The Global Admin is Your Real CEO: The Architecture of Power in M365

1
00:00:00,000 --> 00:00:02,120
The corner office is a psychological artifact.

2
00:00:02,120 --> 00:00:04,720
We look at the Mohogany desks and the high floor views

3
00:00:04,720 --> 00:00:06,560
and we assume that's where the power lives,

4
00:00:06,560 --> 00:00:08,160
but in reality.

5
00:00:08,160 --> 00:00:09,760
The corner office is just a room.

6
00:00:09,760 --> 00:00:11,480
Real authority in the modern enterprise

7
00:00:11,480 --> 00:00:13,040
doesn't sit in a leather chair.

8
00:00:13,040 --> 00:00:14,680
It lives in the tenant configuration

9
00:00:14,680 --> 00:00:16,960
of your Microsoft 365 environment.

10
00:00:16,960 --> 00:00:18,280
Your org chart is a diagram.

11
00:00:18,280 --> 00:00:20,160
Your permission set is the reality.

12
00:00:20,160 --> 00:00:21,480
We operate under the assumption

13
00:00:21,480 --> 00:00:23,400
that the CEO holds the ultimate mandate.

14
00:00:23,400 --> 00:00:25,760
But the truth is, the CEO is merely a guest

15
00:00:25,760 --> 00:00:27,800
in a house built, managed, and controlled

16
00:00:27,800 --> 00:00:29,160
by the global admin.

17
00:00:29,160 --> 00:00:31,200
When the board issues a strategic directive,

18
00:00:31,200 --> 00:00:33,480
it's just a suggestion until someone clicks apply

19
00:00:33,480 --> 00:00:34,760
in the admin center.

20
00:00:34,760 --> 00:00:36,800
If the architecture says no, the executive mandate

21
00:00:36,800 --> 00:00:37,480
doesn't happen.

22
00:00:37,480 --> 00:00:39,520
This is the birth of the digital cost system.

23
00:00:39,520 --> 00:00:41,160
It's a world where your title is meaningless

24
00:00:41,160 --> 00:00:42,600
without delegated access.

25
00:00:42,600 --> 00:00:44,440
Today, I'm stripping back the UI to show you

26
00:00:44,440 --> 00:00:46,160
who actually runs your company.

27
00:00:46,160 --> 00:00:48,520
The global admin as the real CEO.

28
00:00:48,520 --> 00:00:51,640
In the physical world, power is balanced by policy, law,

29
00:00:51,640 --> 00:00:52,800
and physical barriers.

30
00:00:52,800 --> 00:00:55,880
In Microsoft 365, power is defined by the role.

31
00:00:55,880 --> 00:00:58,040
And no role is more absolute than the global admin.

32
00:00:58,040 --> 00:00:59,720
This isn't just an IT designation.

33
00:00:59,720 --> 00:01:01,000
It is a sovereign position.

34
00:01:01,000 --> 00:01:03,360
A global admin has unrestricted access

35
00:01:03,360 --> 00:01:05,880
to every setting, every user account,

36
00:01:05,880 --> 00:01:08,160
and every bite of data within your tenant.

37
00:01:08,160 --> 00:01:10,080
They can reset the password of the CFO.

38
00:01:10,080 --> 00:01:12,440
They can read the private drafts of the legal team.

39
00:01:12,440 --> 00:01:15,040
They can unblock themselves from any security restriction

40
00:01:15,040 --> 00:01:16,200
ever devised.

41
00:01:16,200 --> 00:01:18,920
They are the ones who write the digital law of your territory.

42
00:01:18,920 --> 00:01:20,080
But here's the problem.

43
00:01:20,080 --> 00:01:21,920
Organizations are over assigning this role

44
00:01:21,920 --> 00:01:23,240
at a staggering rate.

45
00:01:23,240 --> 00:01:25,480
Research shows that many firms have over 100 people

46
00:01:25,480 --> 00:01:26,960
holding global admin privileges.

47
00:01:26,960 --> 00:01:28,200
That's not a leadership team.

48
00:01:28,200 --> 00:01:28,840
That's a crowd.

49
00:01:28,840 --> 00:01:30,360
It creates a shadow leadership problem

50
00:01:30,360 --> 00:01:32,440
where the people who can actually override the system

51
00:01:32,440 --> 00:01:34,960
are often three or four levels removed from the boardroom.

52
00:01:34,960 --> 00:01:38,000
When you have 100 global admins, you don't have a governance model.

53
00:01:38,000 --> 00:01:40,240
You have a digital feudalism where everyone has the keys

54
00:01:40,240 --> 00:01:41,320
to the kingdom.

55
00:01:41,320 --> 00:01:43,320
What typically happens is that IT teams

56
00:01:43,320 --> 00:01:45,560
fall into the technology lifeguard trap.

57
00:01:45,560 --> 00:01:47,000
Because they have ultimate power,

58
00:01:47,000 --> 00:01:49,760
they spend their entire day scanning for mundane infractions.

59
00:01:49,760 --> 00:01:51,960
They're chasing down unowned groups, monitoring

60
00:01:51,960 --> 00:01:54,600
MFA setups or following up on quota limits.

61
00:01:54,600 --> 00:01:56,680
They are the most powerful people in the building,

62
00:01:56,680 --> 00:01:59,560
yet they are spending their time acting as digital genitors.

63
00:01:59,560 --> 00:02:02,200
This concentration of power is a structural flaw.

64
00:02:02,200 --> 00:02:05,280
The global admin was designed as a break glass role.

65
00:02:05,280 --> 00:02:07,160
It was supposed to be the emergency lever you pull

66
00:02:07,160 --> 00:02:08,560
when the building is on fire.

67
00:02:08,560 --> 00:02:11,880
Instead, it has become the default setting for convenience.

