1 00:00:03,359 --> 00:00:05,839 Welcome to episode 415 2 00:00:05,839 --> 00:00:09,139 of the Microsoft Cloud IT Pro podcast recorded 3 00:00:09,199 --> 00:00:13,460 live from Microsoft Ignite on 11/18/2025. 4 00:00:13,519 --> 00:00:15,839 This is a show about Microsoft '3 65 5 00:00:15,839 --> 00:00:17,734 in in Azure from the perspective of IT 6 00:00:17,734 --> 00:00:19,815 pros and end users, where we discuss a 7 00:00:19,815 --> 00:00:22,135 topic or recent news and how it relates 8 00:00:22,135 --> 00:00:25,414 to you. It's Microsoft Ignite week. So, surprise, 9 00:00:25,414 --> 00:00:27,595 surprise, we have an Ignite show for you. 10 00:00:27,654 --> 00:00:28,154 Unfortunately, 11 00:00:28,695 --> 00:00:30,855 Scott wasn't able to join Ben at Ignite 12 00:00:30,855 --> 00:00:33,149 this week. So Scott is recording from home 13 00:00:33,149 --> 00:00:35,229 while Ben is bringing you all the live 14 00:00:35,229 --> 00:00:37,870 action from Ignite. Hopefully, we'll get Scott back 15 00:00:37,870 --> 00:00:40,450 out here next year. But, in this episode, 16 00:00:40,510 --> 00:00:42,109 we cover a bit of the theme of 17 00:00:42,109 --> 00:00:45,149 Ignite this year, how Ignite announcements have kinda 18 00:00:45,149 --> 00:00:47,234 changed over the years, and of course, a 19 00:00:47,234 --> 00:00:48,695 couple of the big announcements 20 00:00:49,075 --> 00:00:53,234 focused around Microsoft Security Copilot and Microsoft Agent 21 00:00:53,234 --> 00:00:56,054 three sixty five. Let's dive into the show. 22 00:00:58,435 --> 00:01:00,215 Welcome, Ben, to 23 00:01:00,675 --> 00:01:01,175 Ignite 24 00:01:01,620 --> 00:01:04,420 twenty twenty five. Made it to another one. 25 00:01:04,420 --> 00:01:06,260 We get to listen to a congested Ben 26 00:01:06,260 --> 00:01:07,719 who's been on flights 27 00:01:08,099 --> 00:01:11,060 and traveling across the country to get all 28 00:01:11,060 --> 00:01:12,260 the way out to Ignite for us and 29 00:01:12,260 --> 00:01:14,564 be our remote reporter this year. Our boots 30 00:01:14,564 --> 00:01:16,484 on the ground as it were. And Scott 31 00:01:16,484 --> 00:01:18,185 waking me up early because 32 00:01:18,644 --> 00:01:20,484 I'm on the West Coast now. Well, you're 33 00:01:20,484 --> 00:01:22,244 still on East Coast time. So I am 34 00:01:22,405 --> 00:01:24,405 I am still on East Coast time, but, 35 00:01:24,405 --> 00:01:26,165 yes, my alarm went off. Well, it is 36 00:01:26,165 --> 00:01:28,564 8AM for me and 5AM for you. Let's 37 00:01:28,564 --> 00:01:30,640 be honest. It's really still 8AM for you 38 00:01:30,640 --> 00:01:34,079 until probably Wednesday or Thursday when you finally 39 00:01:34,319 --> 00:01:36,079 Yeah. Crash out and come back the other 40 00:01:36,079 --> 00:01:38,319 way. I adjusted probably quicker than I thought 41 00:01:38,319 --> 00:01:39,840 I would because I took a late flight 42 00:01:39,840 --> 00:01:41,439 in Sunday night. So I didn't get to 43 00:01:41,439 --> 00:01:43,840 my hotel till, like, 10PM West Coast time 44 00:01:43,840 --> 00:01:45,994 Sunday night. And then I was out late 45 00:01:45,994 --> 00:01:48,634 last night because it's ignite and it's friends 46 00:01:48,634 --> 00:01:49,375 and it's 47 00:01:49,754 --> 00:01:52,814 dinners and parties and all the things. 48 00:01:53,194 --> 00:01:55,515 So realistically, I didn't go to bed last 49 00:01:55,515 --> 00:01:58,075 night until, like, ten or 11PM West Coast 50 00:01:58,075 --> 00:02:00,180 time. I did set an alarm this morning 51 00:02:00,180 --> 00:02:01,379 in 04:45 52 00:02:01,379 --> 00:02:03,700 or 04:30, whenever it went off. Felt early. 53 00:02:03,700 --> 00:02:05,799 Alright. Well, let's get you through this and 54 00:02:06,099 --> 00:02:08,180 get you back to bed soon. Meetings and 55 00:02:08,180 --> 00:02:09,620 I can go take my nap. I'm gonna 56 00:02:09,620 --> 00:02:11,139 go take a nap after this before the 57 00:02:11,139 --> 00:02:12,944 keynote. You can go take take a nap 58 00:02:12,944 --> 00:02:15,664 before Judson's keynote and get that out there. 59 00:02:15,664 --> 00:02:16,164 So 60 00:02:16,544 --> 00:02:19,824 Ignite this year, interesting one. We continue to 61 00:02:19,824 --> 00:02:21,205 see a lot of AI 62 00:02:21,584 --> 00:02:23,844 AI. I don't think there's any big surprises 63 00:02:23,985 --> 00:02:24,485 there 64 00:02:24,849 --> 00:02:27,250 And security, yep, with AI. I would say, 65 00:02:27,250 --> 00:02:30,310 like, those two. Yeah. That is partly AI. 66 00:02:30,449 --> 00:02:32,610 But I don't know like, we got the 67 00:02:32,610 --> 00:02:34,370 book of news. Right? And I was talking 68 00:02:34,370 --> 00:02:37,110 to other people about this last night too 69 00:02:37,250 --> 00:02:37,750 because 70 00:02:38,145 --> 00:02:39,745 a lot of us got a little bit 71 00:02:39,745 --> 00:02:41,764 of a preview of what's coming. 