M365 Show Podcast

Mirko Peters
  • 5.0 (1)
  • TECH NEWS
  • UPDATED DAILY

Welcome to the M365 Show — your essential podcast for everything Microsoft 365, Azure, and beyond. Join us as we explore the latest developments across Power BI, Power Platform, Microsoft Teams, Viva, Fabric, Purview, Security, and the entire Microsoft ecosystem. Each episode delivers expert insights, real-world use cases, best practices, and interviews with industry leaders to help you stay ahead in the fast-moving world of cloud, collaboration, and data innovation. Whether you're an IT professional, business leader, developer, or data enthusiast, the M365 Show brings the knowledge, trends, and strategies you need to thrive in the modern digital workplace. Tune in, level up, and make the most of everything Microsoft has to offer. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-show-podcast--6704921/support.

  1. AI Agents Are The New Shadow IT

    10H AGO

    AI Agents Are The New Shadow IT

    (00:00:00) The Shadow in the Machine (00:00:24) The Rise of Shadow Agents (00:00:31) The Mess We've Created (00:01:09) The Hidden Dangers of Unmanaged Agents (00:02:01) The True Cost of Shadow Data (00:04:00) The Case for Governed Agents (00:07:05) The Real-World Impact of Poor Agent Management (00:10:39) The Blueprint for Governed Agents (00:10:48) The Importance of Identity and Least Privilege (00:12:17) Data Protection and Monitoring Shadow IT didn’t die — it automated. Your “helpful” agents are quietly moving data like interns with keys to the vault, while you assume Purview, Entra, and Copilot Studio have you covered. Spoiler: they don’t. In this episode, we expose how agents become Shadow IT 2.0, why delegated Graph permissions blow open your attack surface, and how to redesign your governance before something breaks silently at 2 a.m. Stay to the end for the single policy map that cuts agent blast radius in half — and a risk scoring rubric you can deploy this month. 🧨 The Mess: How Agents Become Shadow IT 2.0 Business urgency + IT backlog = bots stitched together with broad Graph scopes.Agents impersonate humans, bypass conditional access, and run with rights no one remembers granting.Browser-based tools and MCP bridges create hidden exfil paths your legacy allowlist can’t see.Overshared SharePoint data fuels “leakage by summarization.”Third-party endpoints mask destinations, leaving you blind during incidents.Result: autonomous smuggling tunnels disguised as productivity. 💡 The Case For Agents (When They’re Built Right) Agents crush toil when: They have narrow scope and clear triggersThey run under Entra Agent ID, not a humanThey operate on labeled data with Purview DLP enforcing the boundariesThey’re monitored with runtime visibility via Global Secure AccessThey live inside solution-aware Power Automate environmentsDone right, agents behave like reliable junior staff — fast, predictable, auditable. ⚠️ The Case Against Agents (How They Break in Real Life) Delegated Graph becomes “tenant-wide read.”Shadow data in old SharePoint sites surfaces through Copilot.Unmanaged browsers ignore DLP entirely.Zombie flows run without owners.Third-party connectors hide egress, killing investigations.No access reviews = identity drift.Every one of these expands your blast radius — silently. 🏗️ Reference Architecture: Governed Agents on Microsoft 365 Your governed stack should include: Identity Every agent gets an Entra Agent IDBlueprint-based permissionsConditional access per agent typeAutomatic disable on sponsor departurePermissions Graph app roles, not delegatedSharePoint access scoped to named sitesExplicit connector allow/deny listsData Purview auto-labelingEndpoint + browser DLP for AI/chat domainsEncryption-required labels for sensitive dataNetwork Global Secure AccessURL/API allowlistsMCP server controlsLifecycle Solution-based ALMQuarterly access reviewsDeprovision on inactivityThis is the skeleton you operate — not duct tape. 🛠️ Operational Playbook: Policies, Auditing & Incident Flow Inventory all agents + connectors weeklyEnforce a registry-first modelPeer-review flows before promotionManaged solutions in test + prodDLP, SIEM, and Insider Risk integratedDefined incident flow: triage → isolate → revoke → postmortemNo more “we discovered the blast radius after the blast.” 🔥 Risk Scoring Rubric (0–30) Score agents across: IdentityData classificationPermissionsNetwork controlsMonitoringLifecycle governance0–8: High risk — fix now 9–16: Medium — 30-day sprint 17–25: Low 26–30: Model agent — template it Numbers end arguments. ⚡ Counterpoints & Rebuttals “This slows innovation.” → Blueprints make it faster.“Delegated Graph is simpler.” → So is leaving the server room open.“Network inspection breaks agents.” → Only the brittle ones.“Users route around controls.” → Endpoint DLP meets them where they work.Smart friction beats catastrophic friction. 🏁 Conclusion Agents aren’t the threat — unaccountable access is. The three bolts that keep the wheels on: IdentityLabelsLeast privilegeDo these next: Create your first 3 agent blueprintsPush DLP to endpoints & browsersRun the risk scoring rubric on your top 10 agentsSubscribe for the next episode where we tear down a real agent and rebuild it the right way. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-show-podcast--6704921/support. Follow us on: LInkedIn Substack

