M365 Show Podcast

Mirko Peters
  • 5,0 (1)
  • ACTUALITÉS TECHNOLOGIQUES
  • TOUS LES JOURS

Welcome to the M365 Show — your essential podcast for everything Microsoft 365, Azure, and beyond. Join us as we explore the latest developments across Power BI, Power Platform, Microsoft Teams, Viva, Fabric, Purview, Security, and the entire Microsoft ecosystem. Each episode delivers expert insights, real-world use cases, best practices, and interviews with industry leaders to help you stay ahead in the fast-moving world of cloud, collaboration, and data innovation. Whether you're an IT professional, business leader, developer, or data enthusiast, the M365 Show brings the knowledge, trends, and strategies you need to thrive in the modern digital workplace. Tune in, level up, and make the most of everything Microsoft has to offer. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-show-podcast--6704921/support.

  1. Planning, Collaboration, Tooling: Building Multi-Agent Systems with Azure Foundry + Semantic Kernel

    -9 H

    Planning, Collaboration, Tooling: Building Multi-Agent Systems with Azure Foundry + Semantic Kernel

    You already know the meme: chatbots talk, agents act, multi-agent systems actually get stuff done. If you’ve ever begged a bot to fix Intune and got a poem instead, this one’s for you. In this episode, we go full Netflix hands-on: you watch, you snack, I poke the dangerous Service Principal things so nobody nukes prod. We build a mini self-healing, governed multi-agent system using Azure AI Foundry + Semantic Kernel, wired into real enterprise surfaces: IntuneEntra IDMicrosoft GraphAzure AutomationLog AnalyticsWe run one-agent vs multi-agent head-to-head on a real workflow: 12 minutes vs 3 minutes time-to-fix — with only my subscription credit on the line. You’ll see why one agent stalls while teams fly, and how to ship this pattern safely in your own tenant. 🔥 What You’ll Learn 1. Why a Single Agent Isn’t Enough in the Enterprise We start by tearing apart the “one giant agent” fantasy: Single agents are like gas-station Swiss Army knives: technically they have tools, practically they bend on the first real job.You stuff planning, reasoning, execution, approvals, and reporting into one prompt → context explodes, latency spikes, hallucinations creep in.One agent trying to:Plan a changeCall Graph and IntuneWrite remediation scriptsRequest approvalsVerify resultsDocument everything…is basically a help desk, change board, and postmortem crammed into one very tired intern. We break down what actually goes wrong: Context windows flooded with logs, policies, and MDM miscellanyImportant details get truncated or inventedToken usage and costs balloon“Fix” attempts that quietly break other things (like deleting the resource instead of rotating a secret 😬)Then we introduce the fix: Multi-agent = roles + boundaries + parallelism Planner focuses on intent & constraintsOperator focuses on tools & executionReviewer focuses on guardrails & approvalsEach agent gets a tight instruction set, minimal memory, and a focused toolset, passing around small structured messages, not a 50-page policy doc. 2. Multi-Agent Systems 101 (No Hype, Just The Pattern) We map out a clear, shippable mental model: think digital team, not one big brain. Roles: Planner — understands the goal, constraints, environment; outputs a stepwise plan with tool callsOperator — executes the plan via tools: Graph, Azure Automation, Functions, Logic Apps, etc.Reviewer — checks groundedness, scope, compliance, and safety before risky changesMessenger/Concierge — interacts with humans: approvals, status updates, and audit summariesCore concepts: Tools = handsREST APIs (Graph, internal services)Azure Automation runbooks (device scripts, remediation)Azure Functions & Logic Apps (glue & approvals)RAG via Azure AI Search (curated knowledge, not random web junk)Memory = budget, not magicMinimize per-agent contextUse external state (Search, state store, thread metadata)Only pass what’s needed for the next decisionPlanning vs ExecutionPlanner decomposes → Operator calls tools → Reviewer checks → Messenger tells humansThis is where Semantic Kernel shines: planners, skills, function catalogs, retries, cancellationSafety by designManaged Identities per agentRBAC split into read vs managePIM for destructive operationsTool calls logged to Log AnalyticsContent Safety + prompt shields to block jailbreaks & indirect injection3. How Azure AI Foundry Powers Multi-Agent Workflows We then show how Azure AI Foundry becomes the control room: You’ll see how to define agents with: Instructions — short, role-specific promptsDeployments — different models per role (GPT-4-class for planning, SLMs for extraction)Knowledge — Azure AI Search indexes, uploaded docs, optional web groundingActions — OpenAPI tools, Graph, Logic Apps, Functions, Azure Automation, Code InterpreterConnected agents — yes, one agent can call another like a toolWhy this matters: Foundry handles threads, safety, tracing, and evaluationsSemantic Kernel orchestrates the planner → operator → reviewer loop in codeYou keep prompts short and put power in tools with strict schemasModel strategy: Reasoning models for planning and complex decisionsSmall models (SLMs) for extraction, classification, parameter shapingMix serverless endpoints and managed compute depending on cost & residency needsSafety & observability: Content Safety on inputs and outputsPrompt shields against jailbreak and indirect injectionFull tracing of tool calls (who, what, where, how long)Application Insights + Log Analytics for performance & auditBuilt-in evaluation flows for groundedness, relevance, and fluency Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-show-podcast--6704921/support. Follow us on: LInkedIn Substack