72 00:02:42,064 --> 00:02:44,805 And it really is. It's like AI and 73 00:02:45,264 --> 00:02:46,965 security people are like, there's like 74 00:02:47,425 --> 00:02:48,324 no big 75 00:02:48,625 --> 00:02:51,905 SharePoint stuff, no big Teams stuff, nothing around 76 00:02:51,905 --> 00:02:52,965 Teams devices. 77 00:02:54,680 --> 00:02:56,519 Like, if you go look, I don't know 78 00:02:56,519 --> 00:02:57,580 that there's anything 79 00:02:57,959 --> 00:02:58,459 like 80 00:02:58,840 --> 00:03:01,400 loop or I just look for loop. Loop 81 00:03:01,400 --> 00:03:03,639 is mentioned once in the entire book of 82 00:03:03,639 --> 00:03:06,939 news and it's not a product loop. It's 83 00:03:07,165 --> 00:03:07,665 looping 84 00:03:08,044 --> 00:03:08,544 between 85 00:03:08,844 --> 00:03:10,925 different things. There was a little bit of 86 00:03:10,925 --> 00:03:11,504 a like 87 00:03:11,805 --> 00:03:15,085 Ignite is not like where's all these other 88 00:03:15,085 --> 00:03:16,865 products that Microsoft has 89 00:03:17,165 --> 00:03:18,705 because it's really focused 90 00:03:19,004 --> 00:03:19,504 on 91 00:03:19,805 --> 00:03:22,125 AI and security and really security is still 92 00:03:22,125 --> 00:03:24,739 focused on AI because there's not there's a 93 00:03:24,739 --> 00:03:26,340 couple things I saw in here from a 94 00:03:26,340 --> 00:03:28,199 security device management 95 00:03:29,139 --> 00:03:32,659 Intune perspective that wasn't AI, but it was 96 00:03:32,659 --> 00:03:35,175 very limited and few and far between. I 97 00:03:35,335 --> 00:03:36,694 mean, we'll get into some of these announcements. 98 00:03:36,694 --> 00:03:38,215 I think it could be two things. One, 99 00:03:38,215 --> 00:03:40,775 rapid release cadence. Right? The cloud makes it 100 00:03:40,775 --> 00:03:42,935 different. People are not gonna be holding back 101 00:03:42,935 --> 00:03:45,574 SharePoint announcements for six months and not coming 102 00:03:45,574 --> 00:03:46,474 out with anything 103 00:03:46,935 --> 00:03:47,435 between 104 00:03:47,814 --> 00:03:50,314 April and November or May and November 105 00:03:50,840 --> 00:03:53,080 just to have a whole big splash of 106 00:03:53,080 --> 00:03:54,300 announcements at Ignite. 107 00:03:54,760 --> 00:03:56,680 So I feel like Ignite is turning into 108 00:03:56,840 --> 00:03:58,040 I don't know if I'd call it a 109 00:03:58,040 --> 00:04:00,520 Microsoft trade show, but it's not as much 110 00:04:00,520 --> 00:04:02,840 focused, I don't think, on big announcements because 111 00:04:02,840 --> 00:04:06,125 of rapid releases of the cloud. And as 112 00:04:06,125 --> 00:04:08,144 such, you don't see 113 00:04:08,685 --> 00:04:11,164 maybe as many of those things because nothing's 114 00:04:11,164 --> 00:04:12,685 been held back to have a big release 115 00:04:12,685 --> 00:04:14,604 about here's everything coming to SharePoint in the 116 00:04:14,604 --> 00:04:16,685 next year because you've gotten it trickle out 117 00:04:16,685 --> 00:04:18,009 over the last six months. I look at 118 00:04:18,009 --> 00:04:19,129 it in a couple of different ways. You 119 00:04:19,129 --> 00:04:21,610 mentioned trade show. Absolutely. Like, there's tons of 120 00:04:21,610 --> 00:04:24,089 partners there. I think if you go into 121 00:04:24,089 --> 00:04:26,490 the Expo Hall any given year, and this 122 00:04:26,490 --> 00:04:28,969 year It's big this year. I walked through 123 00:04:28,969 --> 00:04:31,294 it already. Yep. There's a ton of partners 124 00:04:31,294 --> 00:04:34,014 in there, tons of kinda partner stories and 125 00:04:34,014 --> 00:04:36,095 how they integrate into the ecosystem. To your 126 00:04:36,095 --> 00:04:38,095 point about things trickle out over the course 127 00:04:38,095 --> 00:04:40,175 of time, like, just when they're ready, let's 128 00:04:40,175 --> 00:04:42,095 put them out there. I think that is 129 00:04:42,095 --> 00:04:45,279 very much true. That's certainly the approach, like, 130 00:04:45,279 --> 00:04:48,000 within my organization. Like, we don't hold things 131 00:04:48,000 --> 00:04:50,000 back. We wanna put it out there. But 132 00:04:50,000 --> 00:04:53,120 Ignite, for me at least, and for my 133 00:04:53,120 --> 00:04:55,759 team, and my product managers, and for my 134 00:04:55,759 --> 00:04:56,259 peers, 135 00:04:56,584 --> 00:04:58,504 It's our opportunity to come together and tell 136 00:04:58,504 --> 00:05:00,904 a story. So here's all these things that 137 00:05:00,904 --> 00:05:02,425 we have released over the course of the 138 00:05:02,425 --> 00:05:03,324 last six months, 139 00:05:03,705 --> 00:05:06,745 but, you know, you saw them as this 140 00:05:06,745 --> 00:05:09,064 thing and this thing. How does it all 141 00:05:09,064 --> 00:05:11,680 actually compose and come together? Because I think 142 00:05:11,680 --> 00:05:13,279 every time, we'd love to push everything out 143 00:05:13,279 --> 00:05:15,199 there all at once, but that's just not 144 00:05:15,199 --> 00:05:18,399 the way release cadence works and everything else 145 00:05:18,399 --> 00:05:20,959 comes together. So yeah. So I think what 146 00:05:20,959 --> 00:05:22,180 we can do for 147 00:05:22,480 --> 00:05:24,240 this one is we're kinda going through things 148 00:05:24,240 --> 00:05:26,419 rather than just doing, like, a rundown of 149 00:05:26,675 --> 00:05:29,495 the random news and kinda smattering of things. 