M365.FM - Modern work, security, and productivity with Microsoft 365

Mirko Peters (Microsoft 365 consultant and trainer)
  • 5,0 (3)
  • ACTUALITÉS TECHNOLOGIQUES
  • TOUS LES JOURS

Welcome to the M365.FM — your essential podcast for everything Microsoft 365, Azure, and beyond. Join us as we explore the latest developments across Power BI, Power Platform, Microsoft Teams, Viva, Fabric, Purview, Security, and the entire Microsoft ecosystem. Each episode delivers expert insights, real-world use cases, best practices, and interviews with industry leaders to help you stay ahead in the fast-moving world of cloud, collaboration, and data innovation. Whether you're an IT professional, business leader, developer, or data enthusiast, the M365.FM brings the knowledge, trends, and strategies you need to thrive in the modern digital workplace. Tune in, level up, and make the most of everything Microsoft has to offer. M365.FM is part of the M365-Show Network. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.

  1. The Sovereign Tenant: A 7-Step Mandate for Microsoft 365 Excellence

    -22 H

    The Sovereign Tenant: A 7-Step Mandate for Microsoft 365 Excellence

    Most organizations treat their Microsoft 365 tenant as a configuration container. It is not. Your tenant is either: A sovereign operating system for the enterprise, orA vulnerability waiting to scale.The difference is architectural intent. This episode introduces a deterministic 7-layer framework that separates organizations that run Microsoft 365 from those that are run by it. This is not best practice guidance. This is a sovereignty mandate. The Core Problem: The Post-SaaS Paradox SaaS promised simplicity. Instead, it delivered: Feature sprawlInvisible configuration driftAI scaling legacy design flawsCross-tenant entropyStanding privilege creepAI agents now execute your design mistakes at machine speed. Every forgotten exception becomes amplified. The average M365 breach now exceeds $4.88M, and misconfiguration is the leading vector. This isn’t a tooling problem. It’s an architecture problem. The 7-Layer Sovereignty Framework 1️⃣ Identity as a Distributed Decision Engine Microsoft Entra ID is not a directory. It is your decision engine. Mandate: 100% Privileged Identity Management (PIM) for elevated rolesZero standing Global AdminConditional Access as architecture, not featureJust-in-time access onlyIf identity isn’t deterministic, nothing else can be. 2️⃣ Tenant Isolation & Boundary Enforcement Boundaries are not restrictions. They are architecture. Mandate: Universal Tenant Restrictions via Global Secure AccessExplicit allow lists for cross-tenant flowsEliminate wildcard trustDLP policies for sensitive dataImplicit trust is architectural negligence. 3️⃣ Configuration as Code (Eliminate Drift) Quarterly audits are governance theater. Real sovereignty requires: Microsoft 365 Desired State Configuration (DSC)Version-controlled baselineDrift detection 5 minutesAuto-remediation 10 minutes100% approved changesIf drift exists, sovereignty does not. 4️⃣ Tenant Classification & Lifecycle Governance Shadow tenants are the new shadow IT. Mandate: Classify every tenant: Production / Productivity / Auxiliary / EphemeralEphemeral tenants auto-expireQuarterly review of auxiliary tenantsRestrict Teams/Group creation by policySprawl must become architecturally difficult. 5️⃣ Agent Identity & Agentic Governance Agents are not apps. They are autonomous principals. Mandate: Central Agent Registry (Agent 365 model)Unique Entra Agent ID for each agentHuman sponsor for every agentScoped least privilegeFull action loggingShadow AI is the next breach vector. Govern it now. 6️⃣ Deterministic Operations (Zero-Fault O&M) Heroic incident response is architectural failure. Mandate: MTTR 10 minutes80%+ faults resolved without escalationContinuous health checksFault library + automated remediation playbooksQuarterly failover testingOperations must become predictable. 7️⃣ Continuous Sovereignty Assessment Sovereignty is not achieved. It is measured. Implement a Sovereignty Scorecard covering: Identity governanceBoundary enforcementConfiguration determinismLifecycle governanceAgent governanceOperational excellenceQuarterly executive review required. If it isn’t measured, it will decay. The 630-Day Implementation RoadmapPhaseFocusTimeline1Identity Foundation0–90 days2Boundary Enforcement90–180 days3Configuration Determinism180–270 days4Lifecycle Governance270–360 days5Agent Governance360–450 days6Deterministic Operations450–540 days7Continuous Assessment540–630 days This sequence matters. Skip the order, and entropy wins. Two Failure Scenarios Covered 🔎 Scenario 1: Cross-Tenant Chaos 200 Power Platform flows165 undocumentedIsolation enforcement breaks production overnightFix: Explicit allow lists + tenant isolation + DLP Result: 85% risk reduction in 90 days. 🔎 Scenario 2: Configuration Drift 15 “temporary” Global AdminsDisabled Conditional Access policiesPermanent DLP exceptionsFix: M365 DSC baseline + automated reconciliation Result: Deterministic governance restored in 90 days. The Metrics That Actually Matter Sovereignty is measurable. You are sovereign if: 100% privileged roles under PIM100% cross-tenant flows explicitly allowedDrift detection 5 minutes100% agents registered0 shadow tenants80% faults resolved automaticallyIf you cannot answer these questions instantly, you do not have sovereignty. The Final Mandate This is not tactical. This is architectural. Microsoft does not guarantee tenant sovereignty. It guarantees platform resilience. You own sovereignty. Your tenant is either: A deterministic system built by intent orA collection of workarounds waiting to scale failureThe platform will not decide this. You will. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. If this clashes with how you’ve seen it play out, I’m always curious. I use LinkedIn for the back-and-forth.