68
00:02:11,880 --> 00:02:13,840
We give people global admin rights

69
00:02:13,840 --> 00:02:15,600
because it's easier than figuring out exactly

70
00:02:15,600 --> 00:02:17,520
what they actually need to do their jobs.

71
00:02:17,520 --> 00:02:20,160
But in reality, convenience is the enemy of control.

72
00:02:20,160 --> 00:02:22,800
Every time you assign a global admin role to unblock someone,

73
00:02:22,800 --> 00:02:25,160
you are diluting the CEO's actual authority.

74
00:02:25,160 --> 00:02:27,520
You are creating a layer of people who can bypass

75
00:02:27,520 --> 00:02:30,040
the very policies the CEO just signed off on.

76
00:02:30,040 --> 00:02:32,480
If the security policy says no external sharing,

77
00:02:32,480 --> 00:02:34,560
but the global admin decides to help a friend

78
00:02:34,560 --> 00:02:36,800
by flipping a switch, the policy is dead.

79
00:02:36,800 --> 00:02:39,280
The global admin just vetoed the executive office.

80
00:02:39,280 --> 00:02:42,360
And one level deeper, it's about the role concentration ratio.

81
00:02:42,360 --> 00:02:44,320
In most organizations, three or four people

82
00:02:44,320 --> 00:02:47,920
can effectively override what 300 managers were told to follow.

83
00:02:47,920 --> 00:02:50,280
This is the model behind the modern power struggle.

84
00:02:50,280 --> 00:02:51,680
We think we are managing people,

85
00:02:51,680 --> 00:02:53,720
but we are actually managing a permission set.

86
00:02:53,720 --> 00:02:56,320
If you don't believe me, try to change a major corporate policy

87
00:02:56,320 --> 00:02:58,000
without the consent of your tenant admins.

88
00:02:58,000 --> 00:03:01,400
You'll find out very quickly where the sovereign power truly resides.

89
00:03:01,400 --> 00:03:02,480
The floor isn't the people.

90
00:03:02,480 --> 00:03:04,680
It's the assumption that the org chart matters more

91
00:03:04,680 --> 00:03:06,560
than the EntraID role assignment.

92
00:03:06,560 --> 00:03:09,760
We've built these hierarchies for a world that no longer exists.

93
00:03:09,760 --> 00:03:12,240
We assume that because someone is the head of finance,

94
00:03:12,240 --> 00:03:14,680
they have the most influence over the financial data.

95
00:03:14,680 --> 00:03:16,520
But the global admin is the one who decides

96
00:03:16,520 --> 00:03:18,440
if that data is even visible.

97
00:03:18,440 --> 00:03:20,280
They are the ones who decide if the everyone group

98
00:03:20,280 --> 00:03:21,840
can see the board minutes.

99
00:03:21,840 --> 00:03:23,120
You navigate, you search.

100
00:03:23,120 --> 00:03:25,240
You assume the system is working as intended.

101
00:03:25,240 --> 00:03:27,400
But the moment this breaks is the moment you realize

102
00:03:27,400 --> 00:03:29,720
that power isn't just about what you can do.

103
00:03:29,720 --> 00:03:31,080
It's about what you can see.

104
00:03:31,080 --> 00:03:32,960
And right now your global admin see everything.

105
00:03:32,960 --> 00:03:35,760
They are the real architects of your corporate reality.

106
00:03:35,760 --> 00:03:38,560
If you want to understand how your company actually functions,

107
00:03:38,560 --> 00:03:40,960
you have to stop looking at the names on the doors

108
00:03:40,960 --> 00:03:42,840
and start looking at the roles in the tenant.

109
00:03:42,840 --> 00:03:45,520
Because in the end, the click always beats the mandate.

110
00:03:45,520 --> 00:03:48,040
Vignette one, the silent data exposure.

111
00:03:48,040 --> 00:03:50,000
Let's look at how this tension actually plays out

112
00:03:50,000 --> 00:03:50,880
behind closed doors.

113
00:03:50,880 --> 00:03:54,080
Imagine a mid-market firm preparing for a high stakes merger.

114
00:03:54,080 --> 00:03:56,200
The executive mandate is absolute.

115
00:03:56,200 --> 00:03:57,920
Lockdown all financial data.

116
00:03:57,920 --> 00:03:59,480
The board believes the vault is sealed.

117
00:03:59,480 --> 00:04:00,560
They've signed the NDAs.

118
00:04:00,560 --> 00:04:01,760
They've issued the memos.

119
00:04:01,760 --> 00:04:03,320
In their minds, the strategic intent

120
00:04:03,320 --> 00:04:05,800
has been translated into operational safety.

121
00:04:05,800 --> 00:04:08,840
But inside the tenant, a different story is unfolding.

122
00:04:08,840 --> 00:04:10,920
A global admin receives an urgent request

123
00:04:10,920 --> 00:04:12,840
from a junior controller who can't access

124
00:04:12,840 --> 00:04:15,720
a specific legacy folder needed for a quick report.

125
00:04:15,720 --> 00:04:17,840
The admin is under pressure to keep the gears turning.

126
00:04:17,840 --> 00:04:19,760
He decides to grant a temporary bypass.

127
00:04:19,760 --> 00:04:21,520
It's supposed to be a five-minute fix,

128
00:04:21,520 --> 00:04:23,760
a shortcut to keep the project moving.

129
00:04:23,760 --> 00:04:26,560
He adds the "Everyone except external users" group

130
00:04:26,560 --> 00:04:28,120
to the root folder permissions.

131
00:04:28,120 --> 00:04:29,960
He tells himself he'll revert it by lunch,

132
00:04:29,960 --> 00:04:32,520
but lunch turns into a fire drill in the exchange environment

133
00:04:32,520 --> 00:04:35,200
and that fire drill eventually turns into a week end.

