Turn your real-world experience into part of the show.

Microsoft Copilot Podcast – AI Architecture, Security & Governance Episodes

Microsoft Copilot introduces AI-driven assistance across Microsoft 365, Azure, and enterprise workloads, fundamentally changing how users interact with data and systems. Copilot Talk explores what happens when AI systems are integrated into production environments with real data, real permissions, and real consequences.

Episodes in this category focus on Copilot architecture, data access patterns, identity delegation, security boundaries, and governance challenges. We analyze how Copilot interacts with Microsoft 365 workloads, APIs, and enterprise data sources — and where architectural assumptions can break under real-world conditions.

Rather than showcasing AI features, Copilot Talk concentrates on risk, responsibility, and control. Topics include over-delegation to AI agents, unintended data exposure, compliance implications, and the challenges of auditing AI-driven decisions. We also discuss how Copilot fits into broader Microsoft identity and security models.

This category is aimed at IT leaders, architects, and security professionals evaluating or deploying Microsoft Copilot in enterprise environments. If you need to understand not just what Copilot can do, but how it affects architecture, governance, and accountability, Copilot Talk provides the depth required to make informed decisions.
Dec. 6, 2025

How to Wire MCP and Semantic Kernel for Secure AI Automation

You’re wasting AI on small talk. In this session I show you how to turn chatty models into hardened IT ops agents that actually fix incidents while you sleep. We wire Semantic Kernel, MCP, Microsoft Graph and Azure OpenAI with managed identity so agents can plan, act and auto-verify – without handing root access to a hallucinating chatbot.You’ll see how to slash MTTR, auto-resolve password reset tickets, drain bad builds, and roll back safely using tool schemas as “laws of physics,” not vibes. We’ll build a six-part agent molecule (persona, memory, planner, tools, policy, verifier) and drop it into real incident flows: 5XX spikes, canary failures, onboarding waves and weekend fire drills.If you care about uptime, sleep, and not turning your data center into glass, this is your blueprint: SK orchestrates, MCP connects, Foundry governs, managed identity contains – and your agents prove every action they take.
Guest: Mirko Peters
Dec. 5, 2025

How to Choose Between RAG and Microsoft 365 Copilot

The night is thick with static inside your tenant, and the questions aren’t small anymore. Copilot can walk the clean, well-lit M365 streets — summarizing inbox noise, tightening your notes, finding what you already have permission to see. Fast, friendly, useful. But tone isn’t truth, and guesses don’t survive compliance.This episode pulls you into the alleys where real knowledge lives: stale PDFs, forgotten SharePoint stacks, file-server ghosts, wikis no one maintained. That’s where Copilot reaches its boundary — and where Retrieval Augmented Generation starts. RAG becomes the librarian with receipts, dragging ground truth from your own systems, forcing citations, refusing to bluff. We map when Copilot is enough, when you must build a pipeline, and why teams explode cost, tickets, and trust by confusing the two. A secret step makes the whole discipline 10× easier — and we go there.If your world runs on proprietary policy, SOPs, baselines, and high-stakes questions where wrong…
Guest: Mirko Peters
Nov. 29, 2025

How to Stop AI Prompt Injection in LangChain4j and Copilot Studio

AI agents are shipping faster than your change control, and they’re carrying master keys to your data. This talk rips into how LangChain4J and Copilot Studio quietly turn “helpful copilots” into data-leaking, over-permissioned shadow admins with no audit trail. You’ll see exactly how prompt injection, over-scoped connectors, and missing logs create reportable incidents, and how strict schemas, per-agent identities, and real DLP stop the bleeding. The core move most orgs skip: give every agent its own locked-down identity, no shared creds, no tenant-wide scopes, and treat it like a very dumb, very powerful user you have to restrain by design.
Guest: Mirko Peters
Nov. 29, 2025

How to Diagnose GPU Underutilization in Production AI Systems

In this episode of The M365 Show we investigate a familiar but often misunderstood failure pattern in enterprise AI: GPU costs rise, throughput collapses and latency becomes unpredictable, even though the dashboards look healthy and the models appear to work. Instead of blaming parameters or architectures, we treat the problem as a forensic case and follow the evidence through the entire compute pipeline.We walk through a realistic Stable Diffusion workload under concurrency, with strict P95 latency objectives and GPU hardware that looks perfectly adequate on paper. From there, we trace how silent CPU fallback in ONNX Runtime, subtle version mismatches across CUDA, cuDNN, TensorRT and ONNX Runtime, and container misconfiguration combine into a single pathology that turns an accelerator into an expensive heater. The system continues to return correct outputs, but at 10 to 30 times the expected latency and with a fraction of the intended throughput.Building on that, we construct…
Guest: Mirko Peters
Nov. 28, 2025

