Join the list! or Get updates on new episodes!
Join 10,000 other listeners and get updates on new episodes.
What if your AI systems aren’t rebelling — they’re simply executing the chaos you built?In this episode, we break down a hard truth about AI agents, Microsoft Copilot, Power Automate, and enterprise automation: failures don’t come from intelligence gone rogue, they come from human inconsistency…
Shadow IT didn’t disappear, it evolved into AI agents quietly moving your data faster than your controls can see.In this episode, we break down how AI agents, Copilot Studio bots, and Power Automate flows are becoming the new Shadow IT inside Microsoft 365. What starts as productivity quickly t…
In a recent podcast, Mirko Peters discussed the critical importance of effective document management and compliance in organizations, emphasizing that lost documents can lead to organizational failure. He presented strategies for building an audit-ready Enterprise Content Management (ECM) system in…
Stop patching ghosts and start running a self-healing workplace. This Podcast reveals why Microsoft Intune alone can’t scale your endpoint management – and how pairing Intune with Azure, Automation, Functions, Microsoft Graph, managed identities and Log Analytics turns chaos into a quiet, secure es…
Microsoft Intune is a powerful endpoint management solution — but improper deployment can introduce serious security risks. Misconfigured policies, over-permissioned roles, and weak compliance settings often create hidden vulnerabilities that attackers can exploit.In this guide, we break down t…
You’re letting attackers stroll through your Microsoft tenant because you treat Threat Analytics like a newsletter instead of a weapon. In this episode, we show security leaders and SOC analysts how to turn Microsoft Threat Analytics into a living playbook that actually reduces time to detect and c…
What if your Zero Trust stack is silently greenlighting a perfect data heist in Microsoft 365?In this episode, we dissect how one “compliant” account quietly pulled 12,000 SharePoint files in 20 minutes—no malware, no DLP alerts, and all your Entra ID and conditional access policies saying “allow…
Your Microsoft 365 tenant might already be compromised—and your MFA is effectively useless because of one misconfiguration you’ve probably left on.In this episode, the Office of Corrective Doctrine walks you through five brutal real-world attack paths inside Microsoft 365 and Entra ID: Teams ph…
Stop Buying Security Tools: The Shocking ROI of One XDR TimelineDrowning in alerts across M365, endpoints, and cloud apps? This video shows why your hybrid security stack is a Rube Goldberg machine that screams and still misses real attacks. You’ll see the four blind spots in Microsoft 365, ide…
MFA is not your shield – it’s already broken. In this episode, we walk the bridge of a real M365 tenant breach, step-by-step, from the attacker’s cockpit to your shattered inbox. You’ll hear how one phishing click plus an AitM proxy and a “benign” OAuth app stole live cookies, hijacked mailboxes, a…
This episode explains how to “calm down” a messy Conditional Access setup by removing blind spots and setting clear boundaries. It walks through three main trust problems—overbroad exclusions, unclear device compliance, and token theft—and shows how to replace permanent exceptions with time-bound a…
Your “intern” just became your scariest, smartest coworker—and it’s made of code.In this episode, we unpack how Microsoft Security Copilot is quietly turning traditional Security Operations Centers into AI-driven defense factories. Forget drowning in alerts, phishing noise, and endless Patch Tu…
Copilot Notebooks feel magical — a conversational workspace that pulls context from SharePoint, OneDrive, Teams, decks, sheets, emails — and synthesizes answers instantly.But the moment users trust that illusion, they generate data that has no parents.Every Copilot output — a summary, parag…
Your Power App didn’t get “hacked”—it was over-permitted. Treating Dataverse like SharePoint (big buckets, broad roles) turns guest access into a data breach waiting to happen. Dataverse is a relational fortress built on granular privileges (Create/Read/Write/Delete/Append/Append To/Assign/Share), …
Manual GRC reporting burns time and budget: exporting Purview logs to Excel, reconciling pivots, and hoping nothing changed overnight. Replace that drag with an autonomous GRC agent built entirely on Microsoft 365: Purview for audit truth, Power Automate for scheduled extraction + classification, a…
Copilot Studio agents don’t have their own ethics—or identities. By default they borrow the caller’s token, so any SharePoint, Outlook, Dataverse, or custom API you can see, your bot can see—and say. That’s how “innocent” answers leak context: connectors combine, chat telemetry persists, and analyt…
Turning on Microsoft Copilot isn’t magic—it’s governance in motion. That toggle activates a chain of contractual, technical, and organizational controls that either align…or explode. Contracts (Microsoft Product Terms + DPA) set the legal wiring: data residency, processor role, IP ownership, no tra…
This episode is a practical walk-through of what actually goes wrong when organizations deploy copilots or chatbots without Responsible AI guardrails.It explains why:modern LLMs are non-deterministicprompt injection is not hypotheticalbad outputs can cascade across business workflows fast…
AI agents are about to feel like real coworkers inside Teams—fast, tireless, and dangerously literal. This episode gives you a simple framework to keep them helpful and safe: manage their memory, entitlements, and tools, and layer prompting, verification, and human-in-the-loop oversight. You’ll lea…
In this episode, we break down the essential steps for securing web applications on Microsoft Azure, focusing on Azure App Service and its built-in security capabilities. You’ll learn what Azure App Service is, why it’s a powerful platform-as-a-service (PaaS) option, and how it simplifies deploymen…
AI isn’t an edge case in your SIEM anymore—it’s a participant. This episode asks a hard question: when Copilot surfaces a confidential file your user can technically access, is that a breach, a policy gap, or “works as designed”? We walk through why AI access alerts don’t fit classic kill-chain thi…
The real shift is autonomous AI agents – systems that don’t just answer a prompt and wait for the next human nudge, but notice, decide, and act on their own. Not a “bot that replies in Teams,” but a worker that reads the situation, picks a plan, executes it, and learns from whatever broke along the…
Microsoft Purview has quickly become one of the most important tools for modern data governance, and in this episode we break down exactly how its architecture works, why organizations rely on it, and how to put best practices in place to protect sensitive information across Microsoft 365, Azure, m…
This episode breaks down the differences between Bicep and ARM templates to help Azure teams choose the best Infrastructure-as-Code approach. It starts with a quick refresher on ARM templates and why they’ve long been the standard, then introduces Bicep as a cleaner, simpler, more maintainable alte…