    1 h 24 min
  2. Stop Building Reports, Start Architecting Decisions

    -1 J

    Stop Building Reports, Start Architecting Decisions

    Every organization eventually hears the same request: “Put all our KPIs on one page.” It sounds reasonable. Executives want clarity. They want speed. They want to know what’s working and what’s failing without sitting through interpretive theater in a quarterly review. But that request is a mistranslation. They aren’t asking for a prettier dashboard. They’re asking for a deterministic decision surface — a system where:Definitions don’t driftOwnership is explicitEscalation is automaticAction doesn’t wait for another meetingGovernance survives auditsVisibility won’t fix decision latency. Decision architecture will. Why KPI Dashboards Keep Failing When executives ask for “all KPIs on one page,” they’re not impatient. They’re responding to enterprise entropy:Conflicting metric definitionsRevenue calculated three different waysSLA severity negotiated after the factExcel reconciliations hidden from leadershipPower BI overview pages that look clean but don’t trigger actionMore KPIs become a coping mechanism. More tiles. More gradients. More conditional formatting. But decoration doesn’t reduce disagreement. A KPI that requires interpretation isn’t a KPI. It’s a conversation starter. And conversation starters create decision latency — the hidden tax that drives missed targets, delayed escalations, reactive cost cutting, and preventable incident breaches. Executives don’t want “one page.” They want a control plane. KPI vs Metric: The Foundational Misunderstanding A metric describes what happened. A KPI encodes what must happen next. If a KPI turns red and nothing happens until the next meeting, it isn’t a KPI. It’s a mood indicator. Real KPIs are decision rules: When this condition is true, this role is obligated to execute this action within this time window. That’s determinism. Without obligation, dashboards are wallpaper charts. The Five Non-Negotiables of a Real KPI System Before you’re allowed to call something a KPI, it must include:Trigger Definition Explicit threshold + duration + context scopeOwnership Lock One accountable role — not a departmentPre-Committed Action The response is defined in advanceTime Constraint Execution window tied to risk, not meeting cadenceFeedback Loop Intervention efficacy is measured and recordedWithout these five elements, you don’t have governance. You have formatting. The Decision Stack (Microsoft Architecture Edition) Instead of building dashboards, build a decision stack: Data → Logic → State → Action → Interface 1. Data Convergence (Microsoft Fabric / OneLake)Single logical boundary for decision-grade inputsCertified datasets with refresh contractsLineage defensibility2. Logic (Power BI Semantic Model)One definition of revenueOne definition of forecast varianceOne definition of SLA clockVersioned, governed measures3. State (Dataverse Decision Ledger)Trigger instances recordedOwner assignments loggedAction status trackedExceptions timestampedOutcome measuredDashboards forget. Ledgers don’t. 4. Action (Power Automate Enforcement)Escalations tied to rules, not humans noticingAutomatic routingGuardrails instead of “let’s discuss”Approval only where risk demands itAutomation becomes enforcement — not convenience. 5. Interface (Copilot Studio as Control Plane) Not report search. Decision posture. Leaders don’t ask: “What is revenue?” They ask: “Are we inside tolerance, and what is already in motion?” AI belongs in:ExplanationSummarizationOption generationAI is banned from:Overriding triggersFreezing spendChanging severityClosing actionsDeterministic core. Probabilistic edge. That’s how governance survives AI. Scenario 1: Revenue Forecast Variance (Finance) Classic failure loop: Variance report → Meeting debate → Delayed response → Repeat next month. Redesign:Leading indicator triggers (pipeline velocity, deal aging, conversion decay)Owner = VP RevOps (not “the business”)Pre-committed guardrails and acceleration playbooks24–48 hour response windowsIntervention efficacy measuredForecast stops being a story. It becomes a managed system. Scenario 2: IT Incident SLA Compliance Most SLA dashboards report failure after it happens. Redesign:Deterministic severity classificationBreach-risk triggers (before breach)Tiered automatic escalationsPre-staged remediation playbooksLedger-based audit evidenceYou stop reporting breaches. You engineer breach prevention. The Core Principle Executives speak in interface requests. They want decision guarantees. The “one-page KPI” ask is not a design brief. It’s an architectural indictment. Monday Morning Operating Principles Start with two decision surfaces. Attach obligations. Enforce semantic centralization. Record state. Automate the response. Measure decision latency. Because the real KPI in most companies isn’t revenue. It’s how long it takes to act once revenue drifts. Subscribe If you defend decisions in:Board prepAudit meetingsIncident reviewsExecutive steering committeesYou already know the dirty secret: “We had a dashboard” is not a control. It’s a screenshot. Subscribe for mental models and architectural patterns that survive reality:GovernanceOwnershipEnforcementMicrosoft Fabric architecturePower BI semantic designCopilot Studio guardrailsDecision automationNot feature tours. Not button-click tutorials. Decision systems. Connect If this episode made you rethink how your organization “runs” on dashboards: Leave a review. And connect with me on LinkedIn — Mirko Peters. Send me your worst “one-page KPI” request. Tell me which decision surface you want dissected next. I’ll pull it apart. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. If this clashes with how you’ve seen it play out, I’m always curious. I use LinkedIn for the back-and-forth.