How to Stop AI Agents from Doing Dumb Things in Microsoft 365

Tired of “smart” AI agents doing dumb, dangerous things in your Microsoft 365 tenant? This episode shows you the one architectural move that turns flaky prompt-powered agents into reliable, auditable systems: a pre-execution contract check that blocks bad behavior before it ever hits your data. We walk through how to separate LLM cognition from real-world operations, why executors and validated workflow graphs beat prompt hacks every time, and how to wire this into Microsoft 365 Graph, Azure OpenAI and Copilot Studio without creating a compliance nightmare.You’ll see how a validator proves three things before any tool call runs: the capability is real, the caller actually has permission right now, and the outcome is feasible and verifiable within strict data boundaries. No “trust the model,” no silent partial failures, no hallucinated tools. Instead, you get schema-checked JSON, idempotent executors, policy-enforced allow lists, human checkpoints as first-class workflow nodes, and…
Guest: Mirko Peters
Nov. 27, 2025

How to Build a Copilot That Respects DLP and Compliance.

Why do so many Microsoft 365 Copilot projects fail — even when the prompts look fine?In this episode, we explain why the real issue is not prompt engineering, but context engineering.Most AI failures are not model failures. They are context failures. When Copilot lacks structured, governed, and relevant information, it produces inconsistent, low-quality, or misleading results.Context Engineering goes beyond writing better prompts. It is the systematic design, management, and governance of all information your Copilot has access to — ensuring accurate, stable, and trustworthy outputs.We break down what context engineering really means in Microsoft 365 environments, why it matters for enterprise AI adoption, and how to design Copilot solutions that scale reliably.If you want consistent Copilot results instead of AI randomness, this episode is essential.
Guest: Mirko Peters
Nov. 23, 2025

Copilot Rolled Out, Helpdesk Exploded? Build This Learning Hub

This episode rips apart the illusion that “Copilot training” is a workshop, a slide deck, or a single rollout campaign. It starts with a familiar pain: you trained users on Microsoft Copilot, pinned decks, hosted Q&As, ran office hours—and your help desk ticket queue still grew. Users got smarter for 24 hours, then went straight back to asking, “Which Copilot do I use?” and “Is this safe?” The episode argues that the core problem isn’t users, or even Copilot. The problem is that most organizations are trying to manage a fast-moving, AI-driven behavior engine with static training and scattered documentation. Without a governed, tenant-aware learning system, you’re not doing adoption—you’re role-playing a help desk.From there, the conversation reframes Copilot adoption as an information architecture and governance problem, not a training problem. Traditional one-off training creates “shadow training” everywhere: rogue slide decks in Teams, PDFs with filenames like “Ultimate Copilot …
Guest: Mirko Peters
Nov. 22, 2025

Azure Functions + Python: The Cost Trap Killing Your Power Platform ROI

Python is NOT the language of AI inside the Microsoft stack—and in this episode, I show you why that belief is quietly wrecking your Power Platform projects, inflating defects, and burning your budget. If you’re cramming Python into Power Automate, Power BI, Fabric, or custom connectors as “glue code,” this is your wake-up call.We break down why Python is amazing for analytics, ML, and Fabric notebooks—but a terrible choice for everyday orchestration inside Power Automate, Power BI Dataflows Gen2, Dataverse, and Microsoft 365. You’ll learn how Office Scripts (TypeScript-flavoured), Copilot, and agent-style orchestration (like type-agent) can write and run the glue for you, with typed contracts, native connectors, and AI-generated scripts that actually respect your schemas and governance.Instead of debugging brittle Python in Azure Functions at 2:14 a.m., you’ll see how to:Keep Python where it shines: Fabric notebooks, advanced analytics, ML.Use Copilot + Office Scripts to …
Guest: Mirko Peters
Nov. 21, 2025

Copilot Ignores Your Company Policies? Here's the Fix

Out-of-the-box Microsoft Copilot sounds like a genius—but in real enterprises it’s a dangerously confident intern. In this episode, we expose where default Copilot quietly fails on the questions that actually matter: “Can I share this file?”, “Who’s on-call right now?”, “Is this HIPAA-safe?” You’ll see how generic, Graph-only Copilot ignores your DLP exceptions, regional SOPs, escalation paths, and legal memos—and why that’s how incidents are born.Then we show you the fix: plug your own specialist engine agent straight into Microsoft 365 Copilot Chat with a simple manifest upgrade. You’ll learn the retrieval + actions + guardrails pattern, how to wire Azure AI Search, internal APIs, and tenant controls, and the exact schema 1.22 tweaks (copilotAgents + customEngineAgents) that flip Copilot from smooth-talking generalist to hard-edged policy enforcer.The before vs. after is brutal: vague essays and hallucinated “best practices” turn into crisp, cited decisions, “Page now” butto…
Guest: Mirko Peters
Nov. 21, 2025

