Turn your real-world experience into part of the show.

Microsoft Copilot Podcast – AI Architecture, Security & Governance Episodes

Microsoft Copilot introduces AI-driven assistance across Microsoft 365, Azure, and enterprise workloads, fundamentally changing how users interact with data and systems. Copilot Talk explores what happens when AI systems are integrated into production environments with real data, real permissions, and real consequences.

Episodes in this category focus on Copilot architecture, data access patterns, identity delegation, security boundaries, and governance challenges. We analyze how Copilot interacts with Microsoft 365 workloads, APIs, and enterprise data sources — and where architectural assumptions can break under real-world conditions.

Rather than showcasing AI features, Copilot Talk concentrates on risk, responsibility, and control. Topics include over-delegation to AI agents, unintended data exposure, compliance implications, and the challenges of auditing AI-driven decisions. We also discuss how Copilot fits into broader Microsoft identity and security models.

This category is aimed at IT leaders, architects, and security professionals evaluating or deploying Microsoft Copilot in enterprise environments. If you need to understand not just what Copilot can do, but how it affects architecture, governance, and accountability, Copilot Talk provides the depth required to make informed decisions.
Oct. 30, 2025

Your Power BI Numbers Are Wrong Because of Excel – Fix the Data with Copilot

Most “analysis” in Excel is disguised janitorial work: inconsistent dates, mixed data types, rogue spaces, and copy-pasted chaos that later poisons Power BI, Power Automate, and Fabric. The fix isn’t heroics—it’s Excel Copilot acting as an AI janitor that understands structure, enforces types, and prepares data for downstream systems. Two modes matter: Chat (diagnose, explain) and App Skills (actually change the sheet). The practical playbook: 1) Normalize Everything (types, dates, casing, spaces, IDs), 2) Validate & Flag Outliers (rules for missing/absurd values, deviation checks), 3) Transform for Integration (summaries, tidy tables, headers for Power BI/Flows). Once clean, Copilot upgrades sheets from neat to smart—sentiment tagging, segmentations, “Think Deeper” diagnostics—then hands results straight to Power BI/Power Automate without brittle CSV shuffles. The manual phase is over: treat Copilot as a preprocessor at data intake, codify cleanup as prompts, and promote analysts fro…
Guest: Mirko Peters
Oct. 30, 2025

How AI Form Fill in Power Apps Works (Step‑by‑Step Demo)

Power Apps forms turn knowledge workers into typists—rigid fields, copy-paste from emails/PDFs, and slow, error-prone decay that pollutes Dataverse, Power BI, and downstream automations. The fix isn’t more validation; it’s an interpreter: the AI Data Entry Agent. Inside model-driven apps, it converts unstructured input (Smart Paste) and file uploads (OCR) into clean, schema-aligned records—with source snippets, confidence cues, and your existing validation rules enforced. Complex cases shine: multi-address suppliers, related child tables, and certifications become structured data in seconds, not spreadsheets. Architecture matters: entity extraction → schema alignment → pre-submit validation, all within tenant boundaries and Dataverse security. Caveats: premium licensing/AI capacity, regional compliance, domain jargon limits, and “it maps to what exists” (no auto-schema). Roll out with guardrails—pilot libraries, telemetry, naming sanity—then scale. Net result: forms stop demanding typ…
Guest: Mirko Peters
Oct. 29, 2025

How to Use SharePoint Lists as Copilot Knowledge Base (No Migration)

Enterprises reflexively “modernize” by migrating data—Lists → Dataverse → Fabric—burning time and budget to recreate what already works. The myth: Copilot needs data moved to “enterprise-class” stores. The reality: Copilot Studio now connects directly to SharePoint Lists—live, permission-aware, no ETL, no duplication. Authentication replaces replication. Governance is inherited (same ACLs/MFA/audit), risk drops (fewer copies), and answers reflect real-time list updates. Performance? Modern Lists scale when designed sanely (index columns, filter views); slowness is usually architecture, not platform. When to migrate: high-velocity transactions, strict relational integrity, or ERP-grade complexity. Otherwise, keep Lists where business actually happens and let Copilot converse with them. Strategically, Lists flip from “pre-database staging” to living knowledge cells—departmental truth that Copilot queries on demand (up to ~15 lists per agent). New commandment: stop moving data; start con…
Guest: Mirko Peters
Oct. 27, 2025

Copilot Agents: When a Workflow Kills Your Use Case (And What to Do)