134
00:04:35,200 --> 00:04:37,720
The temporary bypass becomes a permanent vulnerability.

135
00:04:37,720 --> 00:04:39,320
The board continues their meetings.

136
00:04:39,320 --> 00:04:41,360
They are completely unaware that the digital walls

137
00:04:41,360 --> 00:04:44,560
of their data vault have been replaced with glass.

138
00:04:44,560 --> 00:04:47,440
Three months later, the merger is in its final stages.

139
00:04:47,440 --> 00:04:49,440
An intern in the marketing department is bored.

140
00:04:49,440 --> 00:04:52,120
He opens the SharePoint search bar in types minutes.

141
00:04:52,120 --> 00:04:52,920
He isn't a hacker.

142
00:04:52,920 --> 00:04:54,200
He isn't looking for a payday.

143
00:04:54,200 --> 00:04:55,640
He's just curious.

144
00:04:55,640 --> 00:04:57,840
Because of that one temporary click months ago,

145
00:04:57,840 --> 00:05:00,120
the search index serves up the entire history

146
00:05:00,120 --> 00:05:01,320
of the merger negotiations.

147
00:05:01,320 --> 00:05:02,560
He's looking at the valuation.

148
00:05:02,560 --> 00:05:04,040
He's looking at the layoff projections.

149
00:05:04,040 --> 00:05:05,840
He's looking at the reality that the board thought

150
00:05:05,840 --> 00:05:06,800
was invisible.

151
00:05:06,800 --> 00:05:09,400
This discovery isn't a failure of the intern's ethics.

152
00:05:09,400 --> 00:05:10,920
It is a failure of the architecture.

153
00:05:10,920 --> 00:05:12,720
The executive intent was a suggestion.

154
00:05:12,720 --> 00:05:14,560
The permission structure was the law.

155
00:05:14,560 --> 00:05:16,520
The board's mandate was a psychological comfort,

156
00:05:16,520 --> 00:05:18,320
but the global admin's shortcut

157
00:05:18,320 --> 00:05:19,800
was the physical reality.

158
00:05:19,800 --> 00:05:22,040
This happens every day in thousands of tenants.

159
00:05:22,040 --> 00:05:24,720
We assume that because we've said something is private,

160
00:05:24,720 --> 00:05:26,920
the system acknowledges that intent.

161
00:05:26,920 --> 00:05:28,840
But the system doesn't care about your intent.

162
00:05:28,840 --> 00:05:30,960
It only cares about the permission inheritance.

163
00:05:30,960 --> 00:05:32,920
It only cares about the effective access.

164
00:05:32,920 --> 00:05:35,600
When the click happens, the hierarchy of the org chart

165
00:05:35,600 --> 00:05:36,520
evaporates.

166
00:05:36,520 --> 00:05:38,440
The intern and the CEO are now effectively

167
00:05:38,440 --> 00:05:40,320
equals in the eyes of the data.

168
00:05:40,320 --> 00:05:42,200
The shadow leadership layer, the admins

169
00:05:42,200 --> 00:05:44,840
who make these micro decisions for the sake of convenience

170
00:05:44,840 --> 00:05:46,840
are the ones who actually determine the company's risk

171
00:05:46,840 --> 00:05:47,600
profile.

172
00:05:47,600 --> 00:05:48,880
They aren't trying to be malicious.

173
00:05:48,880 --> 00:05:50,280
They're just trying to be fast.

174
00:05:50,280 --> 00:05:53,880
But in a cloud environment, speed usually wins over safety

175
00:05:53,880 --> 00:05:55,600
in the hierarchy of the click.

176
00:05:55,600 --> 00:05:58,080
We've created a world where the most sensitive corporate

177
00:05:58,080 --> 00:06:00,840
secrets are protected by the memory of a busy IT person

178
00:06:00,840 --> 00:06:03,080
who promised to change it back later.

179
00:06:03,080 --> 00:06:05,680
That is the gap between the diagram and the reality.

180
00:06:05,680 --> 00:06:07,760
It is a silent exposure that remains hidden

181
00:06:07,760 --> 00:06:10,800
until someone, or something, decides to look for it.

182
00:06:10,800 --> 00:06:14,360
And this is exactly where the power shift becomes undeniable.

183
00:06:14,360 --> 00:06:16,400
We are moving into an era where manual searching

184
00:06:16,400 --> 00:06:18,080
is no longer the primary threat.

185
00:06:18,080 --> 00:06:20,000
The gap between what you think is locked

186
00:06:20,000 --> 00:06:22,240
and what is actually open is about to be exposed

187
00:06:22,240 --> 00:06:23,560
at a scale you can't imagine.

188
00:06:23,560 --> 00:06:25,520
Because this specific architectural floor

189
00:06:25,520 --> 00:06:28,680
is exactly what AI is about to reveal, co-pilot,

190
00:06:28,680 --> 00:06:30,040
as the great revealer.

191
00:06:30,040 --> 00:06:31,840
We've spent decades bearing our mistakes

192
00:06:31,840 --> 00:06:34,240
in the deep folders of SharePoint and the forgotten channels

193
00:06:34,240 --> 00:06:35,160
of teams.

194
00:06:35,160 --> 00:06:36,920
We assumed that if a file was hard to find,

195
00:06:36,920 --> 00:06:38,280
it was effectively secure.

196
00:06:38,280 --> 00:06:40,560
We relied on security by obscurity by that.

197
00:06:40,560 --> 00:06:42,880
But that era ended the moment you flipped the switch

198
00:06:42,880 --> 00:06:44,240
on generative AI.

199
00:06:44,240 --> 00:06:46,520
There is a counter-intuitive truth you need to grasp.

200
00:06:46,520 --> 00:06:47,880
Co-pilot doesn't create risk.

201
00:06:47,880 --> 00:06:49,160
It reveals it at scale.