150 00:05:29,555 --> 00:05:32,214 Given that there's this large focus on AI, 151 00:05:32,514 --> 00:05:35,175 I think there's also an undercurrent 152 00:05:36,115 --> 00:05:39,014 and a little bit of thematic flow here 153 00:05:39,074 --> 00:05:39,574 to 154 00:05:39,970 --> 00:05:41,110 things like security, 155 00:05:41,490 --> 00:05:41,990 governance, 156 00:05:42,449 --> 00:05:42,949 manageability 157 00:05:43,569 --> 00:05:44,629 of your workloads, 158 00:05:45,089 --> 00:05:47,970 and for these AI clients and AI agents 159 00:05:47,970 --> 00:05:50,470 that exist out there. Like, more and more 160 00:05:50,610 --> 00:05:53,410 as IT pros, developers who are involved in 161 00:05:53,410 --> 00:05:55,029 this ecosystem of 162 00:05:55,404 --> 00:05:58,204 Azure and Microsoft three sixty five, you are 163 00:05:58,204 --> 00:06:00,204 either going to be building these things, you're 164 00:06:00,204 --> 00:06:02,365 gonna be managing them, or you're certainly gonna 165 00:06:02,365 --> 00:06:04,444 be encountering them as a user. So I 166 00:06:04,444 --> 00:06:05,264 think understanding 167 00:06:05,644 --> 00:06:07,404 what some of those constraints are, what some 168 00:06:07,404 --> 00:06:09,165 of the tools that are available to you. 169 00:06:09,165 --> 00:06:11,779 Like, I know, like, every single day, there's 170 00:06:11,779 --> 00:06:14,120 a new article that comes out that says, 171 00:06:14,339 --> 00:06:18,040 hey. Here's how an MCP server was jailbroken, 172 00:06:18,740 --> 00:06:19,240 or 173 00:06:19,620 --> 00:06:21,699 it leaked something out there, or it did 174 00:06:21,699 --> 00:06:23,540 something weird. Like, you sent me an article 175 00:06:23,540 --> 00:06:26,264 a couple days ago about MCP horror stories, 176 00:06:26,324 --> 00:06:29,285 WhatsApp data exfiltration. Right? Like, so so so 177 00:06:29,285 --> 00:06:30,884 these things are very real. Like, they sit 178 00:06:30,884 --> 00:06:32,504 out there. They run-in your environments. 179 00:06:32,884 --> 00:06:34,985 They're often running under identities 180 00:06:35,524 --> 00:06:36,024 that 181 00:06:36,564 --> 00:06:38,759 you might not even have known existed depending 182 00:06:38,759 --> 00:06:40,920 on your governance system and what happened. So 183 00:06:40,920 --> 00:06:42,120 what I was thinking we could do today 184 00:06:42,120 --> 00:06:43,500 is focus on 185 00:06:44,040 --> 00:06:45,180 some of these security 186 00:06:45,560 --> 00:06:46,060 governance 187 00:06:46,839 --> 00:06:49,560 management constructs that are out there that are 188 00:06:49,560 --> 00:06:52,139 going to help IT pros and developers 189 00:06:52,555 --> 00:06:55,375 kinda come together and think about ways that 190 00:06:55,754 --> 00:06:57,134 they can start to, 191 00:06:57,514 --> 00:06:58,654 if they haven't already, 192 00:06:59,035 --> 00:07:01,595 embrace this change. Like, it is coming. It's 193 00:07:01,595 --> 00:07:03,115 it's it's gonna be pushed on you one 194 00:07:03,115 --> 00:07:04,875 way or another, and the the only way 195 00:07:04,875 --> 00:07:06,714 out is through. So let's go ahead and 196 00:07:06,714 --> 00:07:08,519 kind of embrace it, get back to our 197 00:07:08,519 --> 00:07:10,759 roots, and think about how to do some 198 00:07:10,759 --> 00:07:12,360 of that stuff. So to your point of, 199 00:07:12,360 --> 00:07:14,199 like, loops not in the book of news, 200 00:07:14,199 --> 00:07:15,639 like, well, we're not gonna spend a lot 201 00:07:15,639 --> 00:07:17,639 of time on, like, fuzzy stuff or maybe 202 00:07:17,639 --> 00:07:19,000 things that have been out there before. I 203 00:07:19,000 --> 00:07:20,954 just wanna kinda focus on a couple of 204 00:07:21,034 --> 00:07:23,595 high level points that'll help guide folks in. 205 00:07:23,595 --> 00:07:25,754 Like, if you are an IT pro, if 206 00:07:25,754 --> 00:07:28,074 you're a developer who's interested in managing these 207 00:07:28,074 --> 00:07:30,414 things, having a more kinda secure state 208 00:07:30,794 --> 00:07:33,995 for these AI agents, AI workflows in your 209 00:07:33,995 --> 00:07:34,495 environment, 210 00:07:34,839 --> 00:07:36,439 what are the tools that are available to 211 00:07:36,439 --> 00:07:38,439 you both today, and then what are the 212 00:07:38,439 --> 00:07:40,600 things that are coming? And I think that's 213 00:07:40,600 --> 00:07:42,360 what it what Ignite is good for is 214 00:07:42,360 --> 00:07:43,959 also saying, like, hey. Back to that whole, 215 00:07:43,959 --> 00:07:45,800 let's tell the story around all the things 216 00:07:45,800 --> 00:07:48,214 that are already there. There's absolutely new things 217 00:07:48,214 --> 00:07:50,375 coming as well that are gonna be tacked 218 00:07:50,375 --> 00:07:52,955 on to that and continue to extend that 219 00:07:53,654 --> 00:07:55,035 over the the next several 220 00:07:55,335 --> 00:07:57,735 months to a year depending on how things 221 00:07:57,735 --> 00:07:59,735 go and rollouts and everything else that's out 222 00:07:59,735 --> 00:08:02,395 there. So being those themes, security, governance, manageability, 223 00:08:02,830 --> 00:08:03,730 why don't we start 224 00:08:04,509 --> 00:08:07,310 with security? I think there's some goodness coming 225 00:08:07,310 --> 00:08:10,029 for Security Copilot, so maybe we can start 226 00:08:10,029 --> 00:08:11,389 with that one. Quick before I get into 227 00:08:11,389 --> 00:08:13,069 that, I think even looking through the book 228 00:08:13,069 --> 00:08:15,069 of news, it's similar to what you said 229 00:08:15,069 --> 00:08:16,995 where as we looked through it, you could 230 00:08:16,995 --> 00:08:19,794 pull out new releases or new features. But 231 00:08:19,794 --> 00:08:21,794 if you combine all those new features together 232 00:08:21,794 --> 00:08:23,154 in the book of news, I think it 233 00:08:23,154 --> 00:08:24,995 does start to tell a story this year 234 00:08:24,995 --> 00:08:28,595 about kinda what Microsoft's focus is, particularly around 235 00:08:28,595 --> 00:08:31,180 agents and security. So it is. It's not 236 00:08:31,180 --> 00:08:33,419 just feature releases, but if you kinda combine 237 00:08:33,419 --> 00:08:34,860 all of them together, like, what are they 238 00:08:34,860 --> 00:08:36,539 coming out with in all these different products? 239 00:08:36,539 --> 00:08:39,019 It's like, oh, there is very much a 240 00:08:39,019 --> 00:08:40,860 theme here, I felt like, to some of 241 00:08:40,860 --> 00:08:42,695 this. But like you said, with 242 00:08:42,995 --> 00:08:46,195 Security Copilot, this one's an interesting one. I 243 00:08:46,195 --> 00:08:49,735 want to see more articles around this particular 244 00:08:49,875 --> 00:08:51,495 one and this one specifically 245 00:08:52,355 --> 00:08:54,514 because when I read the book of news, 246 00:08:54,514 --> 00:08:56,340 I was like, I think I know what 247 00:08:56,340 --> 00:08:57,000 this means, 248 00:08:57,779 --> 00:08:58,759 but I'm not 249 00:08:59,139 --> 00:09:00,200 a 100% 250 00:09:00,500 --> 00:09:01,000 sure. 251 00:09:01,460 --> 00:09:01,960 So 252 00:09:02,580 --> 00:09:05,299 this starts out and it talks about Security 253 00:09:05,299 --> 00:09:08,335 Copilot and new Security Copilot agents. So there's 254 00:09:08,335 --> 00:09:11,394 12 new Security Copilot agents that are gonna 255 00:09:11,455 --> 00:09:13,235 built into Defender that are coming 256 00:09:13,535 --> 00:09:15,075 around Entra, Intune, 257 00:09:15,615 --> 00:09:16,115 Purview. 258 00:09:16,575 --> 00:09:19,475 Some of these are available in Preview now. 259 00:09:19,535 --> 00:09:22,110 There's also gonna be 30 new agents coming 260 00:09:22,110 --> 00:09:23,090 from partners 261 00:09:23,870 --> 00:09:27,730 to help tie more agents into security copilot, 262 00:09:28,269 --> 00:09:30,910 help with your sock, with your identity, with 263 00:09:30,910 --> 00:09:31,889 data security. 264 00:09:32,669 --> 00:09:34,850 But then as you get through this, 265 00:09:35,434 --> 00:09:38,495 down under, like, all these announcements around agents 266 00:09:38,794 --> 00:09:41,034 again, we're talking about security copilot. Everybody's like, 267 00:09:41,034 --> 00:09:43,195 well, I can't afford $90 a year for 268 00:09:43,195 --> 00:09:46,634 security copilot or a 120 or Microsoft's base 269 00:09:46,634 --> 00:09:48,095 recommendation isn't there. 270 00:09:48,419 --> 00:09:50,740 It says to help security teams get started 271 00:09:50,740 --> 00:09:52,279 with agents more quickly, 272 00:09:52,740 --> 00:09:56,039 Security Copilot will be available to all 273 00:09:56,419 --> 00:09:59,240 Microsoft three sixty five e five customers. 