The Satisfying Downfall of Manual Admin

1
00:00:00,000 --> 00:00:03,660
You spent 15 years clicking buttons so the organization wouldn't break.

2
00:00:03,660 --> 00:00:08,300
Access reviews, quarterly approvals, permission audits, life cycle policies,

3
00:00:08,300 --> 00:00:11,240
you were the arbiter of every decision the system couldn't make alone.

4
00:00:11,240 --> 00:00:15,140
You were competent, you were careful, you documented everything, you stayed late,

5
00:00:15,140 --> 00:00:21,280
you got paged at 2 in the morning because some regional manager needed access to a sharepoint site that no longer had an owner.

6
00:00:21,280 --> 00:00:25,940
The system didn't fail because you failed, the system failed because it required you to exist.

7
00:00:25,940 --> 00:00:29,460
Think about that for a moment, not as criticism, as architecture.

8
00:00:29,460 --> 00:00:33,260
You were the compensation mechanism for a platform that operated at machine speed,

9
00:00:33,260 --> 00:00:37,520
provisioning identities in milliseconds, creating teams' workspaces instantly,

10
00:00:37,520 --> 00:00:42,620
inheriting permissions automatically, while demanding human oversight in quarterly batches.

11
00:00:42,620 --> 00:00:47,380
Every moment you weren't reviewing something, the system continued making decisions without you.

12
00:00:47,380 --> 00:00:51,300
Every policy you wrote was static, every exception you granted became permanent.

13
00:00:51,300 --> 00:00:56,260
Configuration drifted, entropy accumulated, by the time you realized the policies were un-maintainable,

14
00:00:56,260 --> 00:00:58,420
they were already un-maintainable, you weren't slow.

15
00:00:58,420 --> 00:01:01,180
The system was designed to move faster than humans can govern.

16
00:01:01,180 --> 00:01:04,220
That's not a failure of execution, but that's a design omission.

17
00:01:04,220 --> 00:01:10,500
What replaced you wasn't a tool, it wasn't copilot, it wasn't power automate or some new Microsoft 365 feature bundle,

18
00:01:10,500 --> 00:01:15,320
what replaced you was the removal of the need for human latency from the authorization loop entirely.

19
00:01:15,320 --> 00:01:18,860
Decisions that once required your approval now happen continuously.

20
00:01:18,860 --> 00:01:22,140
Access that once lived forever now expires by default.

21
00:01:22,140 --> 00:01:26,620
Policies that once required manual tuning now are just based on real-time signals.

22
00:01:26,620 --> 00:01:28,260
The system doesn't wait for you anymore.

23
00:01:28,260 --> 00:01:29,940
It enforces intent.

24
00:01:29,940 --> 00:01:31,700
This is satisfying because it's honest.

25
00:01:31,700 --> 00:01:33,420
It acknowledges what was always true.

26
00:01:33,420 --> 00:01:36,460
You were a bottleneck in an authorization engine that needed to move faster.

27
00:01:36,460 --> 00:01:40,380
Not because you were bad at it, because no human can keep pace with machine speed at scale.

28
00:01:40,380 --> 00:01:44,540
By the end of this you'll understand why the downfall of manual administration wasn't a tragedy.

29
00:01:44,540 --> 00:01:45,700
It was inevitable.

30
00:01:45,700 --> 00:01:51,660
You'll see how the gap between decision speed and approval speed created entropy that no amount of diligence could manage.

31
00:01:51,660 --> 00:01:56,860
You'll understand why the system needed something else, not better admins, but no admins in the decision loop at all.

32
00:01:56,860 --> 00:01:58,420
And here's the part that matters.

33
00:01:58,420 --> 00:02:02,620
The architects who understood this early are now designing the systems that replaced them.

34
00:02:02,620 --> 00:02:04,060
They're not clicking buttons anymore.

35
00:02:04,060 --> 00:02:05,460
They are defining intent.

36
00:02:05,460 --> 00:02:07,540
They're writing the rules that agents enforce.

37
00:02:07,540 --> 00:02:13,900
They're the difference between a system that moves faster than it can be governed and a system that's deterministic by design.

38
00:02:13,900 --> 00:02:16,900
The question isn't whether manual administration is going away.

39
00:02:16,900 --> 00:02:17,780
It's already gone.

40
00:02:17,780 --> 00:02:21,780
The question is whether you'll be the one who understands why or the one still defending the buttons.

41
00:02:21,780 --> 00:02:23,020
The illusion of control.

42
00:02:23,020 --> 00:02:25,740
Let's start where every manual admin story begins.

43
00:02:25,740 --> 00:02:27,180
The belief that you were in control.

44
00:02:27,180 --> 00:02:28,700
You had the global admin role.

45
00:02:28,700 --> 00:02:30,140
You had permissions to everything.

46
00:02:30,140 --> 00:02:33,220
Exchange teams, SharePoint, Entra, Perview.

47
00:02:33,220 --> 00:02:35,700
Every system in the tenant flowed through your credentials.

48
00:02:35,700 --> 00:02:37,980
You were the apex of the organizational hierarchy.

49
00:02:37,980 --> 00:02:39,500
The system deferred to you.

50
00:02:39,500 --> 00:02:41,060
Except that's not what was happening.

51
00:02:41,060 --> 00:02:42,340
That's not what it ever was.

52
00:02:42,340 --> 00:02:45,460
The global admin role wasn't an expression of your authority.

53
00:02:45,460 --> 00:02:46,900
It was an architectural confession.

54
00:02:46,900 --> 00:02:49,940
It existed because the system couldn't decide what you should have.

55
00:02:49,940 --> 00:02:51,260
It couldn't define scope.

56
00:02:51,260 --> 00:02:52,860
It couldn't enforce boundaries.

57
00:02:52,860 --> 00:02:56,260
So it gave you everything and hoped you'd use good judgment.

58
00:02:56,260 --> 00:02:57,340
That's not governance.

59
00:02:57,340 --> 00:02:59,300
That's delegation of the problem too.

60
00:02:59,300 --> 00:03:01,340
Maybe someday we'll fix this.

61
00:03:01,340 --> 00:03:03,780
Look at what actually happened when you tried to use that power.

62
00:03:03,780 --> 00:03:06,340
Every quarterly access review landed on your desk.

63
00:03:06,340 --> 00:03:11,060
You dutifully sent out notifications asking owners to certify that users still needed their roles.

64
00:03:11,060 --> 00:03:12,460
40% didn't respond.

65
00:03:12,460 --> 00:03:15,180
You couldn't revoke access from people who didn't say anything.

66
00:03:15,180 --> 00:03:17,020
The organization needed them to work.

67
00:03:17,020 --> 00:03:18,260
So you approved by default.

68
00:03:18,260 --> 00:03:19,580
You documented the approval.

69
00:03:19,580 --> 00:03:20,660
You moved to the next one.

70
00:03:20,660 --> 00:03:22,180
That wasn't you reviewing access.

71
00:03:22,180 --> 00:03:24,300
That was you documenting compliance theater.

72
00:03:24,300 --> 00:03:26,340
The real architecture was simpler and darker.

73
00:03:26,340 --> 00:03:32,420
Every person who had ever been granted access to something kept that access until someone explicitly removed them.

74
00:03:32,420 --> 00:03:36,140
And since no one was going to take the political risk of removing someone's access

75
00:03:36,140 --> 00:03:38,620
without explicit instruction, the access persisted.

76
00:03:38,620 --> 00:03:39,460
It compounded.

77
00:03:39,460 --> 00:03:40,500
Permissions inherited.

78
00:03:40,500 --> 00:03:41,660
Users changed roles.

79
00:03:41,660 --> 00:03:44,300
The systems they'd been granted access to were forgotten.

80
00:03:44,300 --> 00:03:48,300
New SharePoint sites were created with the same default permissions as the old ones.

81
00:03:48,300 --> 00:03:51,100
By year three, half your organization had standing privilege

82
00:03:51,100 --> 00:03:52,580
to systems they'd never used.

83
00:03:52,580 --> 00:03:53,900
You weren't failing to manage it.

84
00:03:53,900 --> 00:03:56,220
The system was designed to prevent you from managing it.

85
00:03:56,220 --> 00:03:57,980
Standing privilege isn't security.

86
00:03:57,980 --> 00:04:01,140
It's architectural laziness wrapped in permission inheritance.

87
00:04:01,140 --> 00:04:04,300
The system couldn't decide this person should have access to this.

88
00:04:04,300 --> 00:04:08,820
But only during work hours, only from a managed device, only if risk signals don't spike.

89
00:04:08,820 --> 00:04:10,140
So it chose the default.

90
00:04:10,140 --> 00:04:13,660
Access is on forever until someone cares enough to turn it off.

91
00:04:13,660 --> 00:04:17,660
And since no one cares because caring means managing permissions, it stays on.

92
00:04:17,660 --> 00:04:20,020
Every exception you granted became a permanent rule.

93
00:04:20,020 --> 00:04:22,300
Someone needed elevated access for 72 hours.

94
00:04:22,300 --> 00:04:23,300
You granted it.

95
00:04:23,300 --> 00:04:24,180
They used it.

96
00:04:24,180 --> 00:04:25,740
Then you forgot to revoke it.

97
00:04:25,740 --> 00:04:27,100
Or they asked for a grace period.

98
00:04:27,100 --> 00:04:28,180
Or there was a change freeze.

99
00:04:28,180 --> 00:04:30,860
Or you documented it for later review and later never came.

100
00:04:30,860 --> 00:04:32,100
The access didn't expire.

101
00:04:32,100 --> 00:04:33,860
Standing privilege expanded.

102
00:04:33,860 --> 00:04:36,100
The system continued making decisions without you.

103
00:04:36,100 --> 00:04:37,220
Here's the part that matters.

104
00:04:37,220 --> 00:04:38,420
You could see this happening.

105
00:04:38,420 --> 00:04:39,140
You understood it.

106
00:04:39,140 --> 00:04:44,140
Every competent admin I've ever known spent at least 20% of their time managing the consequences

107
00:04:44,140 --> 00:04:46,820
of permanent access and permission inheritance.

108
00:04:46,820 --> 00:04:49,900
But understanding the problem and fixing it are different things.

109
00:04:49,900 --> 00:04:53,740
You couldn't fix it because the system was broken by design, not by implementation.

110
00:04:53,740 --> 00:04:55,540
The platform operated at machine speed.

111
00:04:55,540 --> 00:04:57,260
Identities were provisioned in seconds.

112
00:04:57,260 --> 00:04:58,740
Teams were created instantly.

113
00:04:58,740 --> 00:05:01,100
Permissions were inherited automatically.

114
00:05:01,100 --> 00:05:03,580
But access governance operated at human speed.

115
00:05:03,580 --> 00:05:07,300
Quarterly batches, manual reviews, documented approvals.

116
00:05:07,300 --> 00:05:11,300
The gap between how fast the system created things and how fast you could govern them grew

117
00:05:11,300 --> 00:05:12,300
every quarter.

118
00:05:12,300 --> 00:05:15,220
You weren't overworked because access management was complicated.

119
00:05:15,220 --> 00:05:19,380
You were overworked because the system had decided to give every user access to everything

120
00:05:19,380 --> 00:05:21,380
until you personally revoked it.

121
00:05:21,380 --> 00:05:23,300
And you can't revoke what you don't know exists.

122
00:05:23,300 --> 00:05:24,900
That wasn't control.

123
00:05:24,900 --> 00:05:29,020
Control would have meant the system made decisions based on defined rules.

124
00:05:29,020 --> 00:05:33,380
What you had was the illusion of control, the authority to document choices that were already

125
00:05:33,380 --> 00:05:34,780
made.

126
00:05:34,780 --> 00:05:36,820
Why human speed was never going to work?

127
00:05:36,820 --> 00:05:38,860
The fundamental flaw wasn't operational.

128
00:05:38,860 --> 00:05:40,420
It was architectural.

129
00:05:40,420 --> 00:05:42,900
Microsoft 365 doesn't operate at human speed.

130
00:05:42,900 --> 00:05:43,900
It operates at machine speed.

131
00:05:43,900 --> 00:05:44,900
That's not a metaphor.

132
00:05:44,900 --> 00:05:47,540
That's a measurable gap that grows wider every day.

133
00:05:47,540 --> 00:05:50,500
That team's workspace is created in milliseconds.

134
00:05:50,500 --> 00:05:51,860
Permissions are inherited instantly.

135
00:05:51,860 --> 00:05:54,940
A user gets access to a file by virtue of being in a group.

136
00:05:54,940 --> 00:05:58,340
A distribution list expands automatically and approval workflow triggers.

137
00:05:58,340 --> 00:05:59,860
A compliance rule applies.

138
00:05:59,860 --> 00:06:01,980
All of this happens at nanosecond scale.

139
00:06:01,980 --> 00:06:05,700
The system makes thousands of authorization decisions every second without waiting for

140
00:06:05,700 --> 00:06:06,700
you to blink.

141
00:06:06,700 --> 00:06:09,100
Then you review that team's workspace in days.

142
00:06:09,100 --> 00:06:11,460
You audit the permission inheritance in quarters.

143
00:06:11,460 --> 00:06:14,300
You notice the compliance drift in the monthly report.

144
00:06:14,300 --> 00:06:18,060
At that time, the system has already made the next thousand decisions and moved on.

145
00:06:18,060 --> 00:06:19,220
You were never fast enough.

146
00:06:19,220 --> 00:06:23,300
Not because you were slow, because the system was designed to move faster than humans can

147
00:06:23,300 --> 00:06:24,300
govern.

148
00:06:24,300 --> 00:06:25,900
A permission is inherited in nanoseconds.

149
00:06:25,900 --> 00:06:27,380
You audit it in 90 days.

150
00:06:27,380 --> 00:06:31,100
In that gap, the system has made 90 million authorization decisions.

151
00:06:31,100 --> 00:06:34,700
You're reviewing one, thinking you found the problem, not understanding that by the time

152
00:06:34,700 --> 00:06:38,700
you documented, the system has already created 10 new variants of the same problem.

153
00:06:38,700 --> 00:06:41,340
This isn't about hiring faster admins or better tools.

154
00:06:41,340 --> 00:06:45,540
This is about the mathematical impossibility of human oversight, keeping pace with automated

155
00:06:45,540 --> 00:06:46,940
decision making at scale.

156
00:06:46,940 --> 00:06:48,980
Here's how entropy accumulates in that gap.

157
00:06:48,980 --> 00:06:52,580
Every moment you don't act, the system continues making decisions without you.

158
00:06:52,580 --> 00:06:54,780
A team site is created with default settings.

159
00:06:54,780 --> 00:06:55,780
You don't know about it.

160
00:06:55,780 --> 00:06:57,140
The system didn't ask permission.

161
00:06:57,140 --> 00:06:58,140
It just created it.

162
00:06:58,140 --> 00:07:00,820
Ownership gets assigned to the person who created the team.

163
00:07:00,820 --> 00:07:01,820
They leave the company.

164
00:07:01,820 --> 00:07:02,820
The team stays.

165
00:07:02,820 --> 00:07:03,820
Now it's orphaned.

166
00:07:03,820 --> 00:07:04,820
The system doesn't care.

167
00:07:04,820 --> 00:07:07,100
The system has moved on to creating the next thousand teams.

168
00:07:07,100 --> 00:07:09,540
You find the orphaned team three months later.

169
00:07:09,540 --> 00:07:11,100
You check whether it has sensitive data.

170
00:07:11,100 --> 00:07:12,100
It does.

171
00:07:12,100 --> 00:07:13,100
You check who has access.

172
00:07:13,100 --> 00:07:14,860
40 people from three different departments.

173
00:07:14,860 --> 00:07:16,420
You check whether it was supposed to be there.

174
00:07:16,420 --> 00:07:17,420
No one knows.

175
00:07:17,420 --> 00:07:18,420
You reach out to the original owner.

176
00:07:18,420 --> 00:07:19,420
They've already left.

177
00:07:19,420 --> 00:07:20,620
You document that it needs review.

178
00:07:20,620 --> 00:07:22,660
You schedule it for the next governance meeting.

179
00:07:22,660 --> 00:07:23,980
The meeting is in six weeks.

180
00:07:23,980 --> 00:07:27,900
By then, someone will have shared another hundred files into that same team because the system

181
00:07:27,900 --> 00:07:29,100
doesn't know it's orphaned.

182
00:07:29,100 --> 00:07:32,260
It just knows the team exists and the permissions allow it.

183
00:07:32,260 --> 00:07:33,260
That's entropy.

184
00:07:33,260 --> 00:07:34,260
Configuration drift.

185
00:07:34,260 --> 00:07:35,260
Shadow sites.

186
00:07:35,260 --> 00:07:36,260
Ungoverned access.

187
00:07:36,260 --> 00:07:38,100
It's not created by chaos.

188
00:07:38,100 --> 00:07:43,000
It's created by the deliberate gap between machine speed decision making and human speed

189
00:07:43,000 --> 00:07:44,000
oversight.

190
00:07:44,000 --> 00:07:46,340
You are not hired to move faster than the system.

191
00:07:46,340 --> 00:07:48,980
You are hired because the system couldn't move slower.

192
00:07:48,980 --> 00:07:53,900
The platform was built for distributed teams, instant collaboration, automatic inheritance,

193
00:07:53,900 --> 00:07:55,900
and ask forgiveness later permissions.

194
00:07:55,900 --> 00:07:56,900
It was built for speed.

195
00:07:56,900 --> 00:07:57,900
It was built to scale.

196
00:07:57,900 --> 00:08:01,940
It was built for a world where the bottleneck was collaboration, not governance.

197
00:08:01,940 --> 00:08:02,940
And it worked.

198
00:08:02,940 --> 00:08:05,060
The system enabled organizations to move fast.

199
00:08:05,060 --> 00:08:06,900
Teams could be created in minutes.

200
00:08:06,900 --> 00:08:09,700
Teams could get access to resources instantly.

201
00:08:09,700 --> 00:08:11,100
Collaboration happened without friction.

202
00:08:11,100 --> 00:08:15,420
The trade-off was that governance had to happen later after the fact in cleanup mode and

203
00:08:15,420 --> 00:08:17,460
cleanup mode at scale is not governance.

204
00:08:17,460 --> 00:08:18,660
It's damage assessment.

205
00:08:18,660 --> 00:08:20,700
Every competent admin understood this trade-off.

206
00:08:20,700 --> 00:08:22,900
You could move fast or you could be certain, but not both.

207
00:08:22,900 --> 00:08:24,380
The system chose fast.

208
00:08:24,380 --> 00:08:28,340
You are hired to manage the certainty debt that accumulated as a consequence.

209
00:08:28,340 --> 00:08:29,540
But here's what you couldn't do.

210
00:08:29,540 --> 00:08:31,540
You couldn't make the system move slower.

211
00:08:31,540 --> 00:08:34,460
You couldn't convince it to ask permission before creating things.

212
00:08:34,460 --> 00:08:37,380
You couldn't make it wait for approval before inheriting permissions.

213
00:08:37,380 --> 00:08:42,100
You couldn't reprogram 90 years of Microsoft's automation philosophy because one administrator

214
00:08:42,100 --> 00:08:43,300
was struggling to keep up.

215
00:08:43,300 --> 00:08:44,700
You were not solving a problem.

216
00:08:44,700 --> 00:08:48,740
You were managing the consequences of a design choice that was made before you arrived and

217
00:08:48,740 --> 00:08:50,540
would persist long after you left.

218
00:08:50,540 --> 00:08:54,020
The gap between machine speed and human speed isn't closing.

219
00:08:54,020 --> 00:08:55,620
Every year the system gets faster.

220
00:08:55,620 --> 00:08:57,660
Every quarter there are more decisions to govern.

221
00:08:57,660 --> 00:08:59,060
Every month the entropy grows.

222
00:08:59,060 --> 00:09:03,140
And every day you're trying to do something that was always mathematically impossible.

223
00:09:03,140 --> 00:09:06,860
It's a proof decisions at human speed for a system that operates at machine speed.

224
00:09:06,860 --> 00:09:08,740
That's not a failure of administration.

225
00:09:08,740 --> 00:09:13,620
That's the architectural inevitability that makes manual administration obsolete by definition.

226
00:09:13,620 --> 00:09:14,940
The entropy generator.

227
00:09:14,940 --> 00:09:18,140
This gap between speed and oversight didn't create isolated problems.

228
00:09:18,140 --> 00:09:22,300
It created a system-wide mechanism that guaranteed entropy at scale.

229
00:09:22,300 --> 00:09:25,300
Every policy exception you granted became a permanent rule.

230
00:09:25,300 --> 00:09:28,140
Someone needed access to a sensitive SharePoint site for a project.

231
00:09:28,140 --> 00:09:29,140
They made the request.

232
00:09:29,140 --> 00:09:30,140
You reviewed it.

233
00:09:30,140 --> 00:09:31,140
You approved it.

234
00:09:31,140 --> 00:09:32,140
The project ended.

235
00:09:32,140 --> 00:09:34,140
Six months later they left the company.

236
00:09:34,140 --> 00:09:35,940
The access persisted a year later.

237
00:09:35,940 --> 00:09:38,100
Someone asked why they had access to the site.

238
00:09:38,100 --> 00:09:39,100
No one knew.

239
00:09:39,100 --> 00:09:40,100
You looked it up.

240
00:09:40,100 --> 00:09:41,620
The original justification was archived.

241
00:09:41,620 --> 00:09:42,780
The project was complete.

242
00:09:42,780 --> 00:09:44,140
But removing it felt risky.

243
00:09:44,140 --> 00:09:45,140
What if something broke?

244
00:09:45,140 --> 00:09:46,700
What if they still needed it for something?

245
00:09:46,700 --> 00:09:50,700
So you documented it for review and scheduled the removal for next quarter.

246
00:09:50,700 --> 00:09:51,700
Next quarter came.

247
00:09:51,700 --> 00:09:53,060
There were 50 items in the queue.

248
00:09:53,060 --> 00:09:56,540
You got to this one so there was no recent activity marked it as will investigate further

249
00:09:56,540 --> 00:09:57,540
and move on.

250
00:09:57,540 --> 00:09:59,260
That's not a policy exception anymore.

251
00:09:59,260 --> 00:10:01,180
That's standing privilege.

252
00:10:01,180 --> 00:10:05,620
Every just this one's access became permanent standing access because you couldn't revoke.

253
00:10:05,620 --> 00:10:07,100
What was never formally granted.

254
00:10:07,100 --> 00:10:08,980
What had no documented reason.

255
00:10:08,980 --> 00:10:10,700
What no one remembered requesting.

256
00:10:10,700 --> 00:10:14,460
The system had no concept of this access was supposed to be temporary.

257
00:10:14,460 --> 00:10:15,460
In new access existed.

258
00:10:15,460 --> 00:10:16,820
It didn't know why.

259
00:10:16,820 --> 00:10:18,860
Without explicit reason you couldn't revoke it.

260
00:10:18,860 --> 00:10:21,500
Every unlabeled file became a governance blind spot.

261
00:10:21,500 --> 00:10:23,260
SharePoint stores millions of files.

262
00:10:23,260 --> 00:10:24,740
Most are never labeled.

263
00:10:24,740 --> 00:10:27,340
Most never touch a sensitivity classification.

264
00:10:27,340 --> 00:10:31,420
One puts a spreadsheet in a public sharePoint site because that's where their team collaborates.

265
00:10:31,420 --> 00:10:33,260
The spreadsheet contains salary data.

266
00:10:33,260 --> 00:10:34,260
No one labeled it.

267
00:10:34,260 --> 00:10:35,260
No one encrypted it.

268
00:10:35,260 --> 00:10:36,460
No one restricted access to it.

269
00:10:36,460 --> 00:10:40,340
The system doesn't flag it because the system has no way to know what a spreadsheet contains

270
00:10:40,340 --> 00:10:42,340
without opening it and analyzing it.

271
00:10:42,340 --> 00:10:46,060
You need to scan every file, classify every document, apply every label.

272
00:10:46,060 --> 00:10:49,460
You could hire three people and run them full time for a year and still not finish.

273
00:10:49,460 --> 00:10:50,780
So the files stay unlabeled.

274
00:10:50,780 --> 00:10:53,020
The governance blind spot persists.

275
00:10:53,020 --> 00:10:55,060
Configuration drift isn't caused by bad configuration.

276
00:10:55,060 --> 00:10:57,500
It was caused by the absence of continuous evaluation.

277
00:10:57,500 --> 00:11:00,020
This is where the mechanism accelerates.

278
00:11:00,020 --> 00:11:01,740
Configuration drift wasn't a bug you could patch.

279
00:11:01,740 --> 00:11:06,820
It was the inevitable outcome of a system designed to operate faster than humans can govern.

280
00:11:06,820 --> 00:11:09,620
Every policy you didn't enforce created a precedent.

281
00:11:09,620 --> 00:11:12,740
Every exception you allowed became a template for the next exception.

282
00:11:12,740 --> 00:11:16,580
Every compromise you made to keep the business moving was a data point that the system remembered.

283
00:11:16,580 --> 00:11:18,980
You approved external sharing for one user.

284
00:11:18,980 --> 00:11:22,140
Now every user assumes external sharing is allowed.

285
00:11:22,140 --> 00:11:24,340
You granted elevated privilege for one team.

286
00:11:24,340 --> 00:11:25,340
Now every team requests it.

287
00:11:25,340 --> 00:11:26,340
You exempted one policy.

288
00:11:26,340 --> 00:11:29,020
Now every department claims they deserve the same exemption.

289
00:11:29,020 --> 00:11:30,020
Entropy compounds.

290
00:11:30,020 --> 00:11:32,780
One exception becomes 10 becomes 100 becomes 10,000.

291
00:11:32,780 --> 00:11:33,780
The rules fragment.

292
00:11:33,780 --> 00:11:35,180
The policies contradict.

293
00:11:35,180 --> 00:11:37,540
The system operates according to competing precedents.

294
00:11:37,540 --> 00:11:39,300
Configuration becomes subjective.

295
00:11:39,300 --> 00:11:41,140
Enforcement becomes inconsistent.

296
00:11:41,140 --> 00:11:43,460
Governance becomes theater.

297
00:11:43,460 --> 00:11:49,660
By 2026 most organizations had accumulated so much entropy that manual review was mathematically impossible.

298
00:11:49,660 --> 00:11:51,340
You couldn't audit your way out of it.

299
00:11:51,340 --> 00:11:52,900
You couldn't enforce your way through it.

300
00:11:52,900 --> 00:11:57,500
The system had created too many exceptions, too many special cases, too many workarounds.

301
00:11:57,500 --> 00:12:02,740
A competent admin looked at the state of permission inheritance across a mid-size tenant and understood.

302
00:12:02,740 --> 00:12:04,740
This isn't something that can be manually governed.

303
00:12:04,740 --> 00:12:07,540
This is something that has to be completely rebuilt from first principles.

