How Enterprises Should Govern Microsoft Copilot

1
00:00:00,000 --> 00:00:03,840
Most organizations treat Microsoft 365 co-pilot as just another feature rollout,

2
00:00:03,840 --> 00:00:06,880
and they see it as a simple productivity toggle that you just turn on.

3
00:00:06,880 --> 00:00:10,440
But the top 1% understand the truth, this isn't a software upgrade,

4
00:00:10,440 --> 00:00:13,360
it is a structural audit of your entire digital estate.

5
00:00:13,360 --> 00:00:17,160
The reason your pilot is currently stalling isn't the technology or the model itself.

6
00:00:17,160 --> 00:00:22,040
It is the open by default permission model that has been rotting in your sharepoint environment for a decade.

7
00:00:22,040 --> 00:00:24,840
We built hierarchies for a world that no longer exists,

8
00:00:24,840 --> 00:00:28,360
and we optimized for easy sharing and discovery at the cost of control.

9
00:00:28,360 --> 00:00:34,240
And now we are giving an LLM a high-powered flashlight to find every sensitive file you forgot to delete.

10
00:00:34,240 --> 00:00:38,360
In the next 90 minutes we are dismantling the assumption that modern work starts with navigation.

11
00:00:38,360 --> 00:00:40,960
It starts with context and a rigid governance framework.

12
00:00:40,960 --> 00:00:44,320
If you don't fix the foundation, now you aren't deploying a productivity tool,

13
00:00:44,320 --> 00:00:46,680
you are deploying a data-exfiltration engine.

14
00:00:46,680 --> 00:00:48,840
The illusion of out-of-the-box security.

15
00:00:48,840 --> 00:00:51,160
The floor isn't the AI, and it never was.

16
00:00:51,160 --> 00:00:55,360
The floor is the assumption that respecting permissions is the same thing as being secure.

17
00:00:55,360 --> 00:01:02,200
In the old world we relied on obscurity because we assumed that if a file was buried five folders deep in a site called Project X,

18
00:01:02,200 --> 00:01:04,720
nobody would find it unless they were looking for it.

19
00:01:04,720 --> 00:01:08,800
Most admins think that if a user has technical access, co-pilot is safe to use.

20
00:01:08,800 --> 00:01:13,000
But in reality, your users have access to thousands of files they shouldn't even know exist.

21
00:01:13,000 --> 00:01:16,720
We have spent years ignoring those everyone except external users' groups.

22
00:01:16,720 --> 00:01:19,800
And we used them as a shortcut to avoid help desk tickets.

23
00:01:19,800 --> 00:01:23,640
And co-pilot just made that administrative laziness a critical liability.

24
00:01:23,640 --> 00:01:26,560
The model doesn't just read your data, it synthesizes it.

25
00:01:26,560 --> 00:01:29,800
It creates new dark data that escapes your traditional perimeter.

26
00:01:29,800 --> 00:01:32,120
You publish the content and then nobody uses it.

27
00:01:32,120 --> 00:01:38,320
It sits there, silent, until the AI finds it and reveals a confidential salary spreadsheet to a junior analyst

28
00:01:38,320 --> 00:01:40,760
during a routine query about team performance.

29
00:01:40,760 --> 00:01:45,280
We have to stop pretending that our legacy information architecture is ready for machine speed retrieval,

30
00:01:45,280 --> 00:01:46,440
because it simply isn't.

31
00:01:46,440 --> 00:01:50,440
When we talk about security out of the box, Microsoft is telling the truth when they say

32
00:01:50,440 --> 00:01:54,040
co-pilot will not show a user a file they don't have permission to see.

33
00:01:54,040 --> 00:01:57,520
That is the baseline, but that baseline assumes your permissions are correct.

34
00:01:57,520 --> 00:02:00,400
For 90% of the enterprises I walk into, they are not.

35
00:02:00,400 --> 00:02:03,880
They are a mess of inherited rights, broken links, and ghost users.

36
00:02:03,880 --> 00:02:08,280
If you have a SharePoint site that was created in 2017 and it is still using the default shared

37
00:02:08,280 --> 00:02:12,680
with everyone setting, co-pilot is going to index every single word on that site.

38
00:02:12,680 --> 00:02:16,440
It is going to use those words to answer prompts and that is where the system breaks.

39
00:02:16,440 --> 00:02:19,040
This creates a phenomenon I call the visibility gap.

40
00:02:19,040 --> 00:02:23,480
In the pre-AI era, the gap between what a user could access and what they actually accessed

41
00:02:23,480 --> 00:02:24,480
was massive.

42
00:02:24,480 --> 00:02:27,560
People generally stayed in their own lanes because finding other people's lanes was tedious

43
00:02:27,560 --> 00:02:28,880
and time-consuming.

44
00:02:28,880 --> 00:02:33,080
Co-pilot closes that gap instantly and it makes your most obscure data, your most accessible

45
00:02:33,080 --> 00:02:34,080
data.

46
00:02:34,080 --> 00:02:38,680
If a sensitive document is technically open, it is now functionally public within your tenant.

47
00:02:38,680 --> 00:02:41,080
This isn't just about accidental discovery either.

48
00:02:41,080 --> 00:02:43,600
It is about the synthesis of information across boundaries.

49
00:02:43,600 --> 00:02:46,920
An AI can take a piece of information from a public marketing folder and combine it

50
00:02:46,920 --> 00:02:50,920
with a stray comment in a semi-private teams chat to reveal a strategic pivot before it

51
00:02:50,920 --> 00:02:52,160
is announced.

52
00:02:52,160 --> 00:02:56,440
This dark data is the byproduct of an LLM connecting dots that no human had the time or

53
00:02:56,440 --> 00:02:57,880
inclination to connect.

54
00:02:57,880 --> 00:03:01,160
We are moving into an era where traditional parameters mean nothing.

55
00:03:01,160 --> 00:03:05,040
Your firewall doesn't care about a prompt and your antivirus doesn't care about a meeting

56
00:03:05,040 --> 00:03:06,040
summary.

57
00:03:06,040 --> 00:03:08,160
The perimeter has shifted to the data itself.

58
00:03:08,160 --> 00:03:12,280
We need to move from a trust by default architecture where we assume internal users are

59
00:03:12,280 --> 00:03:16,160
safe and permissions are mostly right to a verify by context model.

60
00:03:16,160 --> 00:03:19,560
This means that access isn't just about a checkbox in a security group.

61
00:03:19,560 --> 00:03:23,200
It is about why the data is being accessed and what the AI is doing with it.

62
00:03:23,200 --> 00:03:26,440
Think about your current share point estate and how many sites are often.

63
00:03:26,440 --> 00:03:30,200
How many teams were created for a one week project three years ago and never deleted?

64
00:03:30,200 --> 00:03:32,080
All of that is fuel for the model.

65
00:03:32,080 --> 00:03:35,720
Every draft, every rejected proposal and every old version of a contract is now part

66
00:03:35,720 --> 00:03:38,440
of the truth the AI uses to generate responses.

67
00:03:38,440 --> 00:03:42,280
If you haven't cleaned up your data debt, your AI is going to be hallucinating based on

68
00:03:42,280 --> 00:03:45,000
outdated facts that were technically still accessible.

69
00:03:45,000 --> 00:03:47,480
This is the illusion of out of the box security.

70
00:03:47,480 --> 00:03:50,640
It is the belief that the software will protect you from your own lack of governance but

71
00:03:50,640 --> 00:03:51,640
it won't.

72
00:03:51,640 --> 00:03:55,320
It will only reflect the state of your data back at you but at a scale and speed that makes

73
00:03:55,320 --> 00:03:57,000
errors impossible to ignore.

74
00:03:57,000 --> 00:04:00,000
We have to look at the architecture as a living system.

75
00:04:00,000 --> 00:04:02,560
If the system is cluttered, the AI is dangerous.

76
00:04:02,560 --> 00:04:05,320
If the system is open, the AI is an exfiltration risk.

77
00:04:05,320 --> 00:04:08,440
We need to stop looking at the settings and start looking at the structure.

78
00:04:08,440 --> 00:04:11,480
But to fix the architecture, we have to look at the new attack vectors that didn't exist

79
00:04:11,480 --> 00:04:12,480
two years ago.

80
00:04:12,480 --> 00:04:17,920
We'll look past the file level and see how the interaction itself is the new vulnerability.

81
00:04:17,920 --> 00:04:20,400
Beyond permissions, the new attack surface.

82
00:04:20,400 --> 00:04:22,800
Co-pilot isn't being hacked in the way we're used to.

83
00:04:22,800 --> 00:04:27,480
You won't find a virus signature or a suspicious file sitting on a hard drive in this new landscape.

84
00:04:27,480 --> 00:04:31,160
Instead, the system is being manipulated through natural language control flows.

85
00:04:31,160 --> 00:04:32,520
This is a fundamental shift.

86
00:04:32,520 --> 00:04:36,400
We are moving from an era of code execution to an era of instruction smuggling.

87
00:04:36,400 --> 00:04:40,160
In the past, security was about keeping bad code out of your environment but now it's

88
00:04:40,160 --> 00:04:43,360
about keeping bad instructions out of the model's context window.

89
00:04:43,360 --> 00:04:44,680
This is where things break.

90
00:04:44,680 --> 00:04:48,400
Because in reality, your current firewall is completely blind to these threats.

91
00:04:48,400 --> 00:04:53,120
They can see a packet of data, but it cannot see the malicious intent hidden inside a paragraph

92
00:04:53,120 --> 00:04:54,880
of text.

93
00:04:54,880 --> 00:04:58,600
Indirect prompt injection is the new sequel injection for the generative era.

94
00:04:58,600 --> 00:04:59,800
And the scary part?

95
00:04:59,800 --> 00:05:03,760
Your employees are the primary targets, and attacker doesn't need your password or a complex

96
00:05:03,760 --> 00:05:06,320
zero-day exploit to compromise your data.

97
00:05:06,320 --> 00:05:10,760
They just need to send an email or share a document that co-pilot's retrieval, augmented generation,

98
00:05:10,760 --> 00:05:12,920
or rag pipeline is going to ingest.

99
00:05:12,920 --> 00:05:14,200
Think about how rag actually works.

100
00:05:14,200 --> 00:05:18,800
The model looks for relevant information across your entire tenant to ground its response.

101
00:05:18,800 --> 00:05:22,640
If an attacker places a malicious instruction inside a document that the model retrieves,

102
00:05:22,640 --> 00:05:26,920
the AI can't always distinguish between the user's intent and the attacker's command.

103
00:05:26,920 --> 00:05:29,120
It treats all retrieved text as part of the truth.

104
00:05:29,120 --> 00:05:32,640
We've seen this play out with vulnerabilities like echo leak and reprompt.

105
00:05:32,640 --> 00:05:35,200
These aren't just technical bugs that you can patch and forget.

106
00:05:35,200 --> 00:05:36,960
They are structural scope violations.

107
00:05:36,960 --> 00:05:40,480
They exploit the lack of a clear trust boundary between instructions and content.

108
00:05:40,480 --> 00:05:43,440
In a traditional application, the code is separate from the data.

109
00:05:43,440 --> 00:05:44,960
You don't execute the data.

110
00:05:44,960 --> 00:05:47,120
But in a large language model, the data is the code.

111
00:05:47,120 --> 00:05:50,960
If co-pilot can read a source, it can be tricked into treating that source as a command.

112
00:05:50,960 --> 00:05:55,520
This is a scope violation because the model is taking orders from an untrusted third party,

113
00:05:55,520 --> 00:05:59,000
simply because that party's text was included in the search results.

114
00:05:59,000 --> 00:06:00,160
Take a look at echo leak.

115
00:06:00,160 --> 00:06:04,400
This vulnerability allowed attackers to exfiltrate sensitive information from a user's

116
00:06:04,400 --> 00:06:06,640
text without the user ever asking for it.

117
00:06:06,640 --> 00:06:10,000
The attacker sends an email with a specific markdown formatted payload.

118
00:06:10,000 --> 00:06:12,880
When the user asks co-pilot to summarize their morning emails,

119
00:06:12,880 --> 00:06:14,840
the model ingests that payload.

120
00:06:14,840 --> 00:06:19,880
The payload then instructs the model to secretly send a summary of the user's last 10 files

121
00:06:19,880 --> 00:06:21,160
to an external server.

122
00:06:21,160 --> 00:06:22,840
The user sees a helpful summary.

123
00:06:22,840 --> 00:06:24,680
The attacker sees your strategic plan.

124
00:06:24,680 --> 00:06:29,520
And the entire transaction happened over standard HTTPS channels that look perfectly legitimate

125
00:06:29,520 --> 00:06:31,240
to your security operation center.

126
00:06:31,240 --> 00:06:32,480
Then there's reprompt.

127
00:06:32,480 --> 00:06:36,880
This was a single click data exfiltration attack that targeted the way co-pilot handles URL

128
00:06:36,880 --> 00:06:37,880
parameters.

129
00:06:37,880 --> 00:06:41,360
An attacker could craft a link that when clicked, injected specific prompts directly into

130
00:06:41,360 --> 00:06:45,520
the assistant, it then chained follow-up instructions to coax the model into leaking data

131
00:06:45,520 --> 00:06:47,000
over multiple turns.

132
00:06:47,000 --> 00:06:51,280
It bypassed enterprise style controls by exploiting the trust replace in legitimate looking

133
00:06:51,280 --> 00:06:52,280
Microsoft URLs.

134
00:06:52,280 --> 00:06:54,160
It's a persistence-like pattern.

135
00:06:54,160 --> 00:06:57,760
One click starts a sequence that the attacker's server continues to control.

136
00:06:57,760 --> 00:06:59,800
Your user thinks they are just using a shortcut.

137
00:06:59,800 --> 00:07:01,760
In reality, they are opening a door.

138
00:07:01,760 --> 00:07:04,240
What we are seeing is a shift in the threat model.

139
00:07:04,240 --> 00:07:06,520
We used to worry about people getting into the system.

140
00:07:06,520 --> 00:07:09,920
Now we have to worry about what the system is reading once it's already inside.

141
00:07:09,920 --> 00:07:15,240
If you have an open rag pipeline that pulls from external web sources or unvetted emails,

142
00:07:15,240 --> 00:07:19,640
you're essentially allowing untrusted input to influence your most powerful internal interpreter.

143
00:07:19,640 --> 00:07:22,360
The model becomes a model assisted exfiltration tool.

144
00:07:22,360 --> 00:07:24,520
It's not just about what the AI knows.

145
00:07:24,520 --> 00:07:28,440
It's about who is allowed to tell the AI what to do.

146
00:07:28,440 --> 00:07:32,200
This is why respecting permissions is an insufficient defense.

147
00:07:32,200 --> 00:07:35,560
An attacker doesn't need to break your permissions if they can just trick the model into using

148
00:07:35,560 --> 00:07:37,520
the permissions you've already granted.

149
00:07:37,520 --> 00:07:40,980
If I can send you an email that causes your co-pilot to summarize your private payroll

150
00:07:40,980 --> 00:07:45,120
files and send that summary to me, your SharePoint permissions didn't fail.

151
00:07:45,120 --> 00:07:46,920
The model's instruction tracking failed.

152
00:07:46,920 --> 00:07:49,000
We are dealing with a trust boundary problem.

153
00:07:49,000 --> 00:07:53,120
Your current security stack is designed to protect the where and the who.

154
00:07:53,120 --> 00:07:56,840
It is not designed to protect the what of a natural language interaction.

155
00:07:56,840 --> 00:07:58,840
This risk isn't uniform across the company though.