274 00:09:59,940 --> 00:10:01,894 Rollout Stouts starts in 275 00:10:02,195 --> 00:10:05,394 Frontier, which is kinda like Microsoft's insider ring 276 00:10:05,394 --> 00:10:07,394 now for Copilot. I recommend that folks go 277 00:10:07,394 --> 00:10:08,674 sign up for that one. At least have 278 00:10:08,674 --> 00:10:10,434 one person in your org. Like, go and 279 00:10:10,434 --> 00:10:13,095 click that button and fill out that form, 280 00:10:13,440 --> 00:10:16,000 and sign up for the Frontier program if 281 00:10:16,000 --> 00:10:16,580 you haven't. 282 00:10:16,960 --> 00:10:19,360 Yep. Coming out in the coming months. This 283 00:10:19,360 --> 00:10:21,840 is interesting. Right? Security Copilot is technically already 284 00:10:21,840 --> 00:10:23,840 available for e five customers. You just have 285 00:10:23,840 --> 00:10:26,095 to pay for it. Does this mean I 286 00:10:26,095 --> 00:10:27,455 think this is a lot about, like, the 287 00:10:27,455 --> 00:10:28,894 agents that are coming out. So we were 288 00:10:28,894 --> 00:10:30,495 chatting a little bit about this before we 289 00:10:30,495 --> 00:10:32,915 started recording. So particularly with 290 00:10:33,455 --> 00:10:37,695 remote hosted agents, so they're running compute, often 291 00:10:37,695 --> 00:10:40,039 GPU as well, to be able to 292 00:10:40,419 --> 00:10:43,059 respond to LLMs, pull in their context windows, 293 00:10:43,059 --> 00:10:44,980 all these kinds of things. So, like, it's 294 00:10:44,980 --> 00:10:47,860 very nice when there's things like remote MCP 295 00:10:47,860 --> 00:10:50,259 servers there. I don't know what the runway 296 00:10:50,259 --> 00:10:53,000 is for all SaaS and service providers 297 00:10:53,394 --> 00:10:56,214 to continue to provide remote MCPs for free, 298 00:10:56,274 --> 00:10:58,214 but certainly enjoy them while they're here 299 00:10:58,674 --> 00:11:00,434 and the functionality that you get with them 300 00:11:00,514 --> 00:11:02,434 Yeah. And things like that. So I imagine 301 00:11:02,434 --> 00:11:05,095 some of this is like you mentioned, there's 302 00:11:05,610 --> 00:11:08,570 10 plus new agents coming to Security Copilot. 303 00:11:08,570 --> 00:11:10,809 So these are baked agents ready to go, 304 00:11:10,809 --> 00:11:12,190 purpose built. So there's 305 00:11:12,570 --> 00:11:15,149 the governance agent, there's the IT, 306 00:11:15,690 --> 00:11:17,769 the ID security agent, and then you're gonna 307 00:11:17,769 --> 00:11:19,514 be able to build your own agents on 308 00:11:19,514 --> 00:11:21,995 things like the Graph SDKs, on top of 309 00:11:21,995 --> 00:11:25,375 the Microsoft three sixty five agent ID SDK 310 00:11:25,514 --> 00:11:27,835 and the agent SDK, all these different things 311 00:11:27,835 --> 00:11:29,774 that are out there. So these all take 312 00:11:30,075 --> 00:11:31,855 resources, and those resources 313 00:11:32,339 --> 00:11:35,059 today are very finite. Like, GPUs are not 314 00:11:35,059 --> 00:11:37,940 running around, like, freely available still. Like, it's 315 00:11:37,940 --> 00:11:40,019 not like we're all just going into, like, 316 00:11:40,019 --> 00:11:42,259 our local micro center or Best Buy or 317 00:11:42,259 --> 00:11:43,699 whatever and able to get, like, the hottest 318 00:11:43,699 --> 00:11:45,379 and latest GPU, and certainly not for data 319 00:11:45,379 --> 00:11:48,024 center providers either. So I I imagine part 320 00:11:48,024 --> 00:11:50,284 of this is both enable the licenses, 321 00:11:50,664 --> 00:11:52,105 but make sure that you can push down 322 00:11:52,105 --> 00:11:52,845 the functionality 323 00:11:53,225 --> 00:11:55,544 in a measured way and get it out 324 00:11:55,544 --> 00:11:57,644 there so that you can start to understand, 325 00:11:57,865 --> 00:12:00,504 like, literally, what's the size of the fleet 326 00:12:00,504 --> 00:12:01,565 that I need to run 327 00:12:02,500 --> 00:12:04,820 for resources on the back end, for compute, 328 00:12:04,820 --> 00:12:06,440 GPU, memory, networking, 329 00:12:07,139 --> 00:12:09,379 all those kinds of things to to get 330 00:12:09,379 --> 00:12:10,899 them to where they need to be? I 331 00:12:10,899 --> 00:12:13,860 think the more interesting thing will be, does 332 00:12:13,860 --> 00:12:15,539 a shoe drop here, because we've seen this 333 00:12:15,539 --> 00:12:17,605 a couple times in Microsoft three sixty five 334 00:12:17,605 --> 00:12:21,045 land, where experiences come out built around AI 335 00:12:21,045 --> 00:12:24,424 experiences, like Copilot, things like that, where 336 00:12:24,804 --> 00:12:27,125 they've started let's take m three sixty five 337 00:12:27,125 --> 00:12:29,524 Copilot as an example. When it came out, 338 00:12:29,524 --> 00:12:31,679 it was an add on SKU. Like, go 339 00:12:31,679 --> 00:12:34,419 pay an extra $30 per user per month. 340 00:12:34,559 --> 00:12:36,720 And now some of that functionality has started 341 00:12:36,720 --> 00:12:38,799 to trickle down into the regular m three 342 00:12:38,799 --> 00:12:41,220 sixty five SKUs without an additional add on. 343 00:12:41,360 --> 00:12:44,080 That said, those SKUs got incrementally a little 344 00:12:44,080 --> 00:12:45,059 bit more expensive. 