304
00:12:07,540 --> 00:12:09,380
And by then you were already years behind.

305
00:12:09,380 --> 00:12:11,780
You weren't behind on work that the work was behind on you.

306
00:12:11,780 --> 00:12:16,780
The system had been making unauthorized decisions faster than you could document what decisions were already made.

307
00:12:16,780 --> 00:12:18,500
That's not administrative failure.

308
00:12:18,500 --> 00:12:22,780
That's the mechanics of entropy in a system where decisions are made automatically.

309
00:12:22,780 --> 00:12:24,660
And governance happens in batches.

310
00:12:24,660 --> 00:12:28,380
The system wins every time because the system doesn't need your permission to run.

311
00:12:28,380 --> 00:12:31,500
It just needs you to approve its decisions after they're already made.

312
00:12:31,500 --> 00:12:36,220
And by then it's already made the next 10,000 said the conditional chaos problem.

313
00:12:36,220 --> 00:12:38,620
The real architectural failure wasn't in what you did.

314
00:12:38,620 --> 00:12:41,740
It was in how the system forced you to make decisions.

315
00:12:41,740 --> 00:12:46,860
Conditional access policies started as clean logic, simple, deterministic.

316
00:12:46,860 --> 00:12:52,500
If user is in high risk group then deny access unless they're using a compliant device and have MFA enabled.

317
00:12:52,500 --> 00:12:53,780
That's a rule. That's governance.

318
00:12:53,780 --> 00:12:57,820
That's a statement of security intent that a machine can enforce consistently.

319
00:12:57,820 --> 00:12:59,860
But then the business needed an exception.

320
00:12:59,860 --> 00:13:02,180
Sales needed access from home on personal devices.

321
00:13:02,180 --> 00:13:03,660
So you added an exception clause.

322
00:13:03,660 --> 00:13:06,780
If user is in sales and it's after hours then allow it.

323
00:13:06,780 --> 00:13:09,780
Now your policy reads if high risk group deny,

324
00:13:09,780 --> 00:13:11,780
acceptive sales after hours.

325
00:13:11,780 --> 00:13:15,900
Then I'd needed to disable the rule for their own team during maintenance windows.

326
00:13:15,900 --> 00:13:17,100
So you added another clause.

327
00:13:17,100 --> 00:13:22,060
Unless the user is in IT and the time is 2am to 4am on Tuesday.

328
00:13:22,060 --> 00:13:25,180
Then there was a contractor who needed access just for the fiscal year.

329
00:13:25,180 --> 00:13:26,620
So you added temporal logic.

330
00:13:26,620 --> 00:13:29,660
But if the user's access expires on this date allow it anyway,

331
00:13:29,660 --> 00:13:34,780
then there was the executive who needed access from anywhere anytime for anything because executives never follow policies.

332
00:13:34,780 --> 00:13:38,860
So you added a carve out maybe Q if the user is flagged as executive.

333
00:13:38,860 --> 00:13:40,220
You didn't make bad decisions.

334
00:13:40,220 --> 00:13:42,860
You made reasonable exceptions to reasonable policies.

335
00:13:42,860 --> 00:13:47,620
But each exception clause converted your deterministic security model into something else entirely.

336
00:13:47,620 --> 00:13:53,620
A probabilistic system where the outcome of any given access attempt depended on a tangle of overlapping exceptions,

337
00:13:53,620 --> 00:13:57,700
carve-outs, temporal rules and special cases.

338
00:13:57,700 --> 00:14:04,940
By the time you had written five policies covering the main security posture and added exceptions for sales, IT, contractors, executives,

339
00:14:04,940 --> 00:14:09,220
regional requirements and compliance exceptions, you were no longer writing policy.

340
00:14:09,220 --> 00:14:10,660
You were writing conditional chaos.

341
00:14:10,660 --> 00:14:12,300
Here's what happened to the next audit.

342
00:14:12,300 --> 00:14:16,460
You inherited someone else's conditional access policies from the previous admin.

343
00:14:16,460 --> 00:14:18,860
You need to understand where the access is being controlled properly.

344
00:14:18,860 --> 00:14:20,140
So you read the policy.

345
00:14:20,140 --> 00:14:25,820
If location is not trusted, deny access except if device is managed unless the user is in a group called exec exceptions.

346
00:14:25,820 --> 00:14:30,180
But if the user has activated PIM in the last 10 minutes, allow them anyway.

347
00:14:30,180 --> 00:14:32,820
You stop reading. You have no idea what this policy actually does.

348
00:14:32,820 --> 00:14:34,620
Not because you're not smart enough.

349
00:14:34,620 --> 00:14:40,900
Because the policy itself is incoherent, the logic has become so layered that predicting the outcome of any specific access attempt

350
00:14:40,900 --> 00:14:46,460
requires you to trace through six nested conditions, each of which depends on states that change in real time.

351
00:14:46,460 --> 00:14:48,500
You can't audit that. You can't reason about it.

352
00:14:48,500 --> 00:14:52,300
You can't predict whether a new threat pattern will be caught or will slip through.

353
00:14:52,300 --> 00:14:55,020
Each exception made the next threat respond slower.

354
00:14:55,020 --> 00:14:56,500
A new attack vector emerges.

355
00:14:56,500 --> 00:14:58,860
You need to block access from a certain country,

356
00:14:58,860 --> 00:15:01,620
but you have to check whether any of your exceptions would allow it anyway.

357
00:15:01,620 --> 00:15:04,900
You find that your executives can access from anywhere,

358
00:15:04,900 --> 00:15:07,180
carve-out, bypasses the country-based block.

359
00:15:07,180 --> 00:15:09,420
So you add another exception to the exception.

360
00:15:09,420 --> 00:15:11,860
Unless the threat is a country-based block.

361
00:15:11,860 --> 00:15:14,580
Now you have a policy about a policy about a policy.

362
00:15:14,580 --> 00:15:17,380
The system didn't fail because you made bad decisions.

363
00:15:17,380 --> 00:15:21,220
The system failed because humans can't maintain logical consistency at scale.

364
00:15:21,220 --> 00:15:23,060
You understood every individual exception.

365
00:15:23,060 --> 00:15:24,620
Each one made sense in the moment,

366
00:15:24,620 --> 00:15:29,740
but the aggregate, the interaction of 20 exception clauses across 10 policies affecting 300 users,

367
00:15:29,740 --> 00:15:33,220
was no longer something a human brain could coherently hold.

368
00:15:33,220 --> 00:15:37,540
By the time you realized the policies were unmanageable, they were already unmentainable,

369
00:15:37,540 --> 00:15:40,260
you couldn't simplify them without potentially breaking something,

370
00:15:40,260 --> 00:15:42,340
you couldn't audit them without spending weeks,

371
00:15:42,340 --> 00:15:43,580
reverse engineering the logic,

372
00:15:43,580 --> 00:15:46,380
you couldn't update them without risking unforeseen consequences.

373
00:15:46,380 --> 00:15:49,540
So you stopped updating them, they calcified, they became legacy,

374
00:15:49,540 --> 00:15:52,060
they persisted not because they were good policy,

375
00:15:52,060 --> 00:15:54,500
but because no one was confident enough to change them.

376
00:15:54,500 --> 00:15:57,660
That's when you understood, you weren't managing a security model,

377
00:15:57,660 --> 00:15:59,700
you were managing the wreckage of a security model

378
00:15:59,700 --> 00:16:02,700
that had been undermined by a thousand reasonable compromises.

379
00:16:02,700 --> 00:16:04,220
Access reviews as theater.

380
00:16:04,220 --> 00:16:06,940
Let's talk about the ritual that every admin knows is broken.

381
00:16:06,940 --> 00:16:08,260
The quarterly access review.

382
00:16:08,260 --> 00:16:11,740
The checkbox that made leadership feel secure while being entirely theater.

383
00:16:11,740 --> 00:16:12,740
Here's how it works.

384
00:16:12,740 --> 00:16:15,740
Microsoft says you should review access every 90 days.

385
00:16:15,740 --> 00:16:17,580
It's a best practice, it's a control.

386
00:16:17,580 --> 00:16:19,020
It demonstrates due diligence.

387
00:16:19,020 --> 00:16:23,020
So you set it up every quarter, you send notifications to team owners.

388
00:16:23,020 --> 00:16:26,580
Please certify that the following users still need access to this team.

389
00:16:26,580 --> 00:16:28,780
Respond by Friday or we'll assume you approve.

390
00:16:28,780 --> 00:16:30,180
40% don't respond.

391
00:16:30,180 --> 00:16:32,820
You can't block 40% of your organization's access.

392
00:16:32,820 --> 00:16:34,100
The business breaks.

393
00:16:34,100 --> 00:16:36,460
Teams can't communicate, project stall.

394
00:16:36,460 --> 00:16:37,740
Users call the help desk.

395
00:16:37,740 --> 00:16:38,900
The help desk calls you.

396
00:16:38,900 --> 00:16:41,540
You're blamed for blocking access that the business needed.

397
00:16:41,540 --> 00:16:43,900
So you approve by default, you document the approval,

398
00:16:43,900 --> 00:16:45,180
you move to the next batch.

399
00:16:45,180 --> 00:16:47,220
What you've just done is perform an access review

400
00:16:47,220 --> 00:16:51,100
where access that no one confirmed is required now has documented approval.

401
00:16:51,100 --> 00:16:54,020
You've created a compliance artifact that proves you reviewed it.

402
00:16:54,020 --> 00:16:55,580
You haven't actually reviewed anything.

403
00:16:55,580 --> 00:16:58,620
You've documented that the owner didn't respond and you approved it anyway.

404
00:16:58,620 --> 00:17:00,500
Consider what's actually in those permissions.

405
00:17:00,500 --> 00:17:03,580
Some of it is there because someone granted it four years ago.

406
00:17:03,580 --> 00:17:05,300
That person left the company two years ago.

407
00:17:05,300 --> 00:17:06,260
The access remained.

408
00:17:06,260 --> 00:17:07,260
It never expires.

409
00:17:07,260 --> 00:17:10,100
It's never reviewed because the original owner can't respond.

410
00:17:10,100 --> 00:17:11,780
They're not in the organization anymore.

411
00:17:11,780 --> 00:17:13,660
But their legacy access persists.

412
00:17:13,660 --> 00:17:17,260
Now you're approving access that was granted by someone who isn't employed anymore

413
00:17:17,260 --> 00:17:21,500
for reasons that are undocumented to resources they may no longer even know exist.

414
00:17:21,500 --> 00:17:22,700
That's not governance.

415
00:17:22,700 --> 00:17:24,380
That's necromancy.

416
00:17:24,380 --> 00:17:25,820
The real problem is this.

417
00:17:25,820 --> 00:17:28,500
The system requires you to make a decision every 90 days

418
00:17:28,500 --> 00:17:30,700
that should never have needed making in the first place.

419
00:17:30,700 --> 00:17:33,660
If access was supposed to be temporary, it should have expired.

420
00:17:33,660 --> 00:17:35,220
If it required periodic review,

421
00:17:35,220 --> 00:17:37,660
the system should have built in expiration criteria.

422
00:17:37,660 --> 00:17:40,060
If it should have been revoked when someone changed roles,

423
00:17:40,060 --> 00:17:42,060
the system should have revoked it automatically.

424
00:17:42,060 --> 00:17:44,660
Instead, the system creates access that lives forever.

425
00:17:44,660 --> 00:17:48,420
Then it requires humans to remember that it exists, verify that it's still needed

426
00:17:48,420 --> 00:17:51,420
and manually revoke it on a 90 day cycle forever.

427
00:17:51,420 --> 00:17:54,020
For every user, for every role, for every resource.

428
00:17:54,020 --> 00:17:56,820
Multiply that by thousands of users and hundreds of resources

429
00:17:56,820 --> 00:17:59,460
and you're asking humans to make millions of decisions

430
00:17:59,460 --> 00:18:03,980
that a machine should have made once at creation time with clear expiration built in.

431
00:18:03,980 --> 00:18:05,460
Here's what makes it theatre.

432
00:18:05,460 --> 00:18:07,940
The approval you're documenting isn't based on information.

433
00:18:07,940 --> 00:18:09,540
It's based on absence of objection.

434
00:18:09,540 --> 00:18:10,900
You approve because no one said no.

435
00:18:10,900 --> 00:18:12,580
That's not review. That's default permit.

436
00:18:12,580 --> 00:18:15,180
And default permit is what you get when the system is designed

437
00:18:15,180 --> 00:18:16,980
to assume access should be granted

438
00:18:16,980 --> 00:18:19,380
unless there's a specific reason to revoke it.

439
00:18:19,380 --> 00:18:21,460
The system didn't start this way by accident.

440
00:18:21,460 --> 00:18:24,900
It started this way because access decisions are philosophically hard

441
00:18:24,900 --> 00:18:26,620
to make at the moment of grant.

442
00:18:26,620 --> 00:18:28,420
So the system defers the decision.

443
00:18:28,420 --> 00:18:30,380
Access is granted tentatively.

444
00:18:30,380 --> 00:18:32,860
The decision to revoke is pushed to the future.

445
00:18:32,860 --> 00:18:34,620
Now it's quarterly. Now it's your problem.

446
00:18:34,620 --> 00:18:36,020
But here's the architectural truth.

447
00:18:36,020 --> 00:18:39,580
If you needed human review every 90 days to decide whether to keep access

448
00:18:39,580 --> 00:18:43,420
then the system created access that was already uncertain at grant time.

449
00:18:43,420 --> 00:18:45,900
The system didn't know whether the access should exist.

450
00:18:45,900 --> 00:18:48,620
So it created it anyway and asked you to figure it out later.

451
00:18:48,620 --> 00:18:51,340
By doing quarterly access reviews, you're not governing access.

452
00:18:51,340 --> 00:18:53,500
You're performing the illusion of governance.

453
00:18:53,500 --> 00:18:56,140
You're creating artifacts that prove someone examined it.

454
00:18:56,140 --> 00:18:57,540
The examination is nonexistent.

455
00:18:57,540 --> 00:18:58,860
The approval is automatic.

456
00:18:58,860 --> 00:19:01,740
The whole exercise is theatre designed to satisfy auditors

457
00:19:01,740 --> 00:19:03,740
while not addressing the fundamental problem.

458
00:19:03,740 --> 00:19:06,540
Access that should have expiration criteria built in

459
00:19:06,540 --> 00:19:09,740
is treated as if it should live forever and be reviewed periodically

460
00:19:09,740 --> 00:19:11,980
to justify that eternal existence.

461
00:19:11,980 --> 00:19:15,580
That's the system you were asked to defend and the system is indefensible.

462
00:19:15,580 --> 00:19:17,020
The life cycle sprawl.

463
00:19:17,020 --> 00:19:19,820
Teams and SharePoints sites tell the same story as everything else

464
00:19:19,820 --> 00:19:21,260
you've been trying to govern.

465
00:19:21,260 --> 00:19:24,620
The story of a system that creates complexity faster than you can manage it.

466
00:19:24,620 --> 00:19:26,260
A team is created in seconds.

467
00:19:26,260 --> 00:19:28,540
Someone clicks a button. The team exists.

468
00:19:28,540 --> 00:19:30,780
Ownership is assigned to whoever created it.

469
00:19:30,780 --> 00:19:32,460
The team has default settings.

470
00:19:32,460 --> 00:19:34,140
Everyone in the organization can find it.

471
00:19:34,140 --> 00:19:35,340
Some teams are for projects.

472
00:19:35,340 --> 00:19:36,540
Some are for departments.

473
00:19:36,540 --> 00:19:38,300
Some are for informal collaboration.

474
00:19:38,300 --> 00:19:40,700
Some are created as experiments and abandoned.

475
00:19:40,700 --> 00:19:42,540
The system doesn't distinguish between them.

476
00:19:42,540 --> 00:19:44,140
It creates them all at the same speed.

477
00:19:44,140 --> 00:19:45,980
It stores them all with the same resources.

478
00:19:45,980 --> 00:19:47,100
It keeps them all forever.

479
00:19:47,100 --> 00:19:47,980
That's the design.

480
00:19:47,980 --> 00:19:49,100
Create instantly.

481
00:19:49,100 --> 00:19:50,460
Store indefinitely.

482
00:19:50,460 --> 00:19:52,380
Expect humans to clean up later.

483
00:19:52,380 --> 00:19:53,980
Owners leave the organization.

484
00:19:53,980 --> 00:19:55,020
The team persists.

485
00:19:55,020 --> 00:19:57,020
No one knows who owns it anymore.

486
00:19:57,020 --> 00:19:59,740
You might have automation that detects often teams.

487
00:19:59,740 --> 00:20:00,380
Someone left.

488
00:20:00,380 --> 00:20:01,820
The owner flag is no longer valid.

489
00:20:01,820 --> 00:20:02,860
But you can't delete it.

490
00:20:02,860 --> 00:20:05,500
What if someone in a different department is still using it for something?

491
00:20:05,500 --> 00:20:08,460
What if there's data in the team that's needed for compliance purposes?

492
00:20:08,460 --> 00:20:10,060
What if a user calls in a panic?

493
00:20:10,060 --> 00:20:13,500
Because a team they didn't know they were a member of suddenly became inaccessible?

494
00:20:13,500 --> 00:20:14,860
You're liable for the data loss.

495
00:20:14,860 --> 00:20:16,620
You're liable for the access disruption.

496
00:20:16,620 --> 00:20:18,700
You're liable for the archive that wasn't preserved.

497
00:20:18,700 --> 00:20:22,140
So the often team stays unowned, ungoverned,

498
00:20:22,140 --> 00:20:25,260
slowly accumulating data that no one intends to be there anymore

499
00:20:25,260 --> 00:20:28,140
because the system keeps accepting uploads and file shares

500
00:20:28,140 --> 00:20:30,540
from anyone who has access to the team.

501
00:20:30,540 --> 00:20:32,620
Data retention policies are written once.

502
00:20:32,620 --> 00:20:33,740
Never tuned.

503
00:20:33,740 --> 00:20:35,020
You set a policy.

504
00:20:35,020 --> 00:20:37,660
Delete teams after two years of inactivity.

505
00:20:37,660 --> 00:20:38,700
It sounds reasonable.

506
00:20:38,700 --> 00:20:39,740
Two years is a long time.

507
00:20:39,740 --> 00:20:42,780
If a team hasn't been used in two years, it's probably dead.

508
00:20:42,780 --> 00:20:44,620
Except you wrote that policy three years ago.

509
00:20:44,620 --> 00:20:46,140
You never checked whether it's working.

510
00:20:46,140 --> 00:20:47,980
You never looked at what's being deleted.

511
00:20:47,980 --> 00:20:50,780
You never measured whether two years is actually the right threshold.

512
00:20:50,780 --> 00:20:52,860
It just sits there firing automatically,

513
00:20:52,860 --> 00:20:55,420
deleting things according to logic that made sense

514
00:20:55,420 --> 00:20:56,860
in a different business context.

515
00:20:56,860 --> 00:20:59,900
By year three, no one knows what half the site's contain.

516
00:20:59,900 --> 00:21:01,180
SharePoint storage is cheap.

517
00:21:01,180 --> 00:21:03,340
It's easier to archive sites than delete them.

518
00:21:03,340 --> 00:21:04,860
It's easier to let them sit there

519
00:21:04,860 --> 00:21:07,580
than to investigate whether they contain important data.

520
00:21:07,580 --> 00:21:08,780
A site gets archived.

521
00:21:08,780 --> 00:21:12,380
Then someone asks for files from a project that ended five years ago.

522
00:21:12,380 --> 00:21:13,260
The site is archived.

523
00:21:13,260 --> 00:21:14,220
You have to restore it.

524
00:21:14,220 --> 00:21:15,340
The restore takes time.

525
00:21:15,340 --> 00:21:16,780
The files are recovered.

526
00:21:16,780 --> 00:21:18,700
No one has time to re-archive it properly.

527
00:21:18,700 --> 00:21:20,620
So it sits in the archive queue half restored.

528
00:21:20,620 --> 00:21:21,820
This happens a thousand times.

529
00:21:21,820 --> 00:21:25,020
Now you have thousands of sites in unknown states of partial restoration.

530
00:21:25,020 --> 00:21:27,260
You can't delete them because someone might need them.

531
00:21:27,260 --> 00:21:29,580
That's the phrase you hear every time you propose cleanup.

532
00:21:29,580 --> 00:21:30,860
Someone might need them.

533
00:21:30,860 --> 00:21:32,300
In a hundred person organization,

534
00:21:32,300 --> 00:21:35,260
there are probably five hundred archived or dormant sites.

535
00:21:35,260 --> 00:21:36,700
One of them might contain something

536
00:21:36,700 --> 00:21:38,460
that a single person needs one day.

537
00:21:38,460 --> 00:21:39,260
So you keep them all.

538
00:21:39,260 --> 00:21:40,140
You pay for storage.

539
00:21:40,140 --> 00:21:41,660
You pay for the backup licensing.

540
00:21:41,660 --> 00:21:44,460
You pay for the compliance burden of keeping data.

541
00:21:44,460 --> 00:21:45,900
You don't know exists anymore.

542
00:21:45,900 --> 00:21:48,460
You can't keep them because they're consuming resources

543
00:21:48,460 --> 00:21:49,980
and creating security surface.

544
00:21:49,980 --> 00:21:51,820
An archived site is still a site.

545
00:21:51,820 --> 00:21:53,500
It still has a SharePoint structure.

546
00:21:53,500 --> 00:21:55,180
It still has permission inheritance.

547
00:21:55,180 --> 00:21:56,940
It still has potential vulnerabilities.

548
00:21:56,940 --> 00:21:58,780
If the owning team no longer exists,

549
00:21:58,780 --> 00:22:00,700
who's responsible for security?

550
00:22:00,700 --> 00:22:02,380
If the site wasn't reviewed in five years,

551
00:22:02,380 --> 00:22:03,420
what's the permission state?

552
00:22:03,420 --> 00:22:04,300
Who can access it?

553
00:22:04,300 --> 00:22:05,260
What if there's a breach?

554
00:22:05,260 --> 00:22:07,020
And the attacker finds an orphaned site

555
00:22:07,020 --> 00:22:10,220
with four years of unencrypted email export sitting in it?

556
00:22:10,220 --> 00:22:11,660
This is the life cycle sprawl.

557
00:22:11,660 --> 00:22:14,860
The system created sites faster than you could govern them.

558
00:22:14,860 --> 00:22:15,820
They accumulate.

559
00:22:15,820 --> 00:22:16,620
They persist.

560
00:22:16,620 --> 00:22:17,580
They fragment.

561
00:22:17,580 --> 00:22:20,380
The state of any given site becomes unknowable.

562
00:22:20,380 --> 00:22:22,460
You spend your time arguing with business units

563
00:22:22,460 --> 00:22:23,980
about whether sites can be deleted.

564
00:22:23,980 --> 00:22:25,740
You send compliance notifications.

565
00:22:25,740 --> 00:22:27,180
You set up retention policies.

566
00:22:27,180 --> 00:22:28,700
You create archive workflows.

567
00:22:28,700 --> 00:22:30,700
You build your entire administrative practice

568
00:22:30,700 --> 00:22:32,700
around managing the consequences of a system

569
00:22:32,700 --> 00:22:34,940
that decided to create unlimited sites

570
00:22:34,940 --> 00:22:36,220
and store them indefinitely.

571
00:22:36,220 --> 00:22:38,220
By 2026, the life cycle sprawl

572
00:22:38,220 --> 00:22:39,500
was one of the primary reasons

573
00:22:39,500 --> 00:22:41,340
that co-pilot deployment stalled.

574
00:22:41,340 --> 00:22:42,860
You couldn't deploy an AI system

575
00:22:42,860 --> 00:22:44,540
that could see and act on this data

576
00:22:44,540 --> 00:22:46,540
until you'd cleaned up the data itself.

577
00:22:46,540 --> 00:22:47,580
And you couldn't clean it up

578
00:22:47,580 --> 00:22:49,340
because the system had been creating it faster

579
00:22:49,340 --> 00:22:50,620
than you could categorize it.

580
00:22:50,620 --> 00:22:51,820
That's not a cleaner problem.

581
00:22:51,820 --> 00:22:53,020
That's a design problem.

582
00:22:53,020 --> 00:22:54,860
And clean up is the wrong answer.

583
00:22:54,860 --> 00:22:56,460
The shadow AI moment.

584
00:22:56,460 --> 00:22:58,140
This is where the story gets interesting.

585
00:22:58,140 --> 00:23:00,700
This is where manual administration finally broke.

586
00:23:00,700 --> 00:23:03,740
57% of employees use personal accounts for AI tools

587
00:23:03,740 --> 00:23:05,660
because IT approval takes too long.

588
00:23:05,660 --> 00:23:07,260
Not because they're insubordinate,

589
00:23:07,260 --> 00:23:08,300
because they're pragmatic,

590
00:23:08,300 --> 00:23:10,940
because they understand something you haven't articulated yet.

591
00:23:10,940 --> 00:23:13,580
The system moves faster than the governance process.

592
00:23:13,580 --> 00:23:14,780
The business needs an answer.

593
00:23:14,780 --> 00:23:16,460
ChatGPT provides it in two minutes.

594
00:23:16,460 --> 00:23:18,060
Your approval process takes two weeks.

595
00:23:18,060 --> 00:23:19,660
The business uses ChatGPT.

596
00:23:19,660 --> 00:23:21,740
Your approval process becomes irrelevant.

597
00:23:21,740 --> 00:23:24,460
They're not bypassing you because you're incompetent.

598
00:23:24,460 --> 00:23:26,780
They're bypassing you because you represent latency

599
00:23:26,780 --> 00:23:29,260
and latency is now a competitive disadvantage.

600
00:23:29,260 --> 00:23:30,540
Think about the timeline.

601
00:23:30,540 --> 00:23:32,300
An employee needs to analyze data.

602
00:23:32,300 --> 00:23:33,500
They ask IT for a tool.

603
00:23:33,500 --> 00:23:34,380
I'd create a ticket.

604
00:23:34,380 --> 00:23:35,820
IT assigns it to someone.

605
00:23:35,820 --> 00:23:39,020
Someone checks whether the tool is on the approved list.

606
00:23:39,020 --> 00:23:39,660
It's not.

607
00:23:39,660 --> 00:23:41,260
Someone starts the evaluation process.

608
00:23:41,260 --> 00:23:42,220
Is this tool compliant?

609
00:23:42,220 --> 00:23:43,740
Does it meet security standards?

610
00:23:43,740 --> 00:23:44,700
Is there licensing?

611
00:23:44,700 --> 00:23:45,900
What's the data exposure?

612
00:23:45,900 --> 00:23:47,100
The evaluation takes weeks.

613
00:23:47,100 --> 00:23:47,820
Maybe a month.

614
00:23:47,820 --> 00:23:51,020
Meanwhile, the employee has already used ChatGPT to solve the problem.

615
00:23:51,020 --> 00:23:52,380
They've moved on to the next problem.