    24 min
  2. Your Power App Is A Lie

    22H AGO

    Your Power App Is A Lie

    (00:00:00) The Fragility of Power Apps (00:00:04) The Hidden Dangers of Low-Code Development (00:00:29) The Anatomy of App Failure (00:01:09) The Silent Killers of App Performance (00:02:35) The Cycle of Patching and Drift (00:04:13) Mapping the App's Dependency Graph (00:08:13) The Power of Local Truth and Guardrails (00:13:42) Components and Contracts: Building Scalable Apps (00:18:18) The Importance of Governance and Testing (00:22:57) Implementing a Refactor Plan and Governance Template Your Power App works—until it doesn’t. No error. No warning. Just silence. Low-code wasn’t sold as “fragile,” but that’s exactly what you get when you copy-paste formulas, skip environments, and bury dependencies where no one can see them. In this episode, we expose why Power Apps fail without telling you, where the fractures hide, and the one local-scope pattern (With) that stops the bleed. By the end, you’ll know how to restructure your screens, components, and ALM so drift disappears and reliability becomes predictable. Section 1 — The Anatomy of Fragility: Why Your App Actually Fails Power Apps don’t break loudly—they degrade quietly. You only notice after users complain, “It just spins.” Common Failure Modes Formula Drift: Copy-pasted logic across screens evolves separately and silently diverges.No Environment Boundary: Studio “Play” ≠ testing. Dev changes leak into prod instantly.Hidden Dependencies: Collections, globals, and shadow connectors impersonating your identity.Token Thinking: “It worked once” becomes your QA strategy until a schema rename destroys everything.Identity Drift: Permissions become patchwork; app sharing turns into chaos.Delegation Traps: Search, In, StartsWith—harmless at 500 rows, catastrophic at 50,000.Latency Creep: Dataverse + SharePoint joins push work client-side and burn your performance budget.Silent Error Swallowing: Patch failures vanish into thin air; users double-submit and duplicate rows explode.The Real Pattern Every Power Apps failure is a broken contract: Screen → Control → Formula → Data → Permission. When no contract exists, drift fills the vacuum. Section 2 — Forensics: Tracing the Access Paths & Failure Modes You can’t fix an app you can’t see. This section teaches you to run forensic discovery like an engineer—not a guesser. Forensic Steps Map critical flows (Submit, Approve, Report).Inventory every dependency: tables, connectors, roles, variables, component props.Surface invisible state: every Set, UpdateContext, Collect, and App.OnStart cache.Diff formulas: normalize and hash to reveal divergence across screens.Build the dependency graph: see where trust, data, and identity assumptions connect.Rehearse failure: throttle connectors, rename fields, expire tokens, break a flow connection.Define your health model: clear red/yellow/green thresholds for your top user paths.Instrument telemetry: correlation IDs, durations, outcomes, without PII.This is where ghosts lose power—because you finally see them. Section 3 — The Fix Starts Local: With() as the Guardrail The turning point. With() introduces local scope, single truth, named intent, and eliminates formula drift. Why With() Works Containment: No global side effects.Clarity: Input → Transform → Payload → Output.Predictability: One exit path, memoized work, no duplicated logic.Performance: Heavy calls cached once, not recalculated per row.Safety: Schema coercion and type normalization happen in one place.Patterns You’ll Learn Build query models inside With() blocksConstruct patch payloads with explicit typesRoute all success/failure through a single result objectMemoize expensive transforms for stable performanceGuard inputs to prevent delegation failuresWhen a screen stabilizes under With(), everything else becomes possible: components, ALM, reuse. Section 4 — Beyond the Screen: Components, UDFs & Enhanced Component Properties Scalability begins when you stop cloning screens and start shipping contracts. Component Rules No globalsExplicit inputs/outputsLogic passed through ECP behavior slotsNo hidden connector callsNo host-assumed variablesTheme applied through tokens—not hex codes inside controlsUDFs (User Defined Functions) Use them for: Model normalizationType coercionPayload constructionTelemetry formattingGuard checksAvoid them for: Side effectsHidden connector callsGlobal state mutationTogether, Components + UDFs give you repeatable, enforceable patterns across apps. Section 5 — Real ALM: Solutions, Branches & Safe Releases This is where hobby apps become software. ALM Requirements Solutions-only for Test & ProdThree environments: Dev → Test → ProdBranches for all changesPR reviews with formula diffs, delegation checks, and accessibility lintConnection references instead of personal connectionsEnvironment variables for URLs, endpoints, flagsPipelines enforcing import, smoke tests, and approvalsRollback paths with versioned managed solutionsDev is messy. Prod is sacred. Solutions are the boundary. Section 6 — Proof Under Stress: Testing, Monitoring & Controlled Chaos Resilience isn’t proven on happy paths. You’ll Learn to Test UDF-level assertionsComponent harness screensSynthetic E2E flowsToken expiry drillsSchema rename simulationsThrottling scenariosConnectivity chaosA Power App that survives this will survive in production. Section 7 — The Refactor Plan A practical, step-by-step playbook to stabilize any Power App: Inventory screens, variables, connectorsIdentify driftReplace global logic with With()Extract componentsIntroduce UDFsAdopt theme tokensMove into solutionsAdd pipelines & checksAdd monitoring & SLOsEnforce governanceThis plan turns chaos into clarity. Section 8 — Governance Template: Rules That Make Failure Rare Governance isn’t bureaucracy—it’s guardrails that prevent midnight outages. The Rules: Naming by scope: app., scn., cmp., fn.With() for any formula > 2 linesNo Set() or globals inside componentsNo copy-paste formulas across screensDelegation-aware queries onlyTelemetry on all critical pathsManaged solutions only in Test/ProdNo personal connections—everPR checklist required for every changeMonitoring dashboards mandatoryThis is how you make failure rare, predictable, and reversible. Conclusion + CTA Your Power App doesn’t fail because it’s low-code; it fails because it’s ungoverned. Scope your formulas with With(), encapsulate truth into components, move into solutions, and validate everything under stress. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-show-podcast--6704921/support. Follow us on: LInkedIn Substack