Copilot Shows Wrong or Old Data: Fix Permissions and Trust Fast

Your Copilot rollout is probably going to flop—and it won’t be the AI’s fault.Most organizations treat Microsoft 365 Copilot like a feature toggle: light up licenses, send a heroic memo, run one training… and three months later MAU is a rounding error. In this episode, we expose the five hidden failure modes that quietly kill Copilot adoption: vague “be more productive” use cases, governance theater that stalls everything, launch-and-ghost comms, license confetti with no telemetry, and users who were never actually taught how to talk to the model.You’ll learn the brutal truth that deployment is not adoption, the week-one leadership decision that predicts your long-term MAU, and why your real product isn’t Copilot—it’s behavior change. We walk through the C4 prompting pattern (Context, Constraint, Critique, Continue), the 10/30/60 “Tuesday task” model that kills blank-page syndrome, how to stop governance panic without freezing the rollout, and a practical 90-day adoption playb…
Guest: Mirko Peters
Nov. 19, 2025

Multi‑Channel M365 Agents Without Broken Adapters (Teams, Slack, Outlook)

Your M365 AI agent isn’t failing because the model is bad—it’s failing because your plumbing is. This episode exposes why DIY agents that “work in dev” die the second real users and security show up. You’ll hear how app-only auth quietly nukes permission fidelity and audit trails, why stateless bots forget context the moment you add a second node, and how hand-rolled Teams/Slack/Outlook adapters create glitchy, untrustworthy UX that feels cheap and amateur.The host then reveals the real unlock: the Microsoft 365 Agent SDK as the non-optional backbone for identity, state, channels, and governance. You get act-as-user auth, durable conversation state across clusters, real adapters for Teams/web/Slack/Copilot, streaming that just works, and built-in hooks for Purview, DLP, Defender, and eDiscovery—so security says “yes” instead of “absolutely not.”If you’re gluing LangChain, SK, and custom tools together and hoping it passes review, this episode is the wake-up call: stop shipping…
Guest: Mirko Peters
Nov. 17, 2025

Auditors Question Your AI Decisions? Use Agentic RAG for Traceable Proof

Your Copilot isn’t smart – it’s a very expensive autocomplete. In this episode, we break down why classic RAG (retrieve-augment-generate) quietly fails the moment your truth lives in more than one system, and how “agentic RAG” on Azure turns Copilot from a context tourist into an actual reasoning engine.You’ll hear how Planner, Retriever, and Verifier agents running on Azure AI Agent Service can roam Microsoft Fabric, SharePoint, and external data, cross-check their own answers, and deliver evidence-linked insights that auditors, CISOs, and data leaders can actually trust. We dig into On-Behalf-Of auth, RLS/CLS, and Purview labels so your AI respects the same permissions as your humans, instead of leaking CFO forecasts to interns.If you’re a CIO, CDO, architect, BI lead, or security/GRC owner who’s tired of hallucinated KPIs and pretty-but-useless dashboards, this is your blueprint. Learn how to cut decision latency from months to minutes, turn SharePoint chaos into a semantic…
Guest: Mirko Peters
Nov. 16, 2025

Still Typing into Copilot? Turn on Hands‑Free Voice in 5 Minutes

Typing to Copilot is the new fax machine—and your thumbs are the bottleneck. In this episode we break down how to give Copilot an actual voice, a memory, and a legal department, so it can keep up with the way you think, not the way you type.You’ll hear how GPT-4o Realtime turns Copilot from a slow, QWERTY-bound chatbot into a true conversational partner that listens while you speak, lets you interrupt mid-answer, and responds in milliseconds. Then we plug that voice into a real brain: Azure AI Search with RAG, so every answer is grounded in your own policies, standards, and FAQs—fully cited, fully governed.We walk through the blueprint step by step: Blob Storage, Azure AI Search, a hardened proxy layer, and secure M365 voice integration in Copilot Studio, Power Apps, and Teams. No biometrics, no cowboy connectors, just Entra ID, Purview, DLP, and logs your CISO can sleep on.If you’re still typing into Copilot, you’re leaving productivity—and compliance-grade insight—on the…
Guest: Mirko Peters
Nov. 15, 2025

