk isn't always a breach. Sometimes it's simply the slow erosion of proprietary knowledge. WHY DATA SOVEREIGNTY MATTERS The conversation around AI is shifting. Organizations are no longer asking: "Can we use AI?" They're asking: "Where does the data go?" This episode explores the growing importance of: AI SovereigntyData ResidencyData LocalizationCross-Border Data RestrictionsIntellectual Property ProtectionAI GovernanceDigital SovereigntyAs regulatory pressure increases, organizations are discovering that data location is becoming as important as model performance. THE REGULATORY WALL IS ARRIVING Compliance is no longer a future problem. It's becoming an architectural requirement. We examine the impact of: EU AI ActGDPRCPRALGPDData Localization RequirementsFinancial RegulationsHealthcare Compliance FrameworksYou'll learn why AI architectures designed for unrestricted global data movement may struggle in a world increasingly defined by jurisdictional boundaries. MICROSOFT'S APPROACH TO AI SECURITY Microsoft provides some of the strongest enterprise AI protections available today. But even with: Microsoft 365 CopilotAzure OpenAIAzure AI FoundryMicrosoft PurviewMicrosoft Entra IDAzure Confidential ComputingThere remains a gap between approved enterprise AI usage and actual user behavior. We discuss how organizations can extend Microsoft's security model while maintaining control over proprietary intelligence. THE FALSE CHOICE BETWEEN PUBLIC AI AND BUILDING YOUR OWN MODEL Many organizations believe they have only two options: Option One Use public AI services. Option Two Build and train a foundation model from scratch. In reality, there is a third option. Private LoRA. This episode explains how LoRA enables organizations to customize powerful open-weight models without the extraordinary cost and complexity of full model training.  HOW LORA ACTUALLY WORKS  LoRA, or Low-Rank Adaptation, changes the economics of AI customization. Instead of retraining billions of parameters, LoRA introduces lightweight trainable layers that adapt an existing model to a specific domain. We break down: Full Fine-TuningParameter-Efficient Fine-TuningAdapter ArchitecturesRank SelectionTraining EfficiencyModel SpecializationDomain AdaptationThe result is a highly customized AI model with a fraction of the cost and infrastructure requirements. QUANTIZATION CHANGES EVERYTHING LoRA becomes even more powerful when paired with quantization. Using techniques such as: 8-bit Quantization4-bit QuantizationNF4QLoRAOrganizations can dramatically reduce hardware requirements while maintaining strong performance. We explain how: Memory consumption dropsTraining costs decreaseInference becomes affordableSingle-GPU deployments become practicalThis is one of the key innovations making sovereign AI achievable for mainstream enterprises. THE SINGLE-GPU ENTERPRISE AI MODEL  One of the most surprising insights in this episode is how little infrastructure is required. Using modern open-weight models and LoRA adaptation, organizations can: Train on a single GPUDeploy internallyRetain data sovereigntyEliminate API dependenciesReduce operating costsWe explore architectures built around: LlamaMistralOpen-Weight ModelsAzure GPU InfrastructureAzure Kubernetes ServiceAzure Machine LearningThe economics are far more accessible than many organizations assume. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.

    1h 22min
  7. The Death of the Dropdown: Why Manual Tagging is Killing Your Governance