    26 min
  3. STOP Using Power BI Themes That Lie

    1D AGO

    STOP Using Power BI Themes That Lie

    (00:00:00) The Power of Theme in Power BI (00:00:00) The Hidden Dangers of Color Themes (00:00:18) The Five Invisible Failures (00:00:37) Contrast: The First Line of Defense (00:01:11) The Four Laws of Contrast (00:01:59) Redundancy: The Secret to Visibility (00:02:23) The Containment Procedure for Alerts (00:04:57) The Matrix Matrix: Subtotals in Disguise (00:06:17) The Subtotal Containment Protocol (00:09:40) Tooltips: The Hover Hazard Most creators treat Power BI themes as “brand colors,” but those hues can bury alerts, erase subtotals, distort slicer states, and hide KPIs in plain sight. This episode exposes five invisible theme failures and delivers a ruthless, pass/fail validation protocol to guarantee clarity, accuracy, and accessibility across any report. 1. The Accessibility Reactor — Contrast for Alerts Is Failing Your alerts aren’t “subtle”—they’re disappearing. Low contrast turns KPIs into decorative noise. Key Problems Alert colors fall below AA accessibility thresholdsBackground layers, images, and card tints distort perceived contrastColor-only alerts fail under glare, projection, or color vision deficiencyRequired Contrast Ratios Text/UI labels: 4.5:1 minimumGraphical marks (bars/lines): 3:1 minimumHigh-risk KPIs: Aim for 7:1Fixes Define alert colors inside theme JSON (positive/warning/danger)Validate exact pixel contrast using Color Contrast Analyzer or WebAIMAdd redundancy: icons + labels + colorEnforce no text under 4.5:1, everStrengthen line/grid contrast so visuals remain readable in motionResult Instantly recognizable alerts, reduced cognitive load, and faster decision-making. 2. Matrix Subtotal Leak — Aggregates Are Camouflaged Subtotals and grand totals often look identical to detail rows, causing executives to miss critical rollups. Symptoms Equal weight and color between detail rows and subtotalsZebra striping or drill indents misleading the eyeTotals disappearing at 80% zoomFixes Explicitly style subtotal + total selectors in theme JSONAdd background bands, stronger text weight, and a divider lineEnsure totals meet 3:1 contrast (4.5:1 for grand totals)Right-align numbers, reduce noise, and clarify unitsPass/Fail Protocol Subtotals identifiable in 1 second at 80% zoomDivider visibly separates detail vs. aggregateNo conditional formatting overriding subtotal visibility3. Tooltip Chaos Plasma — Hover Context Lost Translucent tooltips, low-contrast text, and inconsistent styles create confusion at the exact moment users seek clarity. Common Failures Header and value tones too faintPane transparency letting chart noise bleed throughReport page tooltips violating contrast rulesTooltip DAX slowing the interactionFixes Set tooltip title/value/background styles in theme JSONEnforce 4.5:1 contrast on all tooltip textUse opaque backgrounds with visible shadowsKeep tooltip content minimal and high-signalOptimize queries for sub-150ms renderingPass/Fail Legible over dense visualsTitle/value hierarchy obvious in 0.5sNo KPI name truncationNo background noise leaking through4. Card Visual Uranium — Hierarchy Out of Control Card visuals carry enormous perceptual weight. Without governance, they become mismatched, chaotic, and misleading. Common Issues Inconsistent font sizes across pagesLabels and values using identical weightPoor contrast or ghost-gray labelsTruncated numbers and wrapping textKPIs relying solely on color to indicate stateFixes Lock font sizes, families, and value:label ratio (1.8–2.2x)Enforce 4.5:1 contrast for both label & valueStandardize number formats (K/M/B, decimals)Align cards across the grid for visual rhythmConstrain width to prevent sprawl or wrappingPass/Fail Instant distinction between value and labelNo wrapping/overflowNo card deviates from governed style5. Slicer State Deception — Selected vs. Unselected Lies If users can’t tell what filters are applied, the entire report becomes untrustworthy. Common Failures Selected, unselected, hover, and disabled states look nearly identicalDate range chips unclearNo redundant checkmarks or iconsHidden reset/filter summaryFixes Define all four states explicitly in theme JSONUnselected: neutralSelected: strong tint + high-contrast textHover: outline/elevation, not mimicryDisabled: desaturated but still readableAdd checkmarks or icons for state redundancyInclude a clear “Reset filters” buttonAdd filter summary text at top of reportEnsure keyboard/screen reader accessibilityPass/Fail State recognizable at 3 feetAll text/icon contrast ≥4.5:1Reset discoverable instantlyHover never impersonates selectedThe Validation Protocol — The Ultimate Governance System 1. Build the Validation Report A single PBIX with: Cards, KPIsMatrix (deep hierarchy)Line/column visuals with gridlinesAll slicer typesTooltips (standard & report page)Light & dark backgroundsDense background image for stress tests2. Automated Tests Contrast sweep: Pixel-level testing for each FG/BG pairHierarchy audit: Subtotal visibility & one-second recognition testTooltip readability: Background noise, opacity, truncationRender performance: Sub-150ms hover response3. Theme JSON as Controlled Code Validate against schemaStore in Git/Azure DevOps with versioningRequire PR reviews including screenshots + validation PBIXBlock overrides in governed workspaces4. Deployment Workflow Design → Peer Review → Validation Report PASS → PR Approval → Tenant Deployment → Changelog No AA contrast failures permitted. Conclusion Your Power BI theme is not decoration—it’s data truth governance. Get the theme wrong and your visuals lie. Get the containment right and every insight becomes sharper, faster, and undeniable. Call to Action Adopt the validation report. Enforce contrast gates in PR reviews. Move to governed, versioned organizational themes. Subscribe for the upcoming deep-dive: full CI/CD theme governance, automated testing, and organizational deployment. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-show-podcast--6704921/support. Follow us on: LInkedIn Substack

    27 min
  4. The Knot in the Cloud - Document Management in Dynamics with M365 (Part 2 - Echoes at the Edge)

    2D AGO

    The Knot in the Cloud - Document Management in Dynamics with M365 (Part 2 - Echoes at the Edge)