202
00:06:49,160 --> 00:06:51,520
Think about how AI actually works in your tenant.

203
00:06:51,520 --> 00:06:53,920
It doesn't have its own secret set of keys.

204
00:06:53,920 --> 00:06:55,720
It doesn't bypass your security protocols.

205
00:06:55,720 --> 00:06:57,920
Instead, it precisely inherits the permissions

206
00:06:57,920 --> 00:06:59,560
of the person asking the question.

207
00:06:59,560 --> 00:07:02,040
It sees exactly what you've already allowed it to see.

208
00:07:02,040 --> 00:07:04,880
The problem is, you have no idea what you've allowed.

209
00:07:04,880 --> 00:07:07,360
For years, your governance has been a house of cards.

210
00:07:07,360 --> 00:07:09,920
You've had everyone except external users groups

211
00:07:09,920 --> 00:07:11,960
added to sensitive HR folders.

212
00:07:11,960 --> 00:07:13,400
You've had broken permission inheritance

213
00:07:13,400 --> 00:07:15,320
where a subfolder accidentally became public

214
00:07:15,320 --> 00:07:16,200
to the whole company.

215
00:07:16,200 --> 00:07:18,480
You've had anyone with the link shares floating around

216
00:07:18,480 --> 00:07:20,680
for project plans that contain sensitive IP.

217
00:07:20,680 --> 00:07:23,040
In the old world, these were minor hygiene issues.

218
00:07:23,040 --> 00:07:24,040
Why?

219
00:07:24,040 --> 00:07:24,680
Because people are lazy.

220
00:07:24,680 --> 00:07:26,840
If an employee wanted to find the CEO's salary

221
00:07:26,840 --> 00:07:29,200
or the layoff list, they had to know where to look.

222
00:07:29,200 --> 00:07:31,280
They had to click through 10 levels of nesting.

223
00:07:31,280 --> 00:07:32,800
They had to guess the file name.

224
00:07:32,800 --> 00:07:35,640
The friction of the interface acted as a manual gatekeeper.

225
00:07:35,640 --> 00:07:37,560
But Co-pilot removes that friction entirely.

226
00:07:37,560 --> 00:07:39,280
It doesn't care about your folder structure.

227
00:07:39,280 --> 00:07:40,600
It doesn't get tired of clicking.

228
00:07:40,600 --> 00:07:42,600
It simply indexes the effective access

229
00:07:42,600 --> 00:07:44,360
and delivers the answer in seconds.

230
00:07:44,360 --> 00:07:46,480
This is the everyone group nightmare.

231
00:07:46,480 --> 00:07:49,280
I've seen tenants where 80% of the data is technically

232
00:07:49,280 --> 00:07:50,400
overshared.

233
00:07:50,400 --> 00:07:52,760
This isn't because the admins are incompetent.

234
00:07:52,760 --> 00:07:55,200
It's because the M365 ecosystem is designed

235
00:07:55,200 --> 00:07:57,720
for collaboration first and control second.

236
00:07:57,720 --> 00:07:59,440
It is incredibly easy to share a file,

237
00:07:59,440 --> 00:08:01,960
but it is incredibly difficult to track who still has access

238
00:08:01,960 --> 00:08:03,320
to it three years later.

239
00:08:03,320 --> 00:08:06,000
When you deploy Co-pilot, those forgotten sharepoint sites

240
00:08:06,000 --> 00:08:07,720
suddenly become front page news.

241
00:08:07,720 --> 00:08:10,440
If a mid-level manager asks, what are the biggest budget

242
00:08:10,440 --> 00:08:11,800
concerns for next year?

243
00:08:11,800 --> 00:08:13,120
And your permissions are loose?

244
00:08:13,120 --> 00:08:15,320
Co-pilot will highlight the confidential spreadsheet

245
00:08:15,320 --> 00:08:17,080
sitting in a general folder.

246
00:08:17,080 --> 00:08:18,560
It will summarize the private notes

247
00:08:18,560 --> 00:08:20,600
from the CFO's last strategy session.

248
00:08:20,600 --> 00:08:22,040
It isn't hacking your system.

249
00:08:22,040 --> 00:08:24,200
It is simply being a very efficient librarian

250
00:08:24,200 --> 00:08:27,680
in a library where the locks have been left open for a decade.

251
00:08:27,680 --> 00:08:30,560
The data suggests that 80% of tenants are currently unprepared

252
00:08:30,560 --> 00:08:32,040
for a full AI rollout.

253
00:08:32,040 --> 00:08:33,720
They are unprepared because their governance

254
00:08:33,720 --> 00:08:36,400
is a reactive mess of quick fixes and legacy settings.

255
00:08:36,400 --> 00:08:38,760
They've treated governance as a technical checkbox

256
00:08:38,760 --> 00:08:40,520
rather than an architectural law.

257
00:08:40,520 --> 00:08:43,480
And now the AI is acting as the ultimate auditor.

258
00:08:43,480 --> 00:08:47,120
It is showing you exactly where your digital caste system has failed.

259
00:08:47,120 --> 00:08:48,960
It is showing you that your executives

260
00:08:48,960 --> 00:08:50,520
have lost control of the narrative

261
00:08:50,520 --> 00:08:52,440
because they lost control of the permissions.

262
00:08:52,440 --> 00:08:53,880
AI is not the problem here.

263
00:08:53,880 --> 00:08:56,440
It is the diagnostic tool you can no longer ignore.

264
00:08:56,440 --> 00:08:58,440
In the past, you could bury a data leak

265
00:08:58,440 --> 00:09:00,160
under a mountain of digital noise.

266
00:09:00,160 --> 00:09:02,040
Today, that noise is being synthesized

267
00:09:02,040 --> 00:09:04,240
into a clear readable summary.