616
00:23:52,380 --> 00:23:54,380
They've actually forgotten they made the request.

617
00:23:54,380 --> 00:23:55,980
Then the approval comes through.

618
00:23:55,980 --> 00:23:57,020
The tool is now approved.

619
00:23:57,020 --> 00:23:58,380
The employee doesn't need it anymore.

620
00:23:58,380 --> 00:23:59,260
But it's approved.

621
00:23:59,260 --> 00:24:00,620
So someone else uses it.

622
00:24:00,620 --> 00:24:01,660
Then someone else.

623
00:24:01,660 --> 00:24:03,820
Now you have shadow tools proliferating

624
00:24:03,820 --> 00:24:06,460
because the approval process finally caught up to a problem

625
00:24:06,460 --> 00:24:07,500
that was already solved.

626
00:24:07,500 --> 00:24:09,660
Shadow AI isn't a security failure.

627
00:24:09,660 --> 00:24:12,460
It's proof that the manual approval process was already dead.

628
00:24:12,460 --> 00:24:15,100
Here's what you couldn't see from inside the approval workflow.

629
00:24:15,100 --> 00:24:16,620
Every day that approval took,

630
00:24:16,620 --> 00:24:18,060
the system moved faster.

631
00:24:18,060 --> 00:24:20,060
Every week that you were evaluating compliance,

632
00:24:20,060 --> 00:24:22,940
the employee was already compliant with the business requirement.

633
00:24:22,940 --> 00:24:24,140
They'd solved it themselves.

634
00:24:24,140 --> 00:24:26,220
Every month that you documented due diligence,

635
00:24:26,220 --> 00:24:28,700
the business had already moved on to a new problem.

636
00:24:28,700 --> 00:24:30,860
The approval was no longer about enabling the business.

637
00:24:30,860 --> 00:24:33,020
It was about creating audit artifacts for decisions

638
00:24:33,020 --> 00:24:34,540
that had already been made without you.

639
00:24:34,540 --> 00:24:36,220
The system didn't need you to approve it.

640
00:24:36,220 --> 00:24:38,300
The system needed you to get out of the way.

641
00:24:38,300 --> 00:24:39,180
And when you didn't,

642
00:24:39,180 --> 00:24:41,180
when you insisted on your gatekeeping role,

643
00:24:41,180 --> 00:24:42,780
when you enforced your approval process,

644
00:24:42,780 --> 00:24:44,300
the business simply worked around you,

645
00:24:44,300 --> 00:24:46,300
not maliciously, pragmatically.

646
00:24:46,300 --> 00:24:48,380
Because the cost of waiting for approval

647
00:24:48,380 --> 00:24:50,460
became greater than the risk of shadow tools.

648
00:24:50,460 --> 00:24:51,820
This is the moment that mattered.

649
00:24:51,820 --> 00:24:54,060
This is when you realized the manual admin bottleneck

650
00:24:54,060 --> 00:24:56,940
had become more dangerous than the risks you were trying to prevent.

651
00:24:56,940 --> 00:25:00,300
When employees chose unsanctioned tools over approved workflows,

652
00:25:00,300 --> 00:25:01,980
when the business voted with their feet.

653
00:25:01,980 --> 00:25:03,740
When they looked at your governance process

654
00:25:03,740 --> 00:25:06,620
and decided that not waiting for it was worth the security risk,

655
00:25:06,620 --> 00:25:09,260
that's not criticism, that's the system telling you something.

656
00:25:09,260 --> 00:25:11,820
It's telling you that your approval was the bottleneck,

657
00:25:11,820 --> 00:25:14,460
not the tool, not the security, your approval.

658
00:25:14,460 --> 00:25:16,780
By 2026, shadow AI was massive.

659
00:25:16,780 --> 00:25:21,260
60 to 70% of organizations reported that employees were using unsanctioned tools.

660
00:25:21,260 --> 00:25:23,180
Not because of malice, because of speed,

661
00:25:23,180 --> 00:25:26,860
because asking for permission took longer than solving the problem themselves.

662
00:25:26,860 --> 00:25:29,020
Organizations tried to crack down on shadow AI.

663
00:25:29,020 --> 00:25:31,580
They blocked download sites, they monitored proxy logs,

664
00:25:31,580 --> 00:25:33,100
they sent compliance training.

665
00:25:33,100 --> 00:25:35,660
And employees kept using unsanctioned tools anyway

666
00:25:35,660 --> 00:25:38,300
because the business moved faster than the governance process.

667
00:25:38,300 --> 00:25:40,460
This was the moment the architecture revealed itself.

668
00:25:40,460 --> 00:25:43,660
The system was designed to operate at machine speed.

669
00:25:43,660 --> 00:25:45,340
Decisions happened instantly.

670
00:25:45,340 --> 00:25:47,100
Users got things done fast.

671
00:25:47,100 --> 00:25:48,860
But approvals happened at human speed

672
00:25:48,860 --> 00:25:51,580
and human speed was now slower than no approval at all.

673
00:25:51,580 --> 00:25:55,340
It was better for the business to operate in shadow than to wait for official sanction.

674
00:25:55,340 --> 00:25:57,100
You understood finally what was happening.

675
00:25:57,100 --> 00:25:59,420
You weren't protecting the organization from risk.

676
00:25:59,420 --> 00:26:02,860
You were slowing down the organization to the point where they chose risk over speed.

677
00:26:02,860 --> 00:26:03,820
That's not governance.

678
00:26:03,820 --> 00:26:05,660
That's organizational friction.

679
00:26:05,660 --> 00:26:08,300
So severe that the organization has to root around you.

680
00:26:08,300 --> 00:26:11,420
And that's the moment you realized manual administration didn't fail

681
00:26:11,420 --> 00:26:12,620
because it was done wrong.

682
00:26:12,620 --> 00:26:16,300
It failed because approval itself had become the wrong answer.

683
00:26:16,300 --> 00:26:17,420
The realization.

684
00:26:17,420 --> 00:26:20,060
This is the moment when the architecture becomes undeniable.

685
00:26:20,060 --> 00:26:21,180
You're sitting in a meeting.

686
00:26:21,180 --> 00:26:24,540
Someone is asking you to implement yet another policy exception.

687
00:26:24,540 --> 00:26:26,460
Another carve-out, another temporal rule,

688
00:26:26,460 --> 00:26:28,700
another special case for another business unit.

689
00:26:28,700 --> 00:26:31,100
And you realize suddenly that you're not solving anything.

690
00:26:31,100 --> 00:26:32,220
You're not building governance.

691
00:26:32,220 --> 00:26:33,420
You're not creating policy.

692
00:26:33,420 --> 00:26:36,380
You're performing the illusion of control by adding complexity

693
00:26:36,380 --> 00:26:38,860
to a system that's already too complex to reason about.

694
00:26:38,860 --> 00:26:39,820
And then it hits you.

695
00:26:39,820 --> 00:26:44,220
This isn't a problem you can solve by clicking faster or documenting better or staying later.

696
00:26:44,220 --> 00:26:46,380
This isn't a problem that another admin could fix.

697
00:26:46,380 --> 00:26:49,260
This isn't even a problem that a team of admins could fix.

698
00:26:49,260 --> 00:26:51,180
Manual administration wasn't inefficient.

699
00:26:51,180 --> 00:26:53,020
It was architecturally impossible.

700
00:26:53,020 --> 00:26:54,460
You didn't fail because you were slow.

701
00:26:54,460 --> 00:26:57,580
You failed because no human can maintain logical consistency

702
00:26:57,580 --> 00:27:00,460
at the speed and scale that Microsoft 365 operates.

703
00:27:00,460 --> 00:27:04,060
No person can approve decisions faster than a system creates them.

704
00:27:04,060 --> 00:27:07,660
No policy can adapt to exceptions faster than exceptions emerge.

705
00:27:07,660 --> 00:27:11,180
No governance framework can remain coherent once you've added enough carve-outs

706
00:27:11,180 --> 00:27:13,580
that the base policy is no longer recognizable.

707
00:27:13,580 --> 00:27:15,820
Every policy you wrote was a temporary band-aid

708
00:27:15,820 --> 00:27:17,740
on a permanent architectural problem.

709
00:27:17,740 --> 00:27:18,860
You'd identify a risk.

710
00:27:18,860 --> 00:27:19,900
You'd write a policy.

711
00:27:19,900 --> 00:27:21,580
The policy would work for three months.

712
00:27:21,580 --> 00:27:23,180
Then exceptions would start emerging.

713
00:27:23,180 --> 00:27:24,780
Then the exceptions would accumulate.

714
00:27:24,780 --> 00:27:27,100
Then the policy would be so covered in caveats

715
00:27:27,100 --> 00:27:28,700
that it no longer meant anything.

716
00:27:28,700 --> 00:27:31,100
Then you'd write a new policy and the cycle would repeat.

717
00:27:31,100 --> 00:27:32,380
You were never going to win.

718
00:27:32,380 --> 00:27:34,220
Not because you weren't trying hard enough

719
00:27:34,220 --> 00:27:37,180
because the system was designed to move faster than you could govern it.

720
00:27:37,180 --> 00:27:38,780
Here's the realization that matters.

721
00:27:38,780 --> 00:27:40,220
The flow wasn't in execution.

722
00:27:40,220 --> 00:27:43,820
The flow was in the assumption that humans could be the control mechanism

723
00:27:43,820 --> 00:27:46,140
for a system operating at machine speed.

724
00:27:46,140 --> 00:27:48,940
The system creates thousands of identities a minute,

725
00:27:48,940 --> 00:27:51,340
thousands of permissions, thousands of decisions.

726
00:27:51,340 --> 00:27:55,340
And the assumption was that a human could review these decisions quarterly and keep up.

727
00:27:55,340 --> 00:27:56,780
That assumption was never valid.

728
00:27:56,780 --> 00:27:59,420
It was valid for an organization with a hundred users.

729
00:27:59,420 --> 00:28:01,180
Maybe a thousand, but at scale,

730
00:28:01,180 --> 00:28:04,220
with tens of thousands of users and millions of decisions happening daily,

731
00:28:04,220 --> 00:28:05,980
the assumption broke down completely.

732
00:28:05,980 --> 00:28:09,820
Every quarter you'd fall further behind every new feature Microsoft released

733
00:28:09,820 --> 00:28:11,820
would create new decisions to govern.

734
00:28:11,820 --> 00:28:14,540
Every new user would inherit permissions from predecessors.

735
00:28:14,540 --> 00:28:17,580
Every team would spawn new sites with default settings.

736
00:28:17,580 --> 00:28:19,820
The system would accelerate and you would decelerate

737
00:28:19,820 --> 00:28:21,740
and the gap between them would widen.

738
00:28:21,740 --> 00:28:24,380
By the time you understood that you were losing, you'd already lost.

739
00:28:24,380 --> 00:28:25,580
The entropy had compounded.

740
00:28:25,580 --> 00:28:27,100
The policies had calcified.

741
00:28:27,100 --> 00:28:28,700
The exceptions had become rules.

742
00:28:28,700 --> 00:28:31,100
The system was operating according to its own logic,

743
00:28:31,100 --> 00:28:33,420
not according to any governance you'd imposed.

744
00:28:33,420 --> 00:28:36,140
You were just documenting what it had already decided.

745
00:28:36,140 --> 00:28:38,620
The real question wasn't, how do we do this faster?

746
00:28:38,620 --> 00:28:39,660
That was the wrong question.

747
00:28:39,660 --> 00:28:41,580
That question assumed that the problem was speed.

748
00:28:41,580 --> 00:28:43,180
That if you just moved faster,

749
00:28:43,180 --> 00:28:44,780
clicked buttons more efficiently,

750
00:28:44,780 --> 00:28:46,620
reviewed policies more rigorously,

751
00:28:46,620 --> 00:28:47,980
you could keep up with the system.

752
00:28:47,980 --> 00:28:49,260
You couldn't, no human could.

753
00:28:49,260 --> 00:28:50,460
Speed wasn't the constraint.

754
00:28:50,460 --> 00:28:53,580
The constraint was that humans had to be in the decision loop at all.

755
00:28:53,580 --> 00:28:54,940
The real question was different.

756
00:28:54,940 --> 00:28:58,300
The real question was, how do we remove the need for human approval

757
00:28:58,300 --> 00:29:00,540
from the authorization engine entirely?

758
00:29:00,540 --> 00:29:02,460
Not how do we make human approval faster?

759
00:29:02,460 --> 00:29:05,100
Not how do we make human approval more consistent?

760
00:29:05,100 --> 00:29:09,180
How do we eliminate human approval as the governing mechanism

761
00:29:09,180 --> 00:29:11,260
for a system that operates at machine speed?

762
00:29:11,260 --> 00:29:12,940
That question changed everything.

763
00:29:12,940 --> 00:29:14,060
Because once you asked it,

764
00:29:14,060 --> 00:29:16,780
you understood that the system didn't need you to approve better.

765
00:29:16,780 --> 00:29:18,860
The system needed you to stop approving

766
00:29:18,860 --> 00:29:20,460
and start defining intent.

767
00:29:20,460 --> 00:29:22,460
It needed you to write rules once,

768
00:29:22,460 --> 00:29:24,140
cleanly, without exceptions,

769
00:29:24,140 --> 00:29:26,460
and let the system enforce them deterministically.

770
00:29:26,460 --> 00:29:28,300
It needed the authorization engine

771
00:29:28,300 --> 00:29:31,020
to make decisions based on defined policy

772
00:29:31,020 --> 00:29:32,380
not based on human review.

773
00:29:32,380 --> 00:29:34,300
It needed the removal of human latency

774
00:29:34,300 --> 00:29:35,980
from the authorization loop entirely.

775
00:29:35,980 --> 00:29:37,580
That's not an operational improvement.

776
00:29:37,580 --> 00:29:39,580
That's an architectural revolution.

777
00:29:39,580 --> 00:29:41,260
Enter the agente control plane.

778
00:29:41,260 --> 00:29:43,900
What replaced manual administration isn't a tool.

779
00:29:43,900 --> 00:29:44,700
It's a system,

780
00:29:44,700 --> 00:29:46,620
and the system doesn't wait for you anymore.

781
00:29:46,620 --> 00:29:48,460
Agent 365 is the control plane

782
00:29:48,460 --> 00:29:51,420
that removes human latency from decision making entirely.

783
00:29:51,420 --> 00:29:52,300
It's not copilot.

784
00:29:52,300 --> 00:29:53,260
It's not automation.

785
00:29:53,260 --> 00:29:54,940
It's not another feature bundle.

786
00:29:54,940 --> 00:29:57,020
It's the architectural answer to the question.

787
00:29:57,020 --> 00:29:58,300
You finally asked,

788
00:29:58,300 --> 00:30:01,340
how do we eliminate human approval from the authorization engine?

789
00:30:01,340 --> 00:30:03,260
Here's how it works at the foundation level.

790
00:30:03,260 --> 00:30:05,180
Every AI agent in your organization

791
00:30:05,180 --> 00:30:06,940
gets a Microsoft Entra agent ID,

792
00:30:06,940 --> 00:30:07,900
not a service account,

793
00:30:07,900 --> 00:30:09,100
not a shared credential.

794
00:30:09,100 --> 00:30:11,340
An identity, first class, treated like a user,

795
00:30:11,340 --> 00:30:13,100
assigned to a principle, accountable.

796
00:30:13,100 --> 00:30:14,300
Every agent has an owner,

797
00:30:14,300 --> 00:30:15,900
every agent has a defined purpose,

798
00:30:15,900 --> 00:30:17,340
every agent has a lifecycle,

799
00:30:17,340 --> 00:30:19,020
birth, operation, retirement,

800
00:30:19,020 --> 00:30:20,460
just like a human identity,

801
00:30:20,460 --> 00:30:21,340
just like you.

802
00:30:21,340 --> 00:30:22,940
This is the first revolution.

803
00:30:22,940 --> 00:30:25,020
You no longer approve access for agents.

804
00:30:25,020 --> 00:30:26,460
The system does.

805
00:30:26,460 --> 00:30:29,020
An agent is created with defined scope.

806
00:30:29,020 --> 00:30:31,500
The exact permissions it needs to accomplish its function

807
00:30:31,500 --> 00:30:32,220
and nothing more,

808
00:30:32,220 --> 00:30:33,180
not standing privilege,

809
00:30:33,180 --> 00:30:34,620
not access to everything

810
00:30:34,620 --> 00:30:36,540
until someone remembers to revoke it.

811
00:30:36,540 --> 00:30:37,500
Defined scope.

812
00:30:37,500 --> 00:30:38,620
Entra enforces it.

813
00:30:38,620 --> 00:30:40,300
Conditional access applies to it.

814
00:30:40,300 --> 00:30:41,580
Risk signals flow through it.

815
00:30:41,580 --> 00:30:43,340
If the agent behaves anomalously,

816
00:30:43,340 --> 00:30:44,700
access is revoked.

817
00:30:44,700 --> 00:30:46,460
Automatically, not after review,

818
00:30:46,460 --> 00:30:48,300
not after approval, immediately.

819
00:30:48,300 --> 00:30:50,780
Access decisions are no longer made

820
00:30:50,780 --> 00:30:52,860
by humans checking boxes quarterly.

821
00:30:52,860 --> 00:30:55,820
They're made by systems evaluating signals continuously.

822
00:30:55,820 --> 00:30:57,660
Risk scores change in real time.

823
00:30:57,660 --> 00:30:58,940
Device compliance changes.

824
00:30:58,940 --> 00:30:59,820
Location changes.

825
00:30:59,820 --> 00:31:00,780
Time of day changes.

826
00:31:00,780 --> 00:31:02,220
Threat patterns emerge.

827
00:31:02,220 --> 00:31:03,340
The system responds.

828
00:31:03,340 --> 00:31:04,940
No human approval required.

829
00:31:04,940 --> 00:31:05,980
No checkbox theater.

830
00:31:05,980 --> 00:31:07,980
No, I'll review it next quarter.

831
00:31:07,980 --> 00:31:10,220
The system enforces intent in real time,

832
00:31:10,220 --> 00:31:12,060
every millisecond, every decision.

833
00:31:12,060 --> 00:31:14,540
The AI administrator role doesn't click buttons anymore.

834
00:31:14,540 --> 00:31:16,540
It defines the rules that agents enforce.

835
00:31:16,540 --> 00:31:17,580
You write policy once.

836
00:31:17,580 --> 00:31:18,540
You define it cleanly.

837
00:31:18,540 --> 00:31:19,580
You specify the intent.

838
00:31:19,580 --> 00:31:22,380
You say an agent can provision users to this group.

839
00:31:22,380 --> 00:31:25,260
But only if the requesting user is in the HR department,

840
00:31:25,260 --> 00:31:27,260
only if they're using a managed device,

841
00:31:27,260 --> 00:31:29,660
only if they're within the allowed time window,

842
00:31:29,660 --> 00:31:32,220
only if there's no risk signal on their account.

843
00:31:32,220 --> 00:31:33,180
You write that once.

844
00:31:33,180 --> 00:31:35,180
The system enforces it millions of times.

845
00:31:35,180 --> 00:31:36,620
You don't approve each provisioning.

846
00:31:36,620 --> 00:31:37,980
You don't review each decision.

847
00:31:37,980 --> 00:31:39,580
You define the rule once,

848
00:31:39,580 --> 00:31:41,260
correctly, without exceptions.

849
00:31:41,260 --> 00:31:42,540
The system handles the rest.

850
00:31:42,540 --> 00:31:43,900
This is the satisfaction.

851
00:31:43,900 --> 00:31:45,740
Policies are no longer static documents

852
00:31:45,740 --> 00:31:47,740
that calcify under the weight of exceptions.

853
00:31:47,740 --> 00:31:50,060
Their continuous evaluations of risk and intent.

854
00:31:50,060 --> 00:31:52,060
The policy doesn't say access is approved.

855
00:31:52,060 --> 00:31:53,100
The policy says,

856
00:31:53,100 --> 00:31:55,500
access is evaluated based on these signals.

857
00:31:55,500 --> 00:31:56,700
Is the device managed?

858
00:31:56,700 --> 00:31:58,140
Is the user location trusted?

859
00:31:58,140 --> 00:31:59,420
Is there a risk indicator?

860
00:31:59,420 --> 00:32:01,180
Is the time within the defined window?

861
00:32:01,180 --> 00:32:03,420
The system evaluates these signals continuously.

862
00:32:03,420 --> 00:32:06,300
The answer changes in real time based on current state.

863
00:32:06,300 --> 00:32:08,460
Not based on a decision made months ago.

864
00:32:08,460 --> 00:32:10,620
Here's the architectural shift that matters.

865
00:32:10,620 --> 00:32:12,940
The system no longer waits for you to approve.

866
00:32:12,940 --> 00:32:16,620
It acts based on deterministic rules you've defined once.

867
00:32:16,620 --> 00:32:18,140
You don't approve teams provisioning.

868
00:32:18,140 --> 00:32:20,300
You define the rules for teams provisioning.

869
00:32:20,300 --> 00:32:22,460
The system creates teams according to those rules.

870
00:32:22,460 --> 00:32:23,980
You don't approve access requests.

871
00:32:23,980 --> 00:32:27,420
You define the conditions under which access is automatically granted.

872
00:32:27,420 --> 00:32:29,900
The system evaluates those conditions and acts.

873
00:32:29,900 --> 00:32:32,140
Approval isn't the governance mechanism anymore.

874
00:32:32,140 --> 00:32:33,020
Definition is,

875
00:32:33,020 --> 00:32:35,340
you govern by defining intent clearly once,

876
00:32:35,340 --> 00:32:36,380
without exceptions.

877
00:32:36,380 --> 00:32:38,380
The system enforces it continuously.

878
00:32:38,380 --> 00:32:39,900
And here's the satisfying part.

879
00:32:39,900 --> 00:32:41,180
There's no theater anymore.

880
00:32:41,180 --> 00:32:43,100
No checkbox approval that no one read.

881
00:32:43,100 --> 00:32:44,300
No quarterly review,

882
00:32:44,300 --> 00:32:46,300
where 40% of owners don't respond.

883
00:32:46,300 --> 00:32:49,500
No compliance artifacts documenting decisions that were already made.

884
00:32:49,500 --> 00:32:51,740
The system enforces policy according to

885
00:32:51,740 --> 00:32:52,940
defined rules.

886
00:32:52,940 --> 00:32:55,980
Either the decision is made automatically according to those rules,

887
00:32:55,980 --> 00:32:58,860
or it's escalated to a human if the rules don't cover it.

888
00:32:58,860 --> 00:33:01,020
No default permit, no standing privilege,

889
00:33:01,020 --> 00:33:03,420
no I approved it because no one said no.

890
00:33:03,420 --> 00:33:06,220
By 2026, organizations that implemented this model

891
00:33:06,220 --> 00:33:08,060
reported something that had never happened before

892
00:33:08,060 --> 00:33:09,260
under manual administration,

893
00:33:09,260 --> 00:33:11,500
they actually understood their permission state.

894
00:33:11,500 --> 00:33:12,700
Not perfectly.

895
00:33:12,700 --> 00:33:16,700
But actually, they could reason about why a user had access to a resource.

896
00:33:16,700 --> 00:33:19,740
Because access had been granted according to defined criteria,

897
00:33:19,740 --> 00:33:21,580
not according to historical precedent.

898
00:33:21,580 --> 00:33:23,180
They could audit the system.

899
00:33:23,180 --> 00:33:26,380
Because every decision was made according to documented rules,

900
00:33:26,380 --> 00:33:28,700
they could enforce policy consistently.

901
00:33:28,700 --> 00:33:30,780
Because the system didn't have human inconsistency.

902
00:33:30,780 --> 00:33:32,780
This is what replaced you, not a faster admin,

903
00:33:32,780 --> 00:33:34,300
not a better approval process,

904
00:33:34,300 --> 00:33:36,780
a system that removed the need for human approval

905
00:33:36,780 --> 00:33:38,780
from the authorization engine entirely.

906
00:33:38,780 --> 00:33:40,460
Identity as the decision engine,

907
00:33:40,460 --> 00:33:42,700
the first layer of replacement is identity governance.

908
00:33:42,700 --> 00:33:44,780
This is where the transformation becomes visible.

909
00:33:44,780 --> 00:33:48,220
This is where intra-ID stops being an authentication system

910
00:33:48,220 --> 00:33:50,460
and becomes something else entirely.

911
00:33:50,460 --> 00:33:53,500
For years, intra-ID was the thing that verified you were

912
00:33:53,500 --> 00:33:54,620
who you claimed to be.

913
00:33:54,620 --> 00:33:56,860
You logged in, entra checked your credentials.

914
00:33:56,860 --> 00:33:58,700
If they were valid, you got in.

915
00:33:58,700 --> 00:33:59,740
That was the extent of it.

916
00:33:59,740 --> 00:34:01,900
Authentication was a checkpoint, pass or fail.

917
00:34:01,900 --> 00:34:02,700
Yes or no.

918
00:34:02,700 --> 00:34:05,100
Once you passed, the system assumed your access was good

919
00:34:05,100 --> 00:34:07,180
until someone explicitly revoked it.

920
00:34:07,180 --> 00:34:08,380
Standing privilege.

921
00:34:08,380 --> 00:34:10,460
Permanent, unless someone remembered to remove it,

922
00:34:10,460 --> 00:34:11,900
entra-ID is not that anymore.

923
00:34:11,900 --> 00:34:14,860
Entra-ID is now the authorization decision engine.

924
00:34:14,860 --> 00:34:17,100
Every access decision flows through it,

925
00:34:17,100 --> 00:34:19,500
not once per login, continuously, every request,

926
00:34:19,500 --> 00:34:21,260
every resource, every moment.

927
00:34:21,260 --> 00:34:23,740
The system is asking, given the current state of this user,

928
00:34:23,740 --> 00:34:25,020
given the current risk environment,

929
00:34:25,020 --> 00:34:26,460
given the current policies,

930
00:34:26,460 --> 00:34:28,060
should access be granted right now.

931
00:34:28,060 --> 00:34:29,340
That's not authentication.

932
00:34:29,340 --> 00:34:31,420
That's continuous authorization.

933
00:34:31,420 --> 00:34:33,260
Watch how this works in practice.

934
00:34:33,260 --> 00:34:35,180
A user logs in from a managed device.

935
00:34:35,180 --> 00:34:36,140
Risk score is low.

936
00:34:36,140 --> 00:34:37,500
Time is business hours.

937
00:34:37,500 --> 00:34:38,860
Location is a trusted office.

938
00:34:38,860 --> 00:34:41,260
Conditional access evaluates all of these factors.

939
00:34:41,260 --> 00:34:44,140
Access is granted, but the user opens a file

940
00:34:44,140 --> 00:34:46,060
that triggers a data-loss prevention rule.

941
00:34:46,060 --> 00:34:47,500
The system notes the activity.

942
00:34:47,500 --> 00:34:49,100
Risk score adjusts.