    há 3 dias

    The Death of the Dropdown: Why Manual Tagging is Killing Your Governance

    or years, organizations believed metadata governance was a training problem.If users understood the taxonomy better, governance would improve.If the dropdown lists were clearer, metadata quality would improve.If more communication and documentation were provided, compliance would improve.But what if the problem was never the user?What if the real problem is that governance logic was placed in the wrong layer of the architecture entirely?In this episode, we explore why manual metadata tagging has become one of the biggest obstacles to modern governance, compliance, enterprise search, and AI readiness. We examine the collapse of traditional metadata models, the rise of Graph-powered governance, and how organizations are replacing manual tagging with automated classification, contextual intelligence, and real-time metadata injection.If your governance strategy still depends on users selecting values from dropdown menus, this episode may fundamentally change how you think about Microsoft 365 governance. THE MANUAL METADATA CRISIS Modern work has changed.Governance models haven't.Content is now created continuously across Teams, SharePoint, OneDrive, Outlook, mobile devices, and third-party integrations. Files arrive at a pace that no human-driven classification model can realistically keep up with.Yet many organizations still rely on users to manually classify: DepartmentProjectContent TypeSensitivityRetention CategoryThe result is predictable.Users skip fields.Users select defaults.Users guess.And governance slowly collapses under the weight of incomplete metadata.We explore why manual tagging doesn't fail because users are careless.It fails because the architecture assumes human behavior can scale indefinitely. THE HIDDEN COST OF DARK DATA Every untagged file creates a governance blind spot.The organization continues paying for: StorageSecurityBackupeDiscoveryCompliance MonitoringBut receives none of the governance value metadata was supposed to provide.This episode examines the concept of dark data and how millions of documents become effectively invisible despite remaining stored and protected.Learn how missing metadata impacts: SearchComplianceRecords ManagementRetentionAnalyticsAI ReadinessAnd why many organizations are sitting on enormous repositories of information they can no longer govern effectively. WHY DROPDOWNS ARE A DESIGN FAILURE Most governance teams blame users.User experience research tells a different story.Dropdowns were designed to enforce consistency.Instead, they introduce friction.We discuss: Decision fatigueMetadata abandonmentLong taxonomy listsUser behavior patternsClassification inconsistencyCognitive overloadThe problem isn't that people refuse to govern content.The problem is that governance interrupts the flow of work.Every additional field creates another opportunity for bad metadata. THE COMPLIANCE IMPACT OF BAD TAGGING Poor metadata quality isn't just inconvenient.It creates regulatory risk.This episode explores how inconsistent classification directly affects: Microsoft PurviewData Loss Prevention (DLP)Retention PolicieseDiscoveryRecords ManagementGDPR ComplianceHIPAA ControlsWhen metadata is wrong, governance policies become unreliable.Sensitive data may be missed.Retention schedules may fail.Search results become incomplete.And compliance teams lose visibility into critical information assets. MICROSOFT GRAPH AS THE ORGANIZATIONAL NERVOUS SYSTEM Most organizations think Microsoft Graph is simply an API.In reality, it is a live representation of how work happens inside the enterprise.Graph understands: UsersTeamsGroupsFilesProjectsRelationshipsPermissionsCollaboration PatternsInstead of asking users to describe content, Graph can infer context automatically.We explore how Graph provides the foundation for a completely different governance model where metadata is generated from organizational signals rather than manual input. CONTEXT-AWARE GOVERNANCE Traditional metadata is static.Context is dynamic.A file's meaning depends on: Who created