    25 min
  2. Your Endpoints Are Lying to You: Why Intune Alone Isn’t Enough

    -21 H

    Your Endpoints Are Lying to You: Why Intune Alone Isn’t Enough

    Watcher, heed this record. Most teams believe Intune is “handled”—until they try to run it across tens of thousands of laptops, phones, kiosks, and shared devices. Then the logs fill with noise, drift creeps in, and humans become the bottleneck. In this episode, we show you how to treat Intune as the control plane and Azure as the engine—binding Managed Identities, Automation, Functions, and Microsoft Graph into a self-healing device estate that repairs itself before dawn. By the end, you’ll know how to: Use Intune for declarative policy, not manual cleanupLet Azure Automation & Functions close the loops humans forgetBuild keyless, least-privilege control with Managed IdentitiesTurn Graph + Log Analytics into a single source of truth for posture, drift, and MTTRDesign a device platform that corrects, cleans, and reconciles itself at scale🔥 Part I — Why Intune Alone Doesn’t Scale We start with the uncomfortable truth: Intune is necessary, but not sufficient. You’ll hear the seven wounds that appear when Intune is left to carry everything: Manual Process HellExports, blade-clicking, chasing single devicesWorks at 100 endpoints; collapses at 10,000MTTR grows; humans become the queueConfiguration DriftSame policy, different actual statesDeferred reboots, half-applied scripts, missed check-insNo automatic reconciliation = drift piles upOverpowered HumansGlobal Admin summoned “just this once”Broad roles, shared secrets, one-off fixes that never dieLeast privilege becomes theory, not practiceConditional Access ChaosSprawling policies, cryptic names, inconsistent user promptsNo single ledger tying access failures to device posture & policy evaluationScattered OwnershipCerts, scripts, patching, onboarding all owned by different teamsNo one owns the end-to-end flow from enroll → secure → retireNever-Cleaned Device GraveyardsStale, lost, and loaner devices still reported as “active” or “compliant”Metrics lie, policies target corpsesPatching Without OrchestrationRings exist, but no workflow logic:Patch only when Defender is healthyOnly reboot in real maintenance windowsEscalate when a device ignores multiple summonsWe reframe the core idea: Intune declares. Azure enforces. Intune shouldn’t remember, reconcile, and repair without Azure at its side. 🧩 Part II — What Happens When You Combine Intune with Azure Then we show what changes when you let Azure carry the heavy execution: Azure Automation — The Clock That Never Forgets Nightly jobs to:Sweep stale devices and disable/retire themRenew certificates before expiryCheck for configuration drift and trigger remediationAdds nuance Intune alone can’t: time zones, retry logic, health checks, grace periodsManaged Identities — Keyless, Least-Privilege Hands No more secrets in scripts or pipelinesSystem-Assigned Managed Identities on Automation / FunctionsNarrow Graph permissions:Device.Read.All for inventoryDeviceManagementConfiguration.Read.All for policy viewMinimal write scopes for specific actionsIdentity dies with the workload; power is explicit and auditableEntra ID Governance — Least Privilege as Law Role separation: device managers, policy authors, security readers, break-glassPIM for just-in-time elevation, approvals, and auto-expiryConditional Access that actually respects device posture & risk signalsAzure Functions — The Nerves That React in Seconds Event-driven responses to:Device enrollmentCompliance state changesWebhooks & alertsExamples:Tag devices on enrollment and push them into the right dynamic groupsQuarantine non-compliant devices via group-based Conditional AccessLog every decision into Log AnalyticsMicrosoft Graph & Log Analytics — The Road & The Ledger Graph as the single API to devices, users, groups, and policiesLog Analytics as the ledger of record:Drift variance by policyMTTR by device typeCleanup rates for stale devicesKQL turns hunches into charts instead of arguments📜 Part III — Real Enterprise Scenarios (With Numbers) We walk through three real-world patterns: 1. The Device Graveyard Cleanup Nightly Runbook under Managed Identity:Find devices unseen for 60 daysExclude tagged loaners/lab/break-glassDisable, notify owners, log to Log AnalyticsResults:~9% cleanup in week one~42% reduction in stale devices by day 30Conditional Access stops treating ghosts as compliant2. Zero-Touch Onboarding That Actually Works Enrollment event triggers Function:Read hardware & purchasing detailsStamp tags: region, role, security baselineAuto-add device to dynamic groups & policy setsAutomation jobs follow up with cert checks & early health checksResults:Onboarding time cut from 9 business days → ~90 minutes60%+ drop in “new device not ready” tickets Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-show-podcast--6704921/support. Follow us on: LInkedIn Substack

    29 min
  3. The Backup Operator from Hell: Why Your Azure Backups Aren’t as Safe as You Think

    -1 J

    The Backup Operator from Hell: Why Your Azure Backups Aren’t as Safe as You Think