268
00:09:04,240 --> 00:09:05,920
If your Co-pilot deployment feels dangerous,

269
00:09:05,920 --> 00:09:08,160
it's because your underlying reality is dangerous.

270
00:09:08,160 --> 00:09:09,760
The AI is merely holding up a mirror

271
00:09:09,760 --> 00:09:11,680
to the chaos you've allowed to accumulate.

272
00:09:11,680 --> 00:09:14,760
You can't fix this by training the AI to be more ethical.

273
00:09:14,760 --> 00:09:17,760
You can't fix it by asking employees to be careful.

274
00:09:17,760 --> 00:09:20,000
You fix it by acknowledging that the architecture

275
00:09:20,000 --> 00:09:21,600
is the only thing that matters.

276
00:09:21,600 --> 00:09:23,400
If the permission structure allows the access,

277
00:09:23,400 --> 00:09:25,040
the AI will exploit it.

278
00:09:25,040 --> 00:09:27,800
This shift forces a new conversation in the boardroom.

279
00:09:27,800 --> 00:09:30,120
It forces us to realize that we can't manage AI

280
00:09:30,120 --> 00:09:32,480
until we manage the power structures beneath it.

281
00:09:32,480 --> 00:09:34,920
We need to stop looking at AI as a productivity tool

282
00:09:34,920 --> 00:09:37,200
and start looking at it as a transparency engine.

283
00:09:37,200 --> 00:09:39,480
It is revealing the true hierarchy of your company.

284
00:09:39,480 --> 00:09:41,120
Not the one on the glossy posters,

285
00:09:41,120 --> 00:09:43,040
but the one encoded in your metadata.

286
00:09:43,040 --> 00:09:44,680
And if that architecture is broken,

287
00:09:44,680 --> 00:09:46,080
we need a new class of legislators

288
00:09:46,080 --> 00:09:47,960
to rewrite the laws of the tenant,

289
00:09:47,960 --> 00:09:49,840
the rise of the AI administrator.

290
00:09:49,840 --> 00:09:52,240
The landscape is shifting toward agente workflows.

291
00:09:52,240 --> 00:09:55,080
And because of that, we are seeing a new elite class emerge.

292
00:09:55,080 --> 00:09:57,000
This isn't just another IT certification

293
00:09:57,000 --> 00:09:59,320
or a small update to the help desk manual.

294
00:09:59,320 --> 00:10:01,960
We are looking at the birth of the AI administrator.

295
00:10:01,960 --> 00:10:05,000
This role, which became formalized in early 2026,

296
00:10:05,000 --> 00:10:06,440
represents a fundamental pivot

297
00:10:06,440 --> 00:10:08,400
in how corporate authority is distributed.

298
00:10:08,400 --> 00:10:09,880
It marks the moment we realized

299
00:10:09,880 --> 00:10:12,400
that the all or nothing power of the global admin

300
00:10:12,400 --> 00:10:15,320
is too blunt and instrument for the age of intelligence.

301
00:10:15,320 --> 00:10:17,840
In the old model, you were either a god of the tenant

302
00:10:17,840 --> 00:10:18,960
or a mere mortal.

303
00:10:18,960 --> 00:10:20,800
If you needed to manage a co-pilot connector

304
00:10:20,800 --> 00:10:22,520
or a proven autonomous agent,

305
00:10:22,520 --> 00:10:24,640
you usually had to beg for global admin rights.

306
00:10:24,640 --> 00:10:26,040
This created a massive bottleneck

307
00:10:26,040 --> 00:10:28,680
that frustrated the business and terrified the security team.

308
00:10:28,680 --> 00:10:31,080
But the AI administrator role changes the game.

309
00:10:31,080 --> 00:10:33,360
It is a specialized high-privileged position

310
00:10:33,360 --> 00:10:35,360
designed to manage the lifecycle of agents

311
00:10:35,360 --> 00:10:37,520
without needing the keys to the entire kingdom.

312
00:10:37,520 --> 00:10:39,600
They are the new legislators of your digital workforce.

313
00:10:39,600 --> 00:10:41,840
Think about the specific authority this role carries.

314
00:10:41,840 --> 00:10:43,520
They manage tenant-wide consent.

315
00:10:43,520 --> 00:10:46,600
They decide which AI agents are allowed to see your proprietary data.

316
00:10:46,600 --> 00:10:47,920
They oversee the risk monitoring

317
00:10:47,920 --> 00:10:50,040
of every automated assistant in the org.

318
00:10:50,040 --> 00:10:52,760
While the CEO is busy discussing quarterly targets,

319
00:10:52,760 --> 00:10:56,960
the AI admin is the one deciding which agent 365 bots

320
00:10:56,960 --> 00:10:59,280
are actually allowed to execute those targets.

321
00:10:59,280 --> 00:11:01,320
They are moving from being IT gatekeepers

322
00:11:01,320 --> 00:11:02,720
to becoming agentic governors.

323
00:11:02,720 --> 00:11:04,440
This is the new bridge between the boardroom

324
00:11:04,440 --> 00:11:05,520
and the server room.

325
00:11:05,520 --> 00:11:06,440
For years,

326
00:11:06,440 --> 00:11:08,320
there has been a massive communication gap

327
00:11:08,320 --> 00:11:10,600
between leadership and execution.

328
00:11:10,600 --> 00:11:12,400
The board talks about leveraging AI

329
00:11:12,400 --> 00:11:14,480
and IT talks about tenant hygiene.

330
00:11:14,480 --> 00:11:16,160
The AI administrator is the person

331
00:11:16,160 --> 00:11:18,080
who translates those two languages.

332
00:11:18,080 --> 00:11:19,280
They are the ones who understand

333
00:11:19,280 --> 00:11:22,000
that an agentic workflow isn't just a piece of software,

334
00:11:22,000 --> 00:11:23,920
it is a delegated authority.