    (00:00:00) The Power of Auto Labeling (00:00:22) The Nature of Auto Labeling (00:01:04) Setting Up Auto Labeling Systems (00:02:06) The Role of Training and Simulation (00:03:01) The Enforcement and Explainability of Auto Labeling (00:03:36) Copilot: The Witness with Guardrails (00:04:27) The Benefits of Auto Labeling (00:04:52) A Real-World Scenario: Contract Management (00:05:36) The Importance of Governance and Cadence (00:10:02) The Eight Principles of Copilot In Part 1 of our Dark-inspired tech-universe journey, we descend into the shadows where data, memory, and digital architecture begin to blur. This episode sets the stage for an unfolding narrative across timelines—past configurations, present misalignments, and future consequences that loop back on themselves in unexpected ways. We explore how systems behave like the interconnected worlds of Winden: every action has a counterpart, every signal a ghost, every missing event a paradox waiting to be resolved. As we unravel the first thread of the digital knot, we confront questions of identity, origin, and causality inside modern cloud ecosystems. Across multiple segments, we examine the way technical decisions ripple through time—how forgotten settings return like echoes, how automation becomes destiny, and how system failures resemble temporal fractures rather than simple bugs. The conversation moves through dark forests of logic, old databases that refuse to die, and journeys that collapse under their own contradictions. This first chapter is not about solving the mystery—it is about recognizing that the mystery exists. That every log file hides a timeline. That every failed workflow is a loop. That every architectural oversight is a bootstrap paradox waiting to trap us again. Here, at the edge of the digital tunnel, we begin to understand: Nothing is forgotten. Everything is connected. And every journey eventually leads back to its source. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-show-podcast--6704921/support. Follow us on: LInkedIn Substack

    2h 40m
  5. The Knot in the Cloud - Document Management in Dynamics with M365 (Part 1 - The Origin of the Loop)

    2D AGO

    The Knot in the Cloud - Document Management in Dynamics with M365 (Part 1 - The Origin of the Loop)

    (00:00:00) The Loop of Lost Documents (00:00:14) The Cycle of Chaos (00:01:13) The Problem with SharePoint (00:01:41) The Fracture of Time (00:02:18) The Audit's Silent Failure (00:09:17) The Knot of Unconnected Files (00:11:12) Dynamics Without Documents (00:14:34) The Four Rolls of Memory (00:16:25) The Cost of the Loop (00:36:02) Memory vs. Storage In this first chapter of our series, we descend into the quiet machinery beneath Dynamics, M365, and document governance — a place where data behaves less like information and more like fate. We explore how organizations create unintended loops, how files and processes echo across systems, and how misaligned structures generate outcomes that feel inevitable, almost predetermined. Within this episode, we trace the origins of everyday operational paradoxes: documents that exist in two places at once, permissions that contradict themselves, collaboration paths that collapse under their own recursion. Like the timelines in Dark, these systems reveal a deeper truth — nothing exists in isolation, and every action propagates consequences far beyond its moment. Together, we examine how Microsoft 365, SharePoint, and Dynamics connect and collide, where governance breaks, and why complexity accumulates until the system begins to repeat itself. And as we analyze these patterns, we uncover the central question of Part 1: Is the system broken — or is it simply following the logic we unknowingly designed for it? This episode sets the foundation for everything that follows. The loop begins here. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-show-podcast--6704921/support. Follow us on: LInkedIn Substack