itWhere it was createdWhich project it belongs toWho can access itHow it is being usedThis episode explains how governance systems can derive metadata automatically using Graph relationships rather than relying on user declarations.The result is richer, more accurate metadata that evolves as content moves through its lifecycle. AI-POWERED CLASSIFICATION Manual tagging isn't the only alternative.Modern AI services can classify content automatically.We explore: Microsoft SyntexAI BuilderMachine Learning ClassificationNatural Language ProcessingDocument UnderstandingPattern RecognitionSensitive Information DetectionLearn how AI-driven classification improves consistency, reduces cost, and scales across millions of files. ARCHITECTING THE MIDDLEWARE LAYER One of the most important concepts discussed in this episode is the governance middleware layer.Think of it as a customs checkpoint for content.Before files are stored, middleware: Intercepts uploadsQueries Microsoft GraphApplies classification logicInjects metadataAssigns labelsTriggers governance policiesAll without requiring user interaction.We break down how Azure Functions, Microsoft Graph, webhooks, and event-driven architectures combine to make this possible. AZURE FUNCTIONS AND EVENT-DRIVEN GOVERNANCE Modern governance should happen at the moment content is created.Not months later during an audit.This episode explains how organizations are using: Azure FunctionsMicrosoft Graph SDKWebhooksDelta QueriesEvent GridManaged IdentityTo build real-time governance platforms that classify and enrich content automatically.The user saves the file.The platform handles governance. DYNAMIC PROPERTY INJECTION Metadata doesn't need to be manually entered.It can be generated.We explore how middleware automatically injects: Project CodesDepartment OwnershipContent CategoriesSensitivity LevelsRetention SchedulesGovernance AttributesUsing: Property BagsSchema ExtensionsOpen ExtensionsGraph MetadataThis creates a living metadata layer that remains accurate as content evolves. GOVERNANCE AT THE POINT OF ACTION Traditional governance is reactive.Modern governance is preventative.Rather than discovering problems months later, governance occurs at the exact moment content is created, modified, or shared.We discuss: Real-time classificationImmediate policy enforcementAutomated retention assignmentContinuous metadata enrichmentEvent-driven governanceThis shift fundamentally changes the economics of compliance and information management. SEARCH THAT ACTUALLY WORKS Most enterprise search failures are metadata failures.Search engines can only work with the information they receive.When metadata is incomplete, search becomes unreliable.This episode examines how automated metadata dramatically improves: Microsoft SearchSharePoint SearchKnowledge DiscoveryContent DiscoveryEnterprise FindabilityInformation RetrievalThe difference between searchable content and invisible content is often metadata. AI READINESS STARTS WITH GOVERNANCE One of the most important messages in this episode is simple:AI readiness is metadata readiness.Microsoft Copilot, AI agents, and retrieval systems depend on accurate content classification.Without metadata: AI hallucinates more oftenSearch quality declinesContext is lostKnowledge becomes fragmentedWith metadata: AI retrieves better informationRecommendations improveSummaries become more accurateOrganizational knowledge becomes accessibleThe future of enterprise AI depends on the quality of the governance layer beneath it. BUILDING YOUR AUTOMATION ROADMAP Moving beyond manual tagging requires a phased strategy.We walk through a practical implementation roadmap:Phase 1: AuditUnderstand your metadata gaps.Phase 2: Taxonomy DesignDefine the minimum metadata that drives governance.Phase 3: PilotAutomate one content type and one team.Phase 4: ScaleExpand automation across Microsoft 365.Phase 5: OptimizeImprove models, classifications, and governance policies over time.The goal isn't eliminating governance.The goal is removing governance from the user experience. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.