943
00:34:49,100 --> 00:34:51,580
The user then attempts to access a sensitive resource

944
00:34:51,580 --> 00:34:53,180
that they've never accessed before.

945
00:34:53,180 --> 00:34:55,020
The risk calculation changes again.

946
00:34:55,020 --> 00:34:57,260
Access is denied, not because they did something wrong,

947
00:34:57,260 --> 00:34:59,820
because the pattern changed, because the signals shifted,

948
00:34:59,820 --> 00:35:01,260
because the system detected something

949
00:35:01,260 --> 00:35:02,860
that looked different from normal behavior.

950
00:35:02,860 --> 00:35:05,420
This happens continuously, not quarterly, not manually.

951
00:35:05,420 --> 00:35:07,740
The system doesn't wait for a human to notice the pattern.

952
00:35:07,740 --> 00:35:08,860
The system notices it.

953
00:35:08,860 --> 00:35:09,900
The system acts.

954
00:35:09,900 --> 00:35:12,220
The second shift is in how privilege operates,

955
00:35:12,220 --> 00:35:14,700
just in time access means privilege is a femoral.

956
00:35:14,700 --> 00:35:16,860
Temporary defined you need elevated access.

957
00:35:16,860 --> 00:35:18,860
You requested the system grants it for exactly

958
00:35:18,860 --> 00:35:21,660
as long as you specified, four hours, eight hours, one day,

959
00:35:21,660 --> 00:35:22,300
not longer.

960
00:35:22,300 --> 00:35:23,500
The access expires.

961
00:35:23,500 --> 00:35:24,780
The system revokes it.

962
00:35:24,780 --> 00:35:26,460
You don't have to remember to ask for removal.

963
00:35:26,460 --> 00:35:28,540
The system removes it automatically.

964
00:35:28,540 --> 00:35:31,340
Standing privilege becomes the exception, not the default.

965
00:35:31,340 --> 00:35:33,340
This inverts the entire permission model.

966
00:35:33,340 --> 00:35:35,900
Instead of access lives forever until revoked,

967
00:35:35,900 --> 00:35:39,500
it becomes access expires unless explicitly extended.

968
00:35:39,500 --> 00:35:41,180
Instead of quarterly reviews certifying

969
00:35:41,180 --> 00:35:42,460
that people should keep access,

970
00:35:42,460 --> 00:35:45,020
it becomes automatic revocation unless someone

971
00:35:45,020 --> 00:35:47,020
actively justifies the extension.

972
00:35:47,020 --> 00:35:48,860
The justification changes everything.

973
00:35:48,860 --> 00:35:51,260
When you request extended access, you have to say why.

974
00:35:51,260 --> 00:35:52,860
The system records the justification.

975
00:35:52,860 --> 00:35:54,860
The next time the access is about to expire,

976
00:35:54,860 --> 00:35:57,420
the system checks, is this justification still valid?

977
00:35:57,420 --> 00:35:58,620
Has the situation changed?

978
00:35:58,620 --> 00:36:00,300
If the justification no longer applies,

979
00:36:00,300 --> 00:36:01,340
the access expires.

980
00:36:01,340 --> 00:36:03,500
If it still applies, the extension is auto-approved

981
00:36:03,500 --> 00:36:05,020
based on documented criteria.

982
00:36:05,020 --> 00:36:07,100
You're no longer approving access arbitrarily.

983
00:36:07,100 --> 00:36:09,020
You're evaluating whether documented reasons

984
00:36:09,020 --> 00:36:10,700
still justify extended privilege.

985
00:36:10,700 --> 00:36:12,460
The approval is tied to facts,

986
00:36:12,460 --> 00:36:15,500
not to hope that someone will remember to revoke it later.

987
00:36:15,500 --> 00:36:17,660
The third shift is in risk-based revocation.

988
00:36:17,660 --> 00:36:20,300
The system continuously monitors behavioral signals,

989
00:36:20,300 --> 00:36:23,100
login patterns, resource access patterns,

990
00:36:23,100 --> 00:36:25,420
data movements, unusual activities.

991
00:36:25,420 --> 00:36:27,500
If something triggers a risk indicator,

992
00:36:27,500 --> 00:36:30,300
compromise, anomalous behavior, threat pattern match,

993
00:36:30,300 --> 00:36:32,460
the system doesn't wait for a review cycle.

994
00:36:32,460 --> 00:36:34,700
The system revokes access immediately,

995
00:36:34,700 --> 00:36:36,940
automatically, not after investigation,

996
00:36:36,940 --> 00:36:38,140
not after approval.

997
00:36:38,140 --> 00:36:38,940
Immediately.

998
00:36:38,940 --> 00:36:41,900
The user can request reinstatement once the risk is cleared.

999
00:36:41,900 --> 00:36:45,180
This removes the window where an attacker could maintain persistence.

1000
00:36:45,180 --> 00:36:46,700
Under manual administration,

1001
00:36:46,700 --> 00:36:48,700
a compromised account could persist for weeks

1002
00:36:48,700 --> 00:36:51,100
before someone noticed it in an access review.

1003
00:36:51,100 --> 00:36:52,140
Under this system,

1004
00:36:52,140 --> 00:36:54,540
risk signals trigger immediate revocation.

1005
00:36:54,540 --> 00:36:56,140
The final shift is in automation.

1006
00:36:56,140 --> 00:36:57,660
You don't approve each decision.

1007
00:36:57,660 --> 00:36:58,460
You define the rules.

1008
00:36:58,460 --> 00:37:01,100
You say, "I'm a user requests access to this resource."

1009
00:37:01,100 --> 00:37:02,540
Granted, if they're in this department

1010
00:37:02,540 --> 00:37:04,700
and using a managed device and risk score

1011
00:37:04,700 --> 00:37:06,140
is below this threshold.

1012
00:37:06,140 --> 00:37:07,340
Otherwise, escalate.

1013
00:37:07,340 --> 00:37:08,300
You write that once.

1014
00:37:08,300 --> 00:37:10,860
The system makes that decision thousands of times per day.

1015
00:37:10,860 --> 00:37:11,660
You don't touch it.

1016
00:37:11,660 --> 00:37:12,860
Human latency is gone.

1017
00:37:12,860 --> 00:37:14,700
The authorization engine makes decisions

1018
00:37:14,700 --> 00:37:16,780
in milliseconds based on real-time signals.

1019
00:37:16,780 --> 00:37:18,380
It doesn't wait for quarterly approval.

1020
00:37:18,380 --> 00:37:19,660
It doesn't wait for anything.

1021
00:37:19,660 --> 00:37:21,500
This is identity as the decision engine,

1022
00:37:21,500 --> 00:37:23,420
not identity as the gatekeeper.

1023
00:37:23,420 --> 00:37:25,500
Identity as the continuous evaluator

1024
00:37:25,500 --> 00:37:27,660
of who should have access right now,

1025
00:37:27,660 --> 00:37:30,380
based on current state, current signals, current policy.

1026
00:37:30,380 --> 00:37:32,780
This is what removes the need for you to approve access.

1027
00:37:32,780 --> 00:37:34,060
The system approves it.

1028
00:37:34,060 --> 00:37:35,980
Based on rules, you define ones.

1029
00:37:35,980 --> 00:37:37,740
Per view as the intent enforcer.

1030
00:37:37,740 --> 00:37:40,860
The second layer of replacement is data governance.

1031
00:37:40,860 --> 00:37:43,420
This is where intent becomes enforceable policy.

1032
00:37:43,420 --> 00:37:45,820
This is where per view stops being a compliance tool

1033
00:37:45,820 --> 00:37:47,980
and becomes the mechanism through which the system

1034
00:37:47,980 --> 00:37:49,740
enforces what you intended to happen.

1035
00:37:49,740 --> 00:37:51,980
Sensitivity labels used to be metadata.

1036
00:37:51,980 --> 00:37:54,060
A file was marked as confidential.

1037
00:37:54,060 --> 00:37:55,420
That label sat on the file.

1038
00:37:55,420 --> 00:37:57,340
It communicated something to anyone reading it,

1039
00:37:57,340 --> 00:37:58,620
but enforcement was optional.

1040
00:37:58,620 --> 00:38:01,020
A user could see the label and choose to ignore it.

1041
00:38:01,020 --> 00:38:02,460
They could share a confidential file

1042
00:38:02,460 --> 00:38:03,820
with someone outside the organization

1043
00:38:03,820 --> 00:38:05,740
because nothing technically prevented it.

1044
00:38:05,740 --> 00:38:07,020
The label was a suggestion.

1045
00:38:07,020 --> 00:38:08,140
It was documentation.

1046
00:38:08,140 --> 00:38:10,300
It was a hint about how you should treat the file.

1047
00:38:10,300 --> 00:38:11,660
It wasn't enforcement.

1048
00:38:11,660 --> 00:38:13,820
Sensitivity labels are not that anymore.

1049
00:38:13,820 --> 00:38:15,340
A file is labeled as confidential.

1050
00:38:15,340 --> 00:38:16,860
The label isn't metadata anymore.

1051
00:38:16,860 --> 00:38:17,660
It's policy.

1052
00:38:17,660 --> 00:38:18,780
It's executable.

1053
00:38:18,780 --> 00:38:20,220
The system evaluates the label

1054
00:38:20,220 --> 00:38:22,220
and enforces consequences based on it.

1055
00:38:22,220 --> 00:38:23,340
Who can access the file?

1056
00:38:23,340 --> 00:38:25,180
The system determines that from the label.

1057
00:38:25,180 --> 00:38:26,380
Can the file be copied?

1058
00:38:26,380 --> 00:38:28,380
The label says no, so the system prevents it.

1059
00:38:28,380 --> 00:38:29,420
Can it be forwarded?

1060
00:38:29,420 --> 00:38:31,580
The label specifies who it can be forwarded to.

1061
00:38:31,580 --> 00:38:32,700
The system enforces that.

1062
00:38:32,700 --> 00:38:33,500
Can it be printed?

1063
00:38:33,500 --> 00:38:34,540
The label controls that.

1064
00:38:34,540 --> 00:38:35,420
Can it be edited?

1065
00:38:35,420 --> 00:38:36,540
The label controls that.

1066
00:38:36,540 --> 00:38:37,900
The label isn't documentation.

1067
00:38:37,900 --> 00:38:39,820
It's a set of executable enforcement rules.

1068
00:38:39,820 --> 00:38:41,900
This is the shift from hope to certainty.

1069
00:38:41,900 --> 00:38:43,660
You no longer hope that users understand

1070
00:38:43,660 --> 00:38:45,420
confidential means confidential.

1071
00:38:45,420 --> 00:38:46,940
You no longer rely on training

1072
00:38:46,940 --> 00:38:48,940
or policy documents to guide behavior.

1073
00:38:48,940 --> 00:38:50,540
The system enforces the label.

1074
00:38:50,540 --> 00:38:51,660
The label contains intent.

1075
00:38:51,660 --> 00:38:53,020
The system executes intent.

1076
00:38:53,020 --> 00:38:55,180
If the label says this data is restricted

1077
00:38:55,180 --> 00:38:56,620
to the HR department,

1078
00:38:56,620 --> 00:38:59,580
the system will not allow anyone outside HR to access it.

1079
00:38:59,580 --> 00:39:00,540
Not because they're trained,

1080
00:39:00,540 --> 00:39:02,460
not because they understand the policy,

1081
00:39:02,460 --> 00:39:04,380
because the system prevented it technically.

1082
00:39:04,380 --> 00:39:06,140
Data loss prevention no longer requires

1083
00:39:06,140 --> 00:39:07,020
manual review.

1084
00:39:07,020 --> 00:39:09,900
Someone attempts to share a file containing credit card numbers.

1085
00:39:09,900 --> 00:39:11,020
The system detects it.

1086
00:39:11,020 --> 00:39:11,980
The system blocks it.

1087
00:39:11,980 --> 00:39:12,700
Not after audit.

1088
00:39:12,700 --> 00:39:13,900
Not after compliance review.

1089
00:39:13,900 --> 00:39:14,700
Immediately.

1090
00:39:14,700 --> 00:39:17,660
The system evaluated the content against defined rules.

1091
00:39:17,660 --> 00:39:19,420
The content violated policy.

1092
00:39:19,420 --> 00:39:20,860
The system prevented the action.

1093
00:39:20,860 --> 00:39:22,220
No human approval required.

1094
00:39:22,220 --> 00:39:23,660
No remediation after the fact.

1095
00:39:23,660 --> 00:39:24,940
Prevention at the point of action.

1096
00:39:24,940 --> 00:39:27,980
Autoclassification means the system identifies what data is.

1097
00:39:27,980 --> 00:39:29,980
Not humans hoping they remember to label it.

1098
00:39:29,980 --> 00:39:32,300
A file is created containing salary information.

1099
00:39:32,300 --> 00:39:33,260
The system scans it.

1100
00:39:33,260 --> 00:39:34,780
The system detects that it contains

1101
00:39:34,780 --> 00:39:37,580
personally identifiable information and financial data.

1102
00:39:37,580 --> 00:39:40,540
The system applies the confidential label automatically.

1103
00:39:40,540 --> 00:39:42,700
The user doesn't have to remember to classify it.

1104
00:39:42,700 --> 00:39:45,500
The user doesn't have to know what the classification policy is.

1105
00:39:45,500 --> 00:39:47,500
The system knows the system enforces it.

1106
00:39:47,500 --> 00:39:49,340
This inverts the entire governance model.

1107
00:39:49,340 --> 00:39:51,500
Instead of documents being unlabeled by default

1108
00:39:51,500 --> 00:39:53,660
and requiring humans to remember to label them,

1109
00:39:53,660 --> 00:39:55,420
documents are classified automatically.

1110
00:39:55,420 --> 00:39:57,420
Instead of policy being enforced by user behavior,

1111
00:39:57,420 --> 00:39:59,020
policy is enforced by the system.

1112
00:39:59,020 --> 00:40:00,380
Instead of governance being something

1113
00:40:00,380 --> 00:40:02,700
that depends on user training and compliance culture,

1114
00:40:02,700 --> 00:40:04,860
governance is something that happens automatically

1115
00:40:04,860 --> 00:40:06,460
regardless of user behavior.

1116
00:40:06,460 --> 00:40:08,780
Retention policies execute automatically.

1117
00:40:08,780 --> 00:40:10,780
Data is retained according to defined schedules.

1118
00:40:10,780 --> 00:40:13,020
When retention expires, data is deleted.

1119
00:40:13,020 --> 00:40:14,220
Not after manual review.

1120
00:40:14,220 --> 00:40:15,260
Not after audit.

1121
00:40:15,260 --> 00:40:16,220
Automatically.

1122
00:40:16,220 --> 00:40:19,260
The system executes the policy without human intervention.

1123
00:40:19,260 --> 00:40:21,660
Your quarterly cleaner project becomes irrelevant

1124
00:40:21,660 --> 00:40:23,900
because the system cleaned it up according to policy.

1125
00:40:23,900 --> 00:40:25,660
This is the satisfaction of the system.

1126
00:40:25,660 --> 00:40:27,180
You don't manage governance anymore.

1127
00:40:27,180 --> 00:40:28,140
You define it once.

1128
00:40:28,140 --> 00:40:29,580
You specify intent.

1129
00:40:29,580 --> 00:40:31,660
You say what should be true of the system.

1130
00:40:31,660 --> 00:40:33,340
The system enforces what you intended.

1131
00:40:33,340 --> 00:40:35,020
If you intended for confidential data

1132
00:40:35,020 --> 00:40:37,340
to be restricted to certain users, the system restricts it.

1133
00:40:37,340 --> 00:40:40,460
If you intended for personal data to be deleted after two years,

1134
00:40:40,460 --> 00:40:41,420
the system deletes it.

1135
00:40:41,420 --> 00:40:43,900
If you intended for payment card data to never be copied,

1136
00:40:43,900 --> 00:40:45,260
the system prevents copying.

1137
00:40:45,260 --> 00:40:47,260
Governance is no longer a process you manage.

1138
00:40:47,260 --> 00:40:48,940
It's a policy, the system enforces.

1139
00:40:48,940 --> 00:40:52,380
And the system is far better at enforcement than humans ever worth.

1140
00:40:52,380 --> 00:40:53,740
The system doesn't forget.

1141
00:40:53,740 --> 00:40:55,340
The system doesn't make exceptions.

1142
00:40:55,340 --> 00:40:57,260
The system doesn't get tired or distracted

1143
00:40:57,260 --> 00:40:59,500
or compromise its standards under business pressure.

1144
00:40:59,500 --> 00:41:04,220
The system enforces exactly what you told it to enforce millions of times a day

1145
00:41:04,220 --> 00:41:05,820
with perfect consistency.

1146
00:41:05,820 --> 00:41:09,180
This is what replaced the hope that users would follow policy.

1147
00:41:09,180 --> 00:41:10,540
This is what replaced the assumption

1148
00:41:10,540 --> 00:41:12,300
that training would change behavior.

1149
00:41:12,300 --> 00:41:14,780
The system doesn't need users to understand policy.

1150
00:41:14,780 --> 00:41:16,380
The system needs you to define it.

1151
00:41:16,380 --> 00:41:18,380
Then the system enforces it.

1152
00:41:18,380 --> 00:41:20,620
Agent 365 as the orchestration layer.

1153
00:41:20,620 --> 00:41:23,660
The third layer of replacement is where the revolution becomes complete.

1154
00:41:23,660 --> 00:41:24,860
This is Agent 365.

1155
00:41:24,860 --> 00:41:25,980
This is not a dashboard.

1156
00:41:25,980 --> 00:41:27,260
This is not a monitoring tool.

1157
00:41:27,260 --> 00:41:30,300
This is the control plane that orchestrates the autonomous actors

1158
00:41:30,300 --> 00:41:31,660
within your infrastructure.

1159
00:41:31,660 --> 00:41:33,820
You've spent years orchestrating humans,

1160
00:41:33,820 --> 00:41:35,900
assigning tasks, defining who does what,

1161
00:41:35,900 --> 00:41:40,300
managing dependencies, ensuring that complex work flows through the right sequence of people.

1162
00:41:40,300 --> 00:41:43,100
Someone provisioned a user, someone else configured their email,

1163
00:41:43,100 --> 00:41:44,780
someone else applied group memberships,

1164
00:41:44,780 --> 00:41:46,700
someone else granted access to SharePoint,

1165
00:41:46,700 --> 00:41:48,460
each step required human action.

1166
00:41:48,460 --> 00:41:53,020
Each step was a delay, each step was a chance for something to be missed or misconfigured.

1167
00:41:53,020 --> 00:41:56,380
Agent 365 removes the human from that orchestration entirely.

1168
00:41:56,380 --> 00:41:57,580
Here's what it means in practice.

1169
00:41:57,580 --> 00:41:59,100
An AI agent is created.

1170
00:41:59,100 --> 00:42:00,620
The agent has a defined purpose,

1171
00:42:00,620 --> 00:42:02,540
provision users to a specific group.

1172
00:42:02,540 --> 00:42:05,180
The agent is assigned identity in Entra.

1173
00:42:05,180 --> 00:42:09,020
The agent receives exactly the permissions it needs to accomplish that one task.

1174
00:42:09,020 --> 00:42:11,500
Not standing privilege, not access to everything

1175
00:42:11,500 --> 00:42:13,820
until someone remembers to revoke it.

1176
00:42:13,820 --> 00:42:15,500
Exactly the permissions required.

1177
00:42:15,500 --> 00:42:17,180
The agent can create user accounts.

1178
00:42:17,180 --> 00:42:19,180
The agent can add them to the specific group.

1179
00:42:19,180 --> 00:42:20,940
The agent cannot access any other data.

1180
00:42:20,940 --> 00:42:22,860
The agent cannot modify any other systems.

1181
00:42:22,860 --> 00:42:25,020
The agent cannot escalate its own privilege.

1182
00:42:25,020 --> 00:42:26,140
This is the first principle.

1183
00:42:26,140 --> 00:42:27,340
Every agent is scoped.

1184
00:42:27,340 --> 00:42:28,700
Every agent has boundaries.

1185
00:42:28,700 --> 00:42:30,540
Every agent operates under constraint.

1186
00:42:30,540 --> 00:42:32,300
But here's where it becomes orchestration.

1187
00:42:32,300 --> 00:42:35,100
That provisioning agent can be one step in a larger workflow.

1188
00:42:35,100 --> 00:42:36,140
A request comes in.

1189
00:42:36,140 --> 00:42:39,340
An agent evaluates whether it meets defined criteria.

1190
00:42:39,340 --> 00:42:41,180
Another agent provisions the user.

1191
00:42:41,180 --> 00:42:43,180
A third agent sends a notification email.

1192
00:42:43,180 --> 00:42:45,340
A fourth agent updates a tracking system.

1193
00:42:45,340 --> 00:42:47,420
A fifth agent creates a calendar entry.

1194
00:42:47,420 --> 00:42:49,100
The workflow executes automatically.

1195
00:42:49,100 --> 00:42:51,340
No human deciding which step comes next.

1196
00:42:51,340 --> 00:42:53,180
No human coordinating between systems.

1197
00:42:53,180 --> 00:42:55,180
No human reviewing the intermediate states.

1198
00:42:55,180 --> 00:42:58,300
The agents coordinate with each other based on defined workflow logic.

1199
00:42:58,300 --> 00:43:00,140
Watch what happens when something goes wrong.

1200
00:43:00,140 --> 00:43:02,540
An agent attempts an action that violates policy.

1201
00:43:02,540 --> 00:43:03,500
The system detects it.

1202
00:43:03,500 --> 00:43:04,780
The agent is autoblocked.

1203
00:43:04,780 --> 00:43:06,060
Not after investigation.

1204
00:43:06,060 --> 00:43:08,060
Not after someone decides it's a problem.

1205
00:43:08,060 --> 00:43:11,180
Automatically, the agent is removed from operation immediately.

1206
00:43:11,180 --> 00:43:12,380
Risk signal detected.

1207
00:43:12,380 --> 00:43:13,340
Access revoked.

1208
00:43:13,340 --> 00:43:14,220
System protected.

1209
00:43:14,220 --> 00:43:15,260
No human latency.

1210
00:43:15,260 --> 00:43:17,660
No delay waiting for someone to notice the problem.

1211
00:43:17,660 --> 00:43:19,340
Watch what happens to inactive agents.

1212
00:43:19,340 --> 00:43:21,820
An agent hasn't executed any actions in 30 days.

1213
00:43:21,820 --> 00:43:23,260
The system marks it for review.

1214
00:43:23,260 --> 00:43:24,540
60 days of inactivity.

1215
00:43:24,540 --> 00:43:25,740
The system auto-deletes it.

1216
00:43:25,740 --> 00:43:28,140
You don't have to remember to clean up old agents.

1217
00:43:28,140 --> 00:43:31,100
You don't have to audit the agent inventory annually.

1218
00:43:31,100 --> 00:43:33,180
The system maintains inventory automatically.

1219
00:43:33,180 --> 00:43:34,540
Inactive agents are removed.

1220
00:43:34,540 --> 00:43:35,900
Dead agents are retired.

1221
00:43:35,900 --> 00:43:38,460
Often agents are reassigned to managers.

1222
00:43:38,460 --> 00:43:40,620
The system manages the agent life cycle.

1223
00:43:40,620 --> 00:43:42,780
The way it manages the user life cycle.

1224
00:43:42,780 --> 00:43:44,460
Automatically, continuously.

1225
00:43:44,460 --> 00:43:45,820
This is the shift that matters.

1226
00:43:45,820 --> 00:43:47,900
You no longer orchestrate agents manually.

1227
00:43:47,900 --> 00:43:49,180
The system orchestrates them.

1228
00:43:49,180 --> 00:43:51,500
You define the orchestration rules once.

1229
00:43:51,500 --> 00:43:53,980
You specify what agents should do in what sequence

1230
00:43:53,980 --> 00:43:54,940
under what conditions.

1231
00:43:54,940 --> 00:43:57,340
The system executes that orchestration millions of times

1232
00:43:57,340 --> 00:43:58,380
without human involvement.

1233
00:43:58,380 --> 00:44:00,220
Here's the architectural truth that emerges.

1234
00:44:00,220 --> 00:44:02,060
Humans were the bottleneck in orchestration.

1235
00:44:02,060 --> 00:44:03,980
You had to decide which tool to use.

1236
00:44:03,980 --> 00:44:05,420
You had to decide in what sequence.

1237
00:44:05,420 --> 00:44:07,180
You had to coordinate between systems.

1238
00:44:07,180 --> 00:44:10,220
You had to escalate when something didn't fit the defined workflow.

1239
00:44:10,220 --> 00:44:11,260
You had to make exceptions.

1240
00:44:11,260 --> 00:44:12,940
You had to document decisions.

1241
00:44:12,940 --> 00:44:14,300
Every decision was a delay.

1242
00:44:14,300 --> 00:44:17,100
Every delay was an opportunity for the business to work around you.

1243
00:44:17,100 --> 00:44:19,100
Now, the orchestration happens automatically.

1244
00:44:19,100 --> 00:44:21,660
The system coordinates actions across multiple agents.

1245
00:44:21,660 --> 00:44:23,660
The system makes decisions about sequencing

1246
00:44:23,660 --> 00:44:25,260
based on defined rules.

1247
00:44:25,260 --> 00:44:27,260
The system escalates only when something

1248
00:44:27,260 --> 00:44:29,100
genuinely requires human judgment.

1249
00:44:29,100 --> 00:44:30,620
The system doesn't wait for approval.

1250
00:44:30,620 --> 00:44:32,700
It acts according to defined intent.

1251
00:44:32,700 --> 00:44:35,580
And it acts faster than any human could ever coordinate manually.

1252
00:44:35,580 --> 00:44:37,740
By 2026, organizations that implemented

1253
00:44:37,740 --> 00:44:40,700
a genetic orchestration reported something unprecedented.

1254
00:44:40,700 --> 00:44:43,980
Workflows that used to take days now completed in minutes.

1255
00:44:43,980 --> 00:44:45,740
Provisioning that required coordination

1256
00:44:45,740 --> 00:44:48,540
across four departments now happened automatically.

1257
00:44:48,540 --> 00:44:50,540
Access requests that used to pass through

1258
00:44:50,540 --> 00:44:52,620
multiple approval gates now executed

1259
00:44:52,620 --> 00:44:54,140
according to defined criteria.

1260
00:44:54,140 --> 00:44:55,820
The complexity didn't decrease.

1261
00:44:55,820 --> 00:44:57,260
But the human latency disappeared.

1262
00:44:57,260 --> 00:44:59,100
This is what replaced the orchestration admin,

1263
00:44:59,100 --> 00:45:01,420
not a faster person coordinating between systems.

1264
00:45:01,420 --> 00:45:03,180
A system that coordinates automatically

1265
00:45:03,180 --> 00:45:04,780
according to defined rules.