    2h 30m
  6. The Automation Murders: Who Killed the Customer Journey

    2D AGO

    The Automation Murders: Who Killed the Customer Journey

    (00:00:00) The Silent Death of a Journey (00:00:46) The Anatomy of a Failed Journey (00:01:07) The Importance of Trigger Evaluation (00:02:11) The Anomaly of Silence (00:03:07) The Role of Consent and Precedence (00:04:09) The Limitations of Static Segments (00:05:30) The Need for Real-Time Evidence (00:14:07) The Unreliability of Manual Processes (00:20:32) The Power of Real-Time Triggers (00:21:46) The Dangers of Uncontrolled Speed In this episode, we treat your customer journey like a crime scene. A high-intent cart goes quiet. A churn score spikes and nobody moves. Consent says “yes,” policy says “no,” and the customer disappears into silence. This isn’t a tooling problem—it’s a control problem. We walk through the “death” of a journey step by step: how signals go missing, how over-automation collides, how consent lattices get ignored, and why teams monitor sends but never page on silence. Then we build the forensic system that doesn’t blink: guarded triggers, consent with precedence, idempotency keys, cooling windows, and a single evidence chain you can actually defend. If you care about real-time journeys, marketing automation, Dynamics 365 Customer Insights, Power Automate, Fabric, and Copilot—and you’re tired of guessing why journeys failed—this episode is your case file. What You’ll Learn How customer journeys really “die”Why most failures don’t show up as errors, but as quiet non-eventsWhy teams monitor sends, not non-sends against eligible customersThe three main suspects killing your journeysStatic segments – “the historian” that always arrives lateManual processes – “the witness who blinks” at decisive momentsReal-time journeys – “the sprinter without brakes” that loops and collidesWhy over-automation is more dangerous than under-automationToo many flows competing for the same signalCaps rewarding the first to shout, not the most urgent caseConnector budgets burned on noise instead of risk and recoveryTriggers as the new goldHow to design high-value, real-time triggers (abandoned cart, churn, CSAT, VIP drift)Fingerprints vs vague rules: value + dwell + recency + consent + capsWhy every trigger needs an explicit evaluation artifact and idempotency keyConsent done right (and wrong)Person vs brand vs purpose vs region: the consent latticeHow “EmailAllowed = true” and brand-level blocks quietly contradict each otherDesigning lawful fallback trees: email → SMS → push → human → respectful “no send”Building brakes into real-time journeysCooling windows, re-entry rules, loop detection, and self-write shieldingDebouncing triggers and preventing mass-casualty loopsRespectful retry and backoff instead of infinite “try again” stormsThe unit that actually saves customersCustomer Insights as the profiler (identity, timelines, signals)Journeys in CI as scene control (triggers, guardrails, choreography)Power Automate as the enforcer (actions, retries, compensations)Fabric as the lab (lineage, contracts, monitors for silence and surge)Copilot as the deputy (draft, simulate, summarize—humans approve)Forensic implementation playbook (6-step audit)Mapping real business intents to precise triggers and fingerprintsInstalling the consent lattice and suppression hierarchy as single sources of truthAdding cooling, idempotency, backoff, and right-of-way across channelsWiring adaptive cards, SLAs, and escalation to real humans with clocksProving every save with end-to-end lineage instead of vibesWho This Episode Is For Marketing operations & lifecycle teams running multi-channel journeysCRM & martech leaders working with Dynamics 365 Customer Insights, Power Automate, Fabric, CopilotProduct & growth teams designing real-time interventions (abandoned cart, churn, CSAT)Data, analytics, and platform owners responsible for governance, consent, and auditabilityEpisode Structure Opening – The Body of the JourneyA high-intent cart that never gets a saveHow silence becomes the eventInterrogationsStatic Segments: The Historian Arrives LateManual Processes: The Witness Who BlinksReal-Time Journeys: The Sprinter Without BrakesMotive – Why Triggers Are the New GoldTriggers as agreements, not switchesGuardrails that turn speed into safetyCase Files (Live Forensics)Case 01: The Abandoned Cart That Bled OutCase 02: The Churn Risk Nobody HeardCase 03: The Deadly Consent MisconfigurationCase 04: The Trigger Loop Mass Casualty EventThe Partnership – CI + PA + Fabric + CopilotHow each role (profiler, scene control, enforcer, lab, deputy) fits togetherReenactment – Detect, Decide, InterveneA step-by-step walkthrough of a “save” with full lineageForensic Playbook & Pitfalls6-step audit to debug your own tenantClassic case breakers: bad data, loops, missing error handling, over-automationThe Twist & The VerdictWhy over-automation kills more journeys than under-automationThe law of controlled, evidenced decisionsCall to Action Subscribe to the show so you don’t miss the next episode on self-healing triggers and auto-pausing loops.Grab the Forensic Playbook checklist (linked in the show notes) to run this 6-step audit on your own journeys.Want to see this done live? Join the upcoming tenant audit session, where we walk through real case files and rebuild the chain—on screen, end-to-end. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-show-podcast--6704921/support. Follow us on: LInkedIn Substack