    1h 22min
  8. Cryptographic Agility: The Only Defense Against Quantum

    há 4 dias

    Cryptographic Agility: The Only Defense Against Quantum

    Most discussions about quantum computing focus on a single question:When will quantum computers break encryption?The better question is this:How quickly can your organization replace encryption when it happens?Because the organizations that survive the quantum transition won't necessarily be the ones that adopt the newest algorithms first. They'll be the organizations that can change algorithms without rebuilding their infrastructure.In this episode, we explore the growing reality of post-quantum cryptography, the harvest-now-decrypt-later threat, Microsoft's evolving quantum-safe roadmap, and why cryptographic agility is becoming one of the most important architectural disciplines in enterprise security.We examine the technologies, standards, governance models, and operational practices required to prepare Microsoft 365, Azure, Active Directory, Entra ID, Azure Key Vault, VPN infrastructure, certificate services, and enterprise applications for a future where today's cryptography can no longer be trusted.If your organization expects data to remain confidential beyond 2030, this episode explains why preparation can no longer wait. THE HARVEST-NOW, DECRYPT-LATER THREAT Many organizations assume quantum risk begins when a quantum computer arrives.In reality, the risk started years ago.Adversaries can capture encrypted traffic today and store it indefinitely. Once cryptographically relevant quantum computers emerge, that archived data can potentially be decrypted retroactively.We explore:Harvest-now, decrypt-later attacksLong-term confidentiality risksWhy encryption can fail years after data is stolenThe impact on healthcare, finance, government, and intellectual propertyHow retention periods influence quantum riskFor organizations protecting data with multi-decade value, the threat already exists. UNDERSTANDING QUANTUM COMPUTING Quantum computing is often misunderstood.It's not simply a faster computer.Quantum systems use entirely different computational models built around qubits, superposition, interference, and entanglement.This episode explains:Physical versus logical qubitsError correction challengesShor's AlgorithmGrover's AlgorithmWhy quantum computers threaten public-key cryptographyWhy symmetric encryption remains more resilientUnderstanding the technology helps separate realistic risk from sensational headlines. THE GLOBAL QUANTUM TIMELINE Nobody knows exactly when Q-Day will arrive.What matters is that governments, vendors, and standards organizations are already planning for it.We discuss:NIST standardization effortsIBM quantum roadmapsGoogle Quantum AI milestonesQuantinuum and IonQ developmentsGovernment transition mandatesExpert forecasts for cryptographically relevant quantum computersThe conversation is no longer about if organizations need to prepare.It's about whether they can prepare in time. THE COLLAPSE OF RSA AND ECC Modern digital trust depends on public-key cryptography.The internet, cloud computing, software updates, identity systems, VPNs, and certificates all rely on mathematical assumptions that quantum computers threaten to break.We examine:RSAElliptic Curve Cryptography (ECC)Diffie-Hellman key exchangeDigital signaturesPKI infrastructuresIdentity systemsWhen these foundations fail, the impact extends far beyond encryption. THE NEW GENERATION OF POST-QUANTUM ALGORITHMS The replacement algorithms already exist.After years of evaluation, NIST selected a new generation of post-quantum standards designed to resist both classical and quantum attacks.This episode explores:ML-KEM (formerly CRYSTALS-Kyber)ML-DSA (formerly CRYSTALS-Dilithium)SLH-DSA (formerly SPHINCS+)FN-DSA (FALCON)Lattice-based cryptographyHash-based signaturesLearn how these algorithms work and why they represent one of the largest cryptographic transitions in history. THE PERFORMANCE REALITY OF POST-QUANTUM CRYPTOGRAPHY Quantum-safe cryptography isn't free.The computational performance is often excellent.The bandwidth impact is not.We discuss:Larger key sizesLarger signaturesTLS handshake expansionCertificate chain growthNetwork fragmentationMobile and IoT constraintsPerformance trade-offsDiscover why the challenge isn't CPU performance but infrastructure scalability. WHY MOST ORGANIZATIONS DON'T KNOW WHERE THEIR CRYPTOGRAPHY LIVES One of the biggest obstacles to migration is visibility.Many organizations cannot accurately identify every location where cryptography is used across their environment.This episode examines:Hidden certificate dependenciesHard-coded cryptographic librariesLegacy applicationsVPN infrastructuresSSH deploymentsSaaS integrationsAPI security dependenciesYou can't migrate what you can't find. THE CRYPTOGRAPHIC BILL OF MATERIALS (CBOM) Before organizations can migrate, they