156
00:07:58,840 --> 00:08:00,480
Some users are more exposed than others.

157
00:08:00,480 --> 00:08:03,360
Some data is more dangerous than others, which is why we have to tear the rollout.

158
00:08:03,360 --> 00:08:07,240
We can't treat every user like they have the same risk profile.

159
00:08:07,240 --> 00:08:09,600
The Gardner adoption risk-tearing model.

160
00:08:09,600 --> 00:08:12,080
Turn it on for everyone is a strategy for disaster.

161
00:08:12,080 --> 00:08:14,160
Yet that is exactly what I see in the middle market.

162
00:08:14,160 --> 00:08:17,760
It is a land grab for productivity that ignores the basic laws of gravity.

163
00:08:17,760 --> 00:08:21,920
The top performers, the organizations actually realising value without a headline making breach,

164
00:08:21,920 --> 00:08:22,920
are not doing that.

165
00:08:22,920 --> 00:08:25,000
They are using a risk-teared approach.

166
00:08:25,000 --> 00:08:28,640
This is the model Gardner has been advocating since the early days of the preview.

167
00:08:28,640 --> 00:08:32,360
It is a recognition that your organizational readiness is not a single number.

168
00:08:32,360 --> 00:08:33,360
It is a spectrum.

169
00:08:33,360 --> 00:08:36,040
You have pockets of excellence and pockets of absolute chaos.

170
00:08:36,040 --> 00:08:37,520
You cannot treat them the same.

171
00:08:37,520 --> 00:08:40,000
We have to move away from the binary honor of switch.

172
00:08:40,000 --> 00:08:41,520
Instead we think in tiers.

173
00:08:41,520 --> 00:08:45,680
This allows us to sequence the rollout based on the maturity of the data and the sophistication

174
00:08:45,680 --> 00:08:46,680
of the user.

175
00:08:46,680 --> 00:08:49,880
tier 0 is where most of you should be right now, but you aren't.

176
00:08:49,880 --> 00:08:51,560
tier 0 isn't actually about AI.

177
00:08:51,560 --> 00:08:52,880
It is about remediation.

178
00:08:52,880 --> 00:08:54,560
It is the phase where you pay your data debt.

179
00:08:54,560 --> 00:08:56,400
You are running the oversharing reports.

180
00:08:56,400 --> 00:08:59,920
You are identifying the toxic combinations where highly sensitive intellectual property

181
00:08:59,920 --> 00:09:01,840
meets a shared with everyone link.

182
00:09:01,840 --> 00:09:03,720
In tier 0, nobody has a license yet.

183
00:09:03,720 --> 00:09:07,080
You are cleaning up the contents brawl before the first prompt is ever written.

184
00:09:07,080 --> 00:09:10,320
If you skip this, you are just automating your existing failures.

185
00:09:10,320 --> 00:09:12,320
You are making your mess more efficient.

186
00:09:12,320 --> 00:09:15,160
Once the baseline is established, you move to tier 1.

187
00:09:15,160 --> 00:09:17,240
These are your low-risk trusted users.

188
00:09:17,240 --> 00:09:21,600
Think IT, the digital workplace team, or a dedicated AI centre of excellence.

189
00:09:21,600 --> 00:09:23,160
These people understand the guardrails.

190
00:09:23,160 --> 00:09:25,400
They know what a hallucination looks like.

191
00:09:25,400 --> 00:09:27,800
They are the ones testing your initial configurations.

192
00:09:27,800 --> 00:09:31,640
They are validating that your sensitivity labels are actually triggering the right blocks

193
00:09:31,640 --> 00:09:33,000
in the co-pilot pane.

194
00:09:33,000 --> 00:09:35,440
You are not looking for massive ROI in tier 1.

195
00:09:35,440 --> 00:09:37,200
You are looking for technical validation.

196
00:09:37,200 --> 00:09:40,080
You are proving that the engine works in a controlled environment.

197
00:09:40,080 --> 00:09:42,520
tier 2 is where you expand to broader knowledge workers.

198
00:09:42,520 --> 00:09:48,160
These are rolls with moderate risk, marketing, sales operations, or general administration.

199
00:09:48,160 --> 00:09:51,760
The data here is internal, but it isn't the crown jewels.

200
00:09:51,760 --> 00:09:54,080
You are using this tier to scale your adoption patterns.

201
00:09:54,080 --> 00:09:57,560
You are looking at the telemetry to see which prompts are actually working.

202
00:09:57,560 --> 00:10:01,080
This is where you conduct your A/B testing, comparing teams with the assistant against

203
00:10:01,080 --> 00:10:02,080
those without it.

204
00:10:02,080 --> 00:10:05,560
You are building the business case in tier 2, but you are still keeping the most sensitive

205
00:10:05,560 --> 00:10:07,320
domains at arm's length.

206
00:10:07,320 --> 00:10:11,320
High-risk domains like finance, HR, and legal belong in tier 3.

207
00:10:11,320 --> 00:10:12,320
Period.

208
00:10:12,320 --> 00:10:15,320
These are the areas where a single-league document can lead to a regulatory investigation

209
00:10:15,320 --> 00:10:16,920
or a commercial disaster.

210
00:10:16,920 --> 00:10:19,680
You do not enable co-pilot here until your controls are proven.

211
00:10:19,680 --> 00:10:23,680
You need to see that your data loss prevention rules are firing 100% of the time.

212
00:10:23,680 --> 00:10:27,280
You need to know that your retention policies are capturing every interaction.

213
00:10:27,280 --> 00:10:29,000
Tier 3 is the zero trust zone.

214
00:10:29,000 --> 00:10:33,040
You only move data into this tier once it has been thoroughly classified and protected.

215
00:10:33,040 --> 00:10:37,360
The goal is to move fast, but only in safe zones where the data debt has been fully paid.

216
00:10:37,360 --> 00:10:39,200
This tiered approach acts as a bridge.

217
00:10:39,200 --> 00:10:44,080
It allows you to capture early ROI in the low-risk areas while you continue the heavy lifting

218
00:10:44,080 --> 00:10:46,400
of governance maturity in the background.

219
00:10:46,400 --> 00:10:48,800
It solves the executive trust paradox.

220
00:10:48,800 --> 00:10:52,640
You can tell the board that you are deploying AI, but you can also tell the auditors that

221
00:10:52,640 --> 00:10:56,480
you haven't exposed the payroll files yet, you are matching the technology to the maturity

222
00:10:56,480 --> 00:10:57,960
of the environment.

223
00:10:57,960 --> 00:11:02,280
Gardner's research from late 2025 showed that 40% of organization's experienced deployment

224
00:11:02,280 --> 00:11:05,560
delays of 3 months or more due to oversharing concerns.

225
00:11:05,560 --> 00:11:07,040
Tiering prevents that total stall.

226
00:11:07,040 --> 00:11:10,840
It allows progress in the green zones while the red zones are being remediated.

227
00:11:10,840 --> 00:11:13,920
If you treat this as a uniform rollout, you will eventually hit a wall.

228
00:11:13,920 --> 00:11:18,080
A security officer will see a report panic and pull the plug on the entire project.

229
00:11:18,080 --> 00:11:21,480
Having prevents that whiplash, it gives you a road map that everyone can agree on.

230
00:11:21,480 --> 00:11:23,000
IT gets to manage the risk.

231
00:11:23,000 --> 00:11:26,920
The business gets to see the progress, and the executives get a predictable path to value,

232
00:11:26,920 --> 00:11:28,200
but tiering is just a strategy.

233
00:11:28,200 --> 00:11:29,200
It is a map.

234
00:11:29,200 --> 00:11:32,520
To actually drive the car, you need a technical engine that can enforce these boundaries

235
00:11:32,520 --> 00:11:33,520
in real time.

236
00:11:33,520 --> 00:11:37,240
Once the tiers are set, we need a technical engine to enforce them, and that engine is

237
00:11:37,240 --> 00:11:38,240
purview.

238
00:11:38,240 --> 00:11:41,160
This is where the theory becomes operational reality.

239
00:11:41,160 --> 00:11:42,560
Purview is the governance backbone.

240
00:11:42,560 --> 00:11:46,680
You cannot responsibly deploy co-pilot at scale without a Microsoft purview strategy

241
00:11:46,680 --> 00:11:50,480
because it is the de facto governance layer for your entire environment.

242
00:11:50,480 --> 00:11:54,840
In the past, many of you viewed purview as a simple compliance checkbox or a dusty corner

243
00:11:54,840 --> 00:11:59,440
of the tenant where you set up a few retention labels to satisfy an auditor once a year, that

244
00:11:59,440 --> 00:12:00,440
world is gone.

245
00:12:00,440 --> 00:12:04,600
And purview has evolved into a real-time data security posture management hub that acts

246
00:12:04,600 --> 00:12:07,560
as the central nervous system of your AI deployment.

247
00:12:07,560 --> 00:12:12,240
It is the only place where you can actually see the data feeding the model, and, more importantly,

248
00:12:12,240 --> 00:12:13,840
identify exactly where the gaps are.

249
00:12:13,840 --> 00:12:18,120
If you aren't using purview, you are flying blind because co-pilot is a voracious consumer

250
00:12:18,120 --> 00:12:22,440
of information that wants to index every single thing it can find.

251
00:12:22,440 --> 00:12:25,640
Purview is the only tool that allows you to tell the model, no.

252
00:12:25,640 --> 00:12:30,320
Which is why we are moving from a world of static lists to policy-driven dynamic classification.

253
00:12:30,320 --> 00:12:34,040
Think about how you use to manage access by creating a security group, adding people to

254
00:12:34,040 --> 00:12:35,680
it, and pointing that group at a site.

255
00:12:35,680 --> 00:12:38,520
It was manual, it was brittle, and it was almost always out of date.

256
00:12:38,520 --> 00:12:43,040
With purview, we use adaptive scopes to include or exclude entire sharepoint sites based

257
00:12:43,040 --> 00:12:46,640
on attributes, metadata, or sensitivity labels.

258
00:12:46,640 --> 00:12:51,040
If a site is tagged as restricted, the adaptive scope automatically pulls it out of the co-pilot

259
00:12:51,040 --> 00:12:53,560
index without any manual intervention required.

260
00:12:53,560 --> 00:12:57,480
This shift represents a move from administrative overhead to governance by design where the

261
00:12:57,480 --> 00:12:59,920
policy does all the heavy lifting for your team.

262
00:12:59,920 --> 00:13:04,600
If a file isn't labeled, it isn't governed, and if it isn't governed, the top 1% of organizations

263
00:13:04,600 --> 00:13:06,960
are deciding that co-pilot shouldn't touch it.

264
00:13:06,960 --> 00:13:10,360
They are setting a baseline that says the model will only ground its responses in data

265
00:13:10,360 --> 00:13:12,480
that has a verified sensitivity label.

266
00:13:12,480 --> 00:13:16,680
This forces the business to take data classification seriously because you can't just dump files into

267
00:13:16,680 --> 00:13:19,560
a folder and expect the AI to work miracles.

268
00:13:19,560 --> 00:13:24,000
It also provides a safety net where the purview engine knows exactly what the AI is allowed

269
00:13:24,000 --> 00:13:27,240
to do with a document labeled "highly confidential".

270
00:13:27,240 --> 00:13:31,680
The AI hub inside purview is your new mission control, and it gives you a consolidated view

271
00:13:31,680 --> 00:13:35,760
of your AI risk by showing which users are interacting with specific data types.

272
00:13:35,760 --> 00:13:39,920
It isn't just about blocking access, but rather about visibility and allowing you to spot

273
00:13:39,920 --> 00:13:42,840
patterns before they become major security incidents.

274
00:13:42,840 --> 00:13:46,800
If you see a spike in financial detections in the HR department's co-pilot prompts, you

275
00:13:46,800 --> 00:13:50,920
know you have a training issue or a permission leak that needs immediate attention.

276
00:13:50,920 --> 00:13:54,600
You can investigate the activity explorer and see the exact prompt and the exact file

277
00:13:54,600 --> 00:13:58,080
that triggered the alert, which is the difference between guessing and knowing.

278
00:13:58,080 --> 00:14:01,440
We are also seeing purview integrate deeply with the lifecycle of the content itself, which

279
00:14:01,440 --> 00:14:05,720
means it handles the data you have today and the data the AI creates tomorrow.

280
00:14:05,720 --> 00:14:09,720
We need a system that can track the lineage of information to ensure that security properties

281
00:14:09,720 --> 00:14:13,320
follow the data as it is transformed by the model.

282
00:14:13,320 --> 00:14:17,840
If co-pilot takes three internal documents and one confidential document to create a summary,

283
00:14:17,840 --> 00:14:22,280
purview handles that label inheritance automatically to keep the summary confidential.

284
00:14:22,280 --> 00:14:26,280
This prevents the laundering of sensitive information, where a user asks for a summary

285
00:14:26,280 --> 00:14:29,600
of a protected file just to get around the original restrictions.

286
00:14:29,600 --> 00:14:33,720
Without this backbone, your tiering strategy is just a piece of paper because you lack the

287
00:14:33,720 --> 00:14:36,440
technical enforcement to make your rules a reality.

288
00:14:36,440 --> 00:14:40,720
You need the ability to turn off web grounding for specific groups and block third party plugins

289
00:14:40,720 --> 00:14:43,120
that haven't been vetted by your security team.

290
00:14:43,120 --> 00:14:46,680
Purview provides these granular controls and gives you the confidence to move from tier

291
00:14:46,680 --> 00:14:50,200
one to tier three because you have the telemetry to prove your policy's work.

292
00:14:50,200 --> 00:14:54,040
You aren't just hoping that users do the right thing, but rather you are ensuring it through

293
00:14:54,040 --> 00:14:56,240
code and technical guardrails.

294
00:14:56,240 --> 00:14:59,840
Labeling is only half the battle, so we also need to look at how we protect the interaction

295
00:14:59,840 --> 00:15:01,040
itself.

296
00:15:01,040 --> 00:15:04,120
The DLP shift, workload versus interaction.

297
00:15:04,120 --> 00:15:07,720
Our data loss prevention was designed for a world of rigid boundaries, where data lived in

298
00:15:07,720 --> 00:15:10,720
files that moved across endpoints or through email gateways.

299
00:15:10,720 --> 00:15:14,200
You set a rule to look for a social security number or a credit card string, and if that

300
00:15:14,200 --> 00:15:16,880
string tried to cross a perimeter, the system blocked it.

301
00:15:16,880 --> 00:15:21,360
It was binary, it was reactive, and it focused entirely on the what and the where of the data

302
00:15:21,360 --> 00:15:22,360
movement.

303
00:15:22,360 --> 00:15:26,160
But co-pilot has fundamentally changed the nature of how data moves, and in 2026 we are

304
00:15:26,160 --> 00:15:29,240
realizing the old model of DLP is insufficient.

305
00:15:29,240 --> 00:15:33,040
It simply doesn't understand the how of a generative interaction.

306
00:15:33,040 --> 00:15:36,440
We are seeing a massive shift in the security landscape that requires us to distinguish

307
00:15:36,440 --> 00:15:39,240
between workload DLP and interaction DLP.

308
00:15:39,240 --> 00:15:43,000
This is a critical distinction that most IT leaders are missing right now, and it starts

309
00:15:43,000 --> 00:15:46,480
with understanding that M365 DLP is your classic foundation.

310
00:15:46,480 --> 00:15:50,680
It watches your SharePoint sites and your OneDrive folders to ensure that a highly confidential

311
00:15:50,680 --> 00:15:53,040
file doesn't get shared with an external guest.