    1 h 13 min
  3. Sovereignty is Not a Product: The Architecture of Control

    -2 J

    Sovereignty is Not a Product: The Architecture of Control

    Most organizations treat “sovereign cloud” like something you can buy. Pick a region. Print the compliance packet. Call it done. That’s the comfortable lie. In this episode, we dismantle the myth that sovereignty is a SKU, a geography, or a contract clause. Sovereignty is not residency. It’s not a marketing label. It’s not “EU-only” storage. Sovereignty is enforceable authority over:IdentityKeysDataThe control plane that can change all threeAnd if you don’t control those layers — you’re renting, not governing. 🔥 What We Break Down in This Episode This conversation moves past slogans and into architecture. We explore: 1️⃣ The Comfortable Lie: “Sovereign Cloud” as a Product Why residency, sovereignty, and independence are three completely different problems — and why confusing them leads to a probabilistic security model. 2️⃣ The Sovereignty Stack: Five Verifiable Layers We define sovereignty as something you can test, audit, and assign ownership to:JurisdictionIdentity authorityControl plane authorityData plane placementCryptographic custodyIf you can’t verify a layer, you don’t control it. 3️⃣ EU Data Boundary vs. Authority The EU Data Boundary improves residency. It does not transfer decision authority. Geography answers where. Sovereignty answers who. 4️⃣ The CLOUD Act Reality Check Jurisdiction eats geography. If a provider can be compelled, sovereignty depends on one question: Does compelled access produce plaintext — or encrypted noise? That answer lives in your key custody model. 5️⃣ Encryption Without Custody Is Theater Encryption at rest is hygiene. Customer-managed keys are better. External custody with controlled release? That’s sovereignty. Because encryption isn’t the point. Who can cause decryption is. 🧠 Identity Is the Compiler of Authority Entra isn’t just an identity provider. It’s a distributed decision engine that continuously mints tokens — portable authority. If token issuance drifts, your sovereignty drifts. We break down:Conditional Access entropyToken supply chain dependenciesRisk-based controls vs deterministic enforcementWhy policy rollback is more important than policy documentationSovereignty fails silently through identity drift. 🏗 Control Plane vs Data Plane Data lives in regions. Authority lives in the control plane. If someone can:Assign rolesChange policiesRotate keysApprove support accessThen they can redefine reality — regardless of where your data sits. Sovereignty starts with minimizing who can change the rules. 🌍 Hybrid, Arc, and Azure Local We walk through the real trade-offs:Azure Arc — powerful governance tool or sovereignty amplifier?Regional landing zones vs application landing zonesConnected Azure Local — sovereignty by extensionDisconnected Azure Local — sovereignty by isolationM365 Local — where sovereignty gains are real (and where they stop)The takeaway: locality is not control. Authority is control. 🧩 Tenant Isolation and Metadata Reality Tenant isolation is logical — not physical. Metadata, connectors, and cross-tenant patterns create permeability most organizations ignore. We explore:Power Platform tenant isolationConnector enforcement gapsGuest identity implicationsMetadata gravityWhy default-deny matters more than allowlists🛡 The Default-Deny Sovereign Reference Architecture This episode culminates in a practical blueprint: A four-plane default-deny model across:Identity authorityControl plane authorityData plane constraintsCryptographic custodyPlus one critical ingredient most programs skip: Rollback as a first-class security control. If you cannot restore identity and control-plane state to a known-good version, sovereignty is temporary. 💡 Core Message Sovereignty is not a region label. It is not a compliance PDF. It is not a vendor promise. Sovereignty is the ability to prevent:Unauthorized authorityUncontrolled decryptionPolicy driftSilent exceptionsAnd that requires architectural discipline — not procurement. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. If this clashes with how you’ve seen it play out, I’m always curious. I use LinkedIn for the back-and-forth.

