Turn your real-world experience into part of the show.

Episodes

Dec. 8, 2025

How to Use Managed Identity with PowerShell for Microsoft Graph API

Still writing PowerShell against MSOnline and AzureAD modules in 2025? This episode explains why that stack is legacy – and how to go API-first with pure REST and Microsoft Graph. We walk through the core “token, headers, REST call” pattern, three real-world auth flows (device code, client credentials with certificates, and managed identity), plus the one token audience gotcha that breaks most Graph scripts.You’ll see how to build cross-platform Graph automation that runs cleanly on Linux, containers, GitHub Actions, Azure Functions, and Azure Automation – with no fragile module dependencies. Then we apply the pattern to enterprise scenarios: Intune device cleanup, identity onboarding, and compliance drift detection and remediation, all with least-privilege Graph permissions, robust retry logic, pagination helpers, and full audit trails in Log Analytics.If you’re an Azure, Intune, or Microsoft 365 engineer who’s tired of “works on my laptop” modules, this practical Graph-first…
Guest: Mirko Peters
How to Use Managed Identity with PowerShell for Microsoft Graph API
M365 FM Podcast
How to Use Managed Identity with PowerShell for Microsoft Graph API
Dec. 8, 2025

How to Build Reliable AI Agents for Intune and Entra ID.

Tired of chatbots that answer Intune incidents with poetry instead of fixes? In this episode, we go hands-on with Azure AI Foundry and Semantic Kernel to build a mini, self-healing, governed multi-agent system for enterprise IT. You’ll learn why single agents stall on real Intune, Entra ID, and Microsoft Graph workflows, and how planner, operator, reviewer, and concierge agents collaborate to deliver faster, safer automation. We break down patterns for tool-driven remediation, identity-scoped actions, content safety, and observability, then apply them to three real-world scenarios: ghost device cleanup in Intune, truly zero-touch onboarding, and automated BitLocker security hardening. Along the way we mix small language models with GPT-4-class reasoning models to cut cost, reduce hallucinations, and keep prompts short while still getting production-grade results. If you’re an Azure, Intune, or security engineer looking to turn AI agents into reliable teammates instead of risky toys, t…
Guest: Mirko Peters
How to Build Reliable AI Agents for Intune and Entra ID.
M365 FM Podcast
How to Build Reliable AI Agents for Intune and Entra ID.
Dec. 7, 2025

How to Use Azure Automation to Clean Up Your Intune Estate

Stop patching ghosts and start running a self-healing workplace. This Podcast reveals why Microsoft Intune alone can’t scale your endpoint management – and how pairing Intune with Azure, Automation, Functions, Microsoft Graph, managed identities and Log Analytics turns chaos into a quiet, secure estate. You’ll see how configuration drift, stale devices, manual reports and “global admin for everything” culture silently open the door to attackers, then watch how event-driven automation cleans the graveyard, enforces zero trust, and fixes non-compliant devices before users even notice. Real enterprise scenarios show 40%+ fewer ghost devices, onboarding times dropping from days to minutes, and mean time to remediate falling from days to under an hour. If you manage thousands of Windows laptops, kiosks and mobile devices, this Intune and Azure architecture guide is your blueprint for scalable compliance, predictable conditional access and truly automatic security hardening.
Guest: Mirko Peters
How to Use Azure Automation to Clean Up Your Intune Estate
M365 FM Podcast
How to Use Azure Automation to Clean Up Your Intune Estate
Dec. 7, 2025

Soft Delete, MUA, Vault Lock: The Only Azure Backup Safety Net You Have

Think your Azure backups are safe by default? They’re not. In this episode, we uncover how a single over-privileged identity can quietly kill “immutable” backups in Azure. You’ll hear real-life attack paths using compromised automation, shadow admins, and broad Contributor or Owner roles that delete items, purge soft-deleted points, and quietly zero out retention. Then we walk through a three-step hardening blueprint: enable soft delete on every vault, enforce multi-user authorization on destructive changes, and weld safety in with Vault Lock and least-privilege IAM. Learn how to isolate backup vaults, use PIM and Azure Policy, and monitor critical events with Sentinel so your recovery points survive ransomware, panic clicks, and misconfigurations in real Azure environments, especially for admins and security teams.
Guest: Mirko Peters
Soft Delete, MUA, Vault Lock: The Only Azure Backup Safety Net You Have
M365 FM Podcast
Soft Delete, MUA, Vault Lock: The Only Azure Backup Safety Net You Have
Dec. 6, 2025