345 00:12:45,495 --> 00:12:47,495 So I wonder if this is kinda just 346 00:12:47,495 --> 00:12:49,495 sign of the times for e fives where 347 00:12:49,495 --> 00:12:51,835 they've been quite baked for a while now, 348 00:12:52,134 --> 00:12:53,654 and you've had a good set of add 349 00:12:53,654 --> 00:12:55,575 ons, but those add ons really added up. 350 00:12:55,575 --> 00:12:57,014 I mean, you can get to a 100 351 00:12:57,014 --> 00:12:59,159 plus dollars a month per user per month 352 00:12:59,480 --> 00:13:02,120 very quickly, even in e five land. I 353 00:13:02,120 --> 00:13:04,279 wonder if this is just let's start to 354 00:13:04,279 --> 00:13:06,059 push down some of that basic functionality, 355 00:13:06,759 --> 00:13:09,399 figure out over time what those costs are, 356 00:13:09,399 --> 00:13:11,980 what the material benefit is to customers versus 357 00:13:12,384 --> 00:13:15,284 service provider and Microsoft and things like that, 358 00:13:15,584 --> 00:13:17,264 and where it all bakes out. I saw 359 00:13:17,264 --> 00:13:18,464 this when you pointed it out to me. 360 00:13:18,464 --> 00:13:19,904 I kinda giggled in the back of my 361 00:13:19,904 --> 00:13:22,144 head, and I said, well, e fives, enjoy 362 00:13:22,144 --> 00:13:24,625 your current run rates while they're there until 363 00:13:24,625 --> 00:13:27,504 your next renewal because it's probably gonna be 364 00:13:27,504 --> 00:13:29,149 $2, $3, whatever, 365 00:13:29,529 --> 00:13:31,289 US dollars a month more. Yeah. And this 366 00:13:31,289 --> 00:13:32,970 is what I would say to keep an 367 00:13:32,970 --> 00:13:34,889 eye on because I'm curious too, like, are 368 00:13:34,889 --> 00:13:36,049 they going to bring 369 00:13:36,490 --> 00:13:37,789 like, is the SCU 370 00:13:38,169 --> 00:13:40,350 as we know it going to go away 371 00:13:40,409 --> 00:13:42,669 because it's gonna be bundled with e five 372 00:13:42,730 --> 00:13:43,950 and it's gonna be 373 00:13:44,264 --> 00:13:46,425 there or is it going to be Right. 374 00:13:46,425 --> 00:13:48,024 Or is it gonna be like these agents? 375 00:13:48,024 --> 00:13:50,285 We're gonna give you like Security Copilot 376 00:13:50,665 --> 00:13:53,245 lite. There's gonna be a reduced version where 377 00:13:53,545 --> 00:13:55,945 you can leverage these agents in Intune and 378 00:13:55,945 --> 00:13:56,445 Defender 379 00:13:57,049 --> 00:13:58,730 for some of that. But you're not gonna 380 00:13:58,730 --> 00:14:01,069 get like the full blown let me go 381 00:14:01,449 --> 00:14:03,230 query everything in Sentinel 382 00:14:03,689 --> 00:14:04,909 with Security Copilot 383 00:14:05,529 --> 00:14:07,149 and build out the full blown security 384 00:14:07,610 --> 00:14:09,850 experience. So this is when I would say 385 00:14:10,089 --> 00:14:12,434 Again, we're recording this before the announcements, so 386 00:14:12,514 --> 00:14:13,634 so we're using it from the book of 387 00:14:13,634 --> 00:14:15,475 news. By the time you hear this on 388 00:14:15,475 --> 00:14:15,975 Thursday, 389 00:14:16,514 --> 00:14:18,034 the things we're gonna be talking about are 390 00:14:18,034 --> 00:14:19,634 gonna be out in the public. There's gonna 391 00:14:19,634 --> 00:14:21,235 be more blog posts about it. There's gonna 392 00:14:21,235 --> 00:14:22,674 be sessions about it. I would go back 393 00:14:22,674 --> 00:14:24,274 and look at this one especially if you're 394 00:14:24,274 --> 00:14:25,735 interested in Security Copilot. 395 00:14:26,220 --> 00:14:29,199 There are three breakout sessions around this 396 00:14:29,579 --> 00:14:30,720 four, around 397 00:14:31,259 --> 00:14:33,500 Security Copilot protect at the speed and scale 398 00:14:33,500 --> 00:14:36,559 of AI, transform security with IT Security Copilot 399 00:14:36,699 --> 00:14:37,199 agents, 400 00:14:37,579 --> 00:14:38,959 AI powered data security, 401 00:14:39,259 --> 00:14:41,254 predictive SOC, and then what are on building 402 00:14:41,254 --> 00:14:43,575 the SOC of the future. So there's gonna 403 00:14:43,575 --> 00:14:45,254 be some things that I would go watch 404 00:14:45,254 --> 00:14:47,195 if you're interested in this to see 405 00:14:47,654 --> 00:14:49,254 how all of this shakes out and what 406 00:14:49,254 --> 00:14:50,855 the coming months are gonna look like for 407 00:14:50,855 --> 00:14:51,754 Security Copilot. 408 00:14:55,690 --> 00:14:57,850 Do you feel overwhelmed by trying to manage 409 00:14:57,850 --> 00:15:00,169 your Office three sixty five environment? Are you 410 00:15:00,169 --> 00:15:03,470 facing unexpected issues that disrupt your company's productivity? 411 00:15:03,690 --> 00:15:05,690 Intelligink is here to help. Much like you 412 00:15:05,690 --> 00:15:07,529 take your car to the mechanic that has 413 00:15:07,529 --> 00:15:09,690 specialized knowledge on how to best keep your 414 00:15:09,690 --> 00:15:12,715 car running, Intelligent helps you with your Microsoft 415 00:15:12,774 --> 00:15:14,955 cloud environment because that's their expertise. 