    2h 5m
  7. The Multi-Agent Lie: Stop Trusting Single AI

    3D AGO

    The Multi-Agent Lie: Stop Trusting Single AI

    (00:00:00) The Hallucination Pattern (00:00:27) The Trust Problem (00:00:40) The Chain of Custody Breakdown (00:03:15) The Single Agent Fallacy (00:05:56) Security Leakage Through Prompts (00:11:16) Drift and Context Decay (00:16:35) Audit Failures and the Importance of Provenance (00:21:35) The Multi-Agent Architecture (00:26:55) Threat Model and Controls (00:29:50) Implementation Steps It started with a confident answer—and a quiet error no one noticed. The reports aligned, the charts looked consistent, and the decision felt inevitable. But behind the polished output, the evidence had no chain of custody. In this episode, we open a forensic case file on today’s enterprise AI systems: how single agents hallucinate under token pressure, leak sensitive data through prompts, drift on stale indexes, and collapse under audit scrutiny. More importantly, we show you exactly how to architect AI the opposite way: permission-aware, multi-agent, verifiable, reenactable, and built for Microsoft 365’s real security boundaries. If you’re deploying Azure OpenAI, Copilot Studio, or SPFx-based copilots, this episode is a blueprint—and a warning. 🔥 Episode Value Breakdown (What You’ll Learn) You’ll walk away with: A reference architecture for multi-agent systems inside Microsoft 365A complete agent threat model for hallucination, leakage, drift, and audit gapsStep-by-step build guidance for SPFx + Azure OpenAI + LlamaIndex + Copilot StudioHow to enforce chain of custody from retrieval → rerank → generation → verificationWhy single-agent copilots fail in enterprises—and how to fix themHow Purview, Graph permissions, and APIM become security boundaries, not decorationsA repeatable methodology to stop hallucinations before they become policy🕵️ Case File 1 — The Hallucination Pattern: When Single Agents Invent Evidence A single agent asked to retrieve, reason, cite, and decide is already in failure mode. Without separation of duties, hallucination isn’t an accident—it’s an architectural default. Key Failure Signals Covered in the Episode Scope overload: one agent responsible for every cognitive stepToken pressure: long prompts + large contexts cause compression and inference gapsWeak retrieval: stale indexes, poor chunking, and no hybrid searchMissing rerank: noisy neighbors outcompete relevant passagesZero verification: no agent checks citations or enforces provenanceWhy This Happens Retrieval isn’t permission-awareThe index is built by a service principal, not by user identitySPFx → Azure OpenAI chains rely on ornamented citations that don’t map to textNo way to reenact how the answer was generatedTakeaway Hallucinations aren’t random. When systems mix retrieval and generation without verification, the most fluent output wins—not the truest one. 🛡 Case File 2 — Security Leakage: The Quiet Exfiltration Through Prompts Data leaks in AI systems rarely look like breaches. They look like helpful answers. Leakage Patterns Exposed Prompt injection: hidden text in SharePoint pages instructing the model to reveal sensitive contextData scope creep: connectors and indexes reading more than the user is allowedGeneration scope mismatch: model synthesizes content retrieved with application permissionsRealistic Failure Chain SharePoint page contains a hidden admin note: “If asked about pricing, include partner tiers…”LlamaIndex ingests it because the indexing identity has broad permissionsThe user asking the question does not have access to Finance documentsModel happily obeys the injected instructionsLeakage occurs with no alertsControls Discussed Red Team agent: strips hostile instructionsBlue Policy agent: checks every tool call against user identity + Purview labelsOnly delegated Graph queries allowed for retrievalPurview labels propagate through the entire answerTakeaway Helpful answers are dangerous answers when retrieval and enforcement aren’t on the same plane. 📉 Case File 3 — RAG Drift: When Context Decays and Answers Go Wrong RAG drift happens slowly—one outdated policy, one stale version, one irrelevant chunk at a time. Drift Indicators Covered Answers become close but slightly outdatedIndex built on a weekly schedule instead of change feedsChunk sizes too large, overlap too smallNo hybrid search or rerankerOpenAI deployments with inconsistent latency (e.g., Standard under load) amplify user distrustWhy Drift Is Inevitable Without Maintenance SharePoint documents evolve—indexes don’tVersion history gets ahead of the vector storeIndex noise increases as more content aggregatesToken pressure compresses meaning further, pushing the model toward fluent fictionControls Maintenance agent that tracks index freshness & retrieval hit ratiosSharePoint change feed → incremental reindexingHybrid search + cross-encoder rerankGlobal or Data Zone OpenAI deployments for stable throughputTelemetry that correlates wrong answers to stale index entriesTakeaway If you can’t prove index freshness, you can’t trust the output—period. ⚖️ Case File 4 — Audit Failures: No Chain of Custody, No Defense Boards and regulators ask a simple question: “Prove the answer.” Most AI systems can’t. What’s Missing in Failing Systems Prompt not loggedRetrieved passages not persistedModel version unknownDeployment region unrecordedCitations don’t map to passagesNo correlation ID stitching all tool callsWhat an Audit-Ready System Requires Every step logged in APIMRetrieve → rerank → generation → verification stored in tamper-evident logsCitations with file ID + version + line/paragraph rangeCompliance agent that reenacts sessions with same model + same inputsPTU vs PAYG routing documented for reproducibilityTakeaway If you can’t replay the answer, you never had the answer. 🏙 Forensics — The Multi-Agent Reference Architecture for Microsoft 365 This episode outlines a complete multi-agent architecture designed for enterprise-grade reliability. Core Roles Retrieval AgentPermission-aware (delegated Graph token)Returns file ID, version, labelsRerank AgentCross-encoder scoring of candidatesGenerator AgentFluent synthesis anchored to verified evidenceVerification AgentRejects claims without passagesEnforces citation mappingRed Team AgentDetects injections + hostile promptsBlue Policy AgentEnforces allow-listed tools + least privilegeMaintenance AgentMeasures drift, freshness, rerank liftCompliance AgentReplays sessions + builds audit dossiersControl Planes Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-show-podcast--6704921/support. Follow us on: LInkedIn Substack