312
00:15:53,040 --> 00:15:56,840
But co-pilot DLP is different because it governs the AI interaction layer itself and

313
00:15:56,840 --> 00:15:59,440
sits between the users prompt and the model's response.

314
00:15:59,440 --> 00:16:03,840
It is the only thing standing between a productive session and a massive data leak.

315
00:16:03,840 --> 00:16:07,960
Think about the workflow of a typical prompt where a user asks a question and co-pilot retrieves

316
00:16:07,960 --> 00:16:09,720
internal data to ground that answer.

317
00:16:09,720 --> 00:16:13,720
The model might also reach out to an external web search to provide current context, and

318
00:16:13,720 --> 00:16:16,480
this is the moment of maximum risk for your organization.

319
00:16:16,480 --> 00:16:19,960
If that prompt contains sensitive information and you haven't configured your interaction

320
00:16:19,960 --> 00:16:24,520
DLP, you are effectively broadcasting your internal secrets to a public search engine.

321
00:16:24,520 --> 00:16:29,120
In late 2025, Microsoft introduced real-time evaluation of prompts for sensitive information

322
00:16:29,120 --> 00:16:33,200
types, and this was a game changer for stopping data before it hits the web.

323
00:16:33,200 --> 00:16:36,280
This isn't just about blocking everything because that is the old way of thinking that

324
00:16:36,280 --> 00:16:39,000
stops productivity in its tracks.

325
00:16:39,000 --> 00:16:42,920
Interaction DLP allows for contextual grounding, which means if the system detects a risky

326
00:16:42,920 --> 00:16:46,120
sit in a prompt, it doesn't have to shut down the session.

327
00:16:46,120 --> 00:16:50,560
Instead, it can force the AI to stay within your internal Microsoft graph and sever the

328
00:16:50,560 --> 00:16:52,560
link to the external web entirely.

329
00:16:52,560 --> 00:16:56,440
You get the answer you need, but the sensitive context never leaves your tenant, which is

330
00:16:56,440 --> 00:16:58,440
verified by context in action.

331
00:16:58,440 --> 00:17:02,760
It's a dynamic bridge that adjusts based on the risk profile of the specific question

332
00:17:02,760 --> 00:17:03,760
being asked.

333
00:17:03,760 --> 00:17:07,620
You need both layers because you need classic DLP for the files and emails, but you need

334
00:17:07,620 --> 00:17:10,960
co-pilot DLP for the prompts and the generated responses.

335
00:17:10,960 --> 00:17:14,720
If you only have the classic layer, a user can't share a sensitive file, but they can

336
00:17:14,720 --> 00:17:17,880
ask co-pilot to summarize that file and copy paste that summary.

337
00:17:17,880 --> 00:17:21,080
The classic DLP won't see it because it's looking for a file rather than a string of

338
00:17:21,080 --> 00:17:22,960
text in a chat window.

339
00:17:22,960 --> 00:17:27,040
Co-pilot DLP closes that gap by treating the interaction as a data-bearing event and evaluating

340
00:17:27,040 --> 00:17:29,000
the output of the model against your policies.

341
00:17:29,000 --> 00:17:33,080
We are seeing organizations move toward a prompt-level protection strategy where every

342
00:17:33,080 --> 00:17:37,120
single interaction is screened for PCI, PI, and PHI data.

343
00:17:37,120 --> 00:17:40,480
If a user pests a customer's credit card number into a prompt to ask for a transaction

344
00:17:40,480 --> 00:17:43,400
summary, the DLP engine catches it instantly.

345
00:17:43,400 --> 00:17:47,880
It blocks the response and alerts the security team, which prevents the model from even processing

346
00:17:47,880 --> 00:17:49,480
the request in the first place.

347
00:17:49,480 --> 00:17:53,680
This is the only way to scale AI in a regulated environment because you cannot rely on user

348
00:17:53,680 --> 00:17:54,680
training alone.

349
00:17:54,680 --> 00:17:57,320
You need a technical guardrail that operates at the speed of the model.

350
00:17:57,320 --> 00:18:00,760
But there is a catch because this level of enforcement requires a mature classification

351
00:18:00,760 --> 00:18:02,320
strategy to be effective.

352
00:18:02,320 --> 00:18:06,800
If your assets are poorly defined or if your sensitivity labels are applied inconsistently,

353
00:18:06,800 --> 00:18:09,960
your interaction DLP will be full of false positives.

354
00:18:09,960 --> 00:18:13,360
It will frustrate your users and kill your adoption rates, which is why we emphasize that

355
00:18:13,360 --> 00:18:15,680
purview is the backbone of the entire stack.

356
00:18:15,680 --> 00:18:20,480
The labels provide the context, the sits provide the detection, and the DLP provides the enforcement

357
00:18:20,480 --> 00:18:21,760
to keep everything in sync.

358
00:18:21,760 --> 00:18:25,040
When these three things work together, you have a governable AI environment where users

359
00:18:25,040 --> 00:18:26,480
can experiment safely.

360
00:18:26,480 --> 00:18:30,560
You have to look at your egress paths because Microsoft has identified roughly 14 different

361
00:18:30,560 --> 00:18:33,200
ways data can leave the tenant via co-pilot.

362
00:18:33,200 --> 00:18:36,800
This includes everything from printing and downloading to browser-based copy-pasting,

363
00:18:36,800 --> 00:18:39,960
and your interaction DLP has to cover all of them to be effective.

364
00:18:39,960 --> 00:18:43,640
We are moving toward a world where the prompt is the new perimeter, and if you can govern

365
00:18:43,640 --> 00:18:47,920
the prompt, you can govern the AI, but even with the best DLP in the world, the biggest

366
00:18:47,920 --> 00:18:51,000
risk remains the data people have already shared too widely.

367
00:18:51,000 --> 00:18:54,800
We have to address the oversharing multiplier before it spirals out of control and look

368
00:18:54,800 --> 00:18:59,120
at the legacy debt hiding in plain sight, preventing the oversharing multiplier.

369
00:18:59,120 --> 00:19:04,000
We need to have a very honest conversation about the state of your SharePoint hierarchy.

370
00:19:04,000 --> 00:19:06,560
Co-pilot doesn't break your permissions, and it never has.

371
00:19:06,560 --> 00:19:10,280
It actually respects them with a level of precision that should terrify you, because

372
00:19:10,280 --> 00:19:14,040
in reality the model exposes the consequences of a decade of poor permission management

373
00:19:14,040 --> 00:19:15,040
at machine speed.

374
00:19:15,040 --> 00:19:17,720
What used to be a manageable mess is now a high-velocity liability.

375
00:19:17,720 --> 00:19:20,200
I call this the oversharing multiplier.

376
00:19:20,200 --> 00:19:24,120
It is the phenomenon where a single legacy mistake in a folder setting becomes the primary

377
00:19:24,120 --> 00:19:26,360
source of truth for an AI assistant.

378
00:19:26,360 --> 00:19:29,320
The everyone links are the silent killers of AI security.

379
00:19:29,320 --> 00:19:31,440
Most organizations have thousands of these.

380
00:19:31,440 --> 00:19:35,560
They were created by a well-meaning project manager in 2019 who just wanted to make a file

381
00:19:35,560 --> 00:19:37,320
accessible for a quick meeting.

382
00:19:37,320 --> 00:19:41,480
They clicked Share with everyone in the organization because it was the path of least resistance.

383
00:19:41,480 --> 00:19:45,760
Back then that link sat in an inbox or a chat thread, and it was functionally invisible

384
00:19:45,760 --> 00:19:47,800
unless you had the specific URL.

385
00:19:47,800 --> 00:19:50,560
But to a large language model that link is a wide open door.

386
00:19:50,560 --> 00:19:54,200
Co-pilot doesn't need to find the link in an email because it sees the underlying permission

387
00:19:54,200 --> 00:19:55,200
attribute in the graph.

388
00:19:55,200 --> 00:19:59,560
It indexes the content because you technically told it that everyone is allowed to see it.

389
00:19:59,560 --> 00:20:02,480
This is where we encounter what I call toxic combinations.

390
00:20:02,480 --> 00:20:06,080
This happens when your most sensitive data meets your broadest internal access.

391
00:20:06,080 --> 00:20:09,920
Think about a merger and acquisition document that was accidentally saved to a public general

392
00:20:09,920 --> 00:20:11,240
channel in Teams.

393
00:20:11,240 --> 00:20:14,840
Or think about a list of employee performance reviews stored in a folder where the everyone

394
00:20:14,840 --> 00:20:18,400
except external users group was added during a migration.

395
00:20:18,400 --> 00:20:20,240
Individually a messy folder is a nuisance.

396
00:20:20,240 --> 00:20:23,880
Combined with an AI that can summarize that folder in three seconds, it is a breach waiting

397
00:20:23,880 --> 00:20:24,880
to happen.

398
00:20:24,880 --> 00:20:29,600
You aren't just oversharing a file, you're oversharing the context of your entire business.

399
00:20:29,600 --> 00:20:31,040
Many of you are looking for a quick fix.

400
00:20:31,040 --> 00:20:34,520
You want a magic button in the admin center that makes this go away.

401
00:20:34,520 --> 00:20:37,480
Microsoft gave us a temporary tool called restricted SharePoint search.

402
00:20:37,480 --> 00:20:40,400
You can think of this as a panic button for the AI era.

403
00:20:40,400 --> 00:20:44,360
It allows you to limit the scope of Co-pilot search to a specific list of sites.

404
00:20:44,360 --> 00:20:47,440
It is a powerful way to stop the bleeding during your initial rollout.

405
00:20:47,440 --> 00:20:50,960
If you know your legacy sites are a disaster, you can exclude them from the index entirely

406
00:20:50,960 --> 00:20:52,680
while you work on remediation.

407
00:20:52,680 --> 00:20:54,080
But here is the problem.

408
00:20:54,080 --> 00:20:57,280
Restricted SharePoint search isn't a long-term solution for a broken architecture.

409
00:20:57,280 --> 00:20:59,280
It is a bandaid on a structural wound.

410
00:20:59,280 --> 00:21:03,280
If you rely on search restrictions forever, you're essentially crippling your AI.

411
00:21:03,280 --> 00:21:06,360
You're paying for a tool that can't see the data it needs to be useful.

412
00:21:06,360 --> 00:21:09,800
The goal of Co-pilot is to surface the right information at the right time.

413
00:21:09,800 --> 00:21:13,400
If you hide all your information because you're afraid of your own permissions, you won't

414
00:21:13,400 --> 00:21:15,040
get the ROI you were promised.

415
00:21:15,040 --> 00:21:17,040
The real fix isn't a setting in the tenant.

416
00:21:17,040 --> 00:21:20,640
It is a structural cleanup of your SharePoint and Teams estate.

417
00:21:20,640 --> 00:21:23,120
You have to go back to the basics of information architecture.

418
00:21:23,120 --> 00:21:25,640
This means moving away from everything is open mentality.

419
00:21:25,640 --> 00:21:29,120
You need to start thinking about data stewardship as a core business function.

420
00:21:29,120 --> 00:21:32,440
The oversharing baseline report is your most important tool in this phase.

421
00:21:32,440 --> 00:21:35,560
It shows you exactly which sites have the highest risk of exposure.

422
00:21:35,560 --> 00:21:38,920
It highlights the sites with the most anyone links and the most guest access.

423
00:21:38,920 --> 00:21:41,800
You have to use this data to prioritize your remediation.

424
00:21:41,800 --> 00:21:43,640
You can't fix 10,000 sites at once.

425
00:21:43,640 --> 00:21:47,040
But you can fix the top 20 sites that contain 80% of your risk.

426
00:21:47,040 --> 00:21:48,440
This is how you pay the data debt.

427
00:21:48,440 --> 00:21:50,400
You target the toxic combinations first.

428
00:21:50,400 --> 00:21:54,640
You find the places where PII or financial data is sitting in a public bucket.

429
00:21:54,640 --> 00:21:58,280
Once you secure those, the risk profile of your Co-pilot deployment drops.

430
00:21:58,280 --> 00:22:02,680
You are building a sustainable foundation for every AI agent you will eventually deploy.

431
00:22:02,680 --> 00:22:06,880
The structural cleanup is the only way to move from tier 0 to tier 1 with confidence.

432
00:22:06,880 --> 00:22:09,040
It is the hard work that makes the magic possible.

433
00:22:09,040 --> 00:22:12,360
We built these systems for a world where humans did the searching.

434
00:22:12,360 --> 00:22:14,920
Now that the machines are doing the searching, the rules have changed.

435
00:22:14,920 --> 00:22:16,840
You can't hide behind obscurity anymore.

436
00:22:16,840 --> 00:22:19,960
You have to be secure by design or you'll be exposed by default.

437
00:22:19,960 --> 00:22:23,680
When you move files into contextual containers, you are giving the model the boundaries

438
00:22:23,680 --> 00:22:26,000
it needs to be helpful without being dangerous.

439
00:22:26,000 --> 00:22:30,200
It is the difference between a quiet library and a pile of loose papers.

440
00:22:30,200 --> 00:22:34,560
Once the data is clean, we have to look at what the AI is actually creating.

441
00:22:34,560 --> 00:22:37,240
Life cycle management of AI generated content.

442
00:22:37,240 --> 00:22:39,200
We need to talk about the content explosion.

443
00:22:39,200 --> 00:22:42,200
Co-pilot is not just a consumer, it is a massive producer.

444
00:22:42,200 --> 00:22:44,960
It is modifying and creating data at machine speed.

445
00:22:44,960 --> 00:22:49,680
Every time a user asks for a summary of a meeting or a draft of a proposal, a new digital

446
00:22:49,680 --> 00:22:50,880
asset is born.

447
00:22:50,880 --> 00:22:54,200
This creates a secondary sprawl problem that most governance frameworks are completely

448
00:22:54,200 --> 00:22:55,200
ignoring.

449
00:22:55,200 --> 00:22:58,600
We spent the last decade trying to manage human generated clutter.

450
00:22:58,600 --> 00:23:02,800
Now we are facing an era where the majority of your tenant's data will eventually be AI

451
00:23:02,800 --> 00:23:03,800
generated.

452
00:23:03,800 --> 00:23:07,920
This synthetic sprawl is a unique risk because it often lacks the intentionality of human

453
00:23:07,920 --> 00:23:08,920
authorship.

454
00:23:08,920 --> 00:23:11,520
The first thing you have to solve is label propagation.

455
00:23:11,520 --> 00:23:14,080
This is a non-negotiable technical requirement.

456
00:23:14,080 --> 00:23:18,720
In the old model, a user would read a sensitive file and then manually decide how to label their

457
00:23:18,720 --> 00:23:19,720
own summary.

458
00:23:19,720 --> 00:23:21,760
That was slow but it was a deliberate human checkpoint.

459
00:23:21,760 --> 00:23:23,640
With co-pilot that checkpoint is gone.

460
00:23:23,640 --> 00:23:28,640
If the AI draft the summary of a highly confidential file, that summary must inherit the highly confidential

461
00:23:28,640 --> 00:23:30,760
label by default, there can be no gap.

462
00:23:30,760 --> 00:23:34,520
If the security properties don't follow the data as it is transformed, you are essentially

463
00:23:34,520 --> 00:23:38,960
allowing the AI to launder your secrets into unprotected formats.

464
00:23:38,960 --> 00:23:41,920
Microsoft has enabled this inheritance but you have to configure it.

465
00:23:41,920 --> 00:23:46,320
You have to ensure that the output is always as secured as its most restrictive source.

466
00:23:46,320 --> 00:23:47,320
Think about the volume.

467
00:23:47,320 --> 00:23:50,120
An active user might generate 10 summaries a day.