    Administrator… do you hear that? The silence is lying to you. Your Azure backups look healthy. Vaults are green. Jobs say Completed. No alerts. No smoke. But one overpowered identity, one leaked token, or one panicked admin can quietly erase every recovery point you’re betting the company on. In this episode, we dissect what really happens when Azure Backup runs on defaults—and how the “Backup Operator from Hell” (rogue admin, stolen automation, careless consultant, or insider threat) can destroy your recovery story in a handful of clicks. You’ll watch: Soft delete fail to comfort youThe purge attemptThe “undead” backup returnThe vault that even you can’t override once it’s lockedThen you’ll get the cure: vault protections, clean identity lines, and monitoring that never sleeps. One rule to remember in the dark: if one person can kill your backups, you don’t have backups. 🔥 What You’ll Learn 1. Backups: The Most Dangerous False Sense of Security We start by breaking the comfortable lie: Why “all green” backup blades are not proof of safetyHow “Completed” jobs hide over-scoped roles, trimmed retention, and silent policy changesThe real villain: the Backup Operator from HellLong-lived Owner at subscription scopeStolen service principal/token from CI/CDOverpowered automation accountsConsultants and temp admins who left fingerprints but no documentationYou’ll see how one identity can: Delete backup itemsSlash retention down so time quietly erases historyDisable protection so new points stop formingPurge soft-deleted recovery points if the vault isn’t lockedBackups don’t fail when you configure them. They fail when you need them—and discover what your IAM and defaults actually allowed. 2. Why Azure Backup Is Not Secure by Default Azure feels “official” and safe. But Azure Backup is only as hardened as you make it. We unpack three big myths: “Backups are immutable by default.” Reality: Immutability is a configuration, not a word. You need:Soft delete for forced delayMulti-User Authorization (MUA) so one human can’t pull all the leversVault Lock so even Owners can’t weaken protection later“Only backup admins can delete backups.” Reality:Contributor can delete backup itemsOwner can purge soft-deleted pointsMis-scoped roles and DataActions can lower retention so backups “die of natural causes”“More subscriptions = more safety.” Reality:If the same identities span them, you just gave one key to more doorsManagement group assignments and wide service principals become cross-subscription attack pathsYou’ll leave with a clear picture of what secure actually looks like: Soft delete on every vaultMUA on destructive actionsVault lock after you’ve tested restoreIAM that prevents any single identity from destroying recovery3. The Common Attack Paths That Kill Backups We map the creature’s favorite routes: Compromised automation (Terraform / pipelines / DevOps)Service principals with Contributor on vaults “for convenience”“Cleanup” jobs that silently rewrite retention and policies at 03:12Logs that look like “normal” deploy operations while history is being erasedOverprivileged vault rolesContributors and Owners on backup vaults who can deploy, delete, and purgeStress-driven clicks during an incident (“just shut it down!”) that wipe protectionSide-door kills: retention cut too low, protection disabled “temporarily,” backups stopped at the policy levelShadow admins and nested groupsCustom roles with hidden Backup DataActionsGroups inside groups that grant purge rights no one remembers“Reader” labels that hide the true effective permissionsYou’ll learn how to spot these paths quickly: Identities that can both deploy and purgeAutomation that can modify backup policyRole assignments that quietly span vaults, subscriptions, and management groups4. The 3-Step Azure Backup Hardening Strategy Then we lay out a practical, operator-ready hardening plan: Step 1 — Lock the Vault Enable soft delete everywhere and actually test delete → restoreConfigure Multi-User Authorization for:DeleteDisable protectionRetention reduction below your minimumApply Vault Lock after you’ve proven restore works and accepted the cost trade-offsStep 2 — Separate Identities and Duties Kill “God-Mode” rolesSplit responsibilities into:Backup Admin (configure & restore, no purge)Security Reader (see everything, change nothing)Vault Purge Admin (rarely used, PIM-gated, MUA-protected)Minimal automation identities (deploy & register only)Use PIM for just-in-time elevation and no permanent OwnersStep 3 — Isolate and Monitor Separate subscription or resource groups for backup vaultsNarrow scopes for managed identities (no subscription-wide everything)Log and alert on:BackupItemDeleteRetentionPolicyChangeRecoveryPointPurgeCorrelate with PIM activations, role assignments, and off-hours activity using Sentinel or similar Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-show-podcast--6704921/support. Follow us on: LInkedIn Substack

    22 min
  4. Why Microsoft Fabric Is Becoming the New Operating System for Enterprise Data