    1 h 23 min
  4. Stop Building Apps, Start Engineering Control Planes

    -3 J

    Stop Building Apps, Start Engineering Control Planes

    Most organizations think more apps means more productivity. They’re wrong. More apps mean more governance surface area — more connectors, more owners, more permissions, more data pathways, and more tickets when something breaks. Governance-by-humans doesn’t scale. Control planes scale trust. This episode breaks down a single operating model shift — from building apps to engineering control planes — that consistently reduces governance-related support tickets by ~40%. This channel does control, not crafts. 1. The Foundational Misunderstanding: “An App Is the Solution” An app is not the solution. An app is a veneer over:Identity decisionsConnector pathwaysEnvironment boundariesLifecycle eventsAuthorization graphsWhat gets demoed isn’t what gets audited. Governance doesn’t live in the canvas. It lives in the control plane: identity policy, Conditional Access, connector permissions, DLP, environment strategy, inventory, and lifecycle enforcement. App-first models create probabilistic systems. Control planes create deterministic ones. If the original maker quits today and the system can’t be safely maintained or retired, you didn’t build a solution — you built a hostage situation. 2. App Sprawl Autopsy App sprawl isn’t aesthetic. It’s measurable. Symptoms:3,000+ apps no one can explainOrphaned ownershipDefault environment gravityConnector creepGovernance tickets as leading indicatorsThe root cause: governance that depends on human review. Approval boards don’t enforce policy. They manufacture precedent. Exceptions accumulate. Drift becomes normal. Audits require heroics. Governance becomes theater. 3. The Hidden Bill App-first estates create recurring operational debt:📩 Support friction📑 Audit evidence scavenger hunts🚨 Incident archaeology💸 License and capacity wasteThe executive translation: You can invest once in a control plane. Or you can pay ambiguity tax forever. 4. What a Control Plane Actually Is A control plane decides:What can existWho can create itWhat must be true at creation timeWhat happens when rules driftOutputs:Identity outcomesPolicy outcomesLifecycle outcomesObservability outcomesIf enforcement requires memory instead of automation, it’s not control. 5. Microsoft Already Has the Control Plane Components You’re just not using them intentionally.Entra = distributed decision engineConditional Access = policy compilerMicrosoft Graph = lifecycle orchestration busPurview DLP = boundary enforcement layerPower Platform admin features = scale controlsThe tools exist. Intent usually doesn’t. Case Study 1: Power App Explosion Problem: 3,000+ undefined apps. Solution: Governance through Graph + lifecycle at birth. Changes:Enforced ownership continuityZoned environments (green/yellow/red)Connector governance gatesAutomated retirementContinuous inventoryResults:41% reduction in governance-related tickets60% faster audit evidence production28% reduction in unused assetsSystem behavior changed. Case Study 2: Azure Policy Chaos Problem: RBAC drift, orphaned service principals, inconsistent tagging. Solution: Identity-first guardrails + blueprinted provisioning. Changes:Workload identity standardsExpiring privileged rolesSubscription creation templatesDrift as telemetryEnforced tagging at birthResults:35% drop in misconfigurations22% reduced cloud spendZero major audit findingsGovern the principals. Not the resources. Case Study 3: Copilot & Shadow AI Blocking AI creates shadow AI. So they built an agent control plane:Prompt-level DLPLabel-aware exclusionsAgent identity governanceTool-scoped permissionsLifecycle + quarantineMonitoring for drift & defectsResults:Full rollout in 90 daysZero confirmed sensitive data leakage events2.3× forecasted adoptionNot “safe AI.” Governable AI. Executive Objection: “Governance Slows Innovation” Manual review slows innovation. Control planes accelerate it. App-first scaling looks fast early. Then ambiguity compounds. Tickets rise. Trust erodes. Innovation slows anyway. Control planes remove human bottlenecks from the hot path. The Operating Model Self-service with enforced guardrails:Zoning (green/yellow/red)Hub-and-spoke or federated on purposeEngineered exception workflowsStandardized templatesIncentives for reuse and deprecationAnd one executive truth serum: 🎯 Governance-related support ticket volume. If that number drops ~40%, your control plane is real. If it doesn’t, you’re performing governance. Failure Modes Control planes rot when:Automation is over-privilegedPolicies pile without refactoringLabels are fantasyOrphaned identities persistTelemetry doesn’t existGovernance must be enforceable, observable, and lifecycle-driven. Otherwise it’s theater. Conclusion Stop scaling apps. Scale a programmable control plane. If this episode helped reframe your tenant, leave a review so more operators find it. Connect with Mirko Peters on LinkedIn for deeper control plane patterns. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. If this clashes with how you’ve seen it play out, I’m always curious. I use LinkedIn for the back-and-forth.

    1 h 32 min
  5. The Context Advantage: Architecting the High-Performance Autonomous Enterprise