Stop calling everything “AI automation.” In the Power Platform, workflows and agents are different species. Power Automate flows are deterministic: fixed triggers, ordered steps, predictable outcomes—excellent for compliance and repetition, terrible at ambiguity. Copilot Studio agents are autonomous within guardrails: they reason toward goals, choose tools at runtime, adapt to context, and escalate when uncertain. That shift—from scripting steps to supervising intent—changes governance, auditing, and risk. At scale, thousands of unsupervised flows collide; poorly bounded agents can improvise into chaos. The winning architecture is hybrid: agents interpret, decide, and delegate execution to auditable workflows. Use flows for transactional muscle memory; use agents for judgment, language, and cross-system synthesis; bind them with Agent Feed visibility and connector policies. Design for supervised autonomy: capability envelopes, role-scoped tools, and reviewable decision trails. The que…
Guest: Mirko Peters
Oct. 26, 2025

Your AI Automation Isn’t Broken — Your Data Validation Is

Your “smart” flow didn’t fail because of AI—it failed because it trusted unvalidated input. Automation amplifies bad data at machine speed: blank fields, sloppy emails, vague purposes become corrupted Dataverse rows, bogus approvals, and dashboards that lie confidently. The fix isn’t “more AI,” it’s governance—specifically, Request for Information (RFI) in Copilot Studio. RFI is the human firewall: a synchronous pause that sends an Outlook actionable message, collects required fields, records who confirmed what and when, and only then resumes the flow. Pair RFI with AI validation and you get a governance loop: AI detects gaps, RFI enforces accountability. Result: fewer null loops, defensible audit trails, and data that’s usable downstream. Use workflows for repeatable steps, agents for reasoning, and RFI to stop garbage from entering the system. Speed without validation is just faster failure; RFI converts automation from “hopeful” to audit-ready.
Guest: Mirko Peters
Oct. 26, 2025

Over Budget Approvals Stuck for Days? Add Manager + Admin Stages in Copilot Studio

Approvals die in inboxes. Copilot Studio’s Agent Flows flip the script by letting AI act as the first approver, enforcing policy instantly and escalating only edge cases to humans. You design a multi-stage flow: an AI stage evaluates objective rules (amount, category, dates) and—optionally—cross-checks receipts via document input. Clear cases are auto-approved; ambiguous or high-risk ones route to a manual stage (manager, then compliance) with dynamic conditions (e.g., extra review ≥ $150). Everything runs on Dataverse with auditable logs: decisions, inputs, timestamps, and identities. The result is speed and oversight—days to minutes, fewer errors, and approvals that stand up in audits. The playbook: write deterministic prompts, wire dynamic inputs, add targeted human gates, validate documents, and harden with testing/versioning. Bottom line: let AI handle rules; let humans handle judgment. Stop waiting on queues—let logic lead.
Guest: Mirko Peters
Oct. 19, 2025

Manual GRC in Microsoft 365 Is Broken – Build This Agent Instead

Manual GRC reporting burns time and budget: exporting Purview logs to Excel, reconciling pivots, and hoping nothing changed overnight. Replace that drag with an autonomous GRC agent built entirely on Microsoft 365: Purview for audit truth, Power Automate for scheduled extraction + classification, and Copilot Studio for clean, human-readable summaries. The agent is deterministic—not guessy “AI.” You define sources, filters, thresholds, tone, and distribution.Pipeline: Power Automate (on a recurrence) pulls scoped Purview activities, filters noise, normalizes JSON, persists a slim history (Dataverse/SharePoint/SQL), classifies per user/event with numeric thresholds, and logs every run (success/failure) for auditability. It then calls a Copilot Studio endpoint with a structured payload to generate (1) exec summary, (2) technical appendix, (3) recommendations, which the flow publishes to Teams and archives to SharePoint—every time, same format, same metadata.Net effect: standardiz…
Guest: Mirko Peters
Oct. 19, 2025

Your Copilot Agent Uses Your Token – Lock Down Those Permissions Now

Copilot Studio agents don’t have their own ethics—or identities. By default they borrow the caller’s token, so any SharePoint, Outlook, Dataverse, or custom API you can see, your bot can see—and say. That’s how “innocent” answers leak context: connectors combine, chat telemetry persists, and analytics stores echo fragments you never meant to share. The fix isn’t ripping out AI; it’s Power Platform DLP done correctly—plus Entra scoping and continuous monitoring.Design the fortress at the connector–environment boundary: classify connectors into Business / Non-Business / Blocked, forbid cross-group traffic, and apply a tenant-level policy that overrules everything below. Put Microsoft 365 data sources (SharePoint/Outlook/OneDrive/Dataverse) in Business; quarantine AI/HTTP/Custom in Non-Business or Blocked; and stop assuming “tenant-wide” means “every environment.” Enforce least-privilege in Entra, segregate environments by function, and test like an attacker.There’s one sealing m…
Guest: Mirko Peters
Oct. 18, 2025