How to Kill Data Silos with Microsoft Fabric and OneLake

Your data platform isn’t a platform – it’s a staged illusion. In this episode, I break down why your “modern stack” of Power BI, ad hoc pipelines, shadow CSVs and seven conflicting dashboards is really entropy in disguise. We dissect the real reason Microsoft Fabric exists: not as another feature bundle, but as an attack on fragmentation with one identity via Entra, one storage plane with OneLake over Delta, one governance story with Purview and one monitoring surface you can actually explain to an exec. I walk through the medallion architecture as a hard contract, not a vibe: bronze as immutable evidence, silver as validated truth, gold as curated meaning delivered through Direct Lake semantic models. You’ll also get a concrete seven day path to a minimum viable Fabric platform with clear access paths, shortcuts instead of copies, enforced lineage and governance that finally survives the “where did this number come from?” question.
Guest: Mirko Peters
How to Kill Data Silos with Microsoft Fabric and OneLake
M365 FM Podcast
How to Kill Data Silos with Microsoft Fabric and OneLake
Dec. 6, 2025

How to Wire MCP and Semantic Kernel for Secure AI Automation

You’re wasting AI on small talk. In this session I show you how to turn chatty models into hardened IT ops agents that actually fix incidents while you sleep. We wire Semantic Kernel, MCP, Microsoft Graph and Azure OpenAI with managed identity so agents can plan, act and auto-verify – without handing root access to a hallucinating chatbot.You’ll see how to slash MTTR, auto-resolve password reset tickets, drain bad builds, and roll back safely using tool schemas as “laws of physics,” not vibes. We’ll build a six-part agent molecule (persona, memory, planner, tools, policy, verifier) and drop it into real incident flows: 5XX spikes, canary failures, onboarding waves and weekend fire drills.If you care about uptime, sleep, and not turning your data center into glass, this is your blueprint: SK orchestrates, MCP connects, Foundry governs, managed identity contains – and your agents prove every action they take.
Guest: Mirko Peters
How to Wire MCP and Semantic Kernel for Secure AI Automation
M365 FM Podcast
How to Wire MCP and Semantic Kernel for Secure AI Automation
Dec. 5, 2025

How to Choose Between RAG and Microsoft 365 Copilot

The night is thick with static inside your tenant, and the questions aren’t small anymore. Copilot can walk the clean, well-lit M365 streets — summarizing inbox noise, tightening your notes, finding what you already have permission to see. Fast, friendly, useful. But tone isn’t truth, and guesses don’t survive compliance.This episode pulls you into the alleys where real knowledge lives: stale PDFs, forgotten SharePoint stacks, file-server ghosts, wikis no one maintained. That’s where Copilot reaches its boundary — and where Retrieval Augmented Generation starts. RAG becomes the librarian with receipts, dragging ground truth from your own systems, forcing citations, refusing to bluff. We map when Copilot is enough, when you must build a pipeline, and why teams explode cost, tickets, and trust by confusing the two. A secret step makes the whole discipline 10× easier — and we go there.If your world runs on proprietary policy, SOPs, baselines, and high-stakes questions where wrong…
Guest: Mirko Peters
How to Choose Between RAG and Microsoft 365 Copilot
M365 FM Podcast
How to Choose Between RAG and Microsoft 365 Copilot
Dec. 5, 2025

Your Zero Trust Fails If Intune Devices Aren’t Truly Compliant

Microsoft Intune is a powerful endpoint management solution — but improper deployment can introduce serious security risks. Misconfigured policies, over-permissioned roles, and weak compliance settings often create hidden vulnerabilities that attackers can exploit.In this guide, we break down the most common Intune deployment security risks, configuration mistakes organizations make, and how to harden your environment using best practices. From device compliance policies to role-based access control, this walkthrough helps you secure your Intune tenant before problems arise.If you’re managing endpoints at scale, prevention starts with correct configuration.
Guest: Mirko Peters
Your Zero Trust Fails If Intune Devices Aren’t Truly Compliant
M365 FM Podcast
Your Zero Trust Fails If Intune Devices Aren’t Truly Compliant
Dec. 4, 2025