    -4 J

    The Context Advantage: Architecting the High-Performance Autonomous Enterprise

    Most organizations think their AI rollout failed because the model wasn’t smart enough, or because users “don’t know how to prompt.” That’s the comforting story. It’s also wrong. In enterprises, AI fails because context is fragmented: identity doesn’t line up with permissions, work artifacts don’t line up with decisions, and nobody can explain what the system is allowed to treat as evidence. This episode maps context as architecture: memory, state, learning, and control. Once you see that substrate, Copilot stops looking random and starts behaving exactly like the environment you built for it. 1) The Foundational Misunderstanding: Copilot isn’t the system The foundational mistake is treating Microsoft 365 Copilot as the system. It isn’t. Copilot is an interaction surface. The real system is your tenant: identity, permissions, document sprawl, metadata discipline, lifecycle policies, and unmanaged connectors. Copilot doesn’t create order. It consumes whatever order you already have. If your tenant runs on entropy, Copilot operationalizes entropy at conversational speed. Leaders experience this as “randomness.” The assistant sounds plausible—sometimes accurate, sometimes irrelevant, occasionally risky. Then the debate starts: is the model ready? Do we need better prompts? Meanwhile, the substrate stays untouched. Generative AI is probabilistic. It generates best-fit responses from whatever context it sees. If retrieval returns conflicting documents, stale procedures, or partial permissions, the model blends. It fills gaps. That’s not a bug. That’s how it works. So when executives say, “It feels like it makes things up,” they’re observing the collision between deterministic intent and probabilistic generation. Copilot cannot be more reliable than the context boundary it operates inside. Which means the real strategy question is not: “How do we prompt better?” It’s: “What substrate have we built for it to reason over?” What counts as memory? What counts as state? What counts as evidence? What happens when those are missing? Because when Copilot becomes the default interface for work—documents, meetings, analytics—the tenant becomes a context compiler. And if you don’t design that compiler, you still get one. You just get it by accident. 2) “Context” Defined Like an Architect Would Context is not “all the data.” It’s the minimal set of signals required to make a decision correctly, under the organization’s rules, at a specific moment in time. That forces discipline. Context is engineered from: Identity (who is asking, under what conditions)Permissions (what they can legitimately see)Relationships (who worked on what, and how recently)State (what is happening now)Evidence (authoritative sources, with lineage)Freshness (what is still true today)Data is raw material. Context is governed material. If you feed raw, permission-chaotic data into AI and call it context, you’ll get polished outputs that fail audit. Two boundaries matter: Context window: what the model technically seesRelevance window: what the organization authorizes as decision-grade evidenceBigger context ≠ better context. Bigger context often means diluted signal and increased hallucination risk. Measure context quality like infrastructure: AuthoritySpecificityTimelinessPermission correctnessConsistencyIf two sources disagree and you haven’t defined precedence, the model will average them into something that never existed. That’s not intelligence. That’s compromise rendered fluently. 3) Why Agents Fail First: Non-determinism meets enterprise entropy Agents fail before chat does. Why? Because chat can be wrong and ignored. Agents can be wrong and create consequences. Agents choose tools, update records, send emails, provision access. That means ambiguity becomes motion. Typical failure modes: Wrong tool choice. The tenant never defined which system owns which outcome. The agent pattern-matches and moves. Wrong scope. “Clean up stale vendors” without a definition of stale becomes overreach at scale. Wrong escalation. No explicit ownership model? The agent escalates socially, not structurally. Hallucinated authority. Blended documents masquerade as binding procedure. Agents don’t break because they’re immature. They break because enterprise context is underspecified. Autonomy requires evidence standards, scope boundaries, stopping conditions, and escalation rules. Without that, it’s motion without intent. 4) Graph as Organizational Memory, Not Plumbing 4 Microsoft Graph is not just APIs. It’s organizational memory. Storage holds files. Memory holds meaning. Graph encodes relationships: Who metWho editedWhich artifacts clustered around decisionsWhich people co-author repeatedlyWhich documents drove escalationCopilot consumes relational intelligence. But Graph only reflects what the organization leaves behind. If containers are incoherent, memory retrieval becomes probabilistic. If containers are engineered with ownership and authority, retrieval becomes repeatable. Agents need memory to understand context. But memory without trust is dangerous. Which brings us to permissions. 5) Permissions Are the Context Compiler Permissions don’t just control access. They shape intelligence. Copilot doesn’t negotiate permissions. It inherits them. Over-permissioning creates AI-powered oversharing. Under-permissioning creates AI mediocrity. Permission drift accumulates through: Broken SharePoint inheritance“Temporary” broad accessGuest sprawlSharing links replacing group governanceOrphaned containersWhen Copilot arrives, it becomes a natural language interface to permission debt. Less eligible context often produces better answers. Least privilege is not ideology. It’s autonomy hygiene. Because agents don’t just read. They act. 6) Prompt Engineering vs Grounding Architecture Prompting steers conversation. Grounding constrains decisions. Prompts operate at the interaction layer. Grounding architecture operates at the substrate layer. Substrate wins. Grounding primitives include: Authoritative sourcesScoped retrievalFreshness constraintsPermission correctnessProvenanceCitations-or-silenceIf the system can’t show evidence, it must escalate. Web grounding expands the boundary beyond your tenant. Treat it like public search. Prompts don’t control what the system is allowed to know. Permissions and grounding do. 7) Relevance Windows: The Discipline Nobody Budgets For Relevance windows define eligible evidence per workflow step. Not everything retrievable is admissible. Components: Authority hierarchyFreshness rulesVersion precedenceScope limitsExplicit exclusionsMore context increases contradictions. Tighter windows increase dependability. If a workflow cannot state: “Only these sources count.” It isn’t ready for agents. 8) Dataverse as Operational Memory 4 Microsoft Dataverse is operational memory. State answers: Who owns this right now?What step are we in?What approval exists?What exception was granted?Without state, agents loop. With explicit state machines: OwnershipStatus transitionsSLAsApproval gatesException trackingAgents stop guessing. They check. Operational memory reduces hallucinations without touching the model.  Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. If this clashes with how you’ve seen it play out, I’m always curious. I use LinkedIn for the back-and-forth.

    1 h 22 min
  6. The Hybrid Mandate: Orchestrating Python Inside the Power Platform