1266
00:45:04,780 --> 00:45:06,860
A system that manages agent life cycle

1267
00:45:06,860 --> 00:45:08,220
without human involvement.

1268
00:45:08,220 --> 00:45:10,460
A system that detects and prevents problems

1269
00:45:10,460 --> 00:45:12,140
before they affect the business.

1270
00:45:12,140 --> 00:45:13,820
This is agent 365.

1271
00:45:13,820 --> 00:45:15,580
The orchestration layer that removes humans

1272
00:45:15,580 --> 00:45:17,660
from orchestration entirely.

1273
00:45:17,660 --> 00:45:20,380
The copilot shift, from assistance to autonomy.

1274
00:45:20,380 --> 00:45:23,340
Copilot represents the moment when the system stopped asking

1275
00:45:23,340 --> 00:45:25,580
for permission and started asking for intent.

1276
00:45:25,580 --> 00:45:26,700
This distinction matters.

1277
00:45:26,700 --> 00:45:27,580
It's not semantic.

1278
00:45:27,580 --> 00:45:29,340
It's architectural.

1279
00:45:29,340 --> 00:45:31,660
For years, you've thought of copilot as a helper.

1280
00:45:31,660 --> 00:45:32,380
A tool you use.

1281
00:45:32,380 --> 00:45:33,340
You ask it a question.

1282
00:45:33,340 --> 00:45:34,220
It gives you an answer.

1283
00:45:34,220 --> 00:45:35,660
You ask it to draft something.

1284
00:45:35,660 --> 00:45:36,540
It suggests text.

1285
00:45:36,540 --> 00:45:37,900
You ask it to analyze data.

1286
00:45:37,900 --> 00:45:38,860
It shows you patterns.

1287
00:45:38,860 --> 00:45:40,060
Copilot is an assistant.

1288
00:45:40,060 --> 00:45:41,100
It's there when you need it.

1289
00:45:41,100 --> 00:45:41,980
You initiate.

1290
00:45:41,980 --> 00:45:43,020
Copilot responds.

1291
00:45:43,020 --> 00:45:44,220
That's assistance.

1292
00:45:44,220 --> 00:45:45,820
That's not what copilot is anymore.

1293
00:45:45,820 --> 00:45:47,740
Copilot has shifted into something else.

1294
00:45:47,740 --> 00:45:49,740
Agent mode in word excel and PowerPoint

1295
00:45:49,740 --> 00:45:52,140
means copilot doesn't wait for your request anymore.

1296
00:45:52,140 --> 00:45:53,260
You describe what you want.

1297
00:45:53,260 --> 00:45:55,820
You say, make this document match the brand guidelines.

1298
00:45:55,820 --> 00:45:56,700
You don't tell it how.

1299
00:45:56,700 --> 00:45:57,900
You don't click buttons.

1300
00:45:57,900 --> 00:45:58,940
You describe intent.

1301
00:45:58,940 --> 00:46:00,300
Copilot understands intent.

1302
00:46:00,300 --> 00:46:01,340
Copilot executes it.

1303
00:46:01,340 --> 00:46:03,580
Copilot edits the document autonomously.

1304
00:46:03,580 --> 00:46:05,340
Without asking permission for each change,

1305
00:46:05,340 --> 00:46:06,300
you review what it did.

1306
00:46:06,300 --> 00:46:07,180
You accept or reject.

1307
00:46:07,180 --> 00:46:08,620
But copilot made the decisions.

1308
00:46:08,620 --> 00:46:09,900
Copilot determined the edits.

1309
00:46:09,900 --> 00:46:12,700
Copilot moved from suggesting changes to making them.

1310
00:46:12,700 --> 00:46:13,500
This is the shift.

1311
00:46:13,500 --> 00:46:15,100
From assistance to autonomy.

1312
00:46:15,100 --> 00:46:17,020
Watch what happens when you shift that paradigm.

1313
00:46:17,020 --> 00:46:18,220
Under the assistance model,

1314
00:46:18,220 --> 00:46:19,500
you have to know what you want.

1315
00:46:19,500 --> 00:46:20,620
You describe the problem.

1316
00:46:20,620 --> 00:46:21,820
Copilot helps you solve it.

1317
00:46:21,820 --> 00:46:22,780
You're still the director.

1318
00:46:22,780 --> 00:46:24,220
You're still making decisions.

1319
00:46:24,220 --> 00:46:26,540
Copilot is providing suggestions and information

1320
00:46:26,540 --> 00:46:27,980
to help you decide better.

1321
00:46:27,980 --> 00:46:29,020
Under the autonomy model,

1322
00:46:29,020 --> 00:46:30,380
you describe the outcome you want.

1323
00:46:30,380 --> 00:46:31,980
You don't describe the steps.

1324
00:46:31,980 --> 00:46:33,500
Copilot determines the steps.

1325
00:46:33,500 --> 00:46:35,500
Copilot doesn't show you its work for approval.

1326
00:46:35,500 --> 00:46:37,580
Copilot acts according to defined intent.

1327
00:46:37,580 --> 00:46:39,580
You're no longer deciding what changes to make.

1328
00:46:39,580 --> 00:46:42,540
You're deciding whether the outcome matches what you intended.

1329
00:46:42,540 --> 00:46:44,380
The first model requires you to understand

1330
00:46:44,380 --> 00:46:46,540
the problem deeply enough to direct the solution.

1331
00:46:46,540 --> 00:46:48,540
The second model requires you to understand

1332
00:46:48,540 --> 00:46:49,660
the desired outcome,

1333
00:46:49,660 --> 00:46:51,260
but not the path to get there.

1334
00:46:51,260 --> 00:46:52,620
The system determines the path.

1335
00:46:52,620 --> 00:46:53,740
This is why it matters.

1336
00:46:53,740 --> 00:46:57,100
The assistance model still requires human direction at each step.

1337
00:46:57,100 --> 00:46:58,300
You have to know what to ask for.

1338
00:46:58,300 --> 00:46:59,980
You have to know what information matters.

1339
00:46:59,980 --> 00:47:01,740
You have to understand the domain well enough

1340
00:47:01,740 --> 00:47:03,340
to evaluate Copilot's suggestions.

1341
00:47:03,340 --> 00:47:04,780
The human is still the bottleneck.

1342
00:47:04,780 --> 00:47:07,580
You're just using a better tool to help you think.

1343
00:47:07,580 --> 00:47:10,540
The autonomy model removes human direction from the execution.

1344
00:47:10,540 --> 00:47:11,660
You describe intent.

1345
00:47:11,660 --> 00:47:13,100
The system executes.

1346
00:47:13,100 --> 00:47:15,420
The human becomes a validator, not a director.

1347
00:47:15,420 --> 00:47:18,300
You're no longer making decisions about how to accomplish the task.

1348
00:47:18,300 --> 00:47:20,780
You're evaluating whether the task was accomplished correctly.

1349
00:47:20,780 --> 00:47:22,300
This is the architectural revolution.

1350
00:47:22,300 --> 00:47:24,540
You've moved from human decides, AI helps,

1351
00:47:24,540 --> 00:47:26,540
to human describes, AI decides it.

1352
00:47:26,540 --> 00:47:28,540
The decision making moves from you to the system.

1353
00:47:28,540 --> 00:47:29,900
The system is now the actor.

1354
00:47:29,900 --> 00:47:30,780
You're now the arbiter.

1355
00:47:30,780 --> 00:47:32,060
But here's where it gets interesting.

1356
00:47:32,060 --> 00:47:35,100
This only works if the system actually understands intent.

1357
00:47:35,100 --> 00:47:38,540
An understanding intent requires something more than just answering questions.

1358
00:47:38,540 --> 00:47:40,540
It requires the system to know what you value.

1359
00:47:40,540 --> 00:47:42,620
It requires organizational context.

1360
00:47:42,620 --> 00:47:46,140
It requires understanding your business logic, your standards, your constraints.

1361
00:47:46,140 --> 00:47:50,300
It requires the system to have access to what you intended to build.

1362
00:47:50,300 --> 00:47:52,140
Not just what you asked it to do.

1363
00:47:52,140 --> 00:47:53,660
This is where work IQ enters.

1364
00:47:53,660 --> 00:47:56,060
This is where the system learns organizational memory.

1365
00:47:56,060 --> 00:47:58,380
Every meeting you attend, every document you create,

1366
00:47:58,380 --> 00:48:00,460
every decision you make, the system observes it.

1367
00:48:00,460 --> 00:48:02,460
The system builds a model of how you think.

1368
00:48:02,460 --> 00:48:05,660
What you value, what you consider correct, what your standards are.

1369
00:48:05,660 --> 00:48:08,060
When you describe intent, the system doesn't just guess.

1370
00:48:08,060 --> 00:48:09,500
The system knows your preferences.

1371
00:48:09,500 --> 00:48:10,860
The system knows your domain.

1372
00:48:10,860 --> 00:48:15,740
The system knows what success looks like because it's seen thousands of examples of your work.

1373
00:48:15,740 --> 00:48:17,980
Now, copilot doesn't just execute instructions.

1374
00:48:17,980 --> 00:48:21,180
Copilot executes intent according to your specific context.

1375
00:48:21,180 --> 00:48:23,500
When you say make this compliant with our guidelines,

1376
00:48:23,500 --> 00:48:26,220
copilot knows your guidelines because it's seen your documents.

1377
00:48:26,220 --> 00:48:27,660
It's seen your standards.

1378
00:48:27,660 --> 00:48:29,420
It knows what you consider compliant.

1379
00:48:29,420 --> 00:48:31,900
This is what separates a general purpose assistant

1380
00:48:31,900 --> 00:48:34,860
from an autonomous actor working within organizational context.

1381
00:48:34,860 --> 00:48:37,260
The general assistant needs you to specify everything.

1382
00:48:37,260 --> 00:48:40,380
The organizational agent understands context, understands intent.

1383
00:48:40,380 --> 00:48:43,180
Executes according to your specific business logic.

1384
00:48:43,180 --> 00:48:45,100
By 2026, this shift was complete.

1385
00:48:45,100 --> 00:48:46,780
Copilot moved from helper to actor.

1386
00:48:46,780 --> 00:48:48,780
From suggestion based to autonomy based.

1387
00:48:48,780 --> 00:48:51,260
From here's information to help you decide to,

1388
00:48:51,260 --> 00:48:53,660
here's what I did based on what you intended.

1389
00:48:53,660 --> 00:48:56,060
The human moved from director to validator.

1390
00:48:56,060 --> 00:48:59,500
From making decisions to evaluating whether decisions were made correctly.

1391
00:48:59,500 --> 00:49:03,580
From active participation in execution to oversight of autonomous execution.

1392
00:49:03,580 --> 00:49:07,100
This is the moment when you stopped being the operator and became the supervisor.

1393
00:49:07,100 --> 00:49:10,300
The skill shift, from operator to architect.

1394
00:49:10,300 --> 00:49:12,140
If the system replaced manual operators,

1395
00:49:12,140 --> 00:49:13,980
what happened to the people who were operators?

1396
00:49:13,980 --> 00:49:17,180
The answer matters because the answer determines whether you survived this transition

1397
00:49:17,180 --> 00:49:18,140
or became obsolete.

1398
00:49:18,140 --> 00:49:19,660
The admin role didn't disappear.

1399
00:49:19,660 --> 00:49:22,940
It transformed and transformation is harsher than replacement

1400
00:49:22,940 --> 00:49:25,820
because transformation requires you to become someone different

1401
00:49:25,820 --> 00:49:27,820
while still being responsible for the work.

1402
00:49:27,820 --> 00:49:29,180
You used to be an operator.

1403
00:49:29,180 --> 00:49:32,220
You managed systems, you clicked buttons, you ran scripts,

1404
00:49:32,220 --> 00:49:34,620
you approved requests, you reviewed policies,

1405
00:49:34,620 --> 00:49:37,500
you executed decisions, your value was in execution.

1406
00:49:37,500 --> 00:49:39,100
How fast could you provision a user?

1407
00:49:39,100 --> 00:49:40,940
How many access reviews could you process?

1408
00:49:40,940 --> 00:49:42,940
How quickly could you respond to requests?

1409
00:49:42,940 --> 00:49:44,700
You were measured on speed and thoroughness.

1410
00:49:44,700 --> 00:49:46,060
How many tickets did you close?

1411
00:49:46,060 --> 00:49:47,820
How many configurations did you deploy?

1412
00:49:47,820 --> 00:49:49,900
Your work was visible, your impact was measurable,

1413
00:49:49,900 --> 00:49:51,180
you did things, things happened.

1414
00:49:51,180 --> 00:49:52,620
That's not what the architect does.

1415
00:49:52,620 --> 00:49:54,540
The architect no longer manages systems.

1416
00:49:54,540 --> 00:49:57,180
The architect designed systems, you don't click buttons anymore.

1417
00:49:57,180 --> 00:49:58,940
You define the rules that buttons follow,

1418
00:49:58,940 --> 00:50:00,460
you don't approve requests anymore.

1419
00:50:00,460 --> 00:50:02,780
You design the logic that approves requests automatically.

1420
00:50:02,780 --> 00:50:04,300
You don't review policies anymore.

1421
00:50:04,300 --> 00:50:06,780
You architect the policies that enforce themselves.

1422
00:50:06,780 --> 00:50:08,620
Your value is no longer in execution.

1423
00:50:08,620 --> 00:50:09,900
Your value is in design.

1424
00:50:09,900 --> 00:50:11,260
This requires different skills,

1425
00:50:11,260 --> 00:50:12,940
completely different execution skills,

1426
00:50:12,940 --> 00:50:15,980
how to use the interface, how to navigate complex configurations,

1427
00:50:15,980 --> 00:50:18,620
how to remember the sequence of steps become irrelevant.

1428
00:50:18,620 --> 00:50:21,340
The interface doesn't matter if the system is executing automatically.

1429
00:50:21,340 --> 00:50:23,980
The configuration steps don't matter if your defining rules,

1430
00:50:23,980 --> 00:50:25,340
not executing them.

1431
00:50:25,340 --> 00:50:28,300
The sequence of actions doesn't matter if the system is orchestrating actions,

1432
00:50:28,300 --> 00:50:28,940
not humans.

1433
00:50:28,940 --> 00:50:30,540
What matters now is system thinking,

1434
00:50:30,540 --> 00:50:31,820
how do policies interact?

1435
00:50:31,820 --> 00:50:33,980
What happens when this rule meets this other rule?

1436
00:50:33,980 --> 00:50:35,660
Where are the logical inconsistencies?

1437
00:50:35,660 --> 00:50:37,020
Where will exceptions accumulate?

1438
00:50:37,020 --> 00:50:38,300
How do you define intent?

1439
00:50:38,300 --> 00:50:41,500
Clearly enough that a machine can enforce it consistently.

1440
00:50:41,500 --> 00:50:46,060
How do you scope agent permissions so that the agent can accomplish its purpose

1441
00:50:46,060 --> 00:50:47,580
without introducing new risks?

1442
00:50:47,580 --> 00:50:50,700
How do you design for the exceptions that don't yet exist?

1443
00:50:50,700 --> 00:50:52,060
These are architect skills,

1444
00:50:52,060 --> 00:50:54,060
and they're the opposite of operator skills.

1445
00:50:54,060 --> 00:50:55,660
An operator memorizes steps.

1446
00:50:55,660 --> 00:50:57,180
An architect thinks about systems.

1447
00:50:57,180 --> 00:50:58,780
An operator executes decisions.

1448
00:50:58,780 --> 00:51:00,540
An architect defines decision logic.

1449
00:51:00,540 --> 00:51:02,300
An operator manages complexity.

1450
00:51:02,300 --> 00:51:06,380
An architect eliminates complexity by designing systems that prevent it.

1451
00:51:06,380 --> 00:51:07,740
Here's what the research showed.

1452
00:51:07,740 --> 00:51:11,100
Entry level IT admin positions declined 13%.

1453
00:51:11,100 --> 00:51:12,380
Not because there's less work.

1454
00:51:12,380 --> 00:51:14,620
Because the work that entry level admins used to do,

1455
00:51:14,620 --> 00:51:17,500
the ticket processing, the provisioning, the policy application,

1456
00:51:17,500 --> 00:51:18,540
is now automated.

1457
00:51:18,540 --> 00:51:20,780
You don't need someone to process provisioning tickets.

1458
00:51:20,780 --> 00:51:22,460
The system provisions automatically.

1459
00:51:22,460 --> 00:51:24,540
You don't need someone to apply policies.

1460
00:51:24,540 --> 00:51:25,660
The system applies them.

1461
00:51:25,660 --> 00:51:28,940
You don't need entry level admins doing task execution anymore.

1462
00:51:28,940 --> 00:51:32,220
But mid-level architects, the people with five to ten years of experience,

1463
00:51:32,220 --> 00:51:35,260
the people who understood why policies were written the way they were,

1464
00:51:35,260 --> 00:51:38,460
the people who understood the business logic behind the configurations.

1465
00:51:38,460 --> 00:51:39,900
Demand for those people went up.

1466
00:51:39,900 --> 00:51:42,860
Because those are the people who can design systems that work.

1467
00:51:42,860 --> 00:51:45,100
Who can translate business intent into policy?

1468
00:51:45,100 --> 00:51:47,820
Who can architect governance frameworks that actually scale?

1469
00:51:47,820 --> 00:51:49,420
This is the skillshift that matters.

1470
00:51:49,420 --> 00:51:52,060
The operator who got really good at clicking buttons,

1471
00:51:52,060 --> 00:51:53,580
who memorized the interface,

1472
00:51:53,580 --> 00:51:55,820
who could provision faster than anyone else.

1473
00:51:55,820 --> 00:51:57,580
That person became obsolete.

1474
00:51:57,580 --> 00:51:59,500
Not because they were replaced by a tool.

1475
00:51:59,500 --> 00:52:01,260
Because the tool eliminated the work they did.

1476
00:52:01,260 --> 00:52:03,260
The operator's skillset speed,

1477
00:52:03,260 --> 00:52:06,300
thoroughness, attention to detail in task execution,

1478
00:52:06,300 --> 00:52:09,500
became irrelevant in a system where tasks execute automatically.

1479
00:52:09,500 --> 00:52:12,860
But the operator who also understood why the system was designed that way,

1480
00:52:12,860 --> 00:52:15,260
who understood the intent behind the policies,

1481
00:52:15,260 --> 00:52:17,340
who could think about how systems interact.

1482
00:52:17,340 --> 00:52:18,780
That person became an architect.

1483
00:52:18,780 --> 00:52:21,500
That person learned to think about design instead of execution.

1484
00:52:21,500 --> 00:52:22,540
That person survived.

1485
00:52:22,540 --> 00:52:23,500
That person thrived.

1486
00:52:23,500 --> 00:52:25,420
That person is now in higher demand than ever.

1487
00:52:25,420 --> 00:52:26,540
The brutal part is this.

1488
00:52:26,540 --> 00:52:29,500
If you've spent five years getting really good at operator skills,

1489
00:52:29,500 --> 00:52:32,700
if your entire value is tied to execution speed and thoroughness,

1490
00:52:32,700 --> 00:52:35,900
you have to learn entirely new skills or you become irrelevant.

1491
00:52:35,900 --> 00:52:39,260
And learning entirely new skills is harder than learning to execute faster.

1492
00:52:39,260 --> 00:52:41,660
It requires you to unlearn what made you valuable.

1493
00:52:41,660 --> 00:52:43,260
It requires you to think differently.

1494
00:52:43,260 --> 00:52:45,500
It requires you to understand systems at a level

1495
00:52:45,500 --> 00:52:47,580
that task execution never required.

1496
00:52:47,580 --> 00:52:52,540
Entry level hiring dropped because the system doesn't need entry level operators anymore.

1497
00:52:52,540 --> 00:52:55,580
Mid-level hiring increased because the system needs architects.

1498
00:52:55,580 --> 00:52:59,340
The people who survived the transition were the ones who learned to think like architects.

1499
00:52:59,340 --> 00:53:01,740
The ones who didn't became the unemployment statistics.

1500
00:53:01,740 --> 00:53:03,180
This is the uncomfortable truth.

1501
00:53:03,180 --> 00:53:05,740
The system didn't need you to get better at what you were doing.

1502
00:53:05,740 --> 00:53:08,860
The system needed you to stop doing it and become someone else.

1503
00:53:08,860 --> 00:53:12,780
And becoming someone else is harder than getting faster at what you already do.

1504
00:53:12,780 --> 00:53:14,220
The governance stack.

1505
00:53:14,220 --> 00:53:15,420
How it all connects.

1506
00:53:15,420 --> 00:53:17,260
The real power isn't in any single tool.

1507
00:53:17,260 --> 00:53:19,260
The real power is in how they work together.

1508
00:53:19,260 --> 00:53:22,300
And that coherence is what manual administration could never achieve.

1509
00:53:22,300 --> 00:53:25,100
Think about what happens when a provisioning request comes in.

1510
00:53:25,100 --> 00:53:28,620
Under manual administration, the request would pass through human hands.

1511
00:53:28,620 --> 00:53:33,100
It would approve it, HR would verify it, security would check it, finance would confirm budget,

1512
00:53:33,100 --> 00:53:37,340
each person would review, add comments, escalate if needed, weeks would pass.

1513
00:53:37,340 --> 00:53:39,740
Then someone would finally execute the provisioning.

1514
00:53:39,740 --> 00:53:43,180
Under the agentic model, the request flows through the governance stack.

1515
00:53:43,180 --> 00:53:45,100
And every layer adds something different.

1516
00:53:45,100 --> 00:53:46,780
Every layer enforces something different.

1517
00:53:46,780 --> 00:53:49,180
Every layer makes the final outcome more certain.

1518
00:53:49,180 --> 00:53:50,940
The request enters Entry ID first.

1519
00:53:50,940 --> 00:53:52,300
This is the identity layer.

1520
00:53:52,300 --> 00:53:55,340
Entry evaluates the request against identity governance rules.

1521
00:53:55,340 --> 00:53:58,780
Is the requesting user authorized to make provisioning requests?

1522
00:53:58,780 --> 00:53:59,980
Are they in the right department?

1523
00:53:59,980 --> 00:54:01,260
Are their credentials valid?

1524
00:54:01,260 --> 00:54:02,940
Has their account been flagged for risk?

1525
00:54:02,940 --> 00:54:05,820
Entry makes these decisions in milliseconds based on signals.

1526
00:54:05,820 --> 00:54:09,580
The request either passes through or is rejected at the identity layer.

1527
00:54:09,580 --> 00:54:11,580
If it passes, it moves to conditional access.

1528
00:54:11,580 --> 00:54:13,180
This is the temporal and risk layer.

1529
00:54:13,180 --> 00:54:15,020
Conditional access evaluates context.

1530
00:54:15,020 --> 00:54:17,180
Is the request coming from a trusted location?

1531
00:54:17,180 --> 00:54:18,780
Is it coming at a reasonable time?

1532
00:54:18,780 --> 00:54:20,380
Is the requesting device managed?

1533
00:54:20,380 --> 00:54:21,660
Is there an anomaly in the pattern?

1534
00:54:21,660 --> 00:54:24,700
Conditional access applies time-based and signal-based rules.

1535
00:54:24,700 --> 00:54:27,820
The request either proceeds or triggers additional verification.

1536
00:54:27,820 --> 00:54:31,340
If it passes conditional access, it moves to the authorization engine.

1537
00:54:31,340 --> 00:54:33,020
This is where scope is determined.

1538
00:54:33,020 --> 00:54:34,700
What exactly can this request create?

1539
00:54:34,700 --> 00:54:35,980
Not what the user asked for.

1540
00:54:35,980 --> 00:54:37,500
What the governance rules permit?

1541
00:54:37,500 --> 00:54:39,180
Can this user provision to this group?

1542
00:54:39,180 --> 00:54:40,860
Can this user assign this license?

1543
00:54:40,860 --> 00:54:42,300
Can this user grant this access?

1544
00:54:42,300 --> 00:54:45,900
The authorization engine answers these questions based on defined policy.

1545
00:54:45,900 --> 00:54:47,180
It doesn't ask for approval.

1546
00:54:47,180 --> 00:54:49,900
It evaluates policy and determines what's permissible.

1547
00:54:49,900 --> 00:54:53,100
If authorization passes the request reaches Agent 365,

1548
00:54:53,100 --> 00:54:54,380
this is the agent layer.

1549
00:54:54,380 --> 00:54:57,820
Agent 365 determines which agents can execute this request.

1550
00:54:57,820 --> 00:55:01,020
What automation should run in what sequence with what constraints?

1551
00:55:01,020 --> 00:55:03,260
Agent 365 orchestrates the agents.

1552
00:55:03,260 --> 00:55:04,940
One agent creates the user account.

1553
00:55:04,940 --> 00:55:06,380
Another applies the license.

1554
00:55:06,380 --> 00:55:08,060
Another adds the user to the group.

1555
00:55:08,060 --> 00:55:09,420
Another sends notification.

1556
00:55:09,420 --> 00:55:11,180
Another updates the tracking system.

1557
00:55:11,180 --> 00:55:12,700
All coordinated automatically.

1558
00:55:12,700 --> 00:55:14,700
All executing in defined sequence.

1559
00:55:14,700 --> 00:55:17,980
All operating within the scope determined by the authorization layer.

1560
00:55:17,980 --> 00:55:20,540
During execution, power automate handles the workflow logic.

1561
00:55:20,540 --> 00:55:22,700
Power automate doesn't execute autonomously.

1562
00:55:22,700 --> 00:55:25,660
Power automate executes what the agents tell it to execute.

1563
00:55:25,660 --> 00:55:27,660
But power automate enforces the workflow.

1564
00:55:27,660 --> 00:55:29,660
It ensures steps happen in the right order.

1565
00:55:29,660 --> 00:55:31,740
It handles escalations if something fails.

1566
00:55:31,740 --> 00:55:35,100
It manages the state of the provisioning throughout execution.

1567
00:55:35,100 --> 00:55:36,380
While all this is happening,

1568
00:55:36,380 --> 00:55:38,220
Microsoft Graph is being accessed.

1569
00:55:38,220 --> 00:55:39,900
Graph retrieves the information needed.

1570
00:55:39,900 --> 00:55:41,100
Graph updates the directory.

1571
00:55:41,100 --> 00:55:42,940
Graph notifies dependent systems.

1572
00:55:42,940 --> 00:55:45,100
Graph is the data layer underlying everything.

1573
00:55:45,100 --> 00:55:46,540
Every layer reads from Graph.

1574
00:55:46,540 --> 00:55:47,820
Every layer writes to Graph.

1575
00:55:47,820 --> 00:55:49,580
Graph maintains the source of truth.

1576
00:55:49,580 --> 00:55:52,860
And throughout this entire flow, PerView is evaluating data.

1577
00:55:52,860 --> 00:55:54,300
What data is being accessed.

1578
00:55:54,300 --> 00:55:55,580
What data is being created.