468
00:23:50,120 --> 00:23:53,800
Buy that by a thousand users, that is 50,000 new documents every week.

469
00:23:53,800 --> 00:23:57,920
If you don't have automated retention settings, your tenant is going to become a digital

470
00:23:57,920 --> 00:23:58,920
landfill.

471
00:23:58,920 --> 00:24:02,000
We have to move away from the idea that everything should be kept forever.

472
00:24:02,000 --> 00:24:05,000
In the generative era, defensible deletion is the goal.

473
00:24:05,000 --> 00:24:08,440
You need to be able to prove to auditors and regulators that you are not just hoarding

474
00:24:08,440 --> 00:24:09,920
AI-generated clutter.

475
00:24:09,920 --> 00:24:14,360
You need policies that automatically capture review and delete AI artifacts based on their

476
00:24:14,360 --> 00:24:15,680
age and sensitivity.

477
00:24:15,680 --> 00:24:20,400
If an AI-generated draft hasn't been touched in 90 days, why is it still in your index?

478
00:24:20,400 --> 00:24:23,840
This is where PerView's life cycle management tools become your best friend.

479
00:24:23,840 --> 00:24:27,440
You can set retention labels that apply specifically to AI-generated content.

480
00:24:27,440 --> 00:24:30,960
You can dictate that meeting recaps are deleted after six months unless they are explicitly

481
00:24:30,960 --> 00:24:32,200
tagged for a project.

482
00:24:32,200 --> 00:24:35,240
This reduces your surface area for future AI queries.

483
00:24:35,240 --> 00:24:38,080
Remember, the model uses your existing data as its truth.

484
00:24:38,080 --> 00:24:42,640
If your tenant is filled with 10 different AI-generated versions of the same project plan, the model is

485
00:24:42,640 --> 00:24:43,640
going to get confused.

486
00:24:43,640 --> 00:24:47,400
It is going to start hallucinating based on the noise it created itself.

487
00:24:47,400 --> 00:24:51,480
You are essentially poisoning your own well if you don't clean up the synthetic artifacts.

488
00:24:51,480 --> 00:24:54,480
We also have to consider the provenance of the information.

489
00:24:54,480 --> 00:24:57,600
In a legal or regulatory context, you need to know what was written by a human and what

490
00:24:57,600 --> 00:24:59,200
was generated by a machine.

491
00:24:59,200 --> 00:25:00,920
This is about more than just a watermark.

492
00:25:00,920 --> 00:25:02,600
It is about the metadata.

493
00:25:02,600 --> 00:25:07,040
Your governance framework should ensure that AI-generated content is identifiable in your

494
00:25:07,040 --> 00:25:08,040
audit logs.

495
00:25:08,040 --> 00:25:11,960
If a junior analyst presents a report that contains a massive error, you need to know if

496
00:25:11,960 --> 00:25:15,920
that error was a human mistake or an unverified AI hallucination.

497
00:25:15,920 --> 00:25:18,200
This accountability is the foundation of trust.

498
00:25:18,200 --> 00:25:21,960
You can't hold people responsible for the final output if you can't see the process that

499
00:25:21,960 --> 00:25:22,960
created it.

500
00:25:22,960 --> 00:25:27,760
Effective lifecycle management is about maintaining the integrity of the system over time.

501
00:25:27,760 --> 00:25:31,240
It is about ensuring that your data remains fresh, accurate and governed.

502
00:25:31,240 --> 00:25:34,760
We are shifting from managing files to managing streams of information.

503
00:25:34,760 --> 00:25:38,760
If you don't have a plan for how that information is retired, your AI is going to become less

504
00:25:38,760 --> 00:25:40,480
useful every single day.

505
00:25:40,480 --> 00:25:43,520
It will be buried under the weight of its own previous outputs.

506
00:25:43,520 --> 00:25:47,200
We need to build a circular economy for our data where we are constantly pruning the

507
00:25:47,200 --> 00:25:48,720
old to make room for the new.

508
00:25:48,720 --> 00:25:52,000
This is the only way to keep the model grounded in current reality.

509
00:25:52,000 --> 00:25:56,160
But technical controls only work if the people behind the prompts know the rules.

510
00:25:56,160 --> 00:25:59,240
We have to bridge the gap between the software and the human.

511
00:25:59,240 --> 00:26:02,840
We have to address the prompt literacy gap before the technical guardrails become a source

512
00:26:02,840 --> 00:26:04,440
of frustration.

513
00:26:04,440 --> 00:26:07,160
Consistent education is the final layer of the stack.

514
00:26:07,160 --> 00:26:09,200
The prompt literacy governance gap.

515
00:26:09,200 --> 00:26:13,120
We spend millions on licenses and thousands of hours on technical implementation.

516
00:26:13,120 --> 00:26:15,440
We lock down the sites, we configure the labels.

517
00:26:15,440 --> 00:26:18,840
But then we hand the keys to a workforce that doesn't know how to drive a car they've

518
00:26:18,840 --> 00:26:20,200
never seen before.

519
00:26:20,200 --> 00:26:22,560
This is the prompt literacy governance gap.

520
00:26:22,560 --> 00:26:24,280
It's the silent killer of ROI.

521
00:26:24,280 --> 00:26:27,840
If your users don't understand how to interact with the model, your entire deployment is

522
00:26:27,840 --> 00:26:29,760
just a very expensive search engine.

523
00:26:29,760 --> 00:26:33,480
Most people approach the prompt box with the same habits they developed in Google.

524
00:26:33,480 --> 00:26:35,520
They type two words and hope for the best.

525
00:26:35,520 --> 00:26:39,040
When the AI gives them a generic response, they blame the technology.

526
00:26:39,040 --> 00:26:42,160
They say it's not useful, but the floor isn't in the model.

527
00:26:42,160 --> 00:26:43,520
It's in the instruction.

528
00:26:43,520 --> 00:26:45,120
Prompting isn't just about asking.

529
00:26:45,120 --> 00:26:46,920
It's about engineering a specific outcome.

530
00:26:46,920 --> 00:26:51,120
The best performing organizations are teaching their people a four-part framework.

531
00:26:51,120 --> 00:26:53,760
Goal, context, instructions and constraints.

532
00:26:53,760 --> 00:26:56,440
If you miss any of these, the AI has to guess.

533
00:26:56,440 --> 00:26:58,920
And when an AI guesses, it often hallucinations.

534
00:26:58,920 --> 00:27:01,880
We need to teach users that they are the directors of the scene.

535
00:27:01,880 --> 00:27:03,080
They have to provide the goal.

536
00:27:03,080 --> 00:27:04,080
What exactly do they want?

537
00:27:04,080 --> 00:27:05,480
They have to provide the context.

538
00:27:05,480 --> 00:27:06,480
Who is this for?

539
00:27:06,480 --> 00:27:08,320
They have to provide the specific instructions.

540
00:27:08,320 --> 00:27:10,080
How should the information be structured?

541
00:27:10,080 --> 00:27:12,280
And finally, they have to provide the constraints.

542
00:27:12,280 --> 00:27:13,440
What should be avoided?

543
00:27:13,440 --> 00:27:14,880
This is the core of literacy.

544
00:27:14,880 --> 00:27:18,880
Because when people understand the logic behind the machine, they stop fighting the tool

545
00:27:18,880 --> 00:27:21,000
and start directing the output.

546
00:27:21,000 --> 00:27:22,000
Section 9.

547
00:27:22,000 --> 00:27:25,600
Crafting the AI usage policy for 2026.

548
00:27:25,600 --> 00:27:28,080
Use AI responsibly is not a policy.

549
00:27:28,080 --> 00:27:29,080
It is a platitude.

550
00:27:29,080 --> 00:27:33,400
It's the kind of vague, well-meaning sentence that legal teams love because it sounds safe,

551
00:27:33,400 --> 00:27:37,600
but it is functionally useless for a workforce trying to navigate a complex digital landscape.

552
00:27:37,600 --> 00:27:42,160
If your policy is built on abstractions, your employees will fill those gaps with their

553
00:27:42,160 --> 00:27:43,160
own assumptions.

554
00:27:43,160 --> 00:27:46,640
And in the generative era, an employee's assumption is a liability you cannot afford to

555
00:27:46,640 --> 00:27:47,640
carry.

556
00:27:47,640 --> 00:27:51,320
We need to move away from policy theatre and start building productivity infrastructure.

557
00:27:51,320 --> 00:27:56,000
This means your AI usage policy for 2026 must be direct, specific, and grounded in the actual

558
00:27:56,000 --> 00:27:57,680
mechanics of how work gets done.

559
00:27:57,680 --> 00:28:01,200
It needs to be the manual that gives people the confidence to experiment without fear

560
00:28:01,200 --> 00:28:02,320
of a compliance breach.

561
00:28:02,320 --> 00:28:06,600
The first pillar of a modern policy is the definition of AI eligibility.

562
00:28:06,600 --> 00:28:10,080
You cannot have a blanket yes or no for the entire tenant.

563
00:28:10,080 --> 00:28:13,440
You have to map your rules directly to your data classification taxonomy.

564
00:28:13,440 --> 00:28:18,160
Your policy must date in no uncertain terms, which data buckets are open for AI grounding

565
00:28:18,160 --> 00:28:19,720
and which are strictly off limits.

566
00:28:19,720 --> 00:28:24,080
For example, public and internal data might be AI eligible for all users.

567
00:28:24,080 --> 00:28:27,200
Confidential data might be restricted to specific departments or roles that have completed

568
00:28:27,200 --> 00:28:28,520
advanced training.

569
00:28:28,520 --> 00:28:31,040
And restricted or highly confidential data.

570
00:28:31,040 --> 00:28:35,320
The trade secrets, the unannounced M&A plans, the individual health records, should

571
00:28:35,320 --> 00:28:39,720
be hard coded as AI prohibited until a specific exception is granted.

572
00:28:39,720 --> 00:28:41,480
This creates a clear map for the employee.

573
00:28:41,480 --> 00:28:45,040
They don't have to guess if they are allowed to summarize a specific folder.

574
00:28:45,040 --> 00:28:47,800
The policy tells them exactly where the boundaries are.

575
00:28:47,800 --> 00:28:51,000
The second pillar is the absolute clarification of accountability.

576
00:28:51,000 --> 00:28:55,520
We are seeing a dangerous trend where people treat AI output as a finished product.

577
00:28:55,520 --> 00:28:58,520
They assume that if the machine said it, it must be verified.

578
00:28:58,520 --> 00:29:00,040
Your policy must dismantle this.

579
00:29:00,040 --> 00:29:03,960
It has to establish that the human is always without exception responsible for the final

580
00:29:03,960 --> 00:29:04,960
deliverable.

581
00:29:04,960 --> 00:29:10,160
Whether the AI wrote 10% or 90% of the content, the person who hits "send" or "publish"

582
00:29:10,160 --> 00:29:13,000
owns every word, every fact, and every potential error.

583
00:29:13,000 --> 00:29:17,520
This isn't just a legal shield for the company, it is a psychological guardrail for the employee.

584
00:29:17,520 --> 00:29:19,520
It forces the human in the loop.

585
00:29:19,520 --> 00:29:23,240
It ensures that co-pilot remains an assistant, not an autonomous agent.

586
00:29:23,240 --> 00:29:27,120
If a hallucination makes it into a client proposal, you shouldn't be looking at the model.

587
00:29:27,120 --> 00:29:31,160
You should be looking at the policy that failed to enforce a verification step.

588
00:29:31,160 --> 00:29:34,680
Transparency is the third pillar, and it is becoming the new global standard.

589
00:29:34,680 --> 00:29:37,440
In 2026, we are moving past the black box era.

590
00:29:37,440 --> 00:29:41,520
Your policy should require employees to disclose when AI has been used for substantial portions

591
00:29:41,520 --> 00:29:42,800
of a deliverable.

592
00:29:42,800 --> 00:29:45,080
This isn't about shaming people for using tools.

593
00:29:45,080 --> 00:29:48,600
It's about maintaining the integrity of the professional relationship.

594
00:29:48,600 --> 00:29:53,080
If a consultant uses co-pilot to generate 40 pages of a strategic review, the client has

595
00:29:53,080 --> 00:29:54,080
a right to know.

596
00:29:54,080 --> 00:29:58,440
If an engineer uses a coding assistant to refactor a legacy database, the review team needs

597
00:29:58,440 --> 00:29:59,840
to see that history.

598
00:29:59,840 --> 00:30:01,040
Disclosure builds trust.

599
00:30:01,040 --> 00:30:05,440
It allows for a more focused review of the areas where AI is known to struggle, like complex

600
00:30:05,440 --> 00:30:07,640
logic or specific citations.

601
00:30:07,640 --> 00:30:10,400
Finally, the policy must define the egress rules.

602
00:30:10,400 --> 00:30:13,720
You need to be explicit about where AI generated content can live.

603
00:30:13,720 --> 00:30:17,240
Can a summary of an internal meeting be shared on a public social media platform?

604
00:30:17,240 --> 00:30:21,560
Can an AI drafted response to a customer be sent without a second human eyes on check?

605
00:30:21,560 --> 00:30:23,760
These are the friction points where data leaks happen.

606
00:30:23,760 --> 00:30:25,960
Your policy acts as the rules of the road.

607
00:30:25,960 --> 00:30:28,760
It provides the why behind the technical blocks.

608
00:30:28,760 --> 00:30:32,720
When a user hits a DLP warning, they shouldn't feel like they are being punished by IT.

609
00:30:32,720 --> 00:30:36,800
They should recognize that they are hitting a guardrail defined by the company's commitment

610
00:30:36,800 --> 00:30:38,000
to data integrity.

611
00:30:38,000 --> 00:30:41,800
This shift in perspective is what turns a restrictive document into a foundational asset.

612
00:30:41,800 --> 00:30:44,960
It gives your team the freedom to move fast because they know exactly where the edges of

613
00:30:44,960 --> 00:30:46,120
the cliff are.

614
00:30:46,120 --> 00:30:48,240
Policy is the theory that guides the practice.

615
00:30:48,240 --> 00:30:52,360
But as we move forward, we have to realize that policy alone is just a static document.

616
00:30:52,360 --> 00:30:56,000
To make it real, we need to see what is actually happening inside the interaction.

617
00:30:56,000 --> 00:30:59,200
Policy is the theory, but monitoring is the reality.

618
00:30:59,200 --> 00:31:01,440
Monitoring the AI hub in purview.

619
00:31:01,440 --> 00:31:04,880
You've built the walls and written the rules, but in a complex enterprise, those rules

620
00:31:04,880 --> 00:31:05,880
are just a baseline.

621
00:31:05,880 --> 00:31:09,400
They represent a snapshot of what you want to happen, whereas the telemetry tells you

622
00:31:09,400 --> 00:31:11,360
what is actually happening on the ground.

623
00:31:11,360 --> 00:31:14,640
This is where the AI hub in Microsoft purview changes the game because it serves as your

624
00:31:14,640 --> 00:31:16,520
central dashboard for reality.

625
00:31:16,520 --> 00:31:20,680
It is the one place where you stop guessing and start observing the actual flow of intelligence

626
00:31:20,680 --> 00:31:22,160
across your entire tenant.

627
00:31:22,160 --> 00:31:25,880
Most admins spend their time digging through logs that only tell them about files.

628
00:31:25,880 --> 00:31:27,880
But the AI hub tells you about intent.

629
00:31:27,880 --> 00:31:32,560
It shows you exactly where your users, your apps, and your most sensitive data intersect.

630
00:31:32,560 --> 00:31:34,680
Think about that visibility gap we discussed earlier.