Cloud Costs Exploding After AI? Here’s the Real Reason

Stop your cloud migration. Seriously. If you’re still bragging about being “cloud first,” this episode will show you why your shiny Azure estate is actually AI hostile. 🧨We break down the brutal truth: lift-and-shift doesn’t modernize anything—it just moves your technical debt into someone else’s data center. Your VMs won’t give Copilot safe, governed access to data… they’ll give it a front-row seat to your permissions sprawl, lineage gaps, and compliance nightmares.You’ll learn:Why cloud ≠ AI (and how your 2015 migration is blocking 2025 AI use cases)The Fintrax case study: “cloud-first” optics, AI pilot failure, compliance incident, and a 70% cost blowoutThe 3 pillars of real AI readiness: data discipline, MLOps maturity, and governance talentA no-BS 3-step playbook: Unify → Fortify → Automate so every AI decision becomes traceable and defensibleIf your roadmap still reads like a relocation plan instead of an AI architecture, hit play before you burn the next dec…
Guest: Mirko Peters
Nov. 13, 2025

Auto‑fill Excel RFI spreadsheets from your knowledge base in minutes

This episode explains how to eliminate manual Excel work by using an autonomous agent that completes spreadsheet-based RFIs without human involvement. Instead of relying on macros or step-by-step automation, the system watches for incoming Excel files, interprets the questions inside them, generates accurate responses using defined knowledge, writes the answers back into the spreadsheet, and sends the completed file automatically.The episode emphasizes the difference between simple automation and true autonomy. Automation waits for instructions, while an agent acts independently by observing, reasoning, and completing tasks end to end. RFIs are used as the ideal example because they are structured, repeatable, and clearly define what “done” looks like. This structure allows the agent to behave predictably rather than creatively, reducing errors and eliminating wasted effort.A major theme is the importance of structure and discipline. Clean inputs, consistent spreadsheet layout…
Guest: Mirko Peters
Nov. 13, 2025

Step-by-Step: Connect Azure SQL to Copilot Studio via Data Gateway

Your Copilot sounds smart but secretly knows nothing about your business. It’s guessing from Wikipedia while your real memory—orders, invoices, inventory—sits locked in SQL Server behind the firewall. This episode exposes the fix: the Power Platform Data Gateway, a locked-down, outbound-only “spinal cord” that lets Copilot read and write live SQL data without exposing your database.You’ll hear how to plug Azure SQL into Copilot Studio as a Knowledge Source so every chat can fire real-time T-SQL through the gateway instead of stale CSV exports. Then it gets wild: SQL Actions turn Copilot from a chatty analyst into a digital employee that can safely insert and update records with confirmations, least-privilege access, and full audit trails.Finally, you’ll blueprint the “hybrid brain”: SQL as memory, the gateway as spine, Copilot + Power Platform as brain, and Teams/Web as the face your users see. With clusters, indexes, telemetry, and a battle-tested checklist, you’ll ship an AI…
Guest: Mirko Peters
Nov. 12, 2025

Why Your MCP Server Is Invisible to Copilot Studio (And How to Fix It)

Think adding Model Context Protocol to Copilot Studio is “just a custom connector”? This episode blows that lie apart. We unpack why the shiny MCP dropdown only talks to Microsoft’s own sources, and why your “connected” MCP is usually a dead tunnel, not a live bridge. You’ll learn what MCP really is (a streaming context protocol, not a data feed), the exact gotchas that keep your custom connector invisible or silent (host/base URL, schemas, streaming, TLS, proxies), and how to actually prove it works with real-time markdown, citations, and logs. Most importantly, we show why all this fiddly setup isn’t nerd vanity—it’s how you turn Copilot from a hallucinating chatbot into a compliant, auditable analyst your security and compliance teams can live with.
Guest: Mirko Peters
Nov. 11, 2025

Free Copilot, not free governance: the admin checklist you need first

Microsoft says Copilot is now free across Word, Excel, PowerPoint, Outlook, and OneNote. But here’s the twist: it’s not magic — it’s your data, orchestrated. In this episode we rip off the marketing gloss and show how Microsoft Graph pipes your emails, files, meetings, and notes into a single “AI brain.” You’ll see how Copilot actually works, where it really saves time, and why privacy, DLP, and audit workloads spike the moment you switch it on. Faster workflows? Yes. Free compliance? Not a chance.
Guest: Mirko Peters
Nov. 8, 2025