    -1 J

    Why Microsoft Fabric Is Becoming the New Operating System for Enterprise Data

    You don’t have a data platform. You have a staged illusion. Power BI pretending to be glue. Pipelines hiding drift. Access you can’t explain. Lineage you can’t prove. You call it analytics. It’s chaos. In this episode, we rip the mask off “modern data” and walk through what a real end-to-end platform looks like with Microsoft Fabric, OneLake, and Medallion—and why most teams quietly sabotage it by smuggling business logic into the wrong layers. By the end, you’ll know how to: Stop using Power BI as duct tapeDesign a single access path from raw → insightEnforce Bronze / Silver / Gold contracts for real (not just in slides)Use Fabric, OneLake, Purview, and workspaces to kill copy storms, shadow truth, and governance theaterStand in front of an exec and prove where a number came fromNo vibes. No “modern stack” buzzwords. Just the architecture and discipline that keep your platform from rotting. 🧨 Part 1 — The Problem You’re Pretending Isn’t There We start by naming the thing nobody wants to say out loud: Power BI is acting as glue code, not as a BI layerPipelines are masking schema drift instead of surfacing itYou have 15 places that claim to be “truth” and none are authoritativeAccess, lineage, and logic live in people’s heads and buried notebooksYou blame “slow BI.” It’s not BI. It’s entropy. We walk through: How copy storms happen: each team spins up their own warehouse, mart, or lakeWhy “just one more semantic model” creates seven conflicting truthsHow schema drift silently kills metrics at 2 a.m. while dashboards still “refresh”Why security is a split-brain mess of service principals, tokens, and made-up “access matrices”Then we drop the uncomfortable line: If you can’t name your access path and your contracts, you don’t have a platform. You have sprawl. 🧩 Part 2 — Why Fabric Exists (The Autopsy Version) This isn’t a product pitch. It’s an autopsy. We break down why Fabric exists in brutally simple terms: to attack fragmentation. You’ll hear how Fabric compresses surface area: One identity: Entra — the same identity that hits your inbox hits your lakeOne storage layer: OneLake — open Delta tables, shortcuts instead of copiesOne governance plane: Purview + workspaces — lineage, sensitivity, and roles in one placeOne monitoring view: capacities, pipelines, warehouses, notebooks, and reports on a single heartbeatWe connect this to the real cost you’re already paying: Cognitive load: every engineer keeping a mental map of “which thing runs where”Delay-as-a-habit: nobody wants to touch the mess, so fixes lagShadow truth: users stop trusting dashboards, export to Excel, and build their own numbersFabric is not “more.” It’s less: fewer places to lie, fewer tools to misconfigure, fewer excuses. 🥇 Part 3 — What Fabric Actually Is: The One Platform Moment We walk through what Fabric actually gives you when you stop treating it as another logo: OneLake as the single organizational lake, backed by Delta/ParquetExperiences on top of that same storage:Data Factory for ingest & orchestrationData Engineering for Spark & lakehousesData Science, Warehouse, Real-Time Analytics, Power BI, Data ActivatorAll sharing the same:Identity (Entra)Security boundary (workspaces)Governance (Purview)Monitoring & capacityKey ideas we break down: Tables, not pipelines, are the real contractShortcuts instead of copies to connect external stores without duplicationHow Direct Lake changes Power BI:Semantic models read Delta in OneLake directlyNo import bloat, no DirectQuery latency taxFreshness and performance without copy stormsYou’ll hear how Fabric takes Medallion from slideware to actual structure you can point at. 🪙 Part 4 — Medallion for Grown-Ups: Bronze, Silver, Gold as Contracts We reframe Medallion from “nice diagram” into enforceable contracts: Bronze — Evidence Immutable, append-only, source-granularNo business rules. No deduping. No joins.You keep schema drift and bad data visible.In Fabric: Lakehouse Files (Bronze folders, Delta logs, arrival metadata)Silver — Truth Validated schema, types, deduplication, conformanceLate-arriving logic, SCDs, and reference joins properly encodedTests for row counts, uniqueness, referential integrity, driftIn Fabric: Lakehouse Tables (Delta), notebooks/Dataflows Gen2, idempotent transformsGold — Meaning Consumption-specific dimensional models and measuresClean star schemas, conformed dimensions, fact tables at stable grainBusiness logic in DAX measures, not buried upstreamIn Fabric: Gold Delta tables surfaced as Direct Lake semantic modelsWe hammer one rule home: Bronze answers what happened. Silver answers what is true. Gold answers what it means. Mix them, and you lose the plot. 🧱 Part 5 — Multi-Workspace Architecture (The Nordwand Approach) We introduce the Nordwand approach: multiple workspaces with boring, consistent names and sharp boundaries: Platform workspaces (Dev/Test/Prod):Core LakehouseCore WarehouseShared dimensionsMedallion pipelinesMonitoring artifactsDomain workspaces (Finance, Sales, Ops, HR, Supply Chain):Dev/Test/Prod per domainShortcuts into Platform SilverDomain-specific Gold models onlyShared Analytics workspace:Certified semantic modelsOfficial cross-domain metricsWe show how this solves: Clear ownership (Platform owns Silver, domains own Gold)Reuse instead of copying (Shortcuts vs. shadow tables)Certified truth (one place for “official” metrics)Controlled promotion (Dev → Test → Prod via deployment pipelines and Git)The result: fixed anchors, clear lanes, and less room for quiet corruption. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-show-podcast--6704921/support. Follow us on: LInkedIn Substack

    43 min
  5. MCP & Semantic Kernel: Building AI Agents That Take Action, Not Just Chat