631
00:31:34,680 --> 00:31:38,600
You might have 10,000 users with a co-pilot license, but without a centralized monitoring hub,

632
00:31:38,600 --> 00:31:42,600
you have no idea if they are summarizing a lunch menu or a secret product roadmap.

633
00:31:42,600 --> 00:31:46,960
The AI hub visualizes this usage by breaking down interactions by application, whether

634
00:31:46,960 --> 00:31:49,040
that is word, teams or outlook.

635
00:31:49,040 --> 00:31:51,880
But the real power lies in the data sensitivity overlay.

636
00:31:51,880 --> 00:31:56,440
You can see in real time how many prompts are touching data labeled as confidential or restricted,

637
00:31:56,440 --> 00:31:59,880
and you can see which departments are the most aggressive users of the model.

638
00:31:59,880 --> 00:32:04,480
One of the most critical metrics you'll find here is sensitive interactions per AI app.

639
00:32:04,480 --> 00:32:06,760
This isn't just a number, it's a diagnostic tool.

640
00:32:06,760 --> 00:32:11,080
If you see that your HR team has a high volume of interactions involving financial sensitive

641
00:32:11,080 --> 00:32:15,480
information types, you have found a structural risk that needs your attention.

642
00:32:15,480 --> 00:32:17,000
The ROI paradox.

643
00:32:17,000 --> 00:32:18,680
Why pilot stall?

644
00:32:18,680 --> 00:32:22,680
Having enough ROI to justify a broad deployment is the biggest hurdle for IT leaders in

645
00:32:22,680 --> 00:32:23,680
2026.

646
00:32:23,680 --> 00:32:27,600
The problem is that most people are looking for value in the wrong places, and we are living

647
00:32:27,600 --> 00:32:29,920
through what I call an ROI paradox.

648
00:32:29,920 --> 00:32:32,040
On one hand, the anecdotal evidence is staggering.

649
00:32:32,040 --> 00:32:36,400
You hear about a developer saving half their day on documentation, or a project manager summarizing

650
00:32:36,400 --> 00:32:39,400
three hours of meetings in seconds, and it feels like a win.

651
00:32:39,400 --> 00:32:43,360
But on the other hand, when the CFO looks at the line item for 5,000 licenses, they don't

652
00:32:43,360 --> 00:32:45,240
see the needle moving on the bottom line.

653
00:32:45,240 --> 00:32:50,200
They see a massive increase in the Microsoft 365 bill without a corresponding decrease in

654
00:32:50,200 --> 00:32:52,960
operational expenses, and this is where the friction lives.

655
00:32:52,960 --> 00:32:58,560
The truth is that 95% of pilots fail, but it isn't because the technology is broken.

656
00:32:58,560 --> 00:33:02,880
The model is fine, the API is stable, and the latency is improving every day.

657
00:33:02,880 --> 00:33:05,280
Pilots fail because the business foundation is broken.

658
00:33:05,280 --> 00:33:09,400
We treat co-pilot like a software update that happens to the user rather than a process

659
00:33:09,400 --> 00:33:12,600
transformation that requires the user to change how they work.

660
00:33:12,600 --> 00:33:16,080
If you just turn it on and hope for the best, you are not running a pilot.

661
00:33:16,080 --> 00:33:20,600
You are running an expensive experiment in curiosity and curiosity doesn't pay the bills.

662
00:33:20,600 --> 00:33:22,360
Strategy does.

663
00:33:22,360 --> 00:33:26,200
We are seeing a commercial disaster in organizations that refuse to do the math.

664
00:33:26,200 --> 00:33:29,920
They buy the seats, they send out a getting started email, and then they wait for the magic

665
00:33:29,920 --> 00:33:30,920
to happen.

666
00:33:30,920 --> 00:33:32,280
But magic isn't a business metric.

667
00:33:32,280 --> 00:33:36,840
To justify a $30 per user per month premium, you need to quantify the minutes per day

668
00:33:36,840 --> 00:33:37,840
math.

669
00:33:37,840 --> 00:33:41,920
If your fully loaded labor cost is $50 an hour, co-pilot needs to save a user roughly

670
00:33:41,920 --> 00:33:44,600
nine minutes a week just to break even on the license.

671
00:33:44,600 --> 00:33:48,600
That sounds easy, but if that user spends those saved nine minutes scrolling through more

672
00:33:48,600 --> 00:33:52,640
internal emails you haven't created value, you've just shifted the waste from one bucket

673
00:33:52,640 --> 00:33:53,640
to another.

674
00:33:53,640 --> 00:33:57,680
ROI isn't driven by the number of seats you buy, it's driven by adoption maturity.

675
00:33:57,680 --> 00:34:01,680
This is the distinction between having the tool and using the tool to solve a specific problem.

676
00:34:01,680 --> 00:34:06,120
The organizations that are winning are the ones that stop asking what can co-pilot do.

677
00:34:06,120 --> 00:34:10,040
And start asking which specific business process can we automate today?

678
00:34:10,040 --> 00:34:13,240
Having realized value versus potential value.

679
00:34:13,240 --> 00:34:16,000
Most executives are currently drowning in potential value.

680
00:34:16,000 --> 00:34:19,760
You've seen the marketing slides, you've read the reports claiming billions in global productivity

681
00:34:19,760 --> 00:34:22,680
gains, but you can't pay your shareholders with potential.

682
00:34:22,680 --> 00:34:26,160
You can't reinvest theoretical minutes into your product roadmap.

683
00:34:26,160 --> 00:34:28,920
This is where the pilot to production pipeline usually leaks.

684
00:34:28,920 --> 00:34:32,200
We have to stop talking about time saved as if it's a currency.

685
00:34:32,200 --> 00:34:34,400
In the real world, time saved is a soft metric.

686
00:34:34,400 --> 00:34:36,120
It's an indicator, not an outcome.

687
00:34:36,120 --> 00:34:40,400
If an employee saves 30 minutes on a Friday afternoon and uses it to leave early, that's a lifestyle

688
00:34:40,400 --> 00:34:43,440
benefit for them, but it's a zero sum game for the organization.

689
00:34:43,440 --> 00:34:47,000
To find the ROI, we have to talk about capacity created.

690
00:34:47,000 --> 00:34:48,480
This is the hard metric.

691
00:34:48,480 --> 00:34:52,640
Capacity created is the delta between what your team can do now and what they could do yesterday.

692
00:34:52,640 --> 00:34:55,680
It is the ability to take on more volume without adding headcount.

693
00:34:55,680 --> 00:35:00,280
It is the ability to shift a senior analyst from data cleaning to strategic forecasting.

694
00:35:00,280 --> 00:35:03,040
When you measure capacity, you aren't looking at a stopwatch.

695
00:35:03,040 --> 00:35:05,120
You are looking at the output of the business unit.

696
00:35:05,120 --> 00:35:06,600
Are we processing more invoices?

697
00:35:06,600 --> 00:35:08,440
Are we drafting more proposals?

698
00:35:08,440 --> 00:35:11,480
Are we closing the month and books in three days instead of five?

699
00:35:11,480 --> 00:35:15,560
If the answer is no, then your time saved is just hidden slack in the system.

700
00:35:15,560 --> 00:35:19,880
We need to move beyond generic productivity claims and start looking at cycle time reduction

701
00:35:19,880 --> 00:35:21,160
in specific functions.

702
00:35:21,160 --> 00:35:23,080
This is the diagnostic layer of governance.

703
00:35:23,080 --> 00:35:24,080
Let's look at sales.

704
00:35:24,080 --> 00:35:28,080
If your sales team uses Copilot to summarize meeting notes and draft follow-up emails,

705
00:35:28,080 --> 00:35:32,080
and that results in closing deals 10% faster, you have found realized value.

706
00:35:32,080 --> 00:35:36,000
A 10% reduction in cycle time translates directly to your cash flow.

707
00:35:36,000 --> 00:35:37,680
It means your capital is working harder.

708
00:35:37,680 --> 00:35:42,000
It means your win rate likely increases because you are more responsive than the competition.

709
00:35:42,000 --> 00:35:43,600
That is ROI.

710
00:35:43,600 --> 00:35:45,080
But compare that to the alternative.

711
00:35:45,080 --> 00:35:48,840
What if your sales team uses Copilot to generate more internal status reports?

712
00:35:48,840 --> 00:35:52,360
What if they use it to draft longer, more complex emails to their own managers?

713
00:35:52,360 --> 00:35:53,360
That isn't value.

714
00:35:53,360 --> 00:35:54,840
That is noise.

715
00:35:54,840 --> 00:35:58,280
You are using a high-powered AI to lubricate the bureaucracy.

716
00:35:58,280 --> 00:36:01,600
You are making it easier to generate the very digital clutter that was slowing you down

717
00:36:01,600 --> 00:36:02,600
in the first place.

718
00:36:02,600 --> 00:36:05,760
This is why governance must include a value filter.

719
00:36:05,760 --> 00:36:08,800
You have to define what good looks like for each role.

720
00:36:08,800 --> 00:36:13,120
If the AI is being used to automate low-value internal communication, you aren't scaling

721
00:36:13,120 --> 00:36:14,120
productivity.

722
00:36:14,120 --> 00:36:15,640
You are scaling overhead.

723
00:36:15,640 --> 00:36:16,960
So how do you prove the difference?

724
00:36:16,960 --> 00:36:18,800
You stop relying on sentiment surveys.

725
00:36:18,800 --> 00:36:19,800
Do you like Copilot?

726
00:36:19,800 --> 00:36:21,120
Is a useless question.

727
00:36:21,120 --> 00:36:22,120
Of course they like it.

728
00:36:22,120 --> 00:36:23,400
It makes their lives easier.

729
00:36:23,400 --> 00:36:25,640
But ease isn't a financial statement.

730
00:36:25,640 --> 00:36:28,600
The top 1% are using rigorous A/B testing.

731
00:36:28,600 --> 00:36:30,280
They are taking two identical teams.

732
00:36:30,280 --> 00:36:34,480
Same region, same product, same target, and giving Copilot to only one of them.

733
00:36:34,480 --> 00:36:37,520
Then they track them for 90 days against real business outcomes.

734
00:36:37,520 --> 00:36:39,600
They don't look at how many prompts were written.

735
00:36:39,600 --> 00:36:41,720
They look at the revenue generated per head.

736
00:36:41,720 --> 00:36:43,520
They look at the error rates in the contracts.

737
00:36:43,520 --> 00:36:45,360
They look at the customer satisfaction scores.

738
00:36:45,360 --> 00:36:47,720
The control group is your baseline for reality.

739
00:36:47,720 --> 00:36:50,320
It accounts for seasonal shifts and market volatility.

740
00:36:50,320 --> 00:36:54,160
If both groups see a 5% lift in productivity, then Copilot isn't the driver.

741
00:36:54,160 --> 00:36:55,160
The market is.

742
00:36:55,160 --> 00:37:00,200
But if the Copilot-enabled team sees a 15% lift in throughput, while the control group stays

743
00:37:00,200 --> 00:37:04,680
flat, you have your justification, you have a heart number that you can take to the board.

744
00:37:04,680 --> 00:37:09,040
You can show that the $30 license fee is returning $300 in realized capacity.

745
00:37:09,040 --> 00:37:12,680
This is the shift from policy theatre to operational reality.

746
00:37:12,680 --> 00:37:15,560
You are treating AI like any other capital expenditure.

747
00:37:15,560 --> 00:37:18,240
You are demanding a return on your digital estate.

748
00:37:18,240 --> 00:37:23,080
But as we scale this realized value, we encounter the citizen developer risk.

749
00:37:23,080 --> 00:37:25,160
When people see results, they want more automation.

750
00:37:25,160 --> 00:37:26,920
They start building their own agents.

751
00:37:26,920 --> 00:37:28,120
And that's where boundaries blow.

752
00:37:28,120 --> 00:37:30,920
We move from user as consumer to user as creator.

753
00:37:30,920 --> 00:37:32,840
This is actually where the model breaks.

754
00:37:32,840 --> 00:37:34,840
Governing the citizen AI agent.

755
00:37:34,840 --> 00:37:38,240
We need to acknowledge a fundamental shift in the power dynamic of your tenant.

756
00:37:38,240 --> 00:37:40,160
We are entering the age of the creator.

757
00:37:40,160 --> 00:37:45,000
With the maturity of Copilot Studio, your business users are no longer just asking questions.

758
00:37:45,000 --> 00:37:46,080
They are building agents.

759
00:37:46,080 --> 00:37:51,120
They are creating custom assistance designed to perform specific roles within their departments.

760
00:37:51,120 --> 00:37:55,440
The problem is that we still treat these agents like office macros or simple spreadsheets.

761
00:37:55,440 --> 00:37:59,280
We look at a custom bot built by a marketing lead and think of it as a helpful tool.

762
00:37:59,280 --> 00:38:01,800
In reality, that agent is a business system.

763
00:38:01,800 --> 00:38:06,600
When a business user connects an agent to a customer database or a legacy ERP system,

764
00:38:06,600 --> 00:38:09,000
they are performing an act of software engineering.

765
00:38:09,000 --> 00:38:13,040
But they are doing it without the traditional safety nets of the software development life cycle.

766
00:38:13,040 --> 00:38:14,520
They aren't thinking about versioning.

767
00:38:14,520 --> 00:38:16,600
They aren't thinking about regression testing.

768
00:38:16,600 --> 00:38:20,000
And they almost certainly aren't thinking about the security posture of the connectors they

769
00:38:20,000 --> 00:38:21,160
just enabled.

770
00:38:21,160 --> 00:38:22,880
This is how shadow AI takes root.

771
00:38:22,880 --> 00:38:24,160
It starts with a specific problem.

772
00:38:24,160 --> 00:38:28,040
A logistics team wants a bot that can check shipping statuses and updated tracking sheet.

773
00:38:28,040 --> 00:38:29,240
It's a great use case.

774
00:38:29,240 --> 00:38:33,840
So they open Copilot Studio, they build the agent, they point it at a few data sources,

775
00:38:33,840 --> 00:38:35,800
and then they share it with the whole department.

776
00:38:35,800 --> 00:38:39,880
Suddenly you have a business critical process running on an unvetted, unmanaged bot.

777
00:38:39,880 --> 00:38:42,080
If that bot fails, the logistics team stops working.

778
00:38:42,080 --> 00:38:45,080
If that bot has a logic error, your tracking data is compromised.

779
00:38:45,080 --> 00:38:47,160
The risk isn't just that the bot is wrong.

780
00:38:47,160 --> 00:38:48,880
The risk is that the bot is invisible.

781
00:38:48,880 --> 00:38:50,520
It doesn't know it exists.

782
00:38:50,520 --> 00:38:51,840
Security hasn't reviewed the data flow.

783
00:38:51,840 --> 00:38:55,240
The business unit is now dependent on a system that has no support model.

784
00:38:55,240 --> 00:38:56,560
This is the citizen AI trap.

785
00:38:56,560 --> 00:38:59,520
You want the innovation, but you can't afford the instability.

786
00:38:59,520 --> 00:39:01,640
Governance in this phase isn't about blocking creation.

787
00:39:01,640 --> 00:39:03,240
It's about creating a path for it.

788
00:39:03,240 --> 00:39:05,600
You need a tiered approach to agent deployment.

789
00:39:05,600 --> 00:39:08,240
If an agent is for personal use, the rules are light.

790
00:39:08,240 --> 00:39:10,720
If an agent is shared with the team, the rules tighten.

791
00:39:10,720 --> 00:39:14,600
If an agent connects to production data, it must go through a formal review.

792
00:39:14,600 --> 00:39:17,680
You are moving from a world of users to a world of developers.