How to Turn Microsoft Threat Analytics Into Real Security

You’re letting attackers stroll through your Microsoft tenant because you treat Threat Analytics like a newsletter instead of a weapon. In this episode, we show security leaders and SOC analysts how to turn Microsoft Threat Analytics into a living playbook that actually reduces time to detect and closes real attack paths. We explain what Threat Analytics is, how Microsoft’s own security researchers map global telemetry, MITRE ATT&CK techniques and indicators of compromise into guidance written in your tenant’s language, and why skimming the overview while ignoring exposure panels silently keeps you vulnerable. You’ll hear a simple rhythm: read, test, act, verify. We walk a focused 60 minute workflow that pulls techniques into Advanced Hunting, links findings to incidents in Microsoft Defender, and converts recommendations into Secure Score actions with clear owners, SLAs and evidence. Using phishing to token theft and living off the land persistence scenarios, we expose common detecti…
Guest: Mirko Peters
How to Turn Microsoft Threat Analytics Into Real Security
M365 FM Podcast
How to Turn Microsoft Threat Analytics Into Real Security
Dec. 4, 2025

The M365 Audit Log Mistakes That Let Attackers Walk Right In

What if your Zero Trust stack is silently greenlighting a perfect data heist in Microsoft 365?In this episode, we dissect how one “compliant” account quietly pulled 12,000 SharePoint files in 20 minutes—no malware, no DLP alerts, and all your Entra ID and conditional access policies saying “allowed.”You’ll learn why Zero Trust without audit evidence is just policy theater, and how to turn Entra risk signals, the Unified Audit Log, Purview policy edits, and Copilot interaction logs into a single, defensible incident timeline.We break down risky sign-ins, workload identity anomalies, mass download deltas, silent policy tampering, and AI-powered data exfiltration that looks like normal collaboration.Discover the one log pivot that exposes data staging every time and the KQL detection recipes that connect identity, privilege, data movement, and egress into a kill chain you can actually interrupt.If you run Microsoft 365 security, SecOps, or compliance, this is your practical gui…
Guest: Mirko Peters
The M365 Audit Log Mistakes That Let Attackers Walk Right In
M365 FM Podcast
The M365 Audit Log Mistakes That Let Attackers Walk Right In
Dec. 3, 2025

Teams Phishing Inside Your Tenant: How Attackers Trick Your Users

Your Microsoft 365 tenant might already be compromised—and your MFA is effectively useless because of one misconfiguration you’ve probably left on.In this episode, the Office of Corrective Doctrine walks you through five brutal real-world attack paths inside Microsoft 365 and Entra ID: Teams phishing posing as IT support, device code vishing that launders MFA-resistant tokens, malicious OAuth consent that turns “productivity apps” into silent data siphons, SharePoint “anyone with the link” exfiltration, and adversary-in-the-middle token theft that replays your sessions at scale.You’ll hear precise failure analysis and opinionated fixes: how to shut down broad user consent, lock down Teams external federation, constrain SharePoint and OneDrive sharing, enforce phishing-resistant authentication, bind tokens to devices, and turn Conditional Access, Defender for Cloud Apps, Safe Links, and App Governance into a coherent Microsoft 365 security strategy.If you own identity, coll…
Guest: Mirko Peters
Teams Phishing Inside Your Tenant: How Attackers Trick Your Users
M365 FM Podcast
Teams Phishing Inside Your Tenant: How Attackers Trick Your Users
Dec. 3, 2025