416 00:15:15,415 --> 00:15:17,654 Intelligent keeps up with the latest updates in 417 00:15:17,654 --> 00:15:19,815 the Microsoft cloud to help keep your business 418 00:15:19,815 --> 00:15:22,054 running smoothly and ahead of the curve. Whether 419 00:15:22,054 --> 00:15:24,134 you are a small organization with just a 420 00:15:24,134 --> 00:15:26,610 few users up to an organization of several 421 00:15:26,610 --> 00:15:27,589 thousand employees, 422 00:15:27,970 --> 00:15:29,970 they want to partner with you to implement 423 00:15:29,970 --> 00:15:32,710 and administer your Microsoft cloud technology. 424 00:15:33,409 --> 00:15:36,870 Visit them at inteliginc.com/podcast. 425 00:15:37,250 --> 00:15:43,914 That's intelligink.com/podcast 426 00:15:44,294 --> 00:15:46,455 for more information or to schedule a thirty 427 00:15:46,455 --> 00:15:48,475 minute call to get started with them today. 428 00:15:48,774 --> 00:15:49,914 Remember, Intelligink 429 00:15:50,269 --> 00:15:52,509 focuses on the Microsoft cloud so you can 430 00:15:52,509 --> 00:15:53,889 focus on your business. 431 00:15:56,110 --> 00:15:58,909 When I think about Security Copilot, maybe I'm 432 00:15:58,909 --> 00:16:01,549 always a little simplistic about it. So I 433 00:16:01,549 --> 00:16:03,889 always kinda think about it first as 434 00:16:04,509 --> 00:16:05,009 Sentinel 435 00:16:05,465 --> 00:16:06,365 and then Intune 436 00:16:06,825 --> 00:16:09,705 and then Entra. Like, hey. Let's kinda wrap 437 00:16:09,705 --> 00:16:10,924 those three things together. 438 00:16:11,544 --> 00:16:14,184 But that actually doesn't cover the whole suite 439 00:16:14,184 --> 00:16:16,924 of things because Security Copilot is also Defender, 440 00:16:17,465 --> 00:16:20,360 and then it's also Purview. So the way 441 00:16:20,580 --> 00:16:22,340 Microsoft frames it, like, if you were gonna 442 00:16:22,340 --> 00:16:23,539 go out and try and figure out, like, 443 00:16:23,539 --> 00:16:25,220 hey, which pillars do all these fit fit 444 00:16:25,220 --> 00:16:28,259 into, is you've got security operations. So we 445 00:16:28,259 --> 00:16:30,580 talked about SOC stuff and all these sessions 446 00:16:30,580 --> 00:16:33,365 being focused on SOC. So security operations is 447 00:16:33,365 --> 00:16:36,164 really Defender and Sentinel. That's it. Done. Out 448 00:16:36,164 --> 00:16:36,824 the door. 449 00:16:37,125 --> 00:16:40,164 Data security is Purview. Great. Let's manage things, 450 00:16:40,164 --> 00:16:42,485 have DLP, all that kind of stuff. Identity 451 00:16:42,485 --> 00:16:45,544 and access control, Entra, and then endpoint management 452 00:16:45,605 --> 00:16:47,580 with Intune. But you do have those kind 453 00:16:47,580 --> 00:16:50,620 of four buckets of security operations, data security, 454 00:16:50,620 --> 00:16:53,259 identity and access, and endpoint management to get 455 00:16:53,259 --> 00:16:55,340 through. So I wonder over time if maybe 456 00:16:55,340 --> 00:16:58,059 some of that kind of functionality or what 457 00:16:58,059 --> 00:17:00,674 comes in the free versus the paid or 458 00:17:00,674 --> 00:17:02,754 not the free, but the included versus the 459 00:17:02,754 --> 00:17:05,714 paid. E five version versus yeah. Is like, 460 00:17:05,714 --> 00:17:08,515 do you get Security Copilot with Sentinel, but 461 00:17:08,515 --> 00:17:10,835 maybe you're missing some things in Purview? Do 462 00:17:10,835 --> 00:17:13,529 you get Security Copilot with Entrance Sentinel, but 463 00:17:13,609 --> 00:17:14,970 But then maybe you're missing some things in 464 00:17:14,970 --> 00:17:17,289 Intune. I don't know how that's gonna bake 465 00:17:17,289 --> 00:17:18,970 and what it's gonna come out like. I 466 00:17:18,970 --> 00:17:21,529 do think at some point, like, you're not 467 00:17:21,529 --> 00:17:23,450 gonna see it all there for free. So 468 00:17:23,450 --> 00:17:25,930 the number of signals that Sentinel pulls in, 469 00:17:25,930 --> 00:17:28,410 it's all stored in Kusto and things like 470 00:17:28,410 --> 00:17:30,625 that. It's not free to run those queries 471 00:17:30,625 --> 00:17:32,545 and get all that stuff up and running, 472 00:17:32,545 --> 00:17:34,785 especially when you're talking about, like, a large 473 00:17:34,785 --> 00:17:36,945 scale environment, maybe with tens of thousands of 474 00:17:36,945 --> 00:17:39,904 users. That could be billions of signals, if 475 00:17:39,904 --> 00:17:42,305 not trillions, coming into your environment that you 476 00:17:42,305 --> 00:17:43,904 have to need to filter and sort through. 477 00:17:43,904 --> 00:17:45,900 Like, sorry, folks. Like, that stuff ain't free, 478 00:17:45,900 --> 00:17:47,579 but It's not. We'll see where it bakes 479 00:17:47,579 --> 00:17:49,339 out. I think it is a good one 480 00:17:49,339 --> 00:17:49,839 for 481 00:17:50,140 --> 00:17:52,619 folks who are either in Security Copilot land 482 00:17:52,619 --> 00:17:54,940 today. Like, hey. There's some niceties here for 483 00:17:54,940 --> 00:17:57,099 you. Like, there's new agents. There's new things. 