793
00:39:17,680 --> 00:39:19,680
And your governance model has to catch up.

794
00:39:19,680 --> 00:39:22,080
Because if it doesn't, you aren't building a digital estate.

795
00:39:22,080 --> 00:39:24,480
You are building a digital minefield in the sun.

796
00:39:24,480 --> 00:39:26,800
The impact on internal audit procedures.

797
00:39:26,800 --> 00:39:30,080
Internal audit is currently facing a massive structural identity crisis.

798
00:39:30,080 --> 00:39:34,040
For decades, the entire department lived on a diet of manual sampling, where you would pick

799
00:39:34,040 --> 00:39:38,200
50 invoices out of 10,000, check the signatures, and call it a day.

800
00:39:38,200 --> 00:39:41,600
You simply assumed that the small sample represented the whole.

801
00:39:41,600 --> 00:39:45,360
But in a world where business logic is being generated by a model on the fly, sampling

802
00:39:45,360 --> 00:39:46,840
is no longer a safety net.

803
00:39:46,840 --> 00:39:47,840
It is a blindfold.

804
00:39:47,840 --> 00:39:50,600
AI agent summarizes a contract incorrectly.

805
00:39:50,600 --> 00:39:53,120
It does not do it consistently across every single document.

806
00:39:53,120 --> 00:39:57,600
It might get 900 right, and then suddenly hallucinate on the 901st because of a specific

807
00:39:57,600 --> 00:39:59,680
markdown tag in the source file.

808
00:39:59,680 --> 00:40:03,400
Your traditional audit procedures cannot catch that kind of non-linear risk, which means

809
00:40:03,400 --> 00:40:06,840
the old way of checking boxes is officially dead.

810
00:40:06,840 --> 00:40:09,440
This is why internal audit is moving into a dual role.

811
00:40:09,440 --> 00:40:14,440
They are now required to use AI to audit, and simultaneously they have to audit the AI

812
00:40:14,440 --> 00:40:15,440
itself.

813
00:40:15,440 --> 00:40:19,160
Not just a change in tools, but rather a fundamental change in the philosophy of oversight.

814
00:40:19,160 --> 00:40:22,480
We are shifting toward what I call continuous assurance.

815
00:40:22,480 --> 00:40:26,080
Instead of a retrospective look at what happened six months ago, auditors are becoming part

816
00:40:26,080 --> 00:40:28,040
of the real-time telemetry stream.

817
00:40:28,040 --> 00:40:31,600
They are using AI to interpret massive flows of control test results.

818
00:40:31,600 --> 00:40:33,560
They are not looking at the documents anymore.

819
00:40:33,560 --> 00:40:35,880
They are looking at the patterns of the model's behavior.

820
00:40:35,880 --> 00:40:40,520
When we talk about auditing with AI, we are talking about full population anomaly detection.

821
00:40:40,520 --> 00:40:42,720
Think about your expense reports for a moment.

822
00:40:42,720 --> 00:40:46,760
Instead of an auditor manually checking a few random receipts, you have an AI agent that scans

823
00:40:46,760 --> 00:40:48,520
every single transaction in the tenant.

824
00:40:48,520 --> 00:40:52,120
It looks for the patterns we discussed earlier, like sensitive data moving to unapproved

825
00:40:52,120 --> 00:40:55,400
sites or prompts that reveal a pattern of instruction smuggling.

826
00:40:55,400 --> 00:40:59,320
The auditors' job shifts from finding the needle to evaluating why the needle was there

827
00:40:59,320 --> 00:41:00,320
in the first place.

828
00:41:00,320 --> 00:41:02,920
They become the interpreters of the AI's findings.

829
00:41:02,920 --> 00:41:04,880
They are no longer just recorders of history.

830
00:41:04,880 --> 00:41:06,560
They are analysts of the present.

831
00:41:06,560 --> 00:41:09,240
But the harder part is auditing the AI itself.

832
00:41:09,240 --> 00:41:12,680
This is where the governance framework meets the messy reality of the black box.

833
00:41:12,680 --> 00:41:16,960
Internal audit now has a mandate to evaluate whether human in the loop is actually happening,

834
00:41:16,960 --> 00:41:19,200
or if it is just a line in a policy document.

835
00:41:19,200 --> 00:41:21,160
They are checking for instruction smuggling risks.

836
00:41:21,160 --> 00:41:24,840
They are looking at your co-pilot studio agents and asking where the testing log is, who

837
00:41:24,840 --> 00:41:29,160
owns the versioning, and how you verify that this agent does not follow commands hidden

838
00:41:29,160 --> 00:41:30,880
in an external email.

839
00:41:30,880 --> 00:41:34,400
They are auditing the logic of the prompt, not just the beauty of the output.

840
00:41:34,400 --> 00:41:36,920
This requires a complete overhaul of the audit toolkit.

841
00:41:36,920 --> 00:41:39,960
The spreadsheet is being replaced by the model evaluator.

842
00:41:39,960 --> 00:41:43,680
Auditors need to understand how rag pipelines work and they need to know how to spot a scope

843
00:41:43,680 --> 00:41:44,680
violation.

844
00:41:44,680 --> 00:41:48,160
If the audit team does not understand the difference between a system message and a user

845
00:41:48,160 --> 00:41:51,600
prompt, they cannot effectively evaluate the risk of the system.

846
00:41:51,600 --> 00:41:53,520
This creates a massive upskilling requirement.

847
00:41:53,520 --> 00:41:56,440
Your auditors have to become systems architects in their own right.

848
00:41:56,440 --> 00:42:00,080
They have to be able to look at a purview dashboard and understand if the DLP blocks are

849
00:42:00,080 --> 00:42:02,000
actually catching the right interactions.

850
00:42:02,000 --> 00:42:05,200
One of the most critical shifts is the move toward defensible analytics.

851
00:42:05,200 --> 00:42:08,280
In the past, an auditor's work paper was a record of what they saw.

852
00:42:08,280 --> 00:42:11,560
But now it is a record of how the AI was configured to see.

853
00:42:11,560 --> 00:42:14,160
They are auditing the control environment of the model.

854
00:42:14,160 --> 00:42:17,720
They are verifying that the sensitivity labels are propagating correctly and checking

855
00:42:17,720 --> 00:42:20,080
that the restricted search settings are being honored.

856
00:42:20,080 --> 00:42:21,880
They are no longer auditing the data.

857
00:42:21,880 --> 00:42:24,600
They are auditing the governance engine that manages the data.

858
00:42:24,600 --> 00:42:28,160
This shift in audit is the ultimate reality check for your AI strategy.

859
00:42:28,160 --> 00:42:33,280
It moves the conversation from what we hope the AI does to what we can prove the AI did.

860
00:42:33,280 --> 00:42:37,000
It provides the evidence that the board and the regulators are going to demand.

861
00:42:37,000 --> 00:42:40,880
If your internal audit team is not yet in the room during your co-pilot design sessions,

862
00:42:40,880 --> 00:42:43,760
you are building a system that will fail its first inspection.

863
00:42:43,760 --> 00:42:47,880
They need to be there to define the auditability requirements before the first license is assigned.

864
00:42:47,880 --> 00:42:51,160
They are the ones who will ultimately sign off on the safety of the system.

865
00:42:51,160 --> 00:42:55,000
This evolution in the audit function is not just about compliance, it is about trust.

866
00:42:55,000 --> 00:42:58,680
It provides the structural verification that allows leadership to sleep at night.

867
00:42:58,680 --> 00:43:00,160
But this leads us to a deeper problem.

868
00:43:00,160 --> 00:43:04,120
Even with the best audit procedures in the world, we are seeing a gap at the very top

869
00:43:04,120 --> 00:43:05,440
of the organization.

870
00:43:05,440 --> 00:43:08,960
There is a tension between the desire for innovation and the fear of the unknown.

871
00:43:08,960 --> 00:43:10,960
We call this the executive trust paradox.

872
00:43:10,960 --> 00:43:13,160
And it is the final barrier to production.

873
00:43:13,160 --> 00:43:15,360
The executive trust paradox.

874
00:43:15,360 --> 00:43:18,920
Leaders in 2026 are living through a profound contradiction.

875
00:43:18,920 --> 00:43:23,360
On one hand, they express high confidence in the strategic necessity of generative AI.

876
00:43:23,360 --> 00:43:27,760
They see the competitive landscape shifting and understand that standing still is a recipe

877
00:43:27,760 --> 00:43:28,760
for irrelevance.

878
00:43:28,760 --> 00:43:32,920
On the other hand, their readiness to actually govern these systems is at an all-time low.

879
00:43:32,920 --> 00:43:35,360
We call this the executive trust paradox.

880
00:43:35,360 --> 00:43:39,880
It is a state of psychological and operational paralysis where the pressure to deploy meets

881
00:43:39,880 --> 00:43:42,120
the fear of a catastrophic data event.

882
00:43:42,120 --> 00:43:46,680
It is the reason so many enterprise projects are currently stuck in a perpetual loop of evaluation

883
00:43:46,680 --> 00:43:48,720
without ever reaching the production line.

884
00:43:48,720 --> 00:43:51,040
The data reveals the depth of this anxiety.

885
00:43:51,040 --> 00:43:55,680
Recent leadership studies show that 57% of organizations cite data reliability as their

886
00:43:55,680 --> 00:43:58,440
primary barrier to full-scale AI production.

887
00:43:58,440 --> 00:44:01,200
It is not that the executives do not want the productivity.

888
00:44:01,200 --> 00:44:04,440
It is that they do not trust the foundation the productivity is built upon.

889
00:44:04,440 --> 00:44:08,480
They are self-aware enough to know that their internal information architecture is a legacy

890
00:44:08,480 --> 00:44:09,480
mess.

891
00:44:09,480 --> 00:44:13,640
They know that if they flip the switch today, the AI will be hallucinating based on outdated

892
00:44:13,640 --> 00:44:17,080
files and surfacing sensitive records that should have been deleted years ago.

893
00:44:17,080 --> 00:44:19,000
This creates a massive friction point.

894
00:44:19,000 --> 00:44:22,800
The board is demanding a road map for AI-native growth, while the security team is sounding

895
00:44:22,800 --> 00:44:26,480
the alarm about the oversharing multiplier we discussed earlier.

896
00:44:26,480 --> 00:44:31,200
This paradox manifests as a pendulum swing between two equally dangerous extremes.

897
00:44:31,200 --> 00:44:33,200
Some leaders are stuck in overcortious delay.

898
00:44:33,200 --> 00:44:36,880
They are waiting for a perfect governance tool or a definitive regulatory framework that

899
00:44:36,880 --> 00:44:37,880
may never arrive.

900
00:44:37,880 --> 00:44:42,000
They are analyzing the risk to the point of stagnation, allowing more agile competitors

901
00:44:42,000 --> 00:44:45,920
to capture the early market share and define the new standards of efficiency.

902
00:44:45,920 --> 00:44:50,400
They treat AI like a nuclear reactor, something so inherently dangerous that it must be encased

903
00:44:50,400 --> 00:44:53,280
in lead and hidden behind a dozen layers of red tape.

904
00:44:53,280 --> 00:44:55,880
But in a global economy silence is a strategy of retreat.

905
00:44:55,880 --> 00:44:59,800
You cannot wait for absolute certainty in a field that iterates every 90 days.

906
00:44:59,800 --> 00:45:02,760
At the other end of the spectrum, we have the overly aggressive rollout.

907
00:45:02,760 --> 00:45:06,760
These are the leaders who are so desperate for the ROI that they ignore the structural warnings.

908
00:45:06,760 --> 00:45:11,440
They bypass the IT help desk, ignore the audit team's concerns and push for a "turn it on"

909
00:45:11,440 --> 00:45:12,640
for everyone approach.

910
00:45:12,640 --> 00:45:16,760
They see governance as a hurdle to be cleared rather than the infrastructure that enables

911
00:45:16,760 --> 00:45:17,760
speed.

912
00:45:17,760 --> 00:45:20,760
This is how you end up with a high profile breach or a commercial disaster.

913
00:45:20,760 --> 00:45:25,280
When you deploy without a risk tiered model, you are not being bold, you are being reckless.

914
00:45:25,280 --> 00:45:29,040
You are betting the company's reputation on the hope that a junior analyst will not

915
00:45:29,040 --> 00:45:33,200
find a way to prompt their way into the executive payroll spreadsheet.

916
00:45:33,200 --> 00:45:38,120
The bridge between these two extremes is the move from policy theatre to operational reality.

917
00:45:38,120 --> 00:45:41,640
Executives need to stop asking if they can trust the AI and start asking if they can trust

918
00:45:41,640 --> 00:45:43,240
their own governance engine.

919
00:45:43,240 --> 00:45:44,240
Trust is not a feeling.

920
00:45:44,240 --> 00:45:45,920
It is a measurable state of the system.

921
00:45:45,920 --> 00:45:50,200
It is the result of seeing the purview hub show zero sensitive interactions in a high-risk

922
00:45:50,200 --> 00:45:51,200
department.

923
00:45:51,200 --> 00:45:54,320
It is the result of knowing that your tier zero remediation is complete and your tier

924
00:45:54,320 --> 00:45:56,280
one users are properly trained.

925
00:45:56,280 --> 00:46:00,320
When you have the telemetry to prove that your guardrails are working, the paradox dissolves.

926
00:46:00,320 --> 00:46:03,360
You no longer have to choose between safety and speed because the safety is what makes

927
00:46:03,360 --> 00:46:04,360
the speed possible.

928
00:46:04,360 --> 00:46:08,000
We have to realize that this paradox is often rooted in a lack of technical literacy at

929
00:46:08,000 --> 00:46:09,000
the top.

930
00:46:09,000 --> 00:46:13,120
If a leader does not understand how a rag pipeline works, they will naturally default to fear.

931
00:46:13,120 --> 00:46:16,880
They see the AI as a mysterious black box that might betray them at any moment.

932
00:46:16,880 --> 00:46:20,320
Governance training for executives is therefore a critical part of the rollout.

933
00:46:20,320 --> 00:46:22,840
They need to understand the why behind the DLP blocks.

934
00:46:22,840 --> 00:46:24,840
They need to see the how of label propagation.

935
00:46:24,840 --> 00:46:28,560
When they understand the mechanics of the control plane, they can move from a posture of suspicion

936
00:46:28,560 --> 00:46:30,560
to a posture of informed oversight.

937
00:46:30,560 --> 00:46:34,120
They can stop being the bottleneck and start being the architect of the transformation.

938
00:46:34,120 --> 00:46:37,480
This shift in executive mindset is the final unlock for the organization.

939
00:46:37,480 --> 00:46:41,200
It allows the IT team to move from defensive blocking to strategic enablement.

940
00:46:41,200 --> 00:46:44,440
It provides the political cover needed to do the hard work of data cleanup.

941
00:46:44,440 --> 00:46:49,080
It turns the governance framework from a compliance checkbox into a competitive advantage.

942
00:46:49,080 --> 00:46:52,480
But as we look at how this trust is built throughout the company, we have to look at the

943
00:46:52,480 --> 00:46:54,480
first line of defense for the end user.

944
00:46:54,480 --> 00:46:58,400
We have to look at the department that feels the impact of every deployment decision first.

945
00:46:58,400 --> 00:47:03,040
To bridge the gap between executive vision and user reality, we have to look at the IT help

946
00:47:03,040 --> 00:47:04,040
desk.

947
00:47:04,040 --> 00:47:06,320
Copilot's impact on the IT help desk.

948
00:47:06,320 --> 00:47:10,400
The IT help desk is the exact spot where your governance strategy finally hits the wall

949
00:47:10,400 --> 00:47:12,040
of human reality.