    -2 J

    MCP & Semantic Kernel: Building AI Agents That Take Action, Not Just Chat

    Ah! You’re wasting AI on small talk. Pure power trapped in chit-chat. In this episode, we break open the containment field and show you how to turn AI from a polite conversationalist into a fully-acting IT Operations agent—one that plans, executes, verifies, and stays inside governance at all times. You’ll learn exactly how modern enterprise teams are using Semantic Kernel, MCP, and Azure OpenAI tool-calling with Managed Identity to auto-remediate incidents, reduce MTTR, eliminate hundreds of service desk tickets, and create predictable, auditable workflows. This isn’t theory—it’s the blueprint. 🎯 Episode Focus — From Answering to Acting Traditional chatbots whisper advice. Acting agents do the work. We explore the shift from static Q&A loops to a closed-loop cycle: Intention → Plan → Tool Use → Result → Self-Check → Next Step Learn why this pattern unlocks automation in Microsoft environments without sacrificing safety, compliance, or observability. Micro-Story: A real SRE team wired an agent to monitor high CPU alerts, correlate with deployments, drain faulty nodes, roll back the slot, and post an incident summary—all before the human even rolled out of bed. Not magic. Orchestration. 🔌 Why Microsoft Shops Win Big: MCP + SK + Managed Identity Three components snap together and give you enterprise-grade capability: 🔧 MCP (Model Context Protocol): The WiringTools describe themselves with standards and schemasMicrosoft Graph, Intune, Service Health, internal APIs become discoverableNo brittle plugins or secret adaptersAdd new capabilities without redeploying anythingMCP makes your tools visible. 🧠 Semantic Kernel: The Orchestration LayerTurns MCP tools into callable kernel functionsHandles planning: sequential, parallel, or graph-shaped tasksAuto-builds JSON schemas models expectRemoves the need for hand-crafted payloadsSK shapes the plan and the calls. 🔐 Azure OpenAI + Managed Identity: The Containment FieldModel decides what, identity decides what’s allowedTokens are never exposedEach action is access-controlled at the tool boundaryHigh-risk actions require approval tokensIdentity contains the blast radius. 🧬 The Six-Part Agent Molecule: Build Stable, Reliable Agents A high-functioning IT Ops agent is built from a six-part molecule:Persona — SRE temperament encoded (cautious, concise, safety-first).Memory — Short-term context + durable environmental facts.Planner — Decomposes tasks into safe, verifiable steps.Tools — MCP-exposed actuators and sensors.Policy — Identity controls, approvals, guardrails.Verifier — Post-action checks: metrics, probes, risk state.Miss one of these parts and your agent becomes unpredictable. ⚙ Blueprint 1 — SK Planner + Graph via MCP (IT Ops) We walk through a concrete pattern for post-deployment error spikes: Goal: Recover from elevated 5xx while minimizing blast radius. Tools (via MCP):AppInsightsQueryGraphServiceHealthGraphChangeLogDrainSubsetByBuildRollbackSlotPostIncidentNotePlan:Assess: Query metrics, deployments, health advisories (parallel).Decide: Pick the narrowest safe fix—e.g., drain a bad build subset.Act: Perform drainage or rollback with identity-scoped tools.Verify: Require P95 + 5xx improvement before declaring success.Report: Summaries, graphs, dashboards, change IDs.Key win: Narrow-first fixes prevent unnecessary rollbacks. 🔧 Blueprint 2 — Azure OpenAI Tool-Calling with Managed Identity This blueprint shows how to let the model act without ever handing out credentials. Example: Password Reset AutomationAgent validates user status via GraphChecks MFA, riskState, and role assignmentsPerforms compliant reset (MI scopes enforce safety)Notifies user and closes ITSM ticketVerifies sign-in status or risk flag after resetPolicy encoded in tools ensures governance is non-negotiable. 🛠 Blueprint 3 — Closed-Loop Auto-Remediation The crown jewel: a fully contained remediation loop. Flow:Triggered by telemetry or incidentMulti-branch assessment for root-cause hintsNarrow corrective action first (drain, isolate, scale)Approval-gated high-risk actions (rollback, redeploy)Continuous verification with App InsightsAuto-reporting with evidenceClosed-loop means no guessing—an agent proves the outcome. 📈 Business Outcomes: Why This Actually Matters Beyond the tech, we break down real business impacts:40–70% reduction in MTTR for repeatable failure modes60–90% ticket deflection for onboarding and identity issues50% faster change cycles with Parallel Assess → Safe ActionLower burnout and attrition in SRE/on-call teamsAudit-ready logs for every action—no mystery behaviorRisk compression thanks to identity-scoped tools and approvalsAutomation stops being magic—it becomes measurable. 🛡 Guardrails & Responsibility: Safety as Physics We detail the guardrails that prevent chaos:Split Managed Identities (read vs. write vs. high-risk)Hard-coded schema constraints for dangerous operationsApproval tokens enforced by the tool, not the promptImmutable audit envelopes for every tool callRed-team testing for bypass attempts and prompt injectionsScope-drift monitoring on tools and identitiesPrivacy guarantees for sensitive dataFailure choreography: safe fallback → escalate → contextual summaryModel rotation behind stable tool contractsGovernance isn’t vibes—it’s encoded in the tool boundary. 🏁 Conclusion — The Agent Era Starts Now If you remember nothing else: SK orchestrates. MCP connects. Foundry governs. Managed Identity contains. Verification proves. Start with one narrow flow—like drain-then-verify for post-deploy spikes—and scale safely outward. Subscribe for next week’s episode: The Minimal Viable RAG Pipeline for Enterprise Truth: Chunking, Guardrails, Evaluations, and Cost Control. Delicious security awaits. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-show-podcast--6704921/support. Follow us on: LInkedIn Substack