335
00:11:23,920 --> 00:11:25,800
When an AI agent performs a task,

336
00:11:25,800 --> 00:11:27,760
it is acting on behalf of the company.

337
00:11:27,760 --> 00:11:29,120
The person who governs that agent

338
00:11:29,120 --> 00:11:32,000
is by extension governing the company's reputation and risk.

339
00:11:32,000 --> 00:11:34,280
We are seeing a shift in the digital cost system.

340
00:11:34,280 --> 00:11:37,600
In 2024, the global admin was the undisputed sovereign.

341
00:11:37,600 --> 00:11:38,640
By late 2026,

342
00:11:38,640 --> 00:11:41,720
the AI administrator has become the strategic orchestrator.

343
00:11:41,720 --> 00:11:44,360
They are the ones who manage the work IQ of the organization.

344
00:11:44,360 --> 00:11:47,040
They ensure that when a finance bot queries a database,

345
00:11:47,040 --> 00:11:49,280
it has the right entity to do so safely.

346
00:11:49,280 --> 00:11:50,560
This is a level of precision

347
00:11:50,560 --> 00:11:53,160
that the old global admin role simply wasn't built for.

348
00:11:53,160 --> 00:11:55,240
The AI admin is the person who prevents

349
00:11:55,240 --> 00:11:57,840
the everyone group nightmare from becoming a catastrophe.

350
00:11:57,840 --> 00:11:59,760
They are the ones who ordered the effective access

351
00:11:59,760 --> 00:12:01,600
of every bot before it goes live.

352
00:12:01,600 --> 00:12:02,760
They are the ones who ensure

353
00:12:02,760 --> 00:12:04,640
that the human agent ratio is optimized

354
00:12:04,640 --> 00:12:06,240
for performance not just speed.

355
00:12:06,240 --> 00:12:08,480
If the global admin is the landlord of the building,

356
00:12:08,480 --> 00:12:10,520
the AI administrator is the one who decides

357
00:12:10,520 --> 00:12:11,720
who gets to work in the office

358
00:12:11,720 --> 00:12:13,680
and what files they are allowed to open.

359
00:12:13,680 --> 00:12:15,960
But even with these new specialized roles,

360
00:12:15,960 --> 00:12:18,680
the old habits of power concentration die hard.

361
00:12:18,680 --> 00:12:20,600
Organization still struggle with the temptation

362
00:12:20,600 --> 00:12:21,920
to over-privilege.

363
00:12:21,920 --> 00:12:23,560
They still want to give just a little more access

364
00:12:23,560 --> 00:12:24,680
to keep things moving.

365
00:12:24,680 --> 00:12:27,240
The challenge for the new AI elite isn't just technical,

366
00:12:27,240 --> 00:12:28,240
it is political.

367
00:12:28,240 --> 00:12:29,400
They have to convince the board

368
00:12:29,400 --> 00:12:31,400
that governance isn't a barrier to innovation

369
00:12:31,400 --> 00:12:33,000
but is actually the foundation of it.

370
00:12:33,000 --> 00:12:35,280
Because in a world where agents can move faster than humans,

371
00:12:35,280 --> 00:12:36,680
the person who controls the agent

372
00:12:36,680 --> 00:12:38,760
controls the reality of the business.

373
00:12:38,760 --> 00:12:41,080
Vinyat too, the security policy override.

374
00:12:41,080 --> 00:12:43,200
Let's look at how this sovereign power behaves

375
00:12:43,200 --> 00:12:45,080
when a crisis actually hits the fan.

376
00:12:45,080 --> 00:12:47,960
Picture a Friday afternoon in a high-growth tech firm.

377
00:12:47,960 --> 00:12:49,640
The security operations center detects

378
00:12:49,640 --> 00:12:51,240
a credential stuffing attack targeting

379
00:12:51,240 --> 00:12:52,800
the executive leadership team.

380
00:12:52,800 --> 00:12:54,960
The threat is active, the response is clinical,

381
00:12:54,960 --> 00:12:56,840
the security lead immediately enforces

382
00:12:56,840 --> 00:12:58,840
a stricter conditional access policy.

383
00:12:58,840 --> 00:13:00,640
They require fishing resistant MFA

384
00:13:00,640 --> 00:13:03,600
and restrict logins to company managed devices only.

385
00:13:03,600 --> 00:13:05,960
It is a textbook maneuver designed to seal the perimeter

386
00:13:05,960 --> 00:13:07,560
and stop the bleeding before the weekend.

387
00:13:07,560 --> 00:13:09,680
But then the friction of reality collides

388
00:13:09,680 --> 00:13:11,400
with the friction of the system.

389
00:13:11,400 --> 00:13:13,920
The executive vice president is at an off-site retreat.

390
00:13:13,920 --> 00:13:15,760
He is trying to access a critical contract

391
00:13:15,760 --> 00:13:18,360
from his personal iPad because his corporate laptop

392
00:13:18,360 --> 00:13:19,320
is back at the hotel.

393
00:13:19,320 --> 00:13:20,440
Suddenly he is locked out.

394
00:13:20,440 --> 00:13:22,000
He sees the access denied screen,

395
00:13:22,000 --> 00:13:24,280
which is a digital wall built by the very security team

396
00:13:24,280 --> 00:13:25,400
he hired to protect him.

397
00:13:25,400 --> 00:13:27,240
He doesn't see a safeguard, he sees a nuisance.

398
00:13:27,240 --> 00:13:28,680
He doesn't see a breach being mitigated,

399
00:13:28,680 --> 00:13:30,080
he sees a deal being delayed.

400
00:13:30,080 --> 00:13:32,360
He calls the IT help desk, but they can't help.

401
00:13:32,360 --> 00:13:33,800
He bypasses the chain of command

402
00:13:33,800 --> 00:13:36,080
and calls the one person he knows can fix anything,

403
00:13:36,080 --> 00:13:37,200
a senior global admin.