1579
00:55:55,580 --> 00:55:57,500
What data sensitivity labels apply.

1580
00:55:57,500 --> 00:56:00,060
PerView enforces data governance rules in real time.

1581
00:56:00,060 --> 00:56:02,780
If someone attempts to share sensitive data inappropriately,

1582
00:56:02,780 --> 00:56:04,380
PerView detects it and blocks it.

1583
00:56:04,380 --> 00:56:05,580
PerView doesn't wait.

1584
00:56:05,580 --> 00:56:07,180
PerView enforces continuously.

1585
00:56:07,180 --> 00:56:09,340
Finally, Defender is observing.

1586
00:56:09,340 --> 00:56:10,780
Defender watches every action.

1587
00:56:10,780 --> 00:56:11,900
Is the provisioning normal?

1588
00:56:11,900 --> 00:56:13,020
Is the scope appropriate?

1589
00:56:13,020 --> 00:56:14,860
Is the agent behaving as expected?

1590
00:56:14,860 --> 00:56:16,060
Is there a threat signal?

1591
00:56:16,060 --> 00:56:17,660
Defender maintains visibility.

1592
00:56:17,660 --> 00:56:19,420
If something looks wrong, Defender alerts.

1593
00:56:19,420 --> 00:56:22,220
If something looks like compromise, Defender revokes access.

1594
00:56:22,220 --> 00:56:24,620
Defender is the eyes that never stop watching.

1595
00:56:24,620 --> 00:56:27,980
This entire flow from request entry to execution to monitoring

1596
00:56:27,980 --> 00:56:29,100
happens in seconds.

1597
00:56:29,100 --> 00:56:30,220
No human approval.

1598
00:56:30,220 --> 00:56:30,860
No waiting.

1599
00:56:30,860 --> 00:56:31,660
No exceptions.

1600
00:56:31,660 --> 00:56:32,700
No theater.

1601
00:56:32,700 --> 00:56:35,500
The request either completes according to defined governance

1602
00:56:35,500 --> 00:56:38,460
or fails at a specific layer with documented reason.

1603
00:56:38,460 --> 00:56:39,820
The coherence is what matters.

1604
00:56:39,820 --> 00:56:41,420
Each layer enforces something different.

1605
00:56:41,420 --> 00:56:43,340
Identity enforces who can request.

1606
00:56:43,340 --> 00:56:44,940
Context enforces when and where.

1607
00:56:44,940 --> 00:56:47,260
Authorization enforces what scope is permissible.

1608
00:56:47,260 --> 00:56:49,020
Agents enforce execution order.

1609
00:56:49,020 --> 00:56:50,780
Graph enforces data consistency.

1610
00:56:50,780 --> 00:56:52,460
PerView enforces data protection.

1611
00:56:52,460 --> 00:56:54,780
Defender enforces security.

1612
00:56:54,780 --> 00:56:56,780
Together, they form a unified system

1613
00:56:56,780 --> 00:56:59,020
where governance is embedded at every layer.

1614
00:56:59,020 --> 00:57:00,860
Manual administration couldn't achieve this

1615
00:57:00,860 --> 00:57:02,380
because no human could coordinate

1616
00:57:02,380 --> 00:57:05,020
across seven different governance layers simultaneously.

1617
00:57:05,020 --> 00:57:07,100
But the system doesn't need humans to coordinate.

1618
00:57:07,100 --> 00:57:09,340
The system is designed for automatic coordination.

1619
00:57:09,340 --> 00:57:10,460
Each layer does its job.

1620
00:57:10,460 --> 00:57:11,900
Each layer trusts the others.

1621
00:57:11,900 --> 00:57:14,060
The result is governance that's comprehensive,

1622
00:57:14,060 --> 00:57:16,300
consistent and enforced automatically.

1623
00:57:16,300 --> 00:57:17,580
This is the governance stack.

1624
00:57:17,580 --> 00:57:19,500
Not a dashboard, not a reporting tool.

1625
00:57:19,500 --> 00:57:21,980
A system where every decision point is governed.

1626
00:57:21,980 --> 00:57:23,980
Where every layer enforces something.

1627
00:57:23,980 --> 00:57:27,020
Where the entire flow is auditable, repeatable and deterministic.

1628
00:57:27,020 --> 00:57:28,700
This is what replaced the administrator

1629
00:57:28,700 --> 00:57:30,300
who had to manually enforce governance

1630
00:57:30,300 --> 00:57:31,980
across seven different tools.

1631
00:57:31,980 --> 00:57:34,620
The uncomfortable truth about job displacement.

1632
00:57:34,620 --> 00:57:36,620
Let's address what everyone is thinking.

1633
00:57:36,620 --> 00:57:38,140
But no one is saying clearly.

1634
00:57:38,140 --> 00:57:41,180
30% of US companies have replaced some workers with AI,

1635
00:57:41,180 --> 00:57:43,340
not reduced their hours, not reassigned them,

1636
00:57:43,340 --> 00:57:45,180
replaced them, they're gone.

1637
00:57:45,180 --> 00:57:47,020
30% that's not a rounding error.

1638
00:57:47,020 --> 00:57:48,780
That's a significant portion of the market

1639
00:57:48,780 --> 00:57:50,620
making the decision that the work those people did

1640
00:57:50,620 --> 00:57:52,300
could be done by a system instead.

1641
00:57:52,300 --> 00:57:56,300
38% of employers have cut entry-level roles due to AI,

1642
00:57:56,300 --> 00:57:57,660
entry-level positions.

1643
00:57:57,660 --> 00:57:59,820
The positions that were supposed to be the pipeline,

1644
00:57:59,820 --> 00:58:02,700
the positions that trained people to become architects.

1645
00:58:02,700 --> 00:58:04,780
The positions that taught the fundamentals

1646
00:58:04,780 --> 00:58:06,140
of how systems work.

1647
00:58:06,140 --> 00:58:08,780
Those positions are disappearing, not transforming,

1648
00:58:08,780 --> 00:58:09,820
disappearing.

1649
00:58:09,820 --> 00:58:13,260
Organizations are deciding they don't need entry-level workers anymore

1650
00:58:13,260 --> 00:58:15,420
because the system handles the entry-level work.

1651
00:58:15,420 --> 00:58:22,780
In the first half of 2025 alone, 77,999 tech jobs were lost to AI.

1652
00:58:22,780 --> 00:58:25,020
Not reductions, not salary cuts, jobs eliminated.

1653
00:58:25,020 --> 00:58:28,060
That's hundreds of people every single day losing employment

1654
00:58:28,060 --> 00:58:29,820
because a system could do what they did.

1655
00:58:29,820 --> 00:58:31,420
And that number is accelerating.

1656
00:58:31,420 --> 00:58:33,020
Every quarter the number gets larger.

1657
00:58:33,020 --> 00:58:35,100
Every wave of automation removes more jobs.

1658
00:58:35,100 --> 00:58:36,460
But here's what the headlines miss.

1659
00:58:36,460 --> 00:58:39,180
While 77,000 jobs were being eliminated,

1660
00:58:39,180 --> 00:58:42,300
1.3 million new jobs were being created globally.

1661
00:58:42,300 --> 00:58:44,780
AI-related jobs, prompt engineers,

1662
00:58:44,780 --> 00:58:48,060
AI strategists, system designers, risk managers,

1663
00:58:48,060 --> 00:58:49,100
governance specialists.

1664
00:58:49,100 --> 00:58:52,380
Jobs that didn't exist three years ago are now in high demand.

1665
00:58:52,380 --> 00:58:53,740
The net effect isn't negative.

1666
00:58:53,740 --> 00:58:57,740
The net effect by 2030 is projected to be 78 million more jobs

1667
00:58:57,740 --> 00:58:59,900
created than eliminated globally.

1668
00:58:59,900 --> 00:59:01,180
A massive net positive.

1669
00:59:01,180 --> 00:59:02,860
But, and this is the uncomfortable part,

1670
00:59:02,860 --> 00:59:05,580
those aren't the same jobs in the same places filled by the same people.

1671
00:59:05,580 --> 00:59:08,700
The IT support person who spent a decade getting good at troubleshooting,

1672
00:59:08,700 --> 00:59:11,740
the job they did is now handled by an AI ticketing system.

1673
00:59:11,740 --> 00:59:14,460
They can't migrate that expertise to a prompt engineer role

1674
00:59:14,460 --> 00:59:18,140
the skills don't transfer, the tickets they used to handle are gone.

1675
00:59:18,140 --> 00:59:20,220
The job they were good at no longer exists.

1676
00:59:20,220 --> 00:59:24,060
The young person who was going to spend three years as an entry-level admin,

1677
00:59:24,060 --> 00:59:25,580
learning the fundamentals,

1678
00:59:25,580 --> 00:59:27,500
building toward a mid-level role,

1679
00:59:27,500 --> 00:59:29,580
there is no entry-level admin role anymore.

1680
00:59:29,580 --> 00:59:30,780
The system does that work,

1681
00:59:30,780 --> 00:59:33,020
so that person either doesn't enter IT at all

1682
00:59:33,020 --> 00:59:35,260
or they enter at a higher skill level immediately

1683
00:59:35,260 --> 00:59:37,260
with less training and less safety net.

1684
00:59:37,260 --> 00:59:39,740
The mid-level admin who had 12 years of experience

1685
00:59:39,740 --> 00:59:41,180
who understood the business deeply

1686
00:59:41,180 --> 00:59:43,100
who could architect governance frameworks.

1687
00:59:43,100 --> 00:59:44,860
That person is in higher demand than ever.

1688
00:59:44,860 --> 00:59:47,340
Demand for mid-level architects is up, way up.

1689
00:59:47,340 --> 00:59:49,420
The person with five to ten years of experience

1690
00:59:49,420 --> 00:59:51,820
is the most valuable person in the market right now

1691
00:59:51,820 --> 00:59:54,380
because those are the people who can design systems that work.

1692
00:59:54,380 --> 00:59:55,820
The people who understand intent,

1693
00:59:55,820 --> 00:59:57,660
the people who can think about consequences.

1694
00:59:57,660 --> 00:59:59,100
So, the displacement is real,

1695
00:59:59,100 --> 01:00:00,700
but it's not displacement of all jobs.

1696
01:00:00,700 --> 01:00:02,540
It's displacement of entry-level jobs

1697
01:00:02,540 --> 01:00:04,620
and displacement of pure operator roles.

1698
01:00:04,620 --> 01:00:06,940
It's replacement of high volume, low skill work,

1699
01:00:06,940 --> 01:00:08,700
with high value, high skill work.

1700
01:00:08,700 --> 01:00:12,140
This matters because it determines whether you survived or became a statistic.

1701
01:00:12,140 --> 01:00:15,580
If your entire value was tied to how fast you could click buttons,

1702
01:00:15,580 --> 01:00:16,620
you're in the statistics.

1703
01:00:16,620 --> 01:00:18,300
The system clicks buttons faster.

1704
01:00:18,300 --> 01:00:20,620
If your entire value was tied to being the person

1705
01:00:20,620 --> 01:00:23,180
who processes tickets, you're in the statistics.

1706
01:00:23,180 --> 01:00:24,700
The system processes tickets.

1707
01:00:24,700 --> 01:00:27,260
If your entire value was tied to being the gatekeeper

1708
01:00:27,260 --> 01:00:29,580
who approves access, you're in the statistics.

1709
01:00:29,580 --> 01:00:30,940
The system approves access,

1710
01:00:30,940 --> 01:00:32,540
but if your value was in understanding

1711
01:00:32,540 --> 01:00:34,300
why the system was designed that way,

1712
01:00:34,300 --> 01:00:36,460
if your value was in knowing what decisions matter

1713
01:00:36,460 --> 01:00:37,420
and which don't,

1714
01:00:37,420 --> 01:00:40,060
if your value was in seeing how policies interact

1715
01:00:40,060 --> 01:00:42,940
and preventing entropy before it becomes unmanageable,

1716
01:00:42,940 --> 01:00:45,100
then you became more valuable, not less.

1717
01:00:45,100 --> 01:00:47,500
The demand for people who can think about these things went up

1718
01:00:47,500 --> 01:00:49,820
while the demand for people who execute them went down.

1719
01:00:49,820 --> 01:00:51,180
This is the uncomfortable truth.

1720
01:00:51,180 --> 01:00:53,100
The system didn't replace bad admins.

1721
01:00:53,100 --> 01:00:54,620
It replaced operator-level work

1722
01:00:54,620 --> 01:00:58,380
and replacing operator-level work is what transforms an industry.

1723
01:00:58,380 --> 01:00:59,820
It eliminates the entry point.

1724
01:00:59,820 --> 01:01:01,020
It removes the training ground.

1725
01:01:01,020 --> 01:01:02,860
It forces everyone who enters the field

1726
01:01:02,860 --> 01:01:05,820
to enter with more existing knowledge and fewer safety nets.

1727
01:01:05,820 --> 01:01:08,300
This isn't tragedy, it's evolution.

1728
01:01:08,300 --> 01:01:09,740
But evolution is uncomfortable.

1729
01:01:09,740 --> 01:01:11,420
Evolution eliminates niches.

1730
01:01:11,420 --> 01:01:13,820
Evolution removes species that can't adapt

1731
01:01:13,820 --> 01:01:15,820
and evolution doesn't care about your plans.

1732
01:01:15,820 --> 01:01:17,820
The people who survived were the ones who understood

1733
01:01:17,820 --> 01:01:19,180
this was happening and adapted.

1734
01:01:19,180 --> 01:01:22,220
The people who didn't became the employment statistics.

1735
01:01:22,220 --> 01:01:24,540
And by 2026, the statistics were clear.

1736
01:01:24,540 --> 01:01:26,780
Entry-level hiring was down 13%.

1737
01:01:26,780 --> 01:01:28,780
Mid-level architect demand was up dramatically.

1738
01:01:28,780 --> 01:01:30,940
The market had spoken, the system had changed

1739
01:01:30,940 --> 01:01:33,340
and the people who survived were the ones who saw it coming

1740
01:01:33,340 --> 01:01:34,540
and changed with it.

1741
01:01:34,540 --> 01:01:36,060
The governance first imperative.

1742
01:01:36,060 --> 01:01:37,180
This is the critical insight

1743
01:01:37,180 --> 01:01:38,620
that separates the organizations

1744
01:01:38,620 --> 01:01:41,020
that thrived from the ones that merely survived.

1745
01:01:41,020 --> 01:01:43,740
Most organizations treat governance as a break on innovation.

1746
01:01:43,740 --> 01:01:44,700
A checkbox.

1747
01:01:44,700 --> 01:01:46,700
Something compliance requires you to do.

1748
01:01:46,700 --> 01:01:48,300
Something security insists on.

1749
01:01:48,300 --> 01:01:49,660
Something that slows down deployment

1750
01:01:49,660 --> 01:01:51,260
and makes business teams frustrated.

1751
01:01:51,260 --> 01:01:54,140
Governance is the thing you do after you've proven the value of something.

1752
01:01:54,140 --> 01:01:55,660
You build a proof of concept.

1753
01:01:55,660 --> 01:01:57,180
You show the business impact.

1754
01:01:57,180 --> 01:01:59,020
Then, reluctantly, you add governance.

1755
01:01:59,020 --> 01:02:00,540
You implement controls.

1756
01:02:00,540 --> 01:02:02,620
You slow things down to acceptable risk.

1757
01:02:02,620 --> 01:02:04,780
Governance is the cost you pay for innovation.

1758
01:02:04,780 --> 01:02:07,420
The overhead, the bureaucracy that prevents

1759
01:02:07,420 --> 01:02:09,180
good things from happening fast.

1760
01:02:09,180 --> 01:02:09,980
That's backwards.

1761
01:02:09,980 --> 01:02:12,620
That's the thinking that created Shadow AI in the first place.

1762
01:02:12,620 --> 01:02:14,620
That's the thinking that makes organizations

1763
01:02:14,620 --> 01:02:17,580
choose unsanctioned tools over approved workflows.

1764
01:02:17,580 --> 01:02:21,180
That's the thinking that makes employees wait two weeks for approval

1765
01:02:21,180 --> 01:02:24,060
and then solve the problem themselves on personal accounts.

1766
01:02:24,060 --> 01:02:26,700
Leading organizations understood something different.

1767
01:02:26,700 --> 01:02:29,580
They understood that governance isn't a break on innovation.

1768
01:02:29,580 --> 01:02:31,740
Governance is the foundation for scaling it.

1769
01:02:31,740 --> 01:02:34,780
Think about what happens when you deploy agents without governance.

1770
01:02:34,780 --> 01:02:36,060
You want to move fast.

1771
01:02:36,060 --> 01:02:37,820
You build an agent to automate something.

1772
01:02:37,820 --> 01:02:38,780
You test it.

1773
01:02:38,780 --> 01:02:39,260
It works.

1774
01:02:39,260 --> 01:02:40,060
You deploy it.

1775
01:02:40,060 --> 01:02:40,540
Great.

1776
01:02:40,540 --> 01:02:42,380
But you didn't define scope clearly.

1777
01:02:42,380 --> 01:02:43,740
You didn't document intent.

1778
01:02:43,740 --> 01:02:45,420
You didn't establish lifecycle rules.

1779
01:02:45,420 --> 01:02:47,100
So now you have an agent that does work.

1780
01:02:47,100 --> 01:02:48,540
And you have no idea what it's doing.

1781
01:02:48,540 --> 01:02:49,260
How to revoke it.

1782
01:02:49,260 --> 01:02:49,900
Who's using it?

1783
01:02:49,900 --> 01:02:51,900
Or what happens if it behaves unexpectedly?

1784
01:02:51,900 --> 01:02:53,100
The agent is operational.

1785
01:02:53,100 --> 01:02:54,380
But it's also a risk.

1786
01:02:54,380 --> 01:02:56,780
You're moving fast towards something you don't understand.

1787
01:02:56,780 --> 01:02:58,540
Then another team builds another agent.

1788
01:02:58,540 --> 01:02:59,660
They do the same thing.

1789
01:02:59,660 --> 01:03:00,700
Fast deployment.

1790
01:03:00,700 --> 01:03:01,820
Minimal governance.

1791
01:03:01,820 --> 01:03:03,020
No documentation.

1792
01:03:03,020 --> 01:03:04,220
No scope definition.

1793
01:03:04,220 --> 01:03:05,420
No lifecycle management.

1794
01:03:05,420 --> 01:03:07,660
Now you have two agents and you understand neither of them.

1795
01:03:07,660 --> 01:03:08,860
They might interact with each other.

1796
01:03:08,860 --> 01:03:09,660
They might conflict.

1797
01:03:09,660 --> 01:03:10,620
You don't know.

1798
01:03:10,620 --> 01:03:12,860
By the time you have 10 agents without governance,

1799
01:03:12,860 --> 01:03:13,900
you're in chaos.

1800
01:03:13,900 --> 01:03:15,500
You've built 10 things fast.

1801
01:03:15,500 --> 01:03:16,620
But you can't manage them.

1802
01:03:16,620 --> 01:03:17,820
You can't audit them.

1803
01:03:17,820 --> 01:03:19,500
You can't understand what they're doing.

1804
01:03:19,500 --> 01:03:22,620
And by then, the cost of adding governance is massive.

1805
01:03:22,620 --> 01:03:24,700
You have to retrofit controls onto systems

1806
01:03:24,700 --> 01:03:25,900
that were never designed for them.

1807
01:03:25,900 --> 01:03:27,500
You have to untangle dependencies.

1808
01:03:27,500 --> 01:03:28,620
You didn't know existed.

1809
01:03:28,620 --> 01:03:29,580
This is the alternative.

1810
01:03:29,580 --> 01:03:31,100
Define governance first.

1811
01:03:31,100 --> 01:03:32,460
Before you build the agent,

1812
01:03:32,460 --> 01:03:33,900
define its scope.

1813
01:03:33,900 --> 01:03:35,100
Document its purpose.

1814
01:03:35,100 --> 01:03:36,700
Specify what access it needs.

1815
01:03:36,700 --> 01:03:38,060
Define how it will behave.

1816
01:03:38,060 --> 01:03:39,900
Establish lifecycle rules.

1817
01:03:39,900 --> 01:03:42,380
Then build the agent according to the governance framework.

1818
01:03:42,380 --> 01:03:44,460
The agent is born into a controlled environment.

1819
01:03:44,460 --> 01:03:46,220
It operates within defined boundaries.

1820
01:03:46,220 --> 01:03:47,100
It can be audited.

1821
01:03:47,100 --> 01:03:48,060
It can be revoked.

1822
01:03:48,060 --> 01:03:49,100
It can be monitored.

1823
01:03:49,100 --> 01:03:50,060
It has lifecycle.

1824
01:03:50,060 --> 01:03:51,260
It has accountability.

1825
01:03:51,260 --> 01:03:52,700
Now you build another agent.

1826
01:03:52,700 --> 01:03:53,500
Same process.

1827
01:03:53,500 --> 01:03:54,300
Define governance.

1828
01:03:54,300 --> 01:03:54,860
Clear scope.

1829
01:03:54,860 --> 01:03:55,900
Documented intent.

1830
01:03:55,900 --> 01:03:57,020
The system is coherent.

1831
01:03:57,020 --> 01:03:59,900
You understand how this agent relates to the previous one.

1832
01:03:59,900 --> 01:04:01,580
You understand what data they might access.

1833
01:04:01,580 --> 01:04:03,180
You understand what controls apply.

1834
01:04:03,180 --> 01:04:04,780
The organizations that moved fastest

1835
01:04:04,780 --> 01:04:08,300
to agentex systems weren't the ones with the most resources.

1836
01:04:08,300 --> 01:04:10,140
They weren't the ones with the biggest budgets.

1837
01:04:10,140 --> 01:04:12,140
They were the ones that implemented governance first.

1838
01:04:12,140 --> 01:04:14,460
They were the ones that understood this principle.

1839
01:04:14,460 --> 01:04:17,100
And the database is out by Q22026.

1840
01:04:17,100 --> 01:04:19,660
Governance first organizations had deployment cycles

1841
01:04:19,660 --> 01:04:21,340
that were three to five times faster

1842
01:04:21,340 --> 01:04:22,780
than governance reactive ones.

1843
01:04:22,780 --> 01:04:23,740
Three to five times.

1844
01:04:23,740 --> 01:04:24,940
Not marginally better.

1845
01:04:24,940 --> 01:04:26,060
Not slightly ahead.

1846
01:04:26,060 --> 01:04:27,740
Dramatically faster.

1847
01:04:27,740 --> 01:04:28,940
This is counterintuitive

1848
01:04:28,940 --> 01:04:30,940
because governance feels like constraint.

1849
01:04:30,940 --> 01:04:32,620
It feels like it slows things down.

1850
01:04:32,620 --> 01:04:34,300
But when you implement governance first,

1851
01:04:34,300 --> 01:04:35,820
governance becomes infrastructure.

1852
01:04:35,820 --> 01:04:38,860
Governance becomes the foundation that makes scale possible.

1853
01:04:38,860 --> 01:04:41,020
You're not adding governance to existing systems

1854
01:04:41,020 --> 01:04:42,460
and trying to retrofit controls.

1855
01:04:42,460 --> 01:04:45,420
You're building new systems within a governance framework.

1856
01:04:45,420 --> 01:04:47,260
The framework is there from the beginning.

1857
01:04:47,260 --> 01:04:48,700
The system is born compliant.

1858
01:04:48,700 --> 01:04:50,140
The system is born auditable.

1859
01:04:50,140 --> 01:04:52,140
The system is born within constraint.

1860
01:04:52,140 --> 01:04:53,500
And constraints enable speed.

1861
01:04:53,500 --> 01:04:54,540
They enable confidence.

1862
01:04:54,540 --> 01:04:57,580
They enable scaling because you know exactly what the system can do.

1863
01:04:57,580 --> 01:04:59,020
You know exactly what it cannot do.

1864
01:04:59,020 --> 01:05:00,380
You know exactly how to monitor it.

1865
01:05:00,380 --> 01:05:03,260
You know exactly how to revoke it if something goes wrong.

1866
01:05:03,260 --> 01:05:05,740
Governance first organizations deployed agents faster

1867
01:05:05,740 --> 01:05:08,460
because they didn't spend three months retrofitting controls

1868
01:05:08,460 --> 01:05:10,220
after the agent was already operational.

1869
01:05:10,220 --> 01:05:11,740
But they didn't inherit shadow AI

1870
01:05:11,740 --> 01:05:13,660
because agents were governed from inception.

1871
01:05:13,660 --> 01:05:15,340
They didn't struggle with agents sprawl

1872
01:05:15,340 --> 01:05:18,380
because life cycle rules were defined before agents existed.

1873
01:05:18,380 --> 01:05:19,900
This is not a security tradeoff.

1874
01:05:19,900 --> 01:05:22,060
This is not a choice between speed and safety.

1875
01:05:22,060 --> 01:05:24,780
Governance first is faster and safer simultaneously.

1876
01:05:24,780 --> 01:05:26,940
Governance first is the competitive advantage.

1877
01:05:26,940 --> 01:05:28,700
The deterministic intent model.

1878
01:05:28,700 --> 01:05:31,660
This is the architectural principle that makes everything work.

1879
01:05:31,660 --> 01:05:34,460
This is the foundation that separates a system that scales

1880
01:05:34,460 --> 01:05:37,420
from a system that eventually collapses under its own weight.

1881
01:05:37,420 --> 01:05:39,820
Manual administration was reactive, something breaks.

1882
01:05:39,820 --> 01:05:40,460
You fix it.

1883
01:05:40,460 --> 01:05:41,820
A user loses access.

1884
01:05:41,820 --> 01:05:43,420
You investigate and re-ground it.

1885
01:05:43,420 --> 01:05:44,460
The policy is violated.

1886
01:05:44,460 --> 01:05:45,500
You remediate it.

1887
01:05:45,500 --> 01:05:46,860
A site is over permissioned.

1888
01:05:46,860 --> 01:05:47,740
You tighten it.

1889
01:05:47,740 --> 01:05:49,820
You react to problems as they emerge.

1890
01:05:49,820 --> 01:05:50,700
You fix fires.

1891
01:05:50,700 --> 01:05:51,980
You restore things that broke.

1892
01:05:51,980 --> 01:05:54,140
You are always one step behind the chaos.

1893
01:05:54,140 --> 01:05:56,540
Always cleaning up the entropy that the system created

1894
01:05:56,540 --> 01:05:58,140
while you weren't watching.

1895
01:05:58,140 --> 01:05:59,660
Agenteic administration is different.

1896
01:05:59,660 --> 01:06:00,780
It's proactive.

1897
01:06:00,780 --> 01:06:03,260
You define intent before the system operates.

1898
01:06:03,260 --> 01:06:04,940
You specify what should be true.

1899
01:06:04,940 --> 01:06:08,140
Access expires by default unless explicitly extended.

1900
01:06:08,140 --> 01:06:10,700
Sites are archived automatically after inactivity.