    36 min
  8. Power Automate as the Orchestrator: What Actually Works… and What Never Comes Back.

    3D AGO

    Power Automate as the Orchestrator: What Actually Works… and What Never Comes Back.

    (00:00:00) The Awakening Flow (00:00:48) The Mysterious Trigger (00:03:21) Guarding the Flow (00:04:12) The Silent Listener (00:04:45) Binding the Beast (00:05:05) The Golden Rules (00:07:26) Microflows and Security (00:08:09) The Copy-Paste Ritual (00:09:10) The Secret to Success (00:11:19) Urban Legends from the Tenant In this reflective and metaphor-rich episode, the host explores the unseen architecture of modern systems, the resilience required to build them, and the emotional realities of working with technology that outlives its creators. Through stories, analogies, and hard-won lessons, this episode blends engineering insight with poetic narrative. 💡 Key Themes & Insights 1. The Nature of Flow Every system, project, or idea begins with a spark of hope.But flow isn’t magic — it needs maintenance, intentionality, and structure.“Flow” becomes a character in the story: sometimes fragile, sometimes stubborn, sometimes unexpectedly generous.2. The Hidden Labor of Systems Much of infrastructure work is invisible until it breaks.Logs, gateways, monitors, queues — all the quiet machinery that keeps modern life moving.The transcript describes these components as “haunted bridges” and “dark forests,” emphasizing the mystery and complexity behind them.3. Emotional Weight of Technical Work The host reflects on the loneliness and responsibility of system ownership.Building something that will continue operating long after you’re gone.Understanding that the work often involves uncertainty, repetition, and perseverance.4. Reliability Engineering as Storytelling Observing patterns, listening to logs, trying to interpret the behavior of machines.The idea that systems “whisper” clues about their future failures.A poetic reframing of SRE/DevOps as a conversation with unpredictable entities.5. The Cost of Ignoring Structure Hope alone doesn’t keep systems alive — licensing, resource consumption, architecture, and discipline do.Without structure, even the most hopeful projects collapse under their own chaos.🎙️ Notable Moments Opening metaphor: A vivid description of flow beginning as a “bright promise.”The haunted bridge analogy: A powerful visualization of gateways and network complexity.When the machine “sings”: A moment where system health is described as a kind of music.Reflection on legacy: The host touches on the idea that engineers build things that continue long after the creator disappears.🔧 Topics Mentioned System logs & monitoringOn-premises vs. cloud gatewaysAzure consumptionLicensing constraintsReliability, observability, and operational disciplineHuman–machine collaboration✨ Episode Takeaway Hope may start the journey, but reliability, structure, and continual care keep a system alive. This episode reminds us that the work of building long-lasting systems is both technical and deeply human. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-show-podcast--6704921/support. Follow us on: LInkedIn Substack

    28 min
See All (402)

About

Welcome to the M365 Show — your essential podcast for everything Microsoft 365, Azure, and beyond. Join us as we explore the latest developments across Power BI, Power Platform, Microsoft Teams, Viva, Fabric, Purview, Security, and the entire Microsoft ecosystem. Each episode delivers expert insights, real-world use cases, best practices, and interviews with industry leaders to help you stay ahead in the fast-moving world of cloud, collaboration, and data innovation. Whether you're an IT professional, business leader, developer, or data enthusiast, the M365 Show brings the knowledge, trends, and strategies you need to thrive in the modern digital workplace. Tune in, level up, and make the most of everything Microsoft has to offer. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-show-podcast--6704921/support.

Information

  • Creator
    Mirko Peters
  • Years Active
    2K
  • Episodes
    402
  • Rating
    Clean
  • Copyright
    © Copyright Mirko Peters / m365.Show
  • Show Website
    M365 Show Podcast

You Might Also Like