Your Copilot Rollout Is Illegal Without DPA and Product Terms Check

Turning on Microsoft Copilot isn’t magic—it’s governance in motion. That toggle activates a chain of contractual, technical, and organizational controls that either align…or explode. Contracts (Microsoft Product Terms + DPA) set the legal wiring: data residency, processor role, IP ownership, no training on your tenant data. Licenses unlock features; roles and permissions decide what Copilot can actually surface via Microsoft Graph. If RBAC and group membership are sloppy, Copilot will faithfully mirror that chaos.Your exposure equals your hygiene. Copilot only shows what users already can access, which means overshared SharePoint/Teams libraries and unlabeled documents become prompt-ready. Purview’s labels, DLP, retention, eDiscovery—and Defender’s endpoint/runtime enforcement—are the real brakes. Admin Center provisions; Purview classifies and audits; Defender blocks at runtime. Governance that lives in PDFs fails; governance encoded in policies and automation wins.Practical …
Guest: Mirko Peters
Oct. 17, 2025

M365 Copilot or Teams Premium First? How to Spend Your Budget Smart

Copilot in Teams isn’t a cute sidebar; it’s an orchestration layer across meetings, chats, and a central intelligence hub (M365 Copilot Chat). It runs on Microsoft Graph, so it only surfaces what you already have permission to see—precise, not omniscient. In meetings, Copilot turns live transcription into decisions, actions, and mid-call catch-ups you can export (when allowed by labels/policy). In chat, it crushes thread sprawl into cited digests and drafts grounded in the original posts and files. In the Copilot Chat hub (in Teams, Microsoft365.com, or copilot.microsoft.com), one question reconciles Outlook, SharePoint, and Teams with links back to sources. Go further with Agents built in Copilot Studio: approved, published, and governed task executors that file tickets, route forms, and update records—within RBAC and policy limits. Reality check: behavior depends on admin settings (e.g., “On with transcript required”), sensitivity labels, DLP, Defender, and licensing. Done right, Co…
Guest: Mirko Peters
Oct. 16, 2025

Overwhelmed by Long Prompts? Cut the Fluff and Get Better Copilot Output

The “perfect prompt” is a myth. Pros don’t one-shot Copilot; they iterate. They feed just-enough context, set deliberate tone, and refine in short loops until output matches business reality. With Microsoft 365 Copilot, grounded responses come from your Graph data, so structure beats verbosity: state goal → context → format/tone → sources and then converge step-by-step. Newer models (more memory, better following) amplify habits: good structure gets great; sloppy prompts yield polished nonsense. Treat Copilot like a capable colleague: give it blueprints (context), assign a role (tone), and checkpoint the work (iteration & verification). Save high-performers as templates. Share them. This isn’t wizardry—it's systems thinking.
Guest: Mirko Peters
Oct. 16, 2025

Copilot in HR, Finance, Compliance: When “Low Risk” Becomes High Risk

The EU AI Act doesn’t just regulate model makers—it deputizes deployers. Rolling out tools like Microsoft 365 Copilot or ChatGPT makes you responsible for risk classification, documentation, transparency, and monitoring. The “risk ladder” (unacceptable, high, limited, minimal) is determined by use case, not brand. Copilot arrives with enterprise guardrails (Purview, logging, Graph permissions, EU Data Boundary), but you still have to configure, log, and prove. ChatGPT’s flexibility is great, but in standalone use you must build the compliance scaffolding yourself (DPIA, RoPA, DLP, audit logs, disclosures). The episode gives a practical survival kit: classify your use, wire Purview/DLP/retention, enable audit trails and activity history, run DPIAs, train staff, and mandate citations + human review for people-impacting decisions. Regulation isn’t an innovation killer—it’s the scaffold that lets you scale without setting off legal tripwires.
Guest: Mirko Peters
Oct. 16, 2025

Copilot Memory vs Recall: Stop Mixing Them Up and Avoid Privacy Incidents

Copilot Memory isn’t stealth surveillance—it only saves what you explicitly ask it to remember (e.g., tone, format, project tags). Every save is announced with “Memory updated.” You can review, edit, or wipe entries anytime. The real privacy hazard is confusing Memory with Recall (automatic, device-local screenshots on Copilot+ PCs) or Vision (opt-in, realtime screen/camera analysis that discards images when the session ends; only the text chat can persist). Three features, three consent models. Users and admins both have hard controls—toggles, deletions, tenant policies, and eDiscovery visibility—so personalization is governed, not guessed.
Guest: Mirko Peters
Oct. 15, 2025