Teams Default Settings Are Broken for Security – Here’s the Fix

Your “private” Microsoft Teams channels are quietly bleeding data – and default settings are to blame.In this episode, we walk through real-world incidents where dormant guest accounts, synced libraries, and careless PII pastes turned Teams into a silent leak. You’ll see how to harden Microsoft Teams security with Entra ID conditional access, tenant-wide MFA for guests and users, and strict device compliance. Then we wire Purview DLP for Teams chat and channels, lock down SharePoint external sharing, and use Entra ID governance to expire guests and automate access reviews. Finally, we cover audit logs, retention, and legal hold so you can prove what happened, not guess. If you run Teams for your org, this is your step-by-step playbook to stop data walking out the side door.
Guest: Mirko Peters
Teams Default Settings Are Broken for Security – Here’s the Fix
M365 FM Podcast
Teams Default Settings Are Broken for Security – Here’s the Fix
Dec. 2, 2025

Hybrid Security Is Broken: Why You Need Defender XDR Now

Stop Buying Security Tools: The Shocking ROI of One XDR TimelineDrowning in alerts across M365, endpoints, and cloud apps? This video shows why your hybrid security stack is a Rube Goldberg machine that screams and still misses real attacks. You’ll see the four blind spots in Microsoft 365, identities, endpoints, and SaaS, and how attackers live in the gaps between your tools. Then we show how Microsoft Defender XDR fuses email, identity, device, and cloud telemetry into one incident story and one timeline, slashing dwell time, false positives, and audit pain. If you’re tired of swivel-chair investigations, alert fatigue, and paying three times for the same breach, this breakdown shows how consolidation flips Defender XDR from expense to savings.
Guest: Mirko Peters
Hybrid Security Is Broken: Why You Need Defender XDR Now
M365 FM Podcast
Hybrid Security Is Broken: Why You Need Defender XDR Now
Dec. 2, 2025

How to Use Entra and Sentinel to Catch M365 Attackers in Real Time

MFA is not your shield – it’s already broken. In this episode, we walk the bridge of a real M365 tenant breach, step-by-step, from the attacker’s cockpit to your shattered inbox. You’ll hear how one phishing click plus an AitM proxy and a “benign” OAuth app stole live cookies, hijacked mailboxes, and quietly vacuumed SharePoint at 2 a.m. No brute force, just borrowed badges, stolen tokens, and app consent abuse. Then we flip the script: the exact Entra logs, Sentinel KQL, UEBA analytics, and one killer policy combo that makes stolen tokens useless off-device. If you run M365 and still trust MFA alone, this briefing might be the most important hour of your year.
Guest: Mirko Peters
How to Use Entra and Sentinel to Catch M365 Attackers in Real Time
M365 FM Podcast
How to Use Entra and Sentinel to Catch M365 Attackers in Real Time
Dec. 1, 2025

Admin Consent in Entra ID: The One Click That Exposes Your Tenant

The podcast explains how attackers bypass MFA by abusing OAuth consent instead of stealing passwords. When a user or admin approves a malicious “productivity” app, it gets tokens with scopes like mail or files read and offline_access. That lets the attacker quietly read email, files and chats for months, even after password resets and new MFA devices. Normal identity events don’t revoke these grants; you must remove the OAuth grant or service principal itself. The host stresses three Entra controls: lock down user consent to low-risk scopes, only allow verified publishers, and route risky permissions through an admin consent workflow. Combined with rigorous logging, reviews and revocation, these steps eliminate most consent-based attacks in modern cloud identity environments today.
Guest: Mirko Peters
Admin Consent in Entra ID: The One Click That Exposes Your Tenant
M365 FM Podcast
Admin Consent in Entra ID: The One Click That Exposes Your Tenant
Dec. 1, 2025

How to Stop Stale Power BI Reports from Misleading Leaders

Are your dashboards secretly preaching lies? In this episode, we turn data governance into a full-on revival meeting. We name the heresy of ad-hoc share links, stale workspaces and broken RLS that quietly corrupt your “single source of truth”. Then we reveal the doctrine of distribution: org apps as the one canonical doorway, certified datasets as scripture, and deployment pipelines as your release liturgy. You’ll hear a concrete 30-day rite for dragging your analytics from chaos to canon, with clear roles, labels, audiences, tenant rules and capacity care that actually hold under pressure. If you suspect your reports are rumors in a robe, this is your wake-up sermon. Come prepared to repent of manual sharing and leave with a roadmap.
Guest: Mirko Peters
How to Stop Stale Power BI Reports from Misleading Leaders
M365 FM Podcast
How to Stop Stale Power BI Reports from Misleading Leaders
Nov. 30, 2025