    -6 J

    The Hybrid Mandate: Orchestrating Python Inside the Power Platform

    Most organizations misunderstand Power Platform. They treat it like a productivity toy. Drag boxes. Automate an email. Call it transformation. It works at ten runs per day. It collapses at ten thousand. Not because the platform failed. Because complexity was never priced. So here’s the mandate:Power Platform = Orchestration tierPython = Execution tierAzure = Governance tierSeparate coordination from computation. Wrap it in identity, network containment, logging, and policy. If you don’t enforce boundaries, entropy does. And entropy always scales faster than success. Body 1 — The Foundational Misunderstanding Power Platform Is a Control Plane (~700 words) The first mistake is calling Power Platform “a tool.” Excel is a tool. Word is a tool. Power Platform is not. It is a control plane. It coordinates identity, connectors, environments, approvals, and data movement across your tenant. It doesn’t just automate work — it defines how work is allowed to happen. That distinction changes everything. When you treat a control plane like a toy, you stop designing it. And when you stop designing it, the system designs itself. And it designs itself around exceptions. “Just one connector.” “Just one bypass.” “Just store the credential for now.” “Just add a condition.” None of these feel large. All of them accumulate. Eventually you’re not operating a deterministic architecture. You’re operating a probabilistic one. The flow works — until:The owner leavesA token expiresA connector changes its payloadLicensing shiftsThrottling kicks inA maker copies a flow and creates a parallel universeIt still “runs.” But it’s no longer governable. Then Python enters the conversation. The naive question is: “Can Power Automate call Python?” Of course it can. The real question is: Where does compute belong? Because Python is not “just code.” It’s a runtime. Dependencies. Network paths. Secret handling. Patching. If you bolt that onto the control plane without boundaries, you don’t get hybrid architecture. You get shadow runtime. That’s how governance disappears — not through malice, but through convenience. So reframing is required: Power Platform orchestrates. Python executes. Azure governs. Treat Power Platform like a control plane, and you start asking architectural questions:Which principal is calling what?Where do secrets live?What is the network path?Where are logs correlated?What happens at 10× scale?Most teams don’t ask those because the first flow works. Then you have 500 flows. Then audit shows up. That’s the governance ceiling. Body 2 — The Low-Code Ceiling When Flows Become Pipelines (~700 words) The pattern always looks the same. Flow #1: notify someone. Flow #2: move data. Flow #3: transform a spreadsheet. Then trust increases. And trust becomes load. Suddenly your “workflow” is:Parsing CSVNormalizing columnsDeduplicating dataJoining sourcesHandling bulk retriesBuilding error reportsInside a designer built to coordinate steps — not compute. Symptoms appear:Nested loops inside nested loopsScopes inside scopesTry/catch glued togetherRun histories with 600 actionsRetry stormsThrottling workaroundsIt works. But you’ve turned orchestration into accidental ETL. This is where people say: “Maybe we should call Python.” The instinct is right. But the boundary matters. If Python is:A file watcherA laptop scriptA shared service accountA public HTTP triggerA hidden token in a variableYou haven’t added architecture. You’ve added entropy. The right split is simple:Flow decides that work happensPython performs deterministic computationAzure enforces identity and containmentWhen orchestration stays orchestration, flows become readable again. When execution moves out, retries become intentional. When governance is explicit, scale stops being luck. The low-code ceiling isn’t about capability. It’s about responsibility. Body 3 — Define the Three-Tier Model (~700 words) This isn’t a diagram. It’s an ownership contract. Tier 1 — Orchestration (Power Platform) Responsible for:TriggersApprovalsRoutingStatus trackingNotificationsHuman interactionNot responsible for:Heavy transformsBulk computeDependency managementRuntime patchingTier 2 — Execution (Python) Responsible for:Deterministic computeValidationDeduplicationInferenceBulk updatesSchema enforcementIdempotencyBehaves like a service, not a script. That means:Versioned contractsStructured responsesBounded payloadsExplicit failuresTier 3 — Governance (Azure) Responsible for:Workload identity (Entra ID)Managed identitiesSecretsNetwork containmentPrivate endpointsAPI policiesLogging and correlationWithout Tier 3, Tier 1 and 2 collapse under entropy. Body 4 — The Anti-Pattern Python Sidecar in the Shadows (~700 words) Every tenant has this:File watcher polling a folderPython script on a jump boxShared automation accountPublic function “temporarily exposed”Secret pasted in environment variableIt works. Until it doesn’t. Failure modes:OS patch breaks dependencyCredential expiresLaptop shuts downFirewall changesPackage update changes behaviorNobody knows who owns itThat’s not hybrid. That’s a haunted extension cord. The hybrid replacement is explicit:Authenticated workload identityPrivate endpointAPIM enforcementStructured contractCorrelated loggingIf Python is going to Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. If this clashes with how you’ve seen it play out, I’m always curious. I use LinkedIn for the back-and-forth.

    1 h 20 min
  7. How to Scale HR Operations: Transforming Copilot Studio Into a High-Performance Agent

    17 FÉVR.

    How to Scale HR Operations: Transforming Copilot Studio Into a High-Performance Agent