Are Your Power Platform Apps Now “High‑Risk AI”? Fix This Before Audits

This episode is a practical walk-through of what actually goes wrong when organizations deploy copilots or chatbots without Responsible AI guardrails.It explains why:modern LLMs are non-deterministicprompt injection is not hypotheticalbad outputs can cascade across business workflows faster than any human mistakeThen it walks through the EU AI Act (which is now real, and not optional), and the implications for Power Platform / Microsoft 365 builders — especially if you’re building anything that touches employment, credit or productivity scoring.Finally, it closes with the practical shields that already exist inside Microsoft 365 / Power Platform — and the final “line of defense” — a functioning Governance Board.
Guest: Mirko Peters
Oct. 14, 2025

Your Sales Pipeline Is Leaking Money Without Microsoft 365 Copilot

This episode breaks down the real return organizations see from Copilot by reframing it as a time-recovery system rather than a productivity gimmick. It starts with the hidden cost of modern work: hours lost every week to emails, meetings, drafts, reports, and administrative upkeep that create the feeling of motion without real progress. Copilot’s value comes from collapsing this routine work so that time and attention can be redirected toward higher-impact outcomes instead of being consumed by maintenance.The discussion shows how even small time savings compound at scale. When people recover a handful of hours each month, the effect is modest individually but dramatic across thousands of employees. These reclaimed hours become a flexible currency that can either disappear back into busywork or be intentionally reinvested into strategic work. The episode stresses that results depend heavily on how organizations choose to use that recovered time, not just on deploying the tool.…
Guest: Mirko Peters
Oct. 13, 2025

Stop Breaking Workflows: When You Must Use Automation, Not AI Agents

This episode explains the real difference between automation and agents, cutting through the confusion created by marketing and buzzwords. Automation is framed as rigid and repetitive, useful for consistent, rule-based tasks but incapable of adapting when conditions change. Agents, by contrast, are autonomous systems that observe their environment, plan their next steps, and act based on judgment rather than fixed scripts. That difference matters because agents can carry memory, adapt to new situations, and make decisions without constant human intervention, while automation simply replays instructions.The core of true agent behavior is the Observe–Plan–Act loop. Agents continuously gather signals from their environment, reason about possible actions using memory and goals, execute decisions through integrations, and then learn from the results. This loop allows agents to improve over time instead of breaking when something unexpected happens. Without this cycle, a system may look…
Guest: Mirko Peters
Oct. 13, 2025

How to Prove to Auditors How Your Azure AI Answer Was Generated

Azure AI Foundry isn’t “just a big model.” It’s a governed runtime where every interaction is logged and traceable. Agents are built as disciplined “squad leaders” from three gears—Model (brain), Instructions (orders), Tools (capabilities)—and their work leaves receipts via Threads (conversation history), Runs (executions), and Run Steps (step-by-step actions). This structure turns AI from ad-hoc chat into reproducible, auditable systems you can operate at enterprise scale: models are swappable, tools are permissioned and observable, and governance (identity, audit, approvals) is built in. Bottom line: agents ≠ scripts; with Foundry’s OPA mindset and lifecycle logs, you get autonomy with accountability.
Guest: Mirko Peters
Oct. 10, 2025

How Managers Can Control AI Agents So They Don’t Override Human Decisions

AI agents are about to feel like real coworkers inside Teams—fast, tireless, and dangerously literal. This episode gives you a simple framework to keep them helpful and safe: manage their memory, entitlements, and tools, and layer prompting, verification, and human-in-the-loop oversight. You’ll learn how to prevent “Agentageddon” with practical governance, risk tiers, and monitoring so agents boost throughput without blowing up compliance.
Guest: Mirko Peters
Oct. 9, 2025

Connect Copilot Studio to Word Policy Files (No More Wrong Answers)

Your first Copilot Studio agent shouldn’t guess policy—it should cite it. This episode shows how to recreate a bad reply in the Test pane, ground answers in real docs, shape a trustworthy persona, and publish a pilot that survives Teams/SharePoint quirks. Treat Studio as sparring, not proof; ground, persona-tune, and channel-test before you scale.
Guest: Mirko Peters
Oct. 8, 2025