Why Serious Power Apps Should Never Run on Excel Files

Your “Simple” Excel App Is Quietly Wrecking Your Business (And You Won’t See It Until It’s Expensive)Stop wiring Power Apps into spreadsheets and calling it “production.” Every shared Excel file is a glass elevator: silent data loss, last-save-wins concurrency, and zero governance until an auditor, regulator or angry exec shows up. In this video I tear down the Excel-as-database myth, show why Dataverse is the backbone your apps actually need, and walk you through a 10-step migration plan that keeps the business running while you move. One decision prevents 80% of these failures: centralize your data model, rules, and security in Dataverse first – spreadsheets only get to be views, never the source of truth.
Guest: Mirko Peters
Why Serious Power Apps Should Never Run on Excel Files
M365 FM Podcast
Why Serious Power Apps Should Never Run on Excel Files
Nov. 30, 2025

Fix Conditional Access Loopholes Hackers Use in Microsoft 365

This episode explains how to “calm down” a messy Conditional Access setup by removing blind spots and setting clear boundaries. It walks through three main trust problems—overbroad exclusions, unclear device compliance, and token theft—and shows how to replace permanent exceptions with time-bound authentication contexts, stronger MFA, and clear device tiers (compliant, hybrid joined, Azure AD joined, registered). The host outlines a simple baseline of five inclusive policies (all-users MFA, unmanaged device step-up, strong auth for admins, emergency bypass via auth context, and token hygiene/CAE) plus a safe rollout plan using report-only mode, waves, and rollback. Finally, it stresses ongoing monitoring with a few KPIs and alerts (coverage, strength, exclusion changes, high-risk sign-ins without CA) so Conditional Access stays consistent, visible, and predictable instead of chaotic.
Guest: Mirko Peters
Fix Conditional Access Loopholes Hackers Use in Microsoft 365
M365 FM Podcast
Fix Conditional Access Loopholes Hackers Use in Microsoft 365
Nov. 29, 2025

How to Stop AI Prompt Injection in LangChain4j and Copilot Studio

AI agents are shipping faster than your change control, and they’re carrying master keys to your data. This talk rips into how LangChain4J and Copilot Studio quietly turn “helpful copilots” into data-leaking, over-permissioned shadow admins with no audit trail. You’ll see exactly how prompt injection, over-scoped connectors, and missing logs create reportable incidents, and how strict schemas, per-agent identities, and real DLP stop the bleeding. The core move most orgs skip: give every agent its own locked-down identity, no shared creds, no tenant-wide scopes, and treat it like a very dumb, very powerful user you have to restrain by design.
Guest: Mirko Peters
How to Stop AI Prompt Injection in LangChain4j and Copilot Studio
M365 FM Podcast
How to Stop AI Prompt Injection in LangChain4j and Copilot Studio
Nov. 29, 2025

How to Diagnose GPU Underutilization in Production AI Systems

In this episode of The M365 Show we investigate a familiar but often misunderstood failure pattern in enterprise AI: GPU costs rise, throughput collapses and latency becomes unpredictable, even though the dashboards look healthy and the models appear to work. Instead of blaming parameters or architectures, we treat the problem as a forensic case and follow the evidence through the entire compute pipeline.We walk through a realistic Stable Diffusion workload under concurrency, with strict P95 latency objectives and GPU hardware that looks perfectly adequate on paper. From there, we trace how silent CPU fallback in ONNX Runtime, subtle version mismatches across CUDA, cuDNN, TensorRT and ONNX Runtime, and container misconfiguration combine into a single pathology that turns an accelerator into an expensive heater. The system continues to return correct outputs, but at 10 to 30 times the expected latency and with a fraction of the intended throughput.Building on that, we construct…
Guest: Mirko Peters
How to Diagnose GPU Underutilization in Production AI Systems
M365 FM Podcast
How to Diagnose GPU Underutilization in Production AI Systems
Nov. 28, 2025