    42 min
  6. RAG vs Copilot: When You Need Your Own AI — and When You Don’t

    -2 J

    RAG vs Copilot: When You Need Your Own AI — and When You Don’t

    Your tenant is humming. Your files are stacked like rusted steel. You need answers — fast. But not guesses. This episode tears into one of the most misunderstood decisions in modern enterprise AI: Should you rely on Microsoft Copilot, or build a Retrieval-Augmented Generation (RAG) pipeline that cites from your own knowledge? Most teams get this wrong. They assume Copilot “knows everything.” They assume RAG is “too hard.” They assume accuracy magically appears on its own. And then they pay for it — in rework, bad decisions, broken trust, and a service desk drowning under repeat questions. We’re here to stop that. What You’ll Learn in This Deep-Dive Episode 🚀 Copilot: Powerful, Fast… and Bounded We break down how Copilot actually works — an M365-native assistant that walks Outlook alleys, Teams threads, SharePoint sites, and OneDrive folders you already have rights to. Perfect for: Drafting emails, briefs, and meeting notesSummaries and rewrites in your voiceSurfacing documents inside your permissionsFast context on work already in your laneCopilot saves minutes per move — but we expose the moment it falls apart: when the truth you need lives outside the M365 glow. 🛑 Where Copilot Quietly Fails (and Why It’s Not Its Fault) Organizations destroy their own trust when they ask Copilot questions it was never designed to answer: Outdated PDFs on a file shareDevice baselines split across three contradictory versionsSOPs buried across wikis, Word docs, and tribal knowledgeERP/CRM fields living in systems Copilot can’t seeWhen Copilot can’t reach the right source, it doesn’t tell you it’s blind — it gives its best guess. Good tone. Bad facts. Big risk. 📚 RAG: Your AI Librarian With Receipts The RAG Breakdown (No Hype, Just Reality): Retrieval: Clean, chunk, tag, and index your docs with metadata and vector embeddingsAugmentation: Find only the most relevant chunks at query timeGeneration: Have the model answer only from those cites, with “don’t know” when blindIt’s not a model trick. It’s a discipline — an information supply chain built for accuracy. With RAG: Every answer is grounded in your sourcesCitations are mandatoryContradictions surface instead of hidingPolicies and SOPs are always up-to-date after reindexingTrust skyrockets because nothing is inventedIf Copilot is speed, RAG is truth. 🏭 Case Study: The Global Manufacturer That Turned Chaos Into Clarity We walk through a real (anonymized) transformation: Before RAG: 4,800+ policy files scattered everywhereConflicting versions, duplicated PDFs, outdated baselines12–15 repeat questions hitting the service desk dailyCopilot helping only on shallow tasksEmployees guessing because finding the right doc was too slowAfter RAG on Azure: Unified index across SharePoint + file serversEvery clause chunked, dated, tagged, ownedHybrid semantic search for precisionTeams agent returning answers with citations in secondsService desk load dropped by a thirdContradictions surfaced and fixed in days, not monthsLeadership finally trusted the documentation againNot because the model was smarter — but because the library was. 💡 Credibility Boosters: Why RAG Wins Enterprise Trust You’ll hear the key lines from real teams: “The biggest win wasn’t speed — it was accuracy.”“Users trusted the answers because citations were mandatory.”“We didn’t retrain anything. We just fixed our data.”RAG is the only approach where: Every answer is auditableEvery source is traceableEvery contradiction is fixableEvery update is immediate after reindexingIn enterprise, this isn’t optional — it’s survival. 🧭 How to Actually Choose Between Copilot and RAG We give you the simple, crystal-clear filter: Use Copilot when: ✔ You’re working inside M365 ✔ You need a draft, summary, rewrite, or quick info ✔ Governance + simplicity outweigh precision ✔ You don’t need strict citations or cross-system truth Use RAG when: ✔ Correctness beats speed ✔ Answers must cite specific clauses ✔ Knowledge lives outside M365 ✔ Policies, SOPs, or baselines shift often ✔ You depend on ERP/CRM/LOB data ✔ Repeatability matters — same question, same answer, same source Copilot is your runner. RAG is your librarian. Know which city you’re operating in. 🔥 Up Next: The RAG Blueprint Episode Subscribe now — the next episode breaks down the minimal viable RAG pipeline, costs, architecture, chunking strategy, evaluation techniques, and guardrails you must implement to avoid hallucinations and blowback. Make the call. Pick the lane. Build the truth. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-show-podcast--6704921/support. Follow us on: LInkedIn Substack