404
00:13:37,200 --> 00:13:38,520
The conversation is short.

405
00:13:38,520 --> 00:13:40,440
I'm in the middle of a $5 million closing

406
00:13:40,440 --> 00:13:41,720
and the system is blocking me.

407
00:13:41,720 --> 00:13:42,560
Fix it.

408
00:13:42,560 --> 00:13:45,080
The global admin is now caught in the ultimate hierarchy trap.

409
00:13:45,080 --> 00:13:47,440
He knows the security team put that policy in place

410
00:13:47,440 --> 00:13:48,280
for a reason.

411
00:13:48,280 --> 00:13:49,960
He knows the attack is still ongoing.

412
00:13:49,960 --> 00:13:52,440
But he also knows that the man on the other end of the line

413
00:13:52,440 --> 00:13:55,680
has the power to influence his bonus, his career path,

414
00:13:55,680 --> 00:13:57,280
and his daily stress levels.

415
00:13:57,280 --> 00:13:59,000
The dopamine hit of fixing a problem

416
00:13:59,000 --> 00:14:01,560
for a powerful person is an intoxicating incentive.

417
00:14:01,560 --> 00:14:03,760
He doesn't call the security lead to discuss the risk.

418
00:14:03,760 --> 00:14:05,120
He doesn't check the logs.

419
00:14:05,120 --> 00:14:07,080
He simply navigates to the entreportal,

420
00:14:07,080 --> 00:14:09,320
finds the new conditional access policy,

421
00:14:09,320 --> 00:14:10,920
and clicks disable.

422
00:14:10,920 --> 00:14:13,040
In that one second, the short term convenience

423
00:14:13,040 --> 00:14:15,440
of an executive wins over the long term safety

424
00:14:15,440 --> 00:14:17,160
of the entire organization.

425
00:14:17,160 --> 00:14:19,960
The unblocked leader gets his contract, he closes the deal.

426
00:14:19,960 --> 00:14:20,760
He is happy.

427
00:14:20,760 --> 00:14:23,000
But the vulnerability window is now wide open.

428
00:14:23,000 --> 00:14:24,880
The attackers who are previously banging their heads

429
00:14:24,880 --> 00:14:27,880
against a wall find that the door has been left unlocked.

430
00:14:27,880 --> 00:14:28,880
They move laterally.

431
00:14:28,880 --> 00:14:30,440
They escalate privileges.

432
00:14:30,440 --> 00:14:32,880
They begin the quiet process of data exfiltration,

433
00:14:32,880 --> 00:14:35,200
while the global admin is receiving a thank you email

434
00:14:35,200 --> 00:14:36,520
for his quick thinking.

435
00:14:36,520 --> 00:14:38,720
This is the hierarchy of the click in action.

436
00:14:38,720 --> 00:14:40,840
It proves that speed and perceived status

437
00:14:40,840 --> 00:14:43,400
almost always defeat governance in a crisis.

438
00:14:43,400 --> 00:14:45,800
We treat these security policies like they are carved in stone,

439
00:14:45,800 --> 00:14:47,920
but they are actually just software settings

440
00:14:47,920 --> 00:14:50,320
that a handful of people can delete at will.

441
00:14:50,320 --> 00:14:52,560
The global admin didn't just override a policy.

442
00:14:52,560 --> 00:14:54,320
He overrode the collective intelligence

443
00:14:54,320 --> 00:14:56,000
of the security department.

444
00:14:56,000 --> 00:14:58,160
He became the highest authority in the company

445
00:14:58,160 --> 00:15:00,240
because he was the only one who could physically change

446
00:15:00,240 --> 00:15:01,360
the rules of the game.

447
00:15:01,360 --> 00:15:03,960
To stop the cycle, we have to stop treating governance

448
00:15:03,960 --> 00:15:05,160
as a technical checkbox.

449
00:15:05,160 --> 00:15:07,160
We have to realize that as long as we allow this level

450
00:15:07,160 --> 00:15:10,040
of concentrated standing power, the org chart will always

451
00:15:10,040 --> 00:15:13,240
be at the mercy of the most helpful person in IT.

452
00:15:13,240 --> 00:15:14,680
The 30-day power shift.

453
00:15:14,680 --> 00:15:16,120
You don't fix a broken power structure

454
00:15:16,120 --> 00:15:17,800
by adding more layers of red tape.

455
00:15:17,800 --> 00:15:19,680
You don't solve digital feudalism

456
00:15:19,680 --> 00:15:21,680
by writing a 50-page policy manual

457
00:15:21,680 --> 00:15:24,120
that nobody in the server room is ever going to read.

458
00:15:24,120 --> 00:15:26,920
If you want to reclaim the authority of your executive office,

459
00:15:26,920 --> 00:15:30,080
you have to realize a fundamental truth about M365.

460
00:15:30,080 --> 00:15:32,240
You don't fix governance by adding policies.

461
00:15:32,240 --> 00:15:33,640
You fix it by removing power.

462
00:15:33,640 --> 00:15:34,840
If the architecture is the law,

463
00:15:34,840 --> 00:15:36,520
then the only way to change the law is to change

464
00:15:36,520 --> 00:15:37,320
who holds the keys.

465
00:15:37,320 --> 00:15:40,120
This isn't a multi-year digital transformation project.

466
00:15:40,120 --> 00:15:42,720
It is a focused 30-day tactical shift

467
00:15:42,720 --> 00:15:44,680
designed to move your organization

468
00:15:44,680 --> 00:15:47,240
from standing privilege to intentional access.

469
00:15:47,240 --> 00:15:49,360
We are going to stop treating the global admin role

470
00:15:49,360 --> 00:15:51,320
like a badge of honor and start treating it

471
00:15:51,320 --> 00:15:53,440
like the radioactive asset it actually is.