484 00:17:57,099 --> 00:17:58,945 Not a lot probably changes for you. But 485 00:17:58,945 --> 00:18:01,105 if you're an e five customer who hasn't 486 00:18:01,105 --> 00:18:02,484 adopted the Security Copilot, 487 00:18:02,865 --> 00:18:04,785 even if it is a little bit of 488 00:18:04,785 --> 00:18:05,285 a 489 00:18:05,825 --> 00:18:07,825 mixed offering where maybe it doesn't include all 490 00:18:07,825 --> 00:18:09,505 the pillars or have all those things, I 491 00:18:09,505 --> 00:18:11,025 still think there's gonna be a bunch of 492 00:18:11,025 --> 00:18:12,865 value there. And it's gonna start to get 493 00:18:12,865 --> 00:18:15,140 you into this ecosystem back to that theme 494 00:18:15,140 --> 00:18:16,660 around, like, hey, what's here for you as 495 00:18:16,660 --> 00:18:18,660 an IT pro? Sentinel is not just the 496 00:18:18,660 --> 00:18:21,700 discovery components or security copilot. It's not just 497 00:18:21,700 --> 00:18:25,140 the discovery stuff. There's also manageability aspects and 498 00:18:25,140 --> 00:18:27,059 other things that are important to think about 499 00:18:27,059 --> 00:18:29,160 there. Yeah. And to your point about signals, 500 00:18:29,644 --> 00:18:31,585 in here it talks about Microsoft, 501 00:18:32,204 --> 00:18:35,505 their threat intelligence is informed by over 100,000,000,000,000 502 00:18:35,565 --> 00:18:36,304 daily signals. 503 00:18:36,605 --> 00:18:38,845 So, yeah, it's not cheap or free to 504 00:18:38,845 --> 00:18:40,684 run this because that's a lot of daily 505 00:18:40,684 --> 00:18:42,444 signals to process. A little bit here and 506 00:18:42,444 --> 00:18:44,269 there. Yeah. So I I mean, like the 507 00:18:44,429 --> 00:18:46,349 like I said, there there's goodness there. I 508 00:18:46,349 --> 00:18:48,429 think there's things to watch for. Like, if 509 00:18:48,429 --> 00:18:50,029 you're somebody who's listening to this and you're 510 00:18:50,029 --> 00:18:52,349 like, oh, that sounds interesting, and you didn't 511 00:18:52,349 --> 00:18:54,429 attend Ignite or maybe you wanna come back, 512 00:18:54,429 --> 00:18:55,950 like, check out the show notes. We'll have 513 00:18:55,950 --> 00:18:57,855 links in there to the breakouts and and 514 00:18:57,855 --> 00:18:59,134 things like that so you can go back 515 00:18:59,134 --> 00:19:01,134 and watch the recordings. We kinda I think 516 00:19:01,134 --> 00:19:02,894 most companies, at least in The United States, 517 00:19:02,894 --> 00:19:04,414 had a slow period here as we get 518 00:19:04,414 --> 00:19:06,414 into, like, Thanksgiving and Christmas, things like that. 519 00:19:06,414 --> 00:19:08,174 Like, hey. Maybe this is your chance to 520 00:19:08,174 --> 00:19:09,934 catch up on some learning and figure out 521 00:19:09,934 --> 00:19:11,775 what's out there. Yeah. So with Security for 522 00:19:11,775 --> 00:19:14,319 Copilot, we talked about agents, all the agents 523 00:19:14,319 --> 00:19:17,159 coming. We also recognize that there has been 524 00:19:17,159 --> 00:19:19,539 a bit of a gap here with managing 525 00:19:19,679 --> 00:19:22,640 certain things in Microsoft March. 526 00:19:22,640 --> 00:19:24,644 Right? Like, people are adding agents or adding 527 00:19:24,805 --> 00:19:25,785 agents and agents 528 00:19:26,484 --> 00:19:29,445 and Microsoft is adding agents. And I've started 529 00:19:29,445 --> 00:19:31,605 having these conversations with customers that are like, 530 00:19:31,605 --> 00:19:34,085 well, how do I govern agents? How is 531 00:19:34,085 --> 00:19:37,785 my agent security configured? They're unregovernable. Yeah. Store. 532 00:19:37,924 --> 00:19:39,865 That's not right. How do I manage agents? 533 00:19:40,509 --> 00:19:43,150 All these things, like, the last couple years 534 00:19:43,150 --> 00:19:44,690 have been all about Copilot. 535 00:19:44,990 --> 00:19:46,750 I feel like this year is all about 536 00:19:46,750 --> 00:19:48,509 agents. Like, we have these security agents that 537 00:19:48,509 --> 00:19:51,009 are accessing a bunch of security data. 538 00:19:51,470 --> 00:19:54,075 How do we govern these types of agents 539 00:19:54,234 --> 00:19:56,554 and know what they're accessing or maybe put 540 00:19:56,554 --> 00:19:58,335 certain controls in place because 541 00:19:58,875 --> 00:20:01,115 security? I think it's less about, like, like, 542 00:20:01,115 --> 00:20:03,355 the built in agents than it is about 543 00:20:03,355 --> 00:20:05,514 the custom ones that come or, let's say, 544 00:20:05,514 --> 00:20:08,039 your finance department or your sales team is 545 00:20:08,039 --> 00:20:10,380 working with Salesforce and you use Salesforce CRM, 546 00:20:10,759 --> 00:20:13,240 and you adopt their agent, and somebody in 547 00:20:13,240 