    26 min
  7. Why Your Intune Deployment Is A Security Risk

    -3 J

    Why Your Intune Deployment Is A Security Risk

    In this episode, we walk into the Intune habitat and zoom in on five subtle misconfigurations that quietly invite attackers into your Microsoft 365 ecosystem. Your deployment might look calm. Policies are assigned. Devices report in. Compliance dashboards show a reassuring shade of green. And yet: A single weak Conditional Access policyA missing baseline on just one device groupA standing admin role that never sleepsA fleet of unmanaged BYOD devices at the edgeOr reckless policy and update rings…is all it takes to turn a fleeting misstep into a costly breach. This episode breaks down what’s dangerous, why it fails, and exactly how to fix it — in the Intune admin center and via Graph/PowerShell — plus a short field audit ritual you can run every week. One small adjustment in Intune can prevent a minor oversight from becoming your next incident report. 🧨 What You’ll Learn By the end of this episode, you’ll know how to: Recognize the five most damaging Intune misconfigurations in modern cloud environmentsConnect device compliance, Conditional Access, PIM, and BYOD into one coherent Zero Trust storyUse report-only, rings, and baselines to change posture safely without breaking half your usersTurn intuitive hunches (“this feels unsafe”) into hard evidence you can show leadershipRun a practical Intune + Entra + PowerShell field audit that validates reality instead of assumptions🌍 The Threat Landscape Shaping Intune Risk We start with the environment your Intune instance actually lives in: Attackers hunt identities, not just unpatched softwarePassword spraying leads to token theft and OAuth abuseA single over-privileged app with offline_access converts one bad sign-in into broad, quiet accessMisconfigurations don’t just add risk — they multiply itYou’ll hear how: Device compliance, Conditional Access, and privileged access must work togetherA compliant device signal with weak policies is a timid bird — decorative, not protectivePrivileged roles left “always on” act like apex predators, reshaping the environment with a single mistakeUnmanaged BYOD and chaotic update rings create shadow corridors and shockwaves that attackers exploitThe takeaway: Intune is not the fortress — it’s the field instrument that measures device health and feeds identity the posture it needs to enforce Zero Trust. ⚠️ Misconfiguration #1: Weak Conditional Access — Identity Gates Left Ajar We zoom in on the first failure pattern: Conditional Access policies that exist, but don’t bite. You’ll learn: How over-broad exclusions, “trusted” executive groups, and named locations become private tunnels for attackersWhy basic/legacy authentication silently bypasses MFA and still lands tokensWhat a resilient Conditional Access design actually looks like:One policy enforcing MFA for all cloud appsA second requiring compliant devices for Exchange, SharePoint, admin portalsA third reacting to risk (medium = step-up, high = block)We walk through: Building policies in report-only modeUsing Insights and reporting to see who would break, and which flows use legacy authDesigning two break-glass accounts and nothing else exemptUsing Graph/PowerShell to export all CA policies, states, assignments, and old report-only rules that never got enforcedYou get a concrete quick win: Create a pilot CA policy in report-only that requires MFA + compliant device for Exchange/SharePoint, and a second that blocks legacy auth. After 7 days of telemetry, enforce in rings. 🛡 Misconfiguration #2: Missing or Divergent Security Baselines — Posture Drift Next, we watch posture drift creep in: Browsers quietly drop protectionsDefender rules loosen “just for a test”Unsigned code runs because of one old exception no one remembersYou’ll learn: Why security baselines are your gravity: Windows, Defender, EdgeHow building everything from scratch without baselines guarantees inconsistency and unintended gapsHow to use:Intune Security baselines for Windows/Defender/EdgeThe baseline comparison view to see where your environment driftsA structured exception model: reason, owner, expiryWe cover: Aligning compliance policies to baselines so “compliant device” actually means “meets our baseline”Resolving conflicts with Group Policy and overlapping MDM profilesReporting on per-setting success/conflict and mapping drift back to ring groups with Graph/PowerShellQuick win: Assign the Windows security baseline to a pilot ring today, clean conflicts, then tie a compliance policy + Conditional Access to those settings for your high-value apps. 👑 Misconfiguration #3: PIM Gaps and Standing Admin Access — Privileges That Never Sleep Here we meet the apex roles: Global AdminPrivileged Role AdminIntune Service AdministratorYou’ll see why always-on admin rights are a standing invitation: One stolen session = full controlOne hasty approval = tenant-wide blast radiusWe dive into: Moving from standing access to just-in-time (JIT) with Privileged Identity Management (PIM)Making admin roles eligible, not permanentRequiring:MFA on every activationJustificationApprovals for high-impact rolesShort activation windows (2–4 hours)You also learn how to: Bind PIM activations to Conditional Access so they only happen from compliant devicesDesign and monitor break-glass accounts properlyUse PIM audit history and Graph/PowerShell to report:Who activates mostWhenFor how longWhere standing access still existsQuick win: Pick one high-impact role (e.g., Intune Service Administrator), convert all active assignments to eligible, enforce MFA + justification, and add an approver. Then expand to other apex roles. 🕶 Misconfiguration #4: Unmanaged BYOD & Compliance Gaps — Shadow Creatures at the Perimeter We move to the edges of the habitat: personal devices and half-managed endpoints. You’ll see: How unmanaged BYOD silently carries valid tokens and corporate data off your estateHow old mail clients and basic auth on personal laptops undo your entire MFA storyWhy attackers love the “trusted” contractor laptop and ungoverned mobile accessWe walk through a balanced model: Corporate devices → full Intune enrollment + compliance + Conditional Access (require compliant device)Personal devices → app protection (MAM) with approved apps (Outlook, Teams, OneDrive) + Conditional Access (require approved client app)Tenant-wide → Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-show-podcast--6704921/support. Follow us on: LInkedIn Substack