1901
01:06:10,700 --> 01:06:13,580
Data is classified at creation, not after discovery.

1902
01:06:13,580 --> 01:06:16,140
Permissions are scoped at provisioning, not loosened,

1903
01:06:16,140 --> 01:06:18,780
and then tightened when someone notices they're too broad.

1904
01:06:18,780 --> 01:06:20,220
You don't react to problems.

1905
01:06:20,220 --> 01:06:22,140
You define rules that prevent them.

1906
01:06:22,140 --> 01:06:24,060
This distinction matters architecturally.

1907
01:06:24,060 --> 01:06:26,220
It's the difference between a probabilistic system

1908
01:06:26,220 --> 01:06:27,500
and a deterministic one.

1909
01:06:27,500 --> 01:06:29,260
A deterministic system means

1910
01:06:29,260 --> 01:06:31,740
the same input always produces the same output.

1911
01:06:31,740 --> 01:06:34,460
You request access to a resource under these conditions.

1912
01:06:34,460 --> 01:06:36,220
The system evaluates those conditions

1913
01:06:36,220 --> 01:06:37,340
against defined policy.

1914
01:06:37,340 --> 01:06:39,420
The system grants or denies access.

1915
01:06:39,420 --> 01:06:41,660
Every time consistently, auditably.

1916
01:06:41,660 --> 01:06:43,580
The decision is tied to documented rules.

1917
01:06:43,580 --> 01:06:44,780
The outcome is predictable.

1918
01:06:44,780 --> 01:06:46,620
You can reason about what the system will do

1919
01:06:46,620 --> 01:06:49,180
because the system behaves according to defined logic.

1920
01:06:49,180 --> 01:06:51,500
A probabilistic system means the outcome depends on

1921
01:06:51,500 --> 01:06:52,860
who's making the decision.

1922
01:06:52,860 --> 01:06:53,900
You request access.

1923
01:06:53,900 --> 01:06:56,540
It depends on which admin reviews it, one admin approves it,

1924
01:06:56,540 --> 01:06:57,740
another admin denies it.

1925
01:06:57,740 --> 01:07:00,460
The outcome is inconsistent because humans are inconsistent.

1926
01:07:00,460 --> 01:07:01,820
You can't predict what will happen

1927
01:07:01,820 --> 01:07:03,980
because the decision isn't tied to defined logic.

1928
01:07:03,980 --> 01:07:05,900
The decision is tied to human judgment.

1929
01:07:05,900 --> 01:07:07,260
And human judgment varies.

1930
01:07:07,260 --> 01:07:09,500
Every exception you granted in the manual era

1931
01:07:09,500 --> 01:07:11,100
made the system more probabilistic.

1932
01:07:11,100 --> 01:07:13,580
You said yes to a request that didn't quite fit the policy.

1933
01:07:13,580 --> 01:07:14,540
You made an exception.

1934
01:07:14,540 --> 01:07:16,140
The exception documented one outcome.

1935
01:07:16,140 --> 01:07:18,620
But next time someone else faced a similar request

1936
01:07:18,620 --> 01:07:20,460
and didn't know about your exception,

1937
01:07:20,460 --> 01:07:21,660
they made a different decision.

1938
01:07:21,660 --> 01:07:23,180
The system became less consistent,

1939
01:07:23,180 --> 01:07:25,340
less predictable, less auditable.

1940
01:07:25,340 --> 01:07:27,980
Every exception added a branch in the decision tree.

1941
01:07:27,980 --> 01:07:29,820
Every branch made the tree more complex.

1942
01:07:29,820 --> 01:07:31,740
Every branch made it harder to reason about

1943
01:07:31,740 --> 01:07:32,940
what the system would do.

1944
01:07:32,940 --> 01:07:34,940
By the end, the system wasn't following policy.

1945
01:07:34,940 --> 01:07:36,380
The system was following precedent.

1946
01:07:36,380 --> 01:07:38,460
And precedent is just the accumulated weight

1947
01:07:38,460 --> 01:07:39,580
of previous exceptions.

1948
01:07:39,580 --> 01:07:41,900
Every policy you define in the agentic era

1949
01:07:41,900 --> 01:07:43,740
makes the system more deterministic.

1950
01:07:43,740 --> 01:07:44,540
You write a rule.

1951
01:07:44,540 --> 01:07:45,900
The system enforces it.

1952
01:07:45,900 --> 01:07:47,020
Millions of times.

1953
01:07:47,020 --> 01:07:49,180
Every decision is made according to the same logic.

1954
01:07:49,180 --> 01:07:52,300
Every decision produces the same outcome given the same input.

1955
01:07:52,300 --> 01:07:55,020
The system is consistent, auditable, predictable.

1956
01:07:55,020 --> 01:07:56,860
You can reason about what the system will do

1957
01:07:56,860 --> 01:07:59,420
because the system's behavior is defined in code,

1958
01:07:59,420 --> 01:08:00,860
not in human judgment.

1959
01:08:00,860 --> 01:08:03,180
Deterministic systems are auditable.

1960
01:08:03,180 --> 01:08:06,060
You can trace every decision back to the rule that produced it.

1961
01:08:06,060 --> 01:08:07,420
You can investigate incidents

1962
01:08:07,420 --> 01:08:09,260
because the decision logic is documented.

1963
01:08:09,260 --> 01:08:10,460
You can defend your decisions

1964
01:08:10,460 --> 01:08:12,220
because they're tied to defined policy

1965
01:08:12,220 --> 01:08:13,820
not to individual judgment.

1966
01:08:13,820 --> 01:08:15,900
Deterministic systems are predictable.

1967
01:08:15,900 --> 01:08:17,500
You know what access a user will receive

1968
01:08:17,500 --> 01:08:18,700
because you know the policy.

1969
01:08:18,700 --> 01:08:20,220
You know what will happen to a resource

1970
01:08:20,220 --> 01:08:22,780
after inactivity because you know the life cycle rules.

1971
01:08:22,780 --> 01:08:23,980
You know what will happen to data

1972
01:08:23,980 --> 01:08:25,980
because you know the classification logic.

1973
01:08:25,980 --> 01:08:27,820
Predictability enables confidence.

1974
01:08:27,820 --> 01:08:29,340
Confidence enables scaling.

1975
01:08:29,340 --> 01:08:31,180
Deterministic systems are scalable.

1976
01:08:31,180 --> 01:08:33,500
You can apply the same policy to millions of decisions

1977
01:08:33,500 --> 01:08:35,980
without hiring more people to make those decisions.

1978
01:08:35,980 --> 01:08:39,180
You can audit millions of actions without manual review.

1979
01:08:39,180 --> 01:08:40,940
You can enforce consistency at scale

1980
01:08:40,940 --> 01:08:43,500
because the system doesn't have human inconsistency.

1981
01:08:43,500 --> 01:08:45,020
Probabilistic systems are fragile.

1982
01:08:45,020 --> 01:08:46,620
They break under their own weight.

1983
01:08:46,620 --> 01:08:48,220
Every exception adds complexity.

1984
01:08:48,220 --> 01:08:49,740
Every special case adds a branch.

1985
01:08:49,740 --> 01:08:51,900
Eventually the decision tree is so complex

1986
01:08:51,900 --> 01:08:53,260
that no one understands it.

1987
01:08:53,260 --> 01:08:54,940
The system becomes un-maintainable.

1988
01:08:54,940 --> 01:08:56,380
The system becomes a liability.

1989
01:08:56,380 --> 01:08:58,700
The shift from probabilistic to deterministic

1990
01:08:58,700 --> 01:09:00,700
is the real architectural revolution.

1991
01:09:00,700 --> 01:09:03,900
This is why the downfall of manual admin is satisfying.

1992
01:09:03,900 --> 01:09:05,900
You're not just replacing a person with a system.

1993
01:09:05,900 --> 01:09:08,300
You're moving from a system that depends on human judgment

1994
01:09:08,300 --> 01:09:10,380
to a system that depends on defined logic.

1995
01:09:10,380 --> 01:09:12,380
You're moving from hope to certainty,

1996
01:09:12,380 --> 01:09:14,300
from inconsistency to determinism.

1997
01:09:14,300 --> 01:09:17,100
From reactive firefighting to proactive enforcement.

1998
01:09:17,100 --> 01:09:19,900
This is what makes the agentech model work at scale.

1999
01:09:19,900 --> 01:09:22,300
Not the speed, not the automation, the determinism,

2000
01:09:22,300 --> 01:09:24,780
the certainty, the audibility, the ability to reason

2001
01:09:24,780 --> 01:09:26,140
about what the system will do

2002
01:09:26,140 --> 01:09:28,940
because the system's behavior is defined, not decided.

2003
01:09:28,940 --> 01:09:31,740
The three scenarios transformed.

2004
01:09:31,740 --> 01:09:33,580
Let's bring this back to concrete examples

2005
01:09:33,580 --> 01:09:35,100
that every admin recognizes.

2006
01:09:35,100 --> 01:09:36,460
Let's take the three scenarios

2007
01:09:36,460 --> 01:09:38,300
that defined manual administration

2008
01:09:38,300 --> 01:09:40,620
and watch them transform under the agentech model.

2009
01:09:40,620 --> 01:09:42,300
Scenario one, access reviews.

2010
01:09:42,300 --> 01:09:45,260
This is the checkbox theater that every organization practices.

2011
01:09:45,260 --> 01:09:47,980
Manual administration made you review access quarterly.

2012
01:09:47,980 --> 01:09:49,580
Owners receive a notification.

2013
01:09:49,580 --> 01:09:50,700
40% don't respond.

2014
01:09:50,700 --> 01:09:53,340
You approve anyway because the alternative is blocking access

2015
01:09:53,340 --> 01:09:54,860
to people who need it.

2016
01:09:54,860 --> 01:09:57,580
Risky access remains standing because the person who granted it

2017
01:09:57,580 --> 01:09:59,020
is no longer in the organization.

2018
01:09:59,020 --> 01:10:00,540
You're not reviewing access.

2019
01:10:00,540 --> 01:10:02,540
You're documenting compliance theater.

2020
01:10:02,540 --> 01:10:05,020
You're creating artifacts that prove you tried,

2021
01:10:05,020 --> 01:10:07,100
knowing the whole time that standing access

2022
01:10:07,100 --> 01:10:11,100
is still sitting there, unchanged, unreviewed, unrevoked.

2023
01:10:11,100 --> 01:10:13,980
Under the agentech model, access reviews don't happen quarterly.

2024
01:10:13,980 --> 01:10:14,860
They happen continuously.

2025
01:10:14,860 --> 01:10:16,220
The system is asking constantly,

2026
01:10:16,220 --> 01:10:17,900
is this access still justified?

2027
01:10:17,900 --> 01:10:19,420
Has the risk profile changed?

2028
01:10:19,420 --> 01:10:20,700
Has the user's role shifted?

2029
01:10:20,700 --> 01:10:22,060
Has their department changed?

2030
01:10:22,060 --> 01:10:23,420
Has there been a threat signal?

2031
01:10:23,420 --> 01:10:25,900
The system evaluates these questions continuously,

2032
01:10:25,900 --> 01:10:28,220
not waiting for a quarterly calendar event,

2033
01:10:28,220 --> 01:10:31,740
not waiting for someone to remember to run the review continuously.

2034
01:10:31,740 --> 01:10:34,140
Risk signals trigger automatic evaluation.

2035
01:10:34,140 --> 01:10:36,780
If the signal indicates the access should be revoked,

2036
01:10:36,780 --> 01:10:38,620
the system revokes it immediately,

2037
01:10:38,620 --> 01:10:41,500
not after investigation, not after approval immediately.

2038
01:10:41,500 --> 01:10:43,820
The shift is from, "Did we review it?"

2039
01:10:43,820 --> 01:10:45,660
2. Is it still justified?

2040
01:10:45,660 --> 01:10:47,180
Access expires by default.

2041
01:10:47,180 --> 01:10:49,100
Extension requires justification.

2042
01:10:49,100 --> 01:10:51,980
Justification is evaluated against current context.

2043
01:10:51,980 --> 01:10:54,860
If the justification no longer applies, access expires.

2044
01:10:54,860 --> 01:10:56,380
No theater, no checkbox.

2045
01:10:56,380 --> 01:10:59,420
Just continuous evaluation and automatic enforcement.

2046
01:10:59,420 --> 01:11:01,340
Scenario 2. Team life cycle.

2047
01:11:01,340 --> 01:11:03,580
Manual administration created a simple problem.

2048
01:11:03,580 --> 01:11:05,020
Teams are created in seconds.

2049
01:11:05,020 --> 01:11:05,900
They live forever.

2050
01:11:05,900 --> 01:11:07,260
Owners leave the organization.

2051
01:11:07,260 --> 01:11:08,380
Sites become orphaned.

2052
01:11:08,380 --> 01:11:10,380
Data retention policies are written once.

2053
01:11:10,380 --> 01:11:11,420
Never tuned.

2054
01:11:11,420 --> 01:11:14,380
By year three, no one knows what half the sites contain.

2055
01:11:14,380 --> 01:11:16,380
You can't delete them because someone might need them.

2056
01:11:16,380 --> 01:11:18,620
You can't keep them because they're consuming resources

2057
01:11:18,620 --> 01:11:20,540
and creating security surface.

2058
01:11:20,540 --> 01:11:23,660
The system created complexity faster than you could govern it.

2059
01:11:23,660 --> 01:11:24,940
Under the agentic model,

2060
01:11:24,940 --> 01:11:27,980
teams are auto-provisioned based on organizational intent.

2061
01:11:27,980 --> 01:11:30,380
Teams are created with defined retention policies.

2062
01:11:30,380 --> 01:11:31,820
Teams are automatically archived

2063
01:11:31,820 --> 01:11:33,820
after defined in activity periods.

2064
01:11:33,820 --> 01:11:34,940
If a team owner leaves,

2065
01:11:34,940 --> 01:11:37,500
ownership is automatically reassigned to their manager.

2066
01:11:37,500 --> 01:11:39,180
If ownership cannot be established,

2067
01:11:39,180 --> 01:11:41,820
the team is automatically flagged for review.

2068
01:11:41,820 --> 01:11:43,580
After a defined retention period,

2069
01:11:43,580 --> 01:11:45,020
the team is automatically deleted

2070
01:11:45,020 --> 01:11:46,620
unless explicitly extended.

2071
01:11:46,620 --> 01:11:49,020
The system doesn't ask whether you should clean this up.

2072
01:11:49,020 --> 01:11:51,740
The system enforces that cleanup happens automatically.

2073
01:11:51,740 --> 01:11:53,740
The shift is from, should we clean this up?

2074
01:11:53,740 --> 01:11:55,180
To why does this still exist?

2075
01:11:55,180 --> 01:11:57,020
If a team exists, there's a documented reason.

2076
01:11:57,020 --> 01:11:58,220
The reason is auditable.

2077
01:11:58,220 --> 01:11:59,580
The reason is justified.

2078
01:11:59,580 --> 01:12:01,100
If the reason no longer applies,

2079
01:12:01,100 --> 01:12:03,100
the team expires automatically.

2080
01:12:03,100 --> 01:12:05,260
Scenario three, data governance.

2081
01:12:05,260 --> 01:12:07,100
Manual administration treated governance

2082
01:12:07,100 --> 01:12:08,620
as a documentation exercise.

2083
01:12:08,620 --> 01:12:09,740
Policies are written once.

2084
01:12:09,740 --> 01:12:10,780
They're never tuned.

2085
01:12:10,780 --> 01:12:13,660
Users bypass controls because controls are inconvenient.

2086
01:12:13,660 --> 01:12:15,020
Shadow sharing happens everywhere

2087
01:12:15,020 --> 01:12:16,940
because the approved process is too slow.

2088
01:12:16,940 --> 01:12:19,180
The policy document sits in a shared drive.

2089
01:12:19,180 --> 01:12:19,980
No one reads it.

2090
01:12:19,980 --> 01:12:21,820
The system violates the policy daily

2091
01:12:21,820 --> 01:12:23,660
because enforcement was never built in.

2092
01:12:23,660 --> 01:12:24,700
Under the agentech model,

2093
01:12:24,700 --> 01:12:26,620
data is auto-classified at creation.

2094
01:12:26,620 --> 01:12:28,380
The system identifies what data is.

2095
01:12:28,380 --> 01:12:30,860
The system applies sensitivity labels automatically.

2096
01:12:30,860 --> 01:12:32,700
The system enforces protection policies

2097
01:12:32,700 --> 01:12:34,060
based on those labels.

2098
01:12:34,060 --> 01:12:35,500
Users don't bypass controls

2099
01:12:35,500 --> 01:12:37,100
because controls aren't inconvenient.

2100
01:12:37,100 --> 01:12:38,380
Controls are automatic.

2101
01:12:38,380 --> 01:12:40,620
If you try to share a file with a sensitivity label

2102
01:12:40,620 --> 01:12:42,060
that prohibits external sharing,

2103
01:12:42,060 --> 01:12:43,180
the system prevents it.

2104
01:12:43,180 --> 01:12:45,260
Not after-ordered, not after-review.

2105
01:12:45,260 --> 01:12:47,420
Immediately, real-time enforcement,

2106
01:12:47,420 --> 01:12:49,420
the policy adapts continuously

2107
01:12:49,420 --> 01:12:51,420
as new threats emerge, new signals feed

2108
01:12:51,420 --> 01:12:52,780
into the classification logic.

2109
01:12:52,780 --> 01:12:55,100
If a file is being accessed in an anomalous way,

2110
01:12:55,100 --> 01:12:57,100
protection is automatically strengthened.

2111
01:12:57,100 --> 01:12:59,180
If a data subject is flagged for risk,

2112
01:12:59,180 --> 01:13:02,540
data they access is automatically protected more strictly.

2113
01:13:02,540 --> 01:13:04,140
The shift is from, are we compliant?

2114
01:13:04,140 --> 01:13:06,380
To is the system enforcing intent?

2115
01:13:06,380 --> 01:13:09,180
Compliance is not something you achieve through documentation.

2116
01:13:09,180 --> 01:13:11,740
Compliance is something the system enforces continuously.

2117
01:13:11,740 --> 01:13:13,500
These three scenarios are the foundation

2118
01:13:13,500 --> 01:13:15,420
of manual administration.

2119
01:13:15,420 --> 01:13:18,540
Access reviews, team life cycle, data governance.

2120
01:13:18,540 --> 01:13:20,300
They're also the first things that get replaced

2121
01:13:20,300 --> 01:13:21,740
when you move to an agentech model.

2122
01:13:21,740 --> 01:13:24,220
Not because agentech systems are better at doing the same work,

2123
01:13:24,220 --> 01:13:26,940
but because agentech systems eliminate the work entirely,

2124
01:13:26,940 --> 01:13:28,620
they make the scenarios irrelevant

2125
01:13:28,620 --> 01:13:31,500
by building enforcement into the system from the beginning.

2126
01:13:31,500 --> 01:13:35,180
The implementation reality is what actually changed by May 2026.

2127
01:13:35,180 --> 01:13:36,060
Theories elegant.

2128
01:13:36,060 --> 01:13:37,500
Implementation is messy,

2129
01:13:37,500 --> 01:13:39,020
but here's what actually happened.

2130
01:13:39,020 --> 01:13:42,940
Agent 365 entered public preview in March 2026.

2131
01:13:42,940 --> 01:13:45,180
General availability came May 1st, 2026.

2132
01:13:45,180 --> 01:13:47,100
This wasn't a surprise product launch.

2133
01:13:47,100 --> 01:13:49,260
This was the culmination of everything that came before.

2134
01:13:49,260 --> 01:13:52,060
By May, organizations weren't discovering agentech systems.

2135
01:13:52,060 --> 01:13:53,900
They were finally getting the control plane

2136
01:13:53,900 --> 01:13:55,900
that had been improvising without for months.

2137
01:13:55,900 --> 01:13:56,860
But here's what matters.

2138
01:13:56,860 --> 01:13:59,820
Organizations that adopted early didn't replace all their admins.

2139
01:13:59,820 --> 01:14:00,940
They transformed them.

2140
01:14:00,940 --> 01:14:04,300
The global admin who'd spent 10 years approving access requests

2141
01:14:04,300 --> 01:14:05,260
didn't get fired.

2142
01:14:05,260 --> 01:14:07,260
That person became an AI administrator.

2143
01:14:07,260 --> 01:14:10,460
Same person, different role, no longer approving individual requests.

2144
01:14:10,460 --> 01:14:13,580
Now defining the rules that approve requests automatically.

2145
01:14:13,580 --> 01:14:15,420
The skills didn't transfer seamlessly.

2146
01:14:15,420 --> 01:14:18,860
The work didn't feel similar, but the person survived, the person adapted.

2147
01:14:18,860 --> 01:14:21,420
The person became valuable in a different way.

2148
01:14:21,420 --> 01:14:23,500
The AI administrator role was the mechanism

2149
01:14:23,500 --> 01:14:25,260
that made this transformation possible.

2150
01:14:25,260 --> 01:14:27,420
This role didn't exist before 2026.

2151
01:14:27,420 --> 01:14:29,740
By May 26, it was critical infrastructure.

2152
01:14:29,740 --> 01:14:32,220
AI admins could now manage agent life cycle

2153
01:14:32,220 --> 01:14:34,300
without requiring global admin elevation.

2154
01:14:34,300 --> 01:14:36,940
They could define rules for auto-blocking risky agents.

2155
01:14:36,940 --> 01:14:39,260
They could specify auto-deletion for inactive agents.

2156
01:14:39,260 --> 01:14:41,260
They could set policies for auto-reassigning

2157
01:14:41,260 --> 01:14:42,700
often agents to manage.

2158
01:14:42,700 --> 01:14:45,260
Automated agent life cycle rules rolled out that month.

2159
01:14:45,260 --> 01:14:48,700
The system started managing agent sprawl without human intervention.

2160
01:14:48,700 --> 01:14:51,020
This matters because it solved the fundamental problem.

2161
01:14:51,020 --> 01:14:52,940
Without automated life cycle management,

2162
01:14:52,940 --> 01:14:54,860
agents would proliferate indefinitely.

2163
01:14:54,860 --> 01:14:57,820
The system would create complexity faster than anyone could manage.

2164
01:14:57,820 --> 01:15:01,980
But with automated life cycle, agents are born into a governance framework.

2165
01:15:01,980 --> 01:15:03,180
They live under constraint.

2166
01:15:03,180 --> 01:15:04,860
They die when they're no longer needed.

2167
01:15:04,860 --> 01:15:06,060
The system maintains itself.

2168
01:15:06,060 --> 01:15:08,140
Copilot tasks went live that same month.

2169
01:15:08,140 --> 01:15:09,340
This wasn't a small feature.

2170
01:15:09,340 --> 01:15:12,860
This was multi-step workflow automation from natural language prompts.

2171
01:15:12,860 --> 01:15:14,940
You could describe a complex workflow in English.

2172
01:15:14,940 --> 01:15:16,060
Copilot would understand it.

2173
01:15:16,060 --> 01:15:17,100
The system would build it.

2174
01:15:17,100 --> 01:15:18,140
No coding required.

2175
01:15:18,140 --> 01:15:19,260
No workflow designer.

2176
01:15:19,260 --> 01:15:20,380
Just description intent.

2177
01:15:20,380 --> 01:15:21,660
The system executed it.

2178
01:15:21,660 --> 01:15:23,740
Organizations that understood this capability

2179
01:15:23,740 --> 01:15:27,340
deployed workflows in days that used to take weeks to build manually.

2180
01:15:27,340 --> 01:15:30,380
Power user reports in the Copilot dashboard went live in February.

2181
01:15:30,380 --> 01:15:32,620
By May, organizations had months of data

2182
01:15:32,620 --> 01:15:35,580
showing them exactly how users were engaging with Copilot.

2183
01:15:35,580 --> 01:15:37,980
The reports classified users as power users,

2184
01:15:37,980 --> 01:15:40,780
habitual users, novices or non-users.

2185
01:15:40,780 --> 01:15:44,460
Organizations could target enablement based on actual usage patterns.

2186
01:15:44,460 --> 01:15:46,620
You didn't need to guess who would benefit from training.

2187
01:15:46,620 --> 01:15:47,980
You could see it in the data.

2188
01:15:47,980 --> 01:15:50,380
You could see who was adopting and who was resistant.

2189
01:15:50,380 --> 01:15:52,060
You could intervene where it mattered.

2190
01:15:52,060 --> 01:15:55,260
Risk-based AI agent inventories in Microsoft Defender

2191
01:15:55,260 --> 01:15:57,180
rolled out worldwide in February.

2192
01:15:57,180 --> 01:15:59,660
By May, security teams had complete visibility

2193
01:15:59,660 --> 01:16:02,140
into every agent operating in the environment.

2194
01:16:02,140 --> 01:16:03,980
They could see which agents posed risk.

2195
01:16:03,980 --> 01:16:06,300
They could see which agents were behaving anomalously.

2196
01:16:06,300 --> 01:16:08,780
They could see which agents needed immediate attention.

2197
01:16:08,780 --> 01:16:10,540
This inventory wasn't theoretical.

2198
01:16:10,540 --> 01:16:11,420
It was operational.

2199
01:16:11,420 --> 01:16:12,540
Security teams were using it.

2200
01:16:12,540 --> 01:16:14,220
They were making decisions based on it.

2201
01:16:14,220 --> 01:16:16,700
They were blocking risky agents before they caused damage.

2202
01:16:16,700 --> 01:16:18,940
Federated Copilot connectors enabled real-time

2203
01:16:18,940 --> 01:16:21,260
external data access without indexing.

2204
01:16:21,260 --> 01:16:24,540
Copilot could connect to Canva, HubSpot, Google Calendar,

2205
01:16:24,540 --> 01:16:27,180
Google contacts, not by indexing their data.

2206
01:16:27,180 --> 01:16:29,740
By connecting directly, querying in real-time,

2207
01:16:29,740 --> 01:16:31,740
the data never left the external system.

2208
01:16:31,740 --> 01:16:32,780
The connection was governed.

2209
01:16:32,780 --> 01:16:33,900
The access was logged.

2210
01:16:33,900 --> 01:16:35,340
But the capability was there.

2211
01:16:35,340 --> 01:16:37,500
Users could use external data within Copilot

2212
01:16:37,500 --> 01:16:39,820
without copying it into Microsoft 365.

2213
01:16:39,820 --> 01:16:43,020
Here's the architectural truth that emerged by May, 2026.

2214
01:16:43,020 --> 01:16:44,300
The system wasn't perfect.

2215
01:16:44,300 --> 01:16:45,260
It wasn't complete.

2216
01:16:45,260 --> 01:16:46,460
It was sufficient.

2217
01:16:46,460 --> 01:16:49,100
Sufficient to remove human latency from most decisions.

2218
01:16:49,100 --> 01:16:50,940
Sufficient to automate most routine work.