How to Upgrade Legacy Java 8 Apps to Java 21 with AI Agents

Stop burning cycles on manual Java upgrades. In this episode, we walk through a real-world, end-to-end modernization of a legacy Java 8 Spring app to Java 21, and show how AI agents quietly do the work your team keeps postponing—with receipts.You’ll hear how we go from a drifting Java 8-era Spring MVC app on AWS (pinned dependencies, unpatched CVEs, idle compute waste, “works on my laptop” folklore) to a faster, cheaper, fully-audited Java 21 runtime on Azure. We let a co-pilot-style modernization agent handle the grind: inventorying the entire stack, ranking CVEs by real reachability, auto-applying OpenRewrite recipes, aligning BOMs, fixing illegal reflective access, and keeping every change traceable in Git.Then we push further: AWS out, Azure in—choosing between Azure App Service vs Azure Spring Apps, migrating to Azure SQL Database, generating production-ready Dockerfiles, wiring GitHub Actions CI/CD, plugging secrets into Key Vault & managed identities, and right-sizing p…
Guest: Mirko Peters
How to Upgrade Legacy Java 8 Apps to Java 21 with AI Agents
M365 FM Podcast
How to Upgrade Legacy Java 8 Apps to Java 21 with AI Agents
Nov. 28, 2025

How to Stop AI Agents from Doing Dumb Things in Microsoft 365

Tired of “smart” AI agents doing dumb, dangerous things in your Microsoft 365 tenant? This episode shows you the one architectural move that turns flaky prompt-powered agents into reliable, auditable systems: a pre-execution contract check that blocks bad behavior before it ever hits your data. We walk through how to separate LLM cognition from real-world operations, why executors and validated workflow graphs beat prompt hacks every time, and how to wire this into Microsoft 365 Graph, Azure OpenAI and Copilot Studio without creating a compliance nightmare.You’ll see how a validator proves three things before any tool call runs: the capability is real, the caller actually has permission right now, and the outcome is feasible and verifiable within strict data boundaries. No “trust the model,” no silent partial failures, no hallucinated tools. Instead, you get schema-checked JSON, idempotent executors, policy-enforced allow lists, human checkpoints as first-class workflow nodes, and…
Guest: Mirko Peters
How to Stop AI Agents from Doing Dumb Things in Microsoft 365
M365 FM Podcast
How to Stop AI Agents from Doing Dumb Things in Microsoft 365
Nov. 27, 2025

How to Build a Copilot That Respects DLP and Compliance.

Why do so many Microsoft 365 Copilot projects fail — even when the prompts look fine?In this episode, we explain why the real issue is not prompt engineering, but context engineering.Most AI failures are not model failures. They are context failures. When Copilot lacks structured, governed, and relevant information, it produces inconsistent, low-quality, or misleading results.Context Engineering goes beyond writing better prompts. It is the systematic design, management, and governance of all information your Copilot has access to — ensuring accurate, stable, and trustworthy outputs.We break down what context engineering really means in Microsoft 365 environments, why it matters for enterprise AI adoption, and how to design Copilot solutions that scale reliably.If you want consistent Copilot results instead of AI randomness, this episode is essential.
Guest: Mirko Peters
How to Build a Copilot That Respects DLP and Compliance.
M365 FM Podcast
How to Build a Copilot That Respects DLP and Compliance.
Nov. 27, 2025

Power Automate vs Azure Logic Apps: Which is better for enterprise?

Summary: In this episode I explain why “1,400+ connectors” is a vanity metric and compare Power Automate vs Azure Logic Apps for real enterprise integration. We dig into throttling, throughput, vNet and private endpoints, Azure Arc hybrid, AI agents with Azure Functions, and give you a simple decision rule: Power Automate for departmental M365 convenience, Logic Apps for high-volume, governed, hybrid workloads.
Guest: Mirko Peters
Power Automate vs Azure Logic Apps: Which is better for enterprise?
M365 FM Podcast
Power Automate vs Azure Logic Apps: Which is better for enterprise?