    30 min
  8. Why Your Threat Analytics Is Useless (The Report You Missed)

    -3 J

    Why Your Threat Analytics Is Useless (The Report You Missed)

    In this episode, we break open one of the most misunderstood security capabilities in Microsoft 365: Threat Analytics. Not the dashboard you scroll past. Not the report you skim. The living, breathing intelligence engine that can slash dwell time, expose hidden attack paths, and transform your SOC from reactive to relentless. Most organizations never use Threat Analytics the way it was designed. They read the headline but skip the MITRE mapping. They see recommendations but never bind them to Secure Score actions or owners. They ignore the tenant-specific exposure panel that quietly says, “This is happening here.” Today, we fix that. 🔥 What This Episode Delivers The hard truth (and the promise) We begin with a call to awareness: Threat Analytics isn’t useless — it’s unused. Attackers walk through doors we should have closed. This episode teaches a single pattern that saves you from that: read → test → act → verify. Not someday. Today. 1. What Threat Analytics really is — and what it’s not You’ll learn how Threat Analytics combines global threat intelligence, Microsoft IR experience, MITRE ATT&CK mapping, tenant-specific exposure, and actionable recommendations into one unified signal. We explore: How to extract techniques and artifactsHow to interpret the exposure panelWhy recommendations are not “ideas,” but enforceable controlsHow Threat Analytics links incidents and Secure Score into one defensive narrativeThis section gives listeners a blueprint for understanding the full value of the feature, not just what appears at the top of the page. 2. The three oversights that make security teams blind We uncover the three habits that turn Threat Analytics into a passive newsletter: Skipping MITRE techniques and exposure dataTreating recommendations as optionalIgnoring device and account evidenceYou’ll learn why these oversights add days to dwell time and how to flip them into strengths with simple structural fixes. 3. The One-Hour Method — turn any report into action This is the heart of the episode: a 60-minute workflow your team can run every week. You’ll learn how to: Select the right reportExtract techniques, TTPs, and artifactsBuild targeted hunting queries in DefenderCorrelate findings to incidentsAssign Secure Score controls with owners and SLAsVerify protections, rerun queries, and document outcomesThis method reduces time-to-detect and closes attack paths with ruthless consistency. 4. Two real detection gaps — and how to close them We walk through two live threat paths that regularly bypass unstructured SOCs: Phishing → OAuth consent abuse → token replayLiving-off-the-land persistence through script interpreters and abused binariesYou’ll hear exactly how to hunt them, which events reveal them, which policies block them, and how Threat Analytics guides the remediation. 5. Measurement and governance that actually prove value Security programs fail without metrics. We show you how to measure what matters: Time-to-detect (TTD)Named attack paths closed by techniqueSecure Score controls enacted from real reportsExposure changes across your tenantYou’ll walk away knowing how to build dashboards that make improvement visible — daily, weekly, monthly. ✨ Why This Episode Is a Must-Listen If you defend Microsoft 365, this episode teaches you how to: Turn global intelligence into tenant-specific actionShorten dwell time using repeatable workflowsImprove Secure Score based on real threatsCommunicate risk and progress to leadershipClose attack paths with evidence, not hopeIt’s practical. It’s repeatable. And it’s framed in a narrative style that makes the lessons unforgettable. 🎧 Listen Now If you’re responsible for M365 security, SOC operations, DFIR, governance, or cloud architecture, this is one of the most actionable episodes you’ll hear all year. Read with intent. Test with precision. Act with ownership. Verify with evidence. This is the covenant in the cloud. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-show-podcast--6704921/support. Follow us on: LInkedIn Substack

    29 min
Tout afficher (387)

À propos

Welcome to the M365 Show — your essential podcast for everything Microsoft 365, Azure, and beyond. Join us as we explore the latest developments across Power BI, Power Platform, Microsoft Teams, Viva, Fabric, Purview, Security, and the entire Microsoft ecosystem. Each episode delivers expert insights, real-world use cases, best practices, and interviews with industry leaders to help you stay ahead in the fast-moving world of cloud, collaboration, and data innovation. Whether you're an IT professional, business leader, developer, or data enthusiast, the M365 Show brings the knowledge, trends, and strategies you need to thrive in the modern digital workplace. Tune in, level up, and make the most of everything Microsoft has to offer. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-show-podcast--6704921/support.

Informations

  • Création
    Mirko Peters
  • Années d’activité
    2 k
  • Épisodes
    387
  • Classification
    Tous publics
  • Copyright
    © Copyright Mirko Peters / m365.Show
  • Site web de l’émission
    M365 Show Podcast

Vous aimeriez peut‑être aussi