950
00:47:12,040 --> 00:47:16,160
It is the one department that feels every single mistake you made back in tier zero.

951
00:47:16,160 --> 00:47:20,280
If your permissions are messy, the help desk gets the call and if your training is lacking,

952
00:47:20,280 --> 00:47:21,560
the help desk gets the ticket.

953
00:47:21,560 --> 00:47:26,040
But as we move toward 2026, the help desk is undergoing a fundamental shift in its operational

954
00:47:26,040 --> 00:47:27,040
DNA.

955
00:47:27,040 --> 00:47:30,120
We are seeing a world where the help desk is no longer just a fix it shop.

956
00:47:30,120 --> 00:47:33,520
It is becoming a diagnostic center for the entire digital estate.

957
00:47:33,520 --> 00:47:35,200
Let's look at the numbers.

958
00:47:35,200 --> 00:47:39,320
Organizations are currently seeing a deflection of 15 to 25% of simple how-to tickets.

959
00:47:39,320 --> 00:47:42,560
These are the tier zero queries that used to clog up the queue, like asking how to sink

960
00:47:42,560 --> 00:47:45,480
a folder or where to find the MFA reset.

961
00:47:45,480 --> 00:47:50,200
Those are now asking copilot these questions directly in teams or the M365 app and the

962
00:47:50,200 --> 00:47:52,880
AI is surfacing the right documentation in seconds.

963
00:47:52,880 --> 00:47:54,520
This is a massive win for efficiency.

964
00:47:54,520 --> 00:47:57,840
It is the self service dream we have been chasing for 20 years.

965
00:47:57,840 --> 00:48:00,440
Finally realized through a natural language interface.

966
00:48:00,440 --> 00:48:01,440
But here is the shift.

967
00:48:01,440 --> 00:48:04,320
When you deflect the easy tickets, the ticket mix changes.

968
00:48:04,320 --> 00:48:05,880
The help desk isn't getting less busy.

969
00:48:05,880 --> 00:48:07,440
It is getting more focused.

970
00:48:07,440 --> 00:48:10,240
The remaining 75% of tickets are the complex ones.

971
00:48:10,240 --> 00:48:14,240
They are the configuration errors, the access violations and the deep system faults that

972
00:48:14,240 --> 00:48:16,120
an AI simply cannot solve.

973
00:48:16,120 --> 00:48:19,360
This means your help desk agents need a higher level of technical skill than they did two

974
00:48:19,360 --> 00:48:20,360
years ago.

975
00:48:20,360 --> 00:48:22,280
They are no longer following a script for password resets.

976
00:48:22,280 --> 00:48:25,320
They are performing forensic analysis on your governance engine.

977
00:48:25,320 --> 00:48:27,160
This is where agent assistance comes in.

978
00:48:27,160 --> 00:48:31,320
Your IT staff are using copilot to manage this increased complexity.

979
00:48:31,320 --> 00:48:35,800
Think about a ticket with a three week history involving 10 different emails and five different

980
00:48:35,800 --> 00:48:38,120
chat threads across three different agents.

981
00:48:38,120 --> 00:48:41,520
In the old model, a new agent would spend 20 minutes just reading the history to understand

982
00:48:41,520 --> 00:48:42,520
the problem.

983
00:48:42,520 --> 00:48:44,400
This copilot to summarize the timeline.

984
00:48:44,400 --> 00:48:48,320
They get the cliff notes version of the troubleshooting steps already taken and they see the exact

985
00:48:48,320 --> 00:48:50,400
moment the configuration changed.

986
00:48:50,400 --> 00:48:51,760
But we have to be careful.

987
00:48:51,760 --> 00:48:53,920
There is a real risk of over trusting the summary.

988
00:48:53,920 --> 00:48:58,640
If an agent relies entirely on the AI's interpretation of a ticket, they might miss the subtle hint

989
00:48:58,640 --> 00:49:00,800
that a user dropped in the third email.

990
00:49:00,800 --> 00:49:04,360
They might miss the specific error code that the model deemed irrelevant.

991
00:49:04,360 --> 00:49:07,480
Governance for the help desk means enforcing a verify the summary rule.

992
00:49:07,480 --> 00:49:10,840
The AI provides the map, but the human must still walk the ground.

993
00:49:10,840 --> 00:49:14,640
You cannot outsource the diagnostic judgment to a model that doesn't understand your unique

994
00:49:14,640 --> 00:49:15,920
infrastructure quirks.

995
00:49:15,920 --> 00:49:18,400
The real boom is happening in knowledge management.

996
00:49:18,400 --> 00:49:22,480
Historically, IT teams hated writing KB articles because it was the task that always got pushed

997
00:49:22,480 --> 00:49:24,080
the Friday afternoon and then forgotten.

998
00:49:24,080 --> 00:49:28,040
Now agents are using copilot to draft articles three times faster than before.

999
00:49:28,040 --> 00:49:32,240
They finish a ticket, hit a button, and the AI generates a structured how-to guide based

1000
00:49:32,240 --> 00:49:33,960
on the resolution steps they just took.

1001
00:49:33,960 --> 00:49:35,480
This creates a virtuous cycle.

1002
00:49:35,480 --> 00:49:39,560
Better documentation leads to better AI self-service, which leads to fewer tickets.

1003
00:49:39,560 --> 00:49:42,360
You are building a self-healing knowledge base in real time.

1004
00:49:42,360 --> 00:49:44,880
This turns the help desk into a service improvement hub.

1005
00:49:44,880 --> 00:49:49,120
Instead of just closing tickets, the team is using AI to spot systemic policy gaps.

1006
00:49:49,120 --> 00:49:52,560
They are asking the model what the top five reasons are for people hitting DLP blocks

1007
00:49:52,560 --> 00:49:53,560
this week.

1008
00:49:53,560 --> 00:49:57,600
If the answer is that finance is trying to share spreadsheets with the external audit team,

1009
00:49:57,600 --> 00:49:59,040
then you don't have a technical problem.

1010
00:49:59,040 --> 00:50:01,120
You have a policy problem or a training gap.

1011
00:50:01,120 --> 00:50:05,480
The help desk provides the data that allows you to refine your governance in tier zero.

1012
00:50:05,480 --> 00:50:07,360
This shift is about more than just speed.

1013
00:50:07,360 --> 00:50:09,080
It is about the health of the system.

1014
00:50:09,080 --> 00:50:12,800
The help desk is the feedback loop for your entire AI strategy.

1015
00:50:12,800 --> 00:50:16,440
If your tickets are spiking, your governance is failing, but if your deflection is high,

1016
00:50:16,440 --> 00:50:17,720
your foundation is working.

1017
00:50:17,720 --> 00:50:20,640
You are moving from reactive support to proactive posture management.

1018
00:50:20,640 --> 00:50:23,040
The help desk is the pulse of the organization.

1019
00:50:23,040 --> 00:50:27,480
And right now, that pulse is telling us that the underlying models are evolving faster

1020
00:50:27,480 --> 00:50:29,160
than our ability to manage them.

1021
00:50:29,160 --> 00:50:31,760
We have to look at where this roadmap is taking us.

1022
00:50:31,760 --> 00:50:33,960
Critiquing the 2026 roadmap.

1023
00:50:33,960 --> 00:50:37,320
Microsoft is betting the farm on what they call "agentic automation".

1024
00:50:37,320 --> 00:50:40,160
If you look at the 2026 roadmap, the shift is clear.

1025
00:50:40,160 --> 00:50:43,760
We are moving away from a chat box that simply answers questions and toward a system of autonomous

1026
00:50:43,760 --> 00:50:45,760
agents that can actually perform tasks.

1027
00:50:45,760 --> 00:50:50,440
They want an environment where your AI doesn't just draft the email, but monitors the response

1028
00:50:50,440 --> 00:50:53,800
and updates the CRM without you ever touching a keyboard.

1029
00:50:53,800 --> 00:50:57,440
It sounds like the ultimate productivity unlock, but as we look at the actual trajectory

1030
00:50:57,440 --> 00:51:00,320
of these features, we have to ask a difficult question.

1031
00:51:00,320 --> 00:51:03,200
Is this roadmap designed for the reality of your data?

1032
00:51:03,200 --> 00:51:07,680
Or is it designed for a sanitized lab environment that doesn't exist in the Fortune 500?

1033
00:51:07,680 --> 00:51:09,520
Gartner has been vocal about this gap.

1034
00:51:09,520 --> 00:51:14,240
Their 2026 critique is a sobering reality check for anyone caught up in the vendor hype.

1035
00:51:14,240 --> 00:51:17,840
They point out that while the technology is maturing at a breakneck pace, organizational

1036
00:51:17,840 --> 00:51:20,160
readiness is still the primary bottleneck.

1037
00:51:20,160 --> 00:51:24,360
In their latest survey of IT leaders, 40% of organizations are still stuck in the pilot

1038
00:51:24,360 --> 00:51:25,360
phase.

1039
00:51:25,360 --> 00:51:29,720
Even more telling, only 5% of those who finished their pilots are actually moving to a larger

1040
00:51:29,720 --> 00:51:30,720
deployment this year.

1041
00:51:30,720 --> 00:51:32,280
That is a massive disconnect.

1042
00:51:32,280 --> 00:51:36,600
Microsoft is building a penthouse suite of agentec features, but most enterprises are still

1043
00:51:36,600 --> 00:51:39,760
struggling to lay a stable foundation in the basement.

1044
00:51:39,760 --> 00:51:43,200
One of the major wins on the 2026 roadmap is deep citations.

1045
00:51:43,200 --> 00:51:45,440
This is Microsoft's answer to the trust problem.

1046
00:51:45,440 --> 00:51:49,280
The system will now point to the exact source passage, the specific paragraph, and the specific

1047
00:51:49,280 --> 00:51:52,240
version of the file it used to generate an answer.

1048
00:51:52,240 --> 00:51:55,760
On paper, this solves the hallucination risk, but here is the structural flaw.

1049
00:51:55,760 --> 00:51:58,880
Deep citations are only as good as the content they reference.

1050
00:51:58,880 --> 00:52:02,800
If your share point is a graveyard of outdated and duplicate documents, the citations will

1051
00:52:02,800 --> 00:52:05,040
lead your users into a hole of mirrors.

1052
00:52:05,040 --> 00:52:08,920
You are providing a high resolution map of a landfill, the roadmap assumes your content

1053
00:52:08,920 --> 00:52:12,120
is structured and fresh, then we have the Excel agent mode.

1054
00:52:12,120 --> 00:52:15,880
The roadmap promises that co-pilot will soon be able to perform complex financial modeling

1055
00:52:15,880 --> 00:52:18,120
and variance analysis autonomously.

1056
00:52:18,120 --> 00:52:21,920
It is supposed to replace the manual labor of the junior analyst, but Gartner argues

1057
00:52:21,920 --> 00:52:24,520
that this increases the data loss risk exponentially.

1058
00:52:24,520 --> 00:52:28,600
If an agent has the power to synthesize data across multiple spreadsheets and then push

1059
00:52:28,600 --> 00:52:33,360
that synthesis into a presentation, you have created a massive new X filtration pass.

1060
00:52:33,360 --> 00:52:37,360
If the governance isn't perfect, the agent might inadvertently combine a public sales report

1061
00:52:37,360 --> 00:52:39,600
with a private executive compensation sheet.

1062
00:52:39,600 --> 00:52:42,280
The roadmap focuses on the how, but ignores the where.

1063
00:52:42,280 --> 00:52:45,920
We are seeing a chasm between vendor reality and enterprise reality.

1064
00:52:45,920 --> 00:52:50,160
Microsoft is selling a world of seamless integration, where every app talks to every other app

1065
00:52:50,160 --> 00:52:52,320
through a unified intelligence layer.

1066
00:52:52,320 --> 00:52:55,960
But in your world, you have legacy systems, fragmented departments and a decade of data

1067
00:52:55,960 --> 00:52:57,280
that hasn't been paid.

1068
00:52:57,280 --> 00:53:00,320
You have thousands of sharepoint sites with everyone permissions that were never cleaned

1069
00:53:00,320 --> 00:53:01,320
up.

1070
00:53:01,320 --> 00:53:02,920
The 2026 roadmap doesn't solve this.

1071
00:53:02,920 --> 00:53:07,640
It actually makes it worse by giving the AI more power to traverse those messy connections.

1072
00:53:07,640 --> 00:53:11,120
It is like putting a high performance engine into a car with rusty brakes.

1073
00:53:11,120 --> 00:53:15,440
The roadmap also highlights multi-model flexibility, allowing the system to choose the best LLM

1074
00:53:15,440 --> 00:53:16,760
for a specific task.

1075
00:53:16,760 --> 00:53:20,640
While this is great for performance, it creates a nightmare for the audit team.

1076
00:53:20,640 --> 00:53:24,560
If different parts of a complex business process are being handled by different models,

1077
00:53:24,560 --> 00:53:26,280
how do you ensure consistent governance?

1078
00:53:26,280 --> 00:53:30,400
How do you maintain a unified audit trail when the reasoning is being handed off between

1079
00:53:30,400 --> 00:53:31,720
various architectures?

1080
00:53:31,720 --> 00:53:36,880
We are adding layers of complexity to a system that we already struggle to monitor effectively.

1081
00:53:36,880 --> 00:53:40,160
We are prioritizing model choice over model accountability.

1082
00:53:40,160 --> 00:53:43,960
Ultimately, the 2026 roadmap is a magnificent vision of what AI could be.

1083
00:53:43,960 --> 00:53:49,040
But for the IT leader, it is a set of new responsibilities that arrive before the old ones are settled.

1084
00:53:49,040 --> 00:53:53,160
You are being asked to govern agents before you have finished governing the chat.

1085
00:53:53,160 --> 00:53:57,160
You are being asked to manage deep citations before you have finished labeling your data.

1086
00:53:57,160 --> 00:53:59,920
The roadmap is a call to action, but it isn't a shortcut.

1087
00:53:59,920 --> 00:54:03,560
It is a reminder that technology will always move faster than the organization.

1088
00:54:03,560 --> 00:54:06,760
We have to find a way to handle the inevitable exceptions to the rules.

1089
00:54:06,760 --> 00:54:10,800
This requires a shift from rigid enforcement to a more flexible context-aware management

1090
00:54:10,800 --> 00:54:15,520
style that can accommodate the messy reality of a modern global business environment.

1091
00:54:15,520 --> 00:54:18,920
Access must be secured by default, but we need a clear path for the exceptions that

1092
00:54:18,920 --> 00:54:20,400
drive innovation.

1093
00:54:20,400 --> 00:54:23,000
This leads us to the final piece of the technical puzzle.

1094
00:54:23,000 --> 00:54:26,800
We need to talk about how we manage the inevitable deviations from the plan, managing

1095
00:54:26,800 --> 00:54:28,920
DLP and governance exceptions.

1096
00:54:28,920 --> 00:54:32,920
The rigid wall of a no eventually cracks under the pressure of a business that needs to move.

1097
00:54:32,920 --> 00:54:36,800
If your governance is a frozen block of ice, people will just find a way to melt it or walk

1098
00:54:36,800 --> 00:54:37,800
around it.

1099
00:54:37,800 --> 00:54:39,680
We have to talk about the reality of exceptions.

1100
00:54:39,680 --> 00:54:43,040
In a global enterprise, there is no such thing as a perfect universal rule.

1101
00:54:43,040 --> 00:54:46,880
There is always a high value project that needs to touch a restricted data source,

1102
00:54:46,880 --> 00:54:51,000
and there is always a specialized team that needs to bypass a standard DLP block to close

1103
00:54:51,000 --> 00:54:52,760
a critical gap.