Copilot Studio vs Agents Toolkit: What Microsoft Docs Don’t Tell You

Rolling out Microsoft 365 Copilot is only the tutorial, not the boss fight. Your first agent may look perfect in Copilot Studio, but production exposes the real challenges: grounding answers in authoritative sources, governance to prevent sprawl, monitoring for reliability, and licensing/cost controls so the meter doesn’t explode mid-month. Think in layers: the foundation model, orchestrator, grounding, and skills/connectors must operate as one stack—or you’ll scale confident nonsense. Choose the right build path: Copilot Studio for low-code speed and admin guardrails; Teams/Agents Toolkit for full-stack control, custom orchestration, and deep integrations. Then feed the brain: connect SharePoint, Dataverse, Graph data, and external systems (securely) so responses come with citations, not guesses. Lock down Purview labels, DLP, diagnostics logs, and least-privilege roles before broad release, and watch the copilot consumption meter (or PAYG) so testing doesn’t drain production. Succes…
Guest: Mirko Peters
Oct. 7, 2025

How to Cut Escalations With Sentiment Routing in D365 Contact Center

Old-school contact centers feel like permanent firefighting: fragmented channels, missing context, repeat questions, and burned-out teams. Dynamics 365 Contact Center flips that script with sentiment analytics and Copilot. Real-time models read tone, word choice, and pacing to detect frustration early, then route priority cases to the right human before tempers spike. From there, autonomous agents take the grunt work—creating/updating cases, organizing knowledge, and building intent libraries—so people focus on judgment calls, not copy-paste. Copilot adds “conversation superpowers”: structured summaries, source-backed answers, and draft replies you can edit, which kill dead air and the dreaded “can you repeat that?” At scale, queues evolve into a proactive engagement engine: sentiment-based routing, predictive alerts, omnichannel continuity, and supervisor dashboards that forecast spikes and shift staffing before backlogs form. The payoff is practical—shorter handle times, fewer escal…
Guest: Mirko Peters
Oct. 2, 2025

Copilot Data Leak Scare? Use Purview DSPM to See What Really Happened

AI isn’t an edge case in your SIEM anymore—it’s a participant. This episode asks a hard question: when Copilot surfaces a confidential file your user can technically access, is that a breach, a policy gap, or “works as designed”? We walk through why AI access alerts don’t fit classic kill-chain thinking and how overshared data + weak labeling turn Copilot into an accidental exfil partner. The fix isn’t panic; it’s alignment: Purview/DSPM to map sensitivity and label history, DLP & label-based exclusions to block AI from high-risk content, Defender XDR to correlate AI access with endpoint movement, and prompt/interaction auditing so investigations have receipts.You’ll get a mental model for AI incidents (“malicious, overreach, or justifiable?”), the signal bridges your SOC needs (label change → AI access → downstream movement), and a prewired combo that turns noisy “Copilot touched a file” events into guided, evidence-backed actions. By the end, you’ll have a practical blueprint to…
Guest: Mirko Peters
Sept. 30, 2025

Copilot Feature in Dynamics 365 Business Central Explained

In this episode, we take a deep dive into Microsoft Copilot inside Dynamics 365 Business Central and explore how AI is transforming day-to-day business operations. We start by grounding listeners in the essentials of Business Central—a comprehensive ERP for small and midsized organizations that connects finance, operations, sales, supply chain, and reporting in a unified Microsoft ecosystem.From there, we introduce Microsoft Copilot, the AI assistant woven throughout Microsoft 365 and Dynamics 365. We discuss how Copilot enhances Business Central by automating repetitive tasks, generating insights from business data, improving decision-making, and simplifying user workflows through natural-language interaction.Listeners learn about the standout Copilot features currently available in Business Central, including intelligent bank reconciliation, AI-assisted inventory management, automatic marketing text generation, predictive insights, and context-aware assistance built right in…
Guest: Mirko Peters
Sept. 29, 2025

Copilot Studio vs Azure AI Foundry: Key Differences, Use Cases & How to Choose

In this episode, we unpack two major AI platforms in the Microsoft ecosystem—Copilot Studio and Azure AI Foundry—and help listeners understand when to use each one. Whether you're building conversational AI, custom machine learning models, or enterprise-grade AI applications, choosing the right platform is key to getting the most from Microsoft’s AI stack.We begin by exploring what each platform is designed for. Microsoft Copilot Studio is the low-code, accessible environment inside the Power Platform for building conversational AI agents and workflow-driven bots. It's ideal for customer service chatbots, internal support agents, automated responses, and Microsoft 365-integrated AI experiences. Its biggest strengths: simplicity, rapid deployment, and a natural path for teams with minimal coding experience.On the other side, Azure AI Foundry is built for developers, data scientists, and AI engineers who need advanced control, scalability, and custom AI model development. It sup…
Guest: Mirko Peters