Stop Using RPA Bots for Legacy Apps: Use Copilot Computer Use

This might be the week the bots stop “assisting”… and start working.Microsoft quietly flipped a switch — and Copilot Studio can now literally use your computer.Not API calls. Not connectors. Not cloud sandboxes.Actual mouse movement. Real keyboard input.A legit AI agent that can launch your Power App, fill the fields, and submit the form — like a disturbingly compliant intern.In this episode we unpack the feature Microsoft calls Computer Use — the update that turns Copilot into a hands-on operator of Windows machines. We walk through setup, the security ceremony no one warns you about, and then watch the AI stumble, misclick, recover, adapt… and eventually succeed. It’s messy, slow, hilarious — and also historic.This is agentic AI in the enterprise — the moment automation stops being a diagram and becomes a digital worker.If your business runs on legacy apps, intranet buttons, and “almost integrated” everything… this is the episode you need to hear. Because this is…
Guest: Mirko Peters
Nov. 7, 2025

Stop Static Power Apps Charts: How to Show Live Data with AI

Power Apps charts are obsolete. They look like a 1990s Excel demo and they can’t be styled, can’t be made dynamic, and can’t be made modern without pain.We stop trying to fix them.The new move is simpler: don’t render charts inside Power Apps at all. Let AI draw the chart image for you — on demand — in the exact style you want. Power Apps then just displays the Base64 image the AI returns. It becomes a host, not a renderer.You can press a button, pass JSON to apiprompt.predict, and the AI generates the visual: bar, line, lollipop, area, whatever. With real time app data. Zero Power BI dependencies. Zero native chart control. Zero template limits.This turns charts into prompts instead of properties. You describe the chart you want, AI draws it, Power Apps shows it. That’s the future.
Guest: Mirko Peters
Nov. 5, 2025

Business Users Still Waiting Days for Reports? Fix It With Copilot Studio

Your company isn’t blocked by data—it’s blocked by syntax.Copilot Studio turns plain-English questions into governed Fabric queries, so “What was our revenue by quarter?” finally gets an instant, secure answer—no SQL, no tickets, no waiting. It’s not a chatbot; it’s a translation engine that remembers context, respects permissions, and makes your warehouse talk back like a smart analyst. The real bottleneck has never been tables—it’s been language. This is the fix.
Guest: Mirko Peters
Nov. 4, 2025

Copilot shows wrong numbers? Fix your Fabric data model now

Copilot didn’t hallucinate — you hallucinated first.Your schema lied → Fabric believed it → Copilot repeated it with confidence.Bad Bronze → leaky Silver → fake Gold = executive decisions built on fiction.Fix the Medallion discipline + fix the semantic layer — or keep paying for an AI that politely invents your reality.
Guest: Mirko Peters
Nov. 2, 2025

our Copilot Setup Is Breaking GDPR: Fix These 5 Settings Now

Copilot Notebooks feel magical — a conversational workspace that pulls context from SharePoint, OneDrive, Teams, decks, sheets, emails — and synthesizes answers instantly.But the moment users trust that illusion, they generate data that has no parents.Every Copilot output — a summary, paragraph, bullet list — is derived content that contains fragments of sensitive sources… but inherits none of the original sensitivity label, retention policy, audit trace, or Purview detection scope.Result: enterprises are silently creating a Shadow Data Lake — an ocean of unlabeled, untraceable derivative insight.The core problem isn’t Microsoft’s security model — it’s that governance frameworks assume lineage, and AI isn’t generating lineage.Solution: treat AI output as first-class content. Label by default. Apply Derived Data policies. Time-box Notebook containers. Limit sharing. Make AI summaries review-gated.AI productivity accelerates — and so does compliance debt — unless…
Guest: Mirko Peters
Oct. 31, 2025

Entra Audits Are Wrong If You Let Copilot Summarize Role Changes

GPT-5 in Copilot is dazzling—but its fluency can fool you. It produces executive-ready prose fast, yet lacks defensible provenance. That makes it great for creation (drafts, outlines, brainstorming) and terrible for compliance (anything that must survive audit). The Researcher Agent is the counterweight: slower, source-driven, and methodical. It asks clarifying questions, fetches and cites sources, logs retrieval, and builds an auditable chain of reasoning. In regulated environments, that difference is existential: GPT-5 gives velocity; the Agent gives veracity. Use Copilot for momentum; use the Agent when lineage, citations, and reproducibility are mandatory—governance docs, financial/regulatory reporting, internal knowledge articles, Entra/security audits, and exec-level market analysis. The winning pattern is a hybrid workflow: ideate with Copilot → verify critical claims with the Agent → reintegrate citations and let Copilot polish language. Keep layers separate to avoid “governan…
Guest: Mirko Peters