    Most organizations think “HR automation” means a chatbot glued to a SharePoint folder full of PDFs. They’re wrong. That setup doesn’t automate HR. It accelerates confident nonsense — without evidence, without control, and without a defensible decision trail. Meanwhile the real costs compound quietly: Screening bias you can’t explainTicket backlogs that never shrinkOnboarding that drags for weeksAudits that turn into archaeologyThis episode is about shifting from passive HR data to deterministic HR decisions. No magical thinking. No “prompt better” optimism. We’re building governed workflows — screening, triage, onboarding — using Copilot Studio as the brain, Logic Apps as the muscle, and evidence captured by default. If it can’t survive compliance, scale, and scrutiny — it doesn’t ship. Subscribe + Episode Contract If you’re scaling HR agents without turning your tenant into a policy crime scene, subscribe to M365 FM. That’s the contract here: Production-grade architecture. Repeatable patterns. Defensible design. This is not a feature tour. Not legal advice. And definitely not “prompt engineering theater.” We’ll walk three governed use cases end-to-end: • Candidate screening with bias and escalation controls • HR ticket triage with measurable deflection • Onboarding orchestration that survives retries and long-running state But first — we need to redefine what an HR agent actually is. Because it’s not a chatbot. HR Agents Aren’t Chatbots A chatbot answers questions. An HR agent makes decisions. Screen or escalate. Route or resolve. Approve or reject. Provision or pause. The moment an LLM executes decisions without controlled action-space and an evidence trail, you don’t have automation. You have conditional chaos. The lever isn’t “smarter AI.” The lever is determinism: What actions are allowedUnder which identityWith which inputsWith which guardrailsLogged howIf the system can’t prove what it did and why — it didn’t do HR work. It generated text. Target Architecture Copilot Studio = Brain Logic Apps Standard = Muscle MCP = Tool contract Dataverse = Durable memory Azure Monitor = Operational truth Entra = Identity boundary Conversation reasons. Tools enforce. State persists. Logs prove. If you collapse those layers, you lose governance. If you separate them, you get scale. Governance = Action Control Governance in agentic HR isn’t a committee. It’s action control. Action-space is everything the agent can do. Not say. Do. Every tool must have: IdentityPolicy gatesTelemetryNo identity → no ownership No policy → no constraint No telemetry → no defensibility HR doesn’t run on hope. Human-in-the-Loop = Circuit Breaker Human-in-the-loop isn’t humility. It’s a circuit breaker. Confidence drops? Policy risk triggered? Irreversible action pending? Stop. Create an approval artifact. Package evidence. Record reason code. Proceed only after decision. If the workflow keeps running, it isn’t HITL. It’s a notification. Observability If someone asks what happened, you should not investigate. You should retrieve. Audit-grade observability means: Prompt context capturedRetrieval sources loggedTool calls correlatedState transitions recordedHuman overrides documentedCorrelation IDs across Copilot, MCP, Logic Apps, and Dataverse. No reconstruction theater. Just evidence. Three Workflows, One Control Plane All workflows follow: Event → Reasoning → Orchestration → Evidence 1. Candidate Screening High-risk decision system. Structured rubric. Proxy minimization. Confidence gates. Recorded approvals. Defensible shortlist. 2. HR Ticket Triage High-volume operational system. Deterministic classification. Scoped knowledge retrieval. Tier 1 auto-resolution. Escalation with context package. Measurable deflection. 3. Intelligent Onboarding Long-running orchestration system. Offer accepted event. Durable state in Dataverse. Provisioning via managed identity. Idempotent workflows. Milestone tracking to Day-30. No double provisioning. No silent failure. No ritual automation. Reliability Reality Agentic HR fails because distributed systems fail. So you design for: Idempotency — safe retries Dead-letter paths — visible failure State ownership — not chat memory Versioned rubrics — controlled change Kill switch — fast disable Reliability isn’t uptime. It’s controlled repetition. ROI That Actually Matters Scale doesn’t come from smarter AI. Scale comes from fewer exceptions. Measure what matters: Ticket triage: Deflection rateAuto-resolve percentReopen rateHuman touches per caseOnboarding: Day-one ready rateProvisioning retry countMilestone completion timeScreening: Review time per candidateBorderline rateOverride frequencyConsistency across rubric versionsIf you can’t measure it, you didn’t scale it. Implementation Order Start with Ticket TriageAdd Onboarding OrchestrationDeploy Candidate Screening lastBuild control plane first. High-risk automation last. Dev → Test → Prod with policy parity. Per-tool managed identities. Scoped permissions. Minimal PII in prompts. Structured evidence in Dataverse. Final Message Most companies try to scale HR with smarter prompts. The ones that succeed scale it with safer systems. Fewer exceptions. Fewer hidden permissions. Fewer invisible overrides. Scale is not smarter AI. Scale is controlled action-space. If you want architectures that survive production — not demos — subscribe to M365 FM. And if your HR agent failed in a spectacular way, connect with Mirko Peters on LinkedIn and send it. We’ll dissect it. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. If this clashes with how you’ve seen it play out, I’m always curious. I use LinkedIn for the back-and-forth.

    1 h 7 min
  8. How to Architect Scalable SharePoint Automation: The Modern Blueprint for Enterprise Workflows

    16 FÉVR.

    How to Architect Scalable SharePoint Automation: The Modern Blueprint for Enterprise Workflows