must inventory.The Cryptographic Bill of Materials is emerging as a critical capability for modern security programs.We explain:CBOM fundamentalsContinuous cryptographic discoveryDependency mappingVendor risk analysisAlgorithm inventoriesCompliance reportingA cryptographic inventory becomes the foundation of every migration strategy. CRYPTOGRAPHIC AGILITY EXPLAINED The most important concept in this episode is cryptographic agility.Rather than hard-coding algorithms into applications and infrastructure, organizations build systems capable of changing algorithms without disrupting operations.We explore the four pillars of agility:ModularitySeparating cryptographic services from application logic.AbstractionUsing APIs and services that hide algorithm implementation details.Policy SeparationManaging cryptographic choices through policy rather than code.Hybrid CryptographyCombining classical and post-quantum algorithms during transition periods.These principles transform cryptography from a static dependency into an adaptable capability. HYBRID CRYPTOGRAPHY AND THE ROAD TO POST-QUANTUM The future won't arrive all at once.The transition period will rely heavily on hybrid cryptographic approaches.We discuss:X25519MLKEM768Hybrid TLSDual-signing strategiesTransitional architecturesBrowser supportCloud provider adoptionHybrid models provide protection today while enabling a gradual migration path. HARDWARE SECURITY MODULES IN THE QUANTUM ERA Hardware Security Modules remain the root of trust for enterprise cryptography.But they also need to evolve.This episode explores:Crypto-agile HSMsFirmware-based algorithm updatesAzure Managed HSMAzure Key VaultKey rotation automationQuantum-safe trust anchorsThe future of cryptography depends on flexible trust infrastructure. MICROSOFT'S POST-QUANTUM ROADMAP Microsoft has already begun integrating post-quantum cryptography across its ecosystem.We take a detailed look at:SymCryptWindows 11Windows Server 2025.NET 9Azure Key VaultAzure Managed HSMActive Directory Certificate ServicesMicrosoft EdgeAzure infrastructureMany organizations are already benefiting from post-quantum protections without realizing it. BUILDING A QUANTUM READINESS PROGRAM Technology alone isn't enough.Successful migration requires governance, ownership, accountability, and long-term planning.We discuss how organizations should establish:Enterprise Cryptography ProgramsSteering CommitteesMigration roadmapsRisk prioritization modelsContinuous inventoriesVendor management processesCompliance reporting frameworksThe organizations that succeed will treat cryptography as a strategic capability rather than a technical implementation detail. THE MICROSOFT 365 IMPACT For Microsoft-centric organizations, the transition touches nearly every platform.We explore implications for:Microsoft 365Entra IDActive DirectoryExchange OnlineSharePoint OnlineTeamsAzurePower PlatformAzure API ManagementAzure NetworkingThe quantum transition is not a single project.It's an enterprise-wide transformation. WHO SHOULD LISTEN? This episode is designed for:CISOsCIOsCTOsEnterprise ArchitectsSecurity ArchitectsAzure ArchitectsMicrosoft 365 ArchitectsPKI AdministratorsIdentity EngineersInfrastructure TeamsCompliance LeadersRisk ManagersGovernment Technology TeamsIf your organization manages sensitive data, regulated workloads, or long-term digital assets, this episode provides a practical roadmap for navigating one of the most significant security transitions of the next decade. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.

    1h 27min
Ver tudo (657)

Classificações e avaliações

5
de 5
3 avaliações

Sobre

Welcome to the M365.FM — your essential podcast for everything Microsoft 365, Azure, and beyond. Join us as we explore the latest developments across Power BI, Power Platform, Microsoft Teams, Viva, Fabric, Purview, Security, and the entire Microsoft ecosystem. Each episode delivers expert insights, real-world use cases, best practices, and interviews with industry leaders to help you stay ahead in the fast-moving world of cloud, collaboration, and data innovation. Whether you're an IT professional, business leader, developer, or data enthusiast, the M365.FM brings the knowledge, trends, and strategies you need to thrive in the modern digital workplace. Tune in, level up, and make the most of everything Microsoft has to offer. M365.FM is part of the M365-Show Network. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.

Informações

  • Criado por
    Mirko Peters - Founder of m365.fm, m365.show and m365con.net
  • Anos de atividade
    2025 - 2026
  • Episódios
    657
  • Classificação
    Livre
  • Copyright
    © Copyright Mirko Peters / m365.fm - Part of the m365.show Network - News, tips, and best practices for Microsoft 365 admins
  • Site do podcast
    M365.FM - Modern work, security, and productivity with Microsoft 365

Você também pode gostar de