472
00:15:53,440 --> 00:15:55,160
The first two weeks are about visibility.

473
00:15:55,160 --> 00:15:57,120
You cannot manage what you have encountered.

474
00:15:57,120 --> 00:16:00,000
You need to pull a report that lists every standing global admin,

475
00:16:00,000 --> 00:16:01,280
every privilege role admin,

476
00:16:01,280 --> 00:16:03,880
and every service principle with tenant-wide rights.

477
00:16:03,880 --> 00:16:06,240
Most leaders are horrified when they see the results.

478
00:16:06,240 --> 00:16:07,840
They expect to see four or five names,

479
00:16:07,840 --> 00:16:09,680
but they usually find 40 or 50.

480
00:16:09,680 --> 00:16:10,600
This is your baseline.

481
00:16:10,600 --> 00:16:13,480
This is the shadow leadership layer exposed in black and white.

482
00:16:13,480 --> 00:16:15,080
You aren't just looking for people.

483
00:16:15,080 --> 00:16:17,360
You are looking for the role concentration ratio.

484
00:16:17,360 --> 00:16:23,560
You are identifying exactly how many individuals

485
00:16:23,560 --> 00:16:27,640
have the physical capacity to veto a board-level strategic mandate

486
00:16:27,640 --> 00:16:28,720
with a single click.

487
00:16:28,720 --> 00:16:29,720
Once you have the count,

488
00:16:29,720 --> 00:16:32,400
the final two weeks are about radical reduction.

489
00:16:32,400 --> 00:16:35,240
This is where the digital caste system is dismantled.

490
00:16:35,240 --> 00:16:38,840
Your goal is to reduce standing global admins by at least 80%.

491
00:16:38,840 --> 00:16:41,160
You aren't taking away their ability to do their jobs,

492
00:16:41,160 --> 00:16:43,160
but you are changing how they access that power.

493
00:16:43,160 --> 00:16:45,200
This is the move to just-in-time access.

494
00:16:45,200 --> 00:16:47,360
If an admin needs to change a global setting,

495
00:16:47,360 --> 00:16:48,920
they shouldn't have that power while they're checking

496
00:16:48,920 --> 00:16:49,760
their morning email.

497
00:16:49,760 --> 00:16:51,760
They should have to request it, justify it,

498
00:16:51,760 --> 00:16:54,760
and have it automatically expire after the task is done.

499
00:16:54,760 --> 00:16:56,200
By the end of day 30,

500
00:16:56,200 --> 00:16:59,040
you should have no more than two break-glass accounts.

501
00:16:59,040 --> 00:17:02,200
Everything else must be delegated, scoped, and timed.

502
00:17:02,200 --> 00:17:03,800
This shift moves the organization

503
00:17:03,800 --> 00:17:05,680
to what a federated hub and spoke model.

504
00:17:05,680 --> 00:17:07,920
The Central IT team sets the core guardrails,

505
00:17:07,920 --> 00:17:09,880
which act as the digital constitution,

506
00:17:09,880 --> 00:17:11,880
while the business units manage their own local data

507
00:17:11,880 --> 00:17:13,320
within those boundaries.

508
00:17:13,320 --> 00:17:15,320
You are replacing absolute centralized control

509
00:17:15,320 --> 00:17:17,600
with coordinated, distributed autonomy.

510
00:17:17,600 --> 00:17:20,120
You are finally making the org chart mean something again

511
00:17:20,120 --> 00:17:22,000
because the technical permissions now reflect

512
00:17:22,000 --> 00:17:24,400
the actual reporting lines of the company.

513
00:17:24,400 --> 00:17:26,480
We are moving from a state of digital feudalism

514
00:17:26,480 --> 00:17:28,000
to a governed ecosystem.

515
00:17:28,000 --> 00:17:30,360
This transformation is the only way to ensure

516
00:17:30,360 --> 00:17:32,480
that your corporate strategy actually survives

517
00:17:32,480 --> 00:17:34,440
the click of a busy administrator.

518
00:17:34,440 --> 00:17:36,680
The corner office might be a psychological artifact,

519
00:17:36,680 --> 00:17:39,680
but the tenant configuration is a living, breathing reality.

520
00:17:39,680 --> 00:17:41,440
If you remember nothing else from this deep dive,

521
00:17:41,440 --> 00:17:42,280
remember this.

522
00:17:42,280 --> 00:17:43,960
Your executives define the strategy,

523
00:17:43,960 --> 00:17:46,000
but your global admins define the reality.

524
00:17:46,000 --> 00:17:47,760
It is time to align the two.

525
00:17:47,760 --> 00:17:49,720
Audit your shadow leadership layer today,

526
00:17:49,720 --> 00:17:51,040
because if you don't do it,

527
00:17:51,040 --> 00:17:52,720
co-pilot will eventually do it for you.

528
00:17:52,720 --> 00:17:54,320
This is about more than just security.

529
00:17:54,320 --> 00:17:56,640
It is about reclaiming the architecture of power

530
00:17:56,640 --> 00:17:57,680
in your own house.

531
00:17:57,680 --> 00:17:58,760
So that's the technique.

532
00:17:58,760 --> 00:18:01,280
It ensures your org chart matches your digital reality

533
00:18:01,280 --> 00:18:03,280
before AI exposes the gaps.

534
00:18:03,280 --> 00:18:05,320
To discuss how these power structures are evolving

535
00:18:05,320 --> 00:18:07,720
in the age of age in 365, connect with me,

536
00:18:07,720 --> 00:18:09,320
Mirko Peters, on LinkedIn.

537
00:18:09,320 --> 00:18:11,400
If this shifted your perspective on tenant leadership,

538
00:18:11,400 --> 00:18:13,640
please leave a review to help others find this.