    Most organizations assume SharePoint automation scales because it’s “in the platform.” They are wrong. The UI makes it feel small—one library, one button, one approval—but the moment you automate, you’ve built an enterprise control plane that executes decisions, changes permissions, and moves data across compliance boundaries. In this episode, we expose what actually happens at scale: how Quick Steps, workflows, and agents behave under real enterprise pressure, and how identity, labels, DLP, and observability either enforce intent—or let entropy win. Stop thinking features. Start thinking systems. 1️⃣ The Foundational Misunderstanding: SharePoint Is a Workflow Surface, Not a Repository The biggest architectural mistake? Treating SharePoint like file storage. SharePoint isn’t just a repository. It’s a workflow surface — content + metadata + permissions + policy, sitting in front of a distributed execution engine. Every upload. Every edit. Every label change. Every sharing link. Those aren’t static events. They’re signals. The moment you wire those signals into Power Automate, Graph, Logic Apps, Functions, or agents, the blast radius changes. A “simple” flow becomes an enterprise integration engine executing at machine speed without human friction. Deterministic vs Probabilistic Automation Deterministic automation: Explicit rules. Predictable. Auditable.Probabilistic automation: Agentic reasoning. Helpful—but not predictable.Governance designed for deterministic flows does not automatically constrain agentic systems. If you let automation grow organically, you’ll eventually lose the ability to answer: Who can trigger this?Which identity performs the write?Where does the data go?What policy was evaluated?What evidence exists?If you can’t answer those, you’re not running a workflow platform. You’re running a rumor. 2️⃣ The Modern Automation Stack Microsoft hid the wiring. That’s both the strength and the risk. Quick Steps → Action Surface Buttons in the grid. Low friction. High usage. They aren’t “convenience features.” They’re invocation points. Govern invocation—not just flows. Lightweight Approvals → State Machines Approval status lives with the item. That’s powerful. It keeps workflow state in metadata instead of email threads. But they are not automatically enterprise-grade. Identity, routing logic, and exceptions still require design. Workflows UX → Acceleration Engine Preconfigured templates reduce friction. Lower friction = more automation. More automation = more drift if unmanaged. Agents → Conversational Front Door Agents are not automation engines. They’re interfaces. Humans ask. Deterministic services execute. If you reverse that model, governance collapses. 3️⃣ The Scalable Flow Model Enterprise automation must follow this pattern: Event → Reasoning → Orchestration → Enforcement Event Use stable signals (state transitions, not noisy edits). Reasoning Separate decisions from execution. Policy evaluation should be testable and auditable. Orchestration Handle retries, throttling, async work, and idempotency. Distributed systems principles apply—even in “low code.” Enforcement Labels, permissions, retention, DLP, audit logs. Governance must execute at runtime, not in documentation. 4️⃣ Tooling Decision Matrix Stop asking which tool is “better.” Ask which class of work you’re solving. Power Automate Use for: Human-centric workflowsBounded volumeClear ownershipAvoid for: High-volume backbone processingProduction-critical service behaviorGraph + Webhooks Use for: High-scale eventingLow-latency needsCentralized triggeringLogic Apps Default for durable, cross-system orchestration. Azure Functions Use for custom compute that needs real engineering discipline. Agents Front-end interface layer. Never enforcement layer. Standardize by workload. No “choose your own stack.” 5️⃣ Governance Is Enforcement, Not Documentation Governance = controls that survive shortcuts. It lives in: Microsoft Entra (identity boundaries)Microsoft Purview (labels, retention, DLP)Power Platform environment strategyAdmin controlsDrift is the default state. Measure entropy: Sprawl ratePermission driftDLP signalsAutomation failure rateIf governance depends on memory, it will fail. 6️⃣ Entra-First Design Every permission not expressed as a group becomes fiction. Non-Negotiables No direct user assignmentAutomation identities separated from humansRole separation + Privileged Identity ManagementGuest sponsorship + lifecycleIdentity is the perimeter. Automation inherits identity posture. If identity is sloppy, AI and workflows amplify the mess. 7️⃣ Purview: Label-First Governance Labels aren’t stickers. They’re enforcement packages. Sensitivity labels control behavior.Retention labels control lifecycle.Auto-labeling reduces toil (but never removes accountability).AI readiness depends on classification hygiene. Agents amplify discoverability. Messy architecture becomes visible at machine speed. 8️⃣ DLP as a Runtime Gate DLP must evaluate at the moment of action. Design for: BlockAllowAllow-with-justification (with logged evidence)Stratify by data class. And remember: Automation identities are egress points. Treat them as such. 9️⃣ Observability Architecture Audit log ≠ operational telemetry. You need: Unified Audit Log for complianceDiagnostic logs for behaviorLog Analytics for correlationSentinel for detectionMonitor: Oversharing patternsGuest anomaliesAutomation identitiesFailure ratesDrift trendsBlind execution always fails eventually. 🔟 Scenario 1: Provisioning as a Factory Provisioning is manufacturing. Not a request form. Pipeline: IntakeValidationApprovalGraph provisioningQueue-based orchestrationRegistrationLifecycle enforcementIdempotency is mandatory. Retries are engineered. Ownership is group-based. Sites are assets. Unmanaged sites are liabilities. 1️⃣1️⃣ Lifecycle Enforcement Detect → Notify → Escalate → Enforce. Archive with locked permissionsOwnership transfer enforcementGuest lifecycle controlDead-letter patterns for workflow failureRetirement tied to retention policyAutomation must converge toward policy—not drift away from it. 1️⃣2️⃣ Compliance as Continuous Evidence Compliance is not a project. It’s continuous proof. You need: Deterministic records stateScoped retention policiesLegal hold priorityLabel-driven enforcementDLP boundary protectionAudit correlationIf compliance req Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support. If this clashes with how you’ve seen it play out, I’m always curious. I use LinkedIn for the back-and-forth.

    1 h 25 min
Tout afficher (479)

Notes et avis

5
sur 5
3 notes

À propos

Welcome to the M365.FM — your essential podcast for everything Microsoft 365, Azure, and beyond. Join us as we explore the latest developments across Power BI, Power Platform, Microsoft Teams, Viva, Fabric, Purview, Security, and the entire Microsoft ecosystem. Each episode delivers expert insights, real-world use cases, best practices, and interviews with industry leaders to help you stay ahead in the fast-moving world of cloud, collaboration, and data innovation. Whether you're an IT professional, business leader, developer, or data enthusiast, the M365.FM brings the knowledge, trends, and strategies you need to thrive in the modern digital workplace. Tune in, level up, and make the most of everything Microsoft has to offer. M365.FM is part of the M365-Show Network. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.

Informations

  • Création
    Mirko Peters (Microsoft 365 consultant and trainer)
  • Années d’activité
    2025 - 2026
  • Épisodes
    479
  • Classification
    Tous publics
  • Copyright
    © Copyright Mirko Peters / m365.fm - Part of the m365.show Network - News, tips, and best practices for Microsoft 365 admins
  • Site web de l’émission
    M365.FM - Modern work, security, and productivity with Microsoft 365

Vous aimeriez peut‑être aussi