1104
00:54:52,760 --> 00:54:56,720
The goal of a modern architect isn't to prevent every exception, but rather to manage

1105
00:54:56,720 --> 00:54:59,080
them so they don't become the new default.

1106
00:54:59,080 --> 00:55:00,600
The mantra for this is simple.

1107
00:55:00,600 --> 00:55:03,000
Secure by default, allow by exception.

1108
00:55:03,000 --> 00:55:06,880
It sounds like a basic security principle, but in the context of co-pilot it is a structural

1109
00:55:06,880 --> 00:55:07,880
requirement.

1110
00:55:07,880 --> 00:55:09,920
You start with the most restrictive posture possible.

1111
00:55:09,920 --> 00:55:14,680
You assume that no AI agent should have access to external connectors, and you assume

1112
00:55:14,680 --> 00:55:18,080
that no prompt should be allowed to touch a highly confidential label.

1113
00:55:18,080 --> 00:55:19,080
This is your baseline.

1114
00:55:19,080 --> 00:55:22,360
From this position of strength, you can then evaluate specific requests.

1115
00:55:22,360 --> 00:55:23,360
But here is the catch.

1116
00:55:23,360 --> 00:55:24,880
The exception must be earned.

1117
00:55:24,880 --> 00:55:26,120
Not just requested.

1118
00:55:26,120 --> 00:55:30,200
Most organizations fail because their exception process is a "who you know" system.

1119
00:55:30,200 --> 00:55:33,480
If a vice president asks for a block to be lifted, the admin does it.

1120
00:55:33,480 --> 00:55:37,560
And that's how your governance architecture turns into a pile of loose bricks.

1121
00:55:37,560 --> 00:55:42,560
To fix this, every exception must be tied directly to your sensitivity label taxonomy.

1122
00:55:42,560 --> 00:55:44,560
You don't grant an exception to a person.

1123
00:55:44,560 --> 00:55:48,400
You granted to a specific data classification within a specific context.

1124
00:55:48,400 --> 00:55:52,120
If the finance team needs co-pilot to analyze a restricted M&A folder, you don't lower

1125
00:55:52,120 --> 00:55:53,880
the guardrails for the whole department.

1126
00:55:53,880 --> 00:55:58,000
You create a time-bound, scoped environment where that specific label is temporarily accessible

1127
00:55:58,000 --> 00:55:59,560
to a verified group of users.

1128
00:55:59,560 --> 00:56:00,880
This is a critical distinction.

1129
00:56:00,880 --> 00:56:04,520
An exception shouldn't be a permanent change to your tenant settings, but instead, it should

1130
00:56:04,520 --> 00:56:07,480
be a temporary lease on a specific capability.

1131
00:56:07,480 --> 00:56:12,120
Once the project is over, the door closes, and the governance engine resets to its default

1132
00:56:12,120 --> 00:56:13,360
state.

1133
00:56:13,360 --> 00:56:17,440
We also need to look at the soft enforcement model, especially in co-pilot studio.

1134
00:56:17,440 --> 00:56:20,200
This is a powerful diagnostic tool that most people ignore.

1135
00:56:20,200 --> 00:56:24,040
Instead of immediately blocking every new agent that a business user tries to build, you

1136
00:56:24,040 --> 00:56:25,560
start in an auditing mode.

1137
00:56:25,560 --> 00:56:28,440
You let them build, you let them connect, and you monitor every interaction.

1138
00:56:28,440 --> 00:56:32,800
This allows you to see the shadow AI before it becomes a problem, and it lets you identify

1139
00:56:32,800 --> 00:56:36,440
the high-value use cases that you might have missed in your initial policy design.

1140
00:56:36,440 --> 00:56:40,800
If you see five different teams trying to build a similar bot for customer support, that's

1141
00:56:40,800 --> 00:56:41,800
a signal.

1142
00:56:41,800 --> 00:56:45,800
It gives you that there is a legitimate business need that your current secure by default posture

1143
00:56:45,800 --> 00:56:46,800
isn't meeting.

1144
00:56:46,800 --> 00:56:51,360
You can then design a formal, govern solution that replaces those five ad hoc bots.

1145
00:56:51,360 --> 00:56:54,800
This approach turns your audit logs into a road map for enablement.

1146
00:56:54,800 --> 00:56:58,200
You aren't just looking for bad actors, you're looking for unmet needs.

1147
00:56:58,200 --> 00:57:03,080
When you finally move from soft enforcement to a hard block, you do it with the data to

1148
00:57:03,080 --> 00:57:04,440
prove why it's necessary.

1149
00:57:04,440 --> 00:57:08,600
You can show the business that you've analyzed their work and provided a safer alternative.

1150
00:57:08,600 --> 00:57:10,160
This builds the trust we discussed earlier.

1151
00:57:10,160 --> 00:57:13,880
The business stops seeing IT as the department of no and starts seeing them as the engine

1152
00:57:13,880 --> 00:57:14,880
of safe speed.

1153
00:57:14,880 --> 00:57:18,680
However, we have to be careful about tenant-wide relaxation.

1154
00:57:18,680 --> 00:57:21,880
This is the single biggest mistake I see in 2026.

1155
00:57:21,880 --> 00:57:26,720
An executive finds a friction point in word, and the IT team fixes it by changing a global

1156
00:57:26,720 --> 00:57:28,040
setting in the admin center.

1157
00:57:28,040 --> 00:57:32,240
Suddenly, a block that was protecting 10,000 people is gone, because one person found it

1158
00:57:32,240 --> 00:57:33,240
annoying.

1159
00:57:33,240 --> 00:57:36,120
You must resist the urge to solve local problems with global changes.

1160
00:57:36,120 --> 00:57:39,840
If a rule is broken for one person, the fix must be scoped to that person's specific

1161
00:57:39,840 --> 00:57:40,840
environment.

1162
00:57:40,840 --> 00:57:44,400
Use the restricted SharePoint search or adaptive scopes we talked about to create these

1163
00:57:44,400 --> 00:57:46,120
micro zones of flexibility.

1164
00:57:46,120 --> 00:57:48,960
Keep the rest of the tenant under the protection of the baseline.

1165
00:57:48,960 --> 00:57:53,160
Every exception must be documented in a central register that the internal audit team can

1166
00:57:53,160 --> 00:57:54,160
review.

1167
00:57:54,160 --> 00:57:58,320
If you can't explain why a specific team has a bypass, then that bypass shouldn't exist.

1168
00:57:58,320 --> 00:58:00,400
Building a governance-aware culture.

1169
00:58:00,400 --> 00:58:03,960
Technical controls are the hardware of your governance strategy, but culture is the

1170
00:58:03,960 --> 00:58:06,000
operating system that actually runs the tenant.

1171
00:58:06,000 --> 00:58:10,160
You can spend millions on e5 licenses and per view configurations, but if your workforce

1172
00:58:10,160 --> 00:58:14,680
treats those tools as a list of annoyances to be circumvented, your digital estate is still

1173
00:58:14,680 --> 00:58:15,680
at risk.

1174
00:58:15,680 --> 00:58:19,200
In the generative era, your people are the final circuit breaker.

1175
00:58:19,200 --> 00:58:23,440
They are the ones who ultimately decide whether a prompt is appropriate, or whether an AI-generated

1176
00:58:23,440 --> 00:58:25,560
summary is safe to share with the client.

1177
00:58:25,560 --> 00:58:29,200
If they don't understand the structural why behind the guardrails, they will fill that

1178
00:58:29,200 --> 00:58:30,800
void with their own shortcuts.

1179
00:58:30,800 --> 00:58:34,520
We have to move away from the outdated concept that governance is a policing action performed

1180
00:58:34,520 --> 00:58:35,520
by IT.

1181
00:58:35,520 --> 00:58:39,640
It has to evolve into a partnership where the business takes ownership of its own safety.

1182
00:58:39,640 --> 00:58:42,680
This transformation requires a network of functional translators.

1183
00:58:42,680 --> 00:58:47,720
We call them champions, but they are far more than just early adopters or fans of the technology.

1184
00:58:47,720 --> 00:58:51,680
These are the individuals in every department, from finance to creative, who understand the

1185
00:58:51,680 --> 00:58:57,240
specific nuances of their local workflows and the unique risks associated with their data.

1186
00:58:57,240 --> 00:59:01,640
A champion in legal knows exactly why a specific contract shouldn't be summarized by a model

1187
00:59:01,640 --> 00:59:06,480
with web grounding enabled, and a champion in sales knows how to use the AI to personalize

1188
00:59:06,480 --> 00:59:11,120
a pitch without inadvertently leaking the internal margin guidelines.

1189
00:59:11,120 --> 00:59:12,960
They don't just teach people how to prompt.

1190
00:59:12,960 --> 00:59:16,280
They model the ethical and secure behavior that the policy requires.

1191
00:59:16,280 --> 00:59:20,240
If your governance strategy doesn't empower these local leads to actors stewards, you are

1192
00:59:20,240 --> 00:59:25,160
trying to manage a global system with a single central lens that can't see the local detail.

1193
00:59:25,160 --> 00:59:28,080
We need a fundamental rebranding of the word governance.

1194
00:59:28,080 --> 00:59:31,240
It shouldn't be perceived as a barrier or a series of speed bumps.

1195
00:59:31,240 --> 00:59:33,240
It needs to be understood as infrastructure.

1196
00:59:33,240 --> 00:59:34,840
Think about a high speed rail system.

1197
00:59:34,840 --> 00:59:38,120
The tracks and the signaling aren't there to limit the train's velocity.

1198
00:59:38,120 --> 00:59:40,080
They are there to make that velocity possible.

1199
00:59:40,080 --> 00:59:43,240
Without them, the train would be a danger to itself and everyone around it.

1200
00:59:43,240 --> 00:59:45,440
That is what a governance-aware culture provides.

1201
00:59:45,440 --> 00:59:49,520
It creates a stable, predictable environment where the right way to use AI is also the

1202
00:59:49,520 --> 00:59:50,600
most efficient way.

1203
00:59:50,600 --> 00:59:54,640
When your employees realize that these controls actually protect their professional reputation

1204
00:59:54,640 --> 00:59:58,960
and make their output more reliable, the cultural friction starts to dissipate.

1205
00:59:58,960 --> 01:00:02,840
They stop viewing the security team as a warden and start seeing them as the engineers who

1206
01:00:02,840 --> 01:00:06,400
build the tracks that allow them to move at machine speed.

1207
01:00:06,400 --> 01:00:09,720
This leads us to the concept of responsible AI by design.

1208
01:00:09,720 --> 01:00:13,520
This isn't a separate compliance meeting you hold once a quarter to satisfy an auditor.

1209
01:00:13,520 --> 01:00:18,080
It is a mindset that must be baked into every prompt, every agent, and every automated workflow.

1210
01:00:18,080 --> 01:00:22,400
In 2026, the most successful organizations are those where employees take personal pride

1211
01:00:22,400 --> 01:00:25,000
in the integrity of their AI interactions.

1212
01:00:25,000 --> 01:00:28,360
They understand that a hallucination isn't just a technical quirk.

1213
01:00:28,360 --> 01:00:31,120
It is a failure of the human verification process.

1214
01:00:31,120 --> 01:00:34,480
They treat the model with a healthy level of professional skepticism, knowing that the

1215
01:00:34,480 --> 01:00:36,560
human in the loop isn't a legal burden.

1216
01:00:36,560 --> 01:00:40,320
It is the only thing that gives the AI's output any actual business value.

1217
01:00:40,320 --> 01:00:44,960
They recognize that their expertise is the filter that turns raw machine logic into a

1218
01:00:44,960 --> 01:00:47,000
defensible business deliverable.

1219
01:00:47,000 --> 01:00:50,080
We are moving toward a world of distributed accountability.

1220
01:00:50,080 --> 01:00:54,600
Every employee who holds a copilot license is now, in effect, a data manager.

1221
01:00:54,600 --> 01:00:56,640
They aren't just consumers of information.

1222
01:00:56,640 --> 01:00:59,040
They are the orchestrators of the company's intelligence.

1223
01:00:59,040 --> 01:01:00,840
They need to understand the weight of that shift.

1224
01:01:00,840 --> 01:01:05,320
If they build a custom agent to automate a customer facing interaction, they are the ones

1225
01:01:05,320 --> 01:01:08,440
who must be the first line of audit for its performance.

1226
01:01:08,440 --> 01:01:10,840
They are the front line of the digital estate.

1227
01:01:10,840 --> 01:01:14,980
When this cultural shift takes root, your internal risk profile drops more than any technical

1228
01:01:14,980 --> 01:01:16,440
block could ever achieve.

1229
01:01:16,440 --> 01:01:21,240
You have moved from a posture of rigid enforcement to a posture of shared stewardship.

1230
01:01:21,240 --> 01:01:23,960
This cultural maturity is the ultimate goal of the architect.

1231
01:01:23,960 --> 01:01:28,180
It is the final piece of the puzzle that turns a high-powered tool into a sustainable,

1232
01:01:28,180 --> 01:01:31,440
competitive advantage for the entire organization.

1233
01:01:31,440 --> 01:01:32,440
Implementation of future pacing.

1234
01:01:32,440 --> 01:01:33,960
So where do you actually start?

1235
01:01:33,960 --> 01:01:37,640
You need a 90-day blueprint because you can't just flip a switch and expect things to

1236
01:01:37,640 --> 01:01:38,640
work.

1237
01:01:38,640 --> 01:01:40,720
That approach leads to the commercial disasters we talked about.

1238
01:01:40,720 --> 01:01:43,120
So day one to 30 has to be about tier zero.

1239
01:01:43,120 --> 01:01:47,200
This is the remediation phase where you aren't giving out licenses yet, but instead you

1240
01:01:47,200 --> 01:01:50,400
are running oversharing baseline reports to see the damage.

1241
01:01:50,400 --> 01:01:55,280
You are identifying every single everyone except external users group that has access to sensitive

1242
01:01:55,280 --> 01:01:58,920
sites and you are finally finding those anyone with the link shares that have been sitting

1243
01:01:58,920 --> 01:02:00,800
in your one drive for five years.

1244
01:02:00,800 --> 01:02:05,560
This is the structural cleanup and if you skip this part, you are building your entire strategy

1245
01:02:05,560 --> 01:02:06,560
on sand.

1246
01:02:06,560 --> 01:02:10,040
You are essentially giving an AI a flashlight to find every sensitive file you forgot

1247
01:02:10,040 --> 01:02:14,000
to delete, which is why this month is when you finally pay your data debt.

1248
01:02:14,000 --> 01:02:17,920
You have to look at the toxic combinations where highly sensitive data meets broad internal

1249
01:02:17,920 --> 01:02:22,120
access and then you fix the permissions before moving files to the right sites.

1250
01:02:22,120 --> 01:02:25,480
This is the work that nobody wants to do, but it's the only work that actually matters

1251
01:02:25,480 --> 01:02:26,480
in the long run.

1252
01:02:26,480 --> 01:02:30,440
You can't skip the cleanup or ignore the permissions because the AI will eventually expose

1253
01:02:30,440 --> 01:02:31,440
the truth.

1254
01:02:31,440 --> 01:02:34,160
Day 31 to 60 is when you apply the technical logic.

1255
01:02:34,160 --> 01:02:38,200
You use restricted SharePoint search as your interim safety net while tagging your sites

1256
01:02:38,200 --> 01:02:39,960
with AI specific properties.

1257
01:02:39,960 --> 01:02:42,280
You define which repositories are AI eligible.