2219
01:16:50,940 --> 01:16:54,060
Sufficient to scale governance without hiring more governance staff.

2220
01:16:54,060 --> 01:16:55,260
That's all that was required.

2221
01:16:55,260 --> 01:16:56,220
Not perfection.

2222
01:16:56,220 --> 01:16:57,260
Sufficientcy.

2223
01:16:57,260 --> 01:16:59,260
Organizations that adapted thrived.

2224
01:16:59,260 --> 01:17:01,740
They deployed agent 365 early.

2225
01:17:01,740 --> 01:17:03,740
They defined governance frameworks in March.

2226
01:17:03,740 --> 01:17:06,060
They had months of operational experience by May.

2227
01:17:06,060 --> 01:17:07,740
They'd worked through the hard problems.

2228
01:17:07,740 --> 01:17:09,900
They'd figured out what worked and what didn't.

2229
01:17:09,900 --> 01:17:12,700
By mid-2026, they were operating at scale.

2230
01:17:12,700 --> 01:17:16,140
Organizations that resisted found themselves managing legacy chaos.

2231
01:17:16,140 --> 01:17:17,340
They delayed adoption.

2232
01:17:17,340 --> 01:17:19,420
They'd questioned whether this was really necessary.

2233
01:17:19,420 --> 01:17:21,740
They'd wanted to wait for the technology to mature.

2234
01:17:21,740 --> 01:17:24,220
By May 2026, they were four months behind.

2235
01:17:24,220 --> 01:17:26,060
Four months behind in governance maturity.

2236
01:17:26,060 --> 01:17:27,660
Four months behind in automation.

2237
01:17:27,660 --> 01:17:30,700
Four months behind in understanding their own agents' brawl.

2238
01:17:30,700 --> 01:17:34,220
This is the gap that opens between early adopters and everyone else.

2239
01:17:34,220 --> 01:17:35,820
Not because early adoption was better.

2240
01:17:35,820 --> 01:17:38,300
Because early adoption gives you months of learning time.

2241
01:17:38,300 --> 01:17:39,820
Months to figure out what works.

2242
01:17:39,820 --> 01:17:41,660
Months to build institutional knowledge.

2243
01:17:41,660 --> 01:17:43,100
Months to establish patterns.

2244
01:17:43,100 --> 01:17:47,820
By the time the technology is stable, early adopters are already operating at scale.

2245
01:17:47,820 --> 01:17:49,500
The cost of not adapting.

2246
01:17:49,500 --> 01:17:52,380
For those who didn't make the shift, the consequences were clear.

2247
01:17:52,380 --> 01:17:54,540
And they were measured in months, not years.

2248
01:17:54,540 --> 01:17:57,020
Organizations that treated governance as a checkbox.

2249
01:17:57,020 --> 01:17:59,660
The ones that had written policies but never enforced them.

2250
01:17:59,660 --> 01:18:01,020
Discovered something brutal.

2251
01:18:01,020 --> 01:18:03,820
Co-pilot deployments stalled between weeks 6 and 12.

2252
01:18:03,820 --> 01:18:05,660
Not because co-pilot stopped working.

2253
01:18:05,660 --> 01:18:09,260
Because the organization couldn't articulate what co-pilot should be allowed to do.

2254
01:18:09,260 --> 01:18:10,780
They had no governance framework.

2255
01:18:10,780 --> 01:18:11,740
They had no controls.

2256
01:18:11,740 --> 01:18:13,660
They had no way to answer basic questions.

2257
01:18:13,660 --> 01:18:15,340
Can co-pilot access this data?

2258
01:18:15,340 --> 01:18:17,180
Should co-pilot be allowed to edit this document?

2259
01:18:17,180 --> 01:18:19,020
What data is co-pilot allowed to see?

2260
01:18:19,020 --> 01:18:22,620
They'd never had to answer these questions before because co-pilot had been optional.

2261
01:18:22,620 --> 01:18:24,700
Now co-pilot was becoming mandatory.

2262
01:18:24,700 --> 01:18:26,060
Now these questions mattered.

2263
01:18:26,060 --> 01:18:28,460
And the organizations that had no answers stalled.

2264
01:18:28,460 --> 01:18:32,620
They spent weeks 6 through 12 trying to figure out governance that should have been defined

2265
01:18:32,620 --> 01:18:34,220
before co-pilot was even turned on.

2266
01:18:34,220 --> 01:18:39,420
Organizations that didn't define agent governance before agents proliferated inherited agent sprawl.

2267
01:18:39,420 --> 01:18:40,620
Not controlled sprawl.

2268
01:18:40,620 --> 01:18:41,580
Chaotic sprawl.

2269
01:18:41,580 --> 01:18:43,020
50 agents running in production.

2270
01:18:43,020 --> 01:18:45,500
No documentation, no life cycle management,

2271
01:18:45,500 --> 01:18:47,660
no understanding of what they're doing or why.

2272
01:18:47,660 --> 01:18:49,980
No ability to revoke them if something goes wrong.

2273
01:18:49,980 --> 01:18:51,660
These organizations faced a choice.

2274
01:18:51,660 --> 01:18:54,620
Spend months retrofitting governance onto existing agents.

2275
01:18:54,620 --> 01:18:58,380
Expensive, error prone, disruptive, or accept operating in chaos.

2276
01:18:58,380 --> 01:18:59,660
Many chose chaos.

2277
01:18:59,660 --> 01:19:02,060
They operated with agents they didn't understand.

2278
01:19:02,060 --> 01:19:05,740
Accessing data they couldn't audit, performing actions they couldn't predict.

2279
01:19:05,740 --> 01:19:07,420
And they called it business as usual.

2280
01:19:07,420 --> 01:19:08,700
It wasn't business as usual.

2281
01:19:08,700 --> 01:19:11,420
It was operational recklessness disguised as pragmatism.

2282
01:19:11,420 --> 01:19:16,540
Organizations that didn't implement sensitivity labels created data exposure vulnerabilities.

2283
01:19:16,540 --> 01:19:18,780
The new co-pilot was accessing their data.

2284
01:19:18,780 --> 01:19:22,380
They didn't know what data co-pilot was accessing or who could see the responses.

2285
01:19:22,380 --> 01:19:25,180
A user asked co-pilot a question about salary information.

2286
01:19:25,180 --> 01:19:28,220
Co-pilot had access to that data because the user had access.

2287
01:19:28,220 --> 01:19:29,420
Co-pilot returned it.

2288
01:19:29,420 --> 01:19:32,620
The user shared the response with someone outside the organization.

2289
01:19:32,620 --> 01:19:33,820
The data left the system.

2290
01:19:33,820 --> 01:19:35,180
The organization never knew.

2291
01:19:35,180 --> 01:19:36,300
The data wasn't labeled.

2292
01:19:36,300 --> 01:19:37,180
It wasn't protected.

2293
01:19:37,180 --> 01:19:39,420
It wasn't governed by the time they discovered it.

2294
01:19:39,420 --> 01:19:41,260
The data had already been shared.

2295
01:19:41,260 --> 01:19:43,020
The vulnerability had already been exploited.

2296
01:19:43,020 --> 01:19:45,500
Organizations that didn't move to time-bound access

2297
01:19:45,500 --> 01:19:47,260
maintain standing privilege.

2298
01:19:47,260 --> 01:19:50,220
Standing privilege is the default state of manual administration.

2299
01:19:50,220 --> 01:19:51,180
Users have access.

2300
01:19:51,180 --> 01:19:53,260
Access stays until someone remembers to revoke it.

2301
01:19:53,260 --> 01:19:55,500
Which usually means access stays forever.

2302
01:19:55,500 --> 01:19:57,420
These organizations faced a choice.

2303
01:19:57,420 --> 01:20:01,180
Audit standing privilege continuously and revoke it when it's no longer justified.

2304
01:20:01,180 --> 01:20:03,820
Expensive error pro never finished or accept the risk.

2305
01:20:03,820 --> 01:20:04,860
Many accepted the risk.

2306
01:20:04,860 --> 01:20:08,780
They maintained environments where users had standing access to data they no longer needed.

2307
01:20:08,780 --> 01:20:10,620
Access that should have expired years ago.

2308
01:20:10,620 --> 01:20:13,820
Privileged that was never questioned because no one was questioning it.

2309
01:20:13,820 --> 01:20:17,980
Organizations that didn't adopt continuous risk evaluation continued quarterly theater.

2310
01:20:17,980 --> 01:20:19,660
Still running access reviews.

2311
01:20:19,660 --> 01:20:21,580
Still getting 40% response rates.

2312
01:20:21,580 --> 01:20:22,940
Still approving by default.

2313
01:20:22,940 --> 01:20:24,220
Still documenting compliance.

2314
01:20:24,220 --> 01:20:26,460
Knowing the whole time they weren't actually reviewing anything.

2315
01:20:26,460 --> 01:20:27,740
The theater continued.

2316
01:20:27,740 --> 01:20:29,020
The checkbox got marked.

2317
01:20:29,020 --> 01:20:31,180
The governance obligation was satisfied.

2318
01:20:31,180 --> 01:20:33,020
And the standing privilege remained standing.

2319
01:20:33,020 --> 01:20:34,460
The cost wasn't just operational.

2320
01:20:34,460 --> 01:20:35,580
The cost was competitive.

2321
01:20:35,580 --> 01:20:38,140
By Q42026 the gap was undeniable.

2322
01:20:38,140 --> 01:20:41,500
Organizations with agenteic governance deployed three to five times faster

2323
01:20:41,500 --> 01:20:43,580
than organizations still clicking buttons.

2324
01:20:43,580 --> 01:20:45,660
Three to five times not marginally faster.

2325
01:20:45,660 --> 01:20:46,860
Dramatically faster.

2326
01:20:46,860 --> 01:20:50,140
Organizations with governance frameworks could add a new agent in days.

2327
01:20:50,140 --> 01:20:52,620
Organizations without governance needed weeks or months

2328
01:20:52,620 --> 01:20:54,460
because they had to retrofit controls,

2329
01:20:54,460 --> 01:20:56,460
document intent established oversight.

2330
01:20:56,460 --> 01:20:58,140
The fast organization shipped features.

2331
01:20:58,140 --> 01:21:01,820
The slow organizations debated whether they could afford to take the risk.

2332
01:21:01,820 --> 01:21:04,940
The manual era didn't end because someone decided it should.

2333
01:21:04,940 --> 01:21:07,260
It didn't end because Microsoft made it obsolete.

2334
01:21:07,260 --> 01:21:09,100
It ended because it became uncompetitive.

2335
01:21:09,100 --> 01:21:11,260
The organizations that adapted moved faster,

2336
01:21:11,260 --> 01:21:13,740
scaled better, took less risk and reduced costs.

2337
01:21:13,740 --> 01:21:17,660
The organizations that didn't were slower fragile, risky and expensive.

2338
01:21:17,660 --> 01:21:19,900
In competitive markets, slow and risky lose.

2339
01:21:19,900 --> 01:21:22,620
And by the end of 2026 the market had made its judgment.

2340
01:21:22,620 --> 01:21:24,220
The manual era wasn't just over.

2341
01:21:24,220 --> 01:21:25,100
It was unviable.

2342
01:21:25,100 --> 01:21:28,460
The cost of not adapting had become the cost of being in business.

2343
01:21:28,460 --> 01:21:31,180
What you do this week, this is where theory becomes action.

2344
01:21:31,180 --> 01:21:35,420
And action is where most organizations fail because action requires you to do something uncomfortable.

2345
01:21:35,420 --> 01:21:37,580
Action requires you to question assumptions

2346
01:21:37,580 --> 01:21:40,220
that have been embedded in your infrastructure for years.

2347
01:21:40,220 --> 01:21:42,700
Action requires you to break things that people depend on.

2348
01:21:42,700 --> 01:21:44,140
But in action is no longer an option.

2349
01:21:44,140 --> 01:21:46,380
The window for gradual transition has closed.

2350
01:21:46,380 --> 01:21:50,380
By 2026 organizations are either adapting or falling behind.

2351
01:21:50,380 --> 01:21:52,140
This week you pick which one you are.

2352
01:21:52,140 --> 01:21:53,180
Action one.

2353
01:21:53,180 --> 01:21:55,180
Implement time bound access.

2354
01:21:55,180 --> 01:21:59,340
Enable Entra-Privileged Identity Management for your key roles immediately.

2355
01:21:59,340 --> 01:22:01,580
Not all roles, key roles, the ones that matter,

2356
01:22:01,580 --> 01:22:03,420
set a maximum activation duration.

2357
01:22:03,420 --> 01:22:06,060
Eight hours, not more, not indefinitely.

2358
01:22:06,060 --> 01:22:08,700
Eight hours means the access expires by default.

2359
01:22:08,700 --> 01:22:11,020
When the eight hours ends, the privilege is gone.

2360
01:22:11,020 --> 01:22:13,340
If the user needs it again, they request it again.

2361
01:22:13,340 --> 01:22:15,740
Require justification for every activation.

2362
01:22:15,740 --> 01:22:18,060
Require multi-factor authentication.

2363
01:22:18,060 --> 01:22:20,700
This is the direct attack on standing privilege.

2364
01:22:20,700 --> 01:22:23,740
This is the symbolic act that proves you understand the principle.

2365
01:22:23,740 --> 01:22:26,380
If your access doesn't expire, you don't have governance.

2366
01:22:26,380 --> 01:22:27,180
You have hope.

2367
01:22:27,180 --> 01:22:28,860
The prerequisites are straightforward.

2368
01:22:28,860 --> 01:22:30,940
Entra-IDP2 licensing.

2369
01:22:30,940 --> 01:22:31,980
A role inventory.

2370
01:22:31,980 --> 01:22:33,100
Basic RBAC hygiene.

2371
01:22:33,100 --> 01:22:34,540
The resistance will be immediate.

2372
01:22:34,540 --> 01:22:36,860
Legacy automation will break because that automation

2373
01:22:36,860 --> 01:22:38,860
depended on standing privilege.

2374
01:22:38,860 --> 01:22:42,220
Users will complain because requesting access again is inconvenient.

2375
01:22:42,220 --> 01:22:45,340
Leadership may resist because it seems like extra friction.

2376
01:22:45,340 --> 01:22:45,980
Ignore them.

2377
01:22:45,980 --> 01:22:46,940
The friction is the point.

2378
01:22:46,940 --> 01:22:50,140
The friction is what prevents unauthorized access from living indefinitely.

2379
01:22:50,140 --> 01:22:52,140
The friction is what creates accountability.

2380
01:22:52,140 --> 01:22:53,180
Do this action this week.

2381
01:22:53,180 --> 01:22:53,900
Action 2.

2382
01:22:53,900 --> 01:22:55,660
Deploy one deny first policy.

2383
01:22:55,660 --> 01:22:57,020
Pick external sharing.

2384
01:22:57,020 --> 01:22:58,220
Block it by default.

2385
01:22:58,220 --> 01:23:00,700
Require explicit approval for exceptions.

2386
01:23:00,700 --> 01:23:03,420
This single policy shifts your entire governance posture

2387
01:23:03,420 --> 01:23:05,100
from reactive to proactive.

2388
01:23:05,100 --> 01:23:07,020
Instead of hoping people share safely,

2389
01:23:07,020 --> 01:23:08,940
you enforce safe sharing by default.

2390
01:23:08,940 --> 01:23:11,500
Instead of discovering oversharing after it happens,

2391
01:23:11,500 --> 01:23:13,580
you prevent it before it happens.

2392
01:23:13,580 --> 01:23:16,140
This is your first step toward deterministic systems.

2393
01:23:16,140 --> 01:23:17,180
Not probabilistic.

2394
01:23:17,180 --> 01:23:17,900
Deterministic.

2395
01:23:17,900 --> 01:23:20,140
The same input always produces the same outcome.

2396
01:23:20,140 --> 01:23:21,820
External sharing requests denied.

2397
01:23:21,820 --> 01:23:22,540
Every time.

2398
01:23:22,540 --> 01:23:25,020
Unless explicitly approved, this policy sounds simple.

2399
01:23:25,020 --> 01:23:25,420
It's not.

2400
01:23:25,420 --> 01:23:26,540
It will break workflows.

2401
01:23:26,540 --> 01:23:27,340
People will complain.

2402
01:23:27,340 --> 01:23:28,780
Departments will escalate.

2403
01:23:28,780 --> 01:23:30,220
Your job is not to apologize.

2404
01:23:30,220 --> 01:23:33,020
Your job is to explain that safe is the default now.

2405
01:23:33,020 --> 01:23:34,940
Unsafe requires justification.

2406
01:23:34,940 --> 01:23:36,540
Do this action this week.

2407
01:23:36,540 --> 01:23:37,340
Action 3.

2408
01:23:37,340 --> 01:23:38,540
Audit your agents sprawl.

2409
01:23:38,540 --> 01:23:39,100
Inventory.

2410
01:23:39,100 --> 01:23:41,020
Every agent running in your environment.

2411
01:23:41,020 --> 01:23:42,780
Co-pilot studio agents.

2412
01:23:42,780 --> 01:23:44,140
Foundry agents.

2413
01:23:44,140 --> 01:23:45,420
Third party agents.

2414
01:23:45,420 --> 01:23:46,140
Everything.

2415
01:23:46,140 --> 01:23:47,340
Document ownership.

2416
01:23:47,340 --> 01:23:48,060
Who built it?

2417
01:23:48,060 --> 01:23:49,020
Who maintains it?

2418
01:23:49,020 --> 01:23:50,540
Assign life cycle rules.

2419
01:23:50,540 --> 01:23:51,900
When should this agent expire?

2420
01:23:51,900 --> 01:23:53,740
Under what conditions should it be deleted?

2421
01:23:53,740 --> 01:23:55,420
What signals trigger auto blocking?

2422
01:23:55,420 --> 01:23:56,860
This inventory will terrify you.

2423
01:23:56,860 --> 01:23:59,020
You'll discover agents you didn't know existed.

2424
01:23:59,020 --> 01:24:01,340
Agents built by departments without IT approval.

2425
01:24:01,340 --> 01:24:03,820
Agents that are accessing data you didn't know they could access.

2426
01:24:03,820 --> 01:24:04,780
That terror is good.

2427
01:24:04,780 --> 01:24:06,060
That terror is awareness.

2428
01:24:06,060 --> 01:24:08,060
That awareness is the foundation for governance.

2429
01:24:08,060 --> 01:24:09,180
Do this action this week.

2430
01:24:09,180 --> 01:24:09,820
Action 4.

2431
01:24:09,820 --> 01:24:10,620
Define intent.

2432
01:24:10,620 --> 01:24:11,260
Not tasks.

2433
01:24:11,260 --> 01:24:13,420
Stop writing policies about how to do things.

2434
01:24:13,420 --> 01:24:15,900
Start writing policies about what should be true.

2435
01:24:15,900 --> 01:24:18,220
Don't write these steps provision a user.

2436
01:24:18,220 --> 01:24:21,900
Write new employees receive access within one business day.

2437
01:24:21,900 --> 01:24:24,220
Don't write run this script quarterly.

2438
01:24:24,220 --> 01:24:27,020
Write inactive accounts expire automatically.

2439
01:24:27,020 --> 01:24:29,420
Don't write review this policy annually.

2440
01:24:29,420 --> 01:24:31,980
Write policy enforcement is continuous.

2441
01:24:31,980 --> 01:24:35,820
This mental shift is the bridge between manual and agentic administration.

2442
01:24:35,820 --> 01:24:37,820
Manual administration thinks in tasks.

2443
01:24:37,820 --> 01:24:39,980
Agentic administration thinks in intent.

2444
01:24:39,980 --> 01:24:41,980
Tasks require humans to execute them.

2445
01:24:41,980 --> 01:24:44,060
Intent requires systems to enforce it.

2446
01:24:44,060 --> 01:24:47,420
The shift is uncomfortable because you're thinking at a different level of abstraction.

2447
01:24:47,420 --> 01:24:48,780
You're not describing work.

2448
01:24:48,780 --> 01:24:50,540
You're describing desired states.

2449
01:24:50,540 --> 01:24:51,820
Do this action this week.

2450
01:24:51,820 --> 01:24:53,020
All four, not eventually.

2451
01:24:53,020 --> 01:24:56,700
This week because every week you delay is a week you're falling further behind.

2452
01:24:56,700 --> 01:25:00,460
Every week you delay is a week your agents are operating without governance.

2453
01:25:00,460 --> 01:25:04,380
Every week you delay is a week your standing privilege is standing.

2454
01:25:04,380 --> 01:25:05,100
Move.

2455
01:25:05,100 --> 01:25:07,500
Now the architecture of the future.

2456
01:25:07,500 --> 01:25:11,580
The satisfying part of the downfall of manual admin isn't that the work went away.

2457
01:25:11,580 --> 01:25:13,900
It's that the wrong kind of work went away.

2458
01:25:13,900 --> 01:25:17,820
You spent 15 years approving decisions that the system should have been making automatically.

2459
01:25:17,820 --> 01:25:21,340
You spent 15 years catching configuration drift that should never have happened.

2460
01:25:21,340 --> 01:25:24,940
You spent 15 years in quarterly theater pretending you were reviewing access

2461
01:25:24,940 --> 01:25:27,820
when you were actually just documenting compliance theater.

2462
01:25:27,820 --> 01:25:28,620
All of that work.

2463
01:25:28,620 --> 01:25:29,500
All of that effort.

2464
01:25:29,500 --> 01:25:33,580
All of that expertise applied to problems that shouldn't have existed in the first place.

2465
01:25:33,580 --> 01:25:35,340
The system didn't fail because you failed.

2466
01:25:35,340 --> 01:25:37,180
It failed because it required you to exist.

2467
01:25:37,180 --> 01:25:40,140
What replaced you is colder, more consistent and more scalable.

2468
01:25:40,140 --> 01:25:41,020
It doesn't get tired.

2469
01:25:41,020 --> 01:25:42,380
It doesn't make exceptions.

2470
01:25:42,380 --> 01:25:43,820
It doesn't hope things will work out.

2471
01:25:43,820 --> 01:25:45,740
It enforces intent every time.

2472
01:25:45,740 --> 01:25:46,860
Consistently.

2473
01:25:46,860 --> 01:25:47,820
At machine speed.

2474
01:25:47,820 --> 01:25:50,940
By 2026 the admin role transformed.

2475
01:25:50,940 --> 01:25:53,900
The operators who understood this was coming became architects.

2476
01:25:53,900 --> 01:25:55,180
They saw this shift happening.

2477
01:25:55,180 --> 01:25:55,740
They adapted.

2478
01:25:55,740 --> 01:25:58,060
They learned to think about systems instead of tasks.

2479
01:25:58,060 --> 01:26:00,620
They learned to define intent instead of execute decisions.

2480
01:26:00,620 --> 01:26:02,380
Those people survived more than survived.

2481
01:26:02,380 --> 01:26:04,700
Those people became more valuable than ever.

2482
01:26:04,700 --> 01:26:07,100
The operators who didn't understand became obsolete.

2483
01:26:07,100 --> 01:26:09,740
They spent years getting better at clicking buttons.

2484
01:26:09,740 --> 01:26:11,420
They optimized their task execution.

2485
01:26:11,420 --> 01:26:14,220
They got really good at the work the system could do better.

2486
01:26:14,220 --> 01:26:17,020
When the system replaced them, they had no place to land.

2487
01:26:17,020 --> 01:26:18,380
Their skills were irrelevant.

2488
01:26:18,380 --> 01:26:19,820
Their expertise was obsolete.

2489
01:26:19,820 --> 01:26:21,500
They became the employment statistics.

2490
01:26:21,500 --> 01:26:22,460
This isn't a tragedy.

2491
01:26:22,460 --> 01:26:23,580
It's evolution.

2492
01:26:23,580 --> 01:26:26,940
The agente control plane removes human latency from decision making.

2493
01:26:26,940 --> 01:26:29,740
It makes governance deterministic instead of probabilistic.

2494
01:26:29,740 --> 01:26:32,380
It enforces intent instead of hoping for compliance.

2495
01:26:32,380 --> 01:26:34,540
Your job now is to define that intent.

2496
01:26:34,540 --> 01:26:36,540
To architect the rules that agents enforce.

2497
01:26:36,540 --> 01:26:38,300
To think in systems instead of tasks.

2498
01:26:38,300 --> 01:26:39,900
This is harder than clicking buttons.

2499
01:26:39,900 --> 01:26:41,100
It's also more valuable.

2500
01:26:41,100 --> 01:26:43,820
It's also the only way to scale governance in an environment

2501
01:26:43,820 --> 01:26:45,900
where decisions are made at machine speed.

2502
01:26:45,900 --> 01:26:47,900
The downfall of manual admin is satisfying

2503
01:26:47,900 --> 01:26:49,980
because it proves something architects have known for years.

2504
01:26:49,980 --> 01:26:51,500
The human was never the bottleneck.

2505
01:26:51,500 --> 01:26:52,220
The system was.

2506
01:26:52,220 --> 01:26:53,420
And systems can be fixed.

2507
01:26:53,420 --> 01:26:54,540
You didn't need to get faster.

2508
01:26:54,540 --> 01:26:56,540
You needed to remove the requirement for speed.

2509
01:26:56,540 --> 01:26:58,220
You needed to make decisions automatic.

2510
01:26:58,220 --> 01:27:01,580
You needed to build systems that don't require human approval to operate.

2511
01:27:01,580 --> 01:27:03,420
By 2026 those systems existed.

2512
01:27:03,420 --> 01:27:04,860
Agent 365 was live.

2513
01:27:04,860 --> 01:27:06,620
Agente administration was operational.

2514
01:27:06,620 --> 01:27:07,980
The manual era was over.

2515
01:27:07,980 --> 01:27:10,220
Not because it was replaced by something better.

2516
01:27:10,220 --> 01:27:12,620
Because it was revealed as architecturally broken.

2517
01:27:12,620 --> 01:27:14,940
It required humans to make decisions at scale.

2518
01:27:14,940 --> 01:27:17,820
And no human can make decisions at the speed systems need.

2519
01:27:17,820 --> 01:27:20,140
If you understand this, you're ready for what comes next.

2520
01:27:20,140 --> 01:27:21,980
If you don't, you're already obsolete.

2521
01:27:21,980 --> 01:27:24,300
Subscribe to the M365FM podcast

2522
01:27:24,300 --> 01:27:27,500
for more deep dives into the architecture of Microsoft 365,

2523
01:27:27,500 --> 01:27:29,980
Copilot, and the systems reshaping enterprise IT.

2524
01:27:29,980 --> 01:27:31,100
Connect with me on LinkedIn.

2525
01:27:31,100 --> 01:27:32,940
I want to hear what you're building, what's breaking,

2526
01:27:32,940 --> 01:27:36,140
what you're learning about, the shift from manual to agentic administration.

2527
01:27:36,140 --> 01:27:37,100
The future isn't coming.

2528
01:27:37,100 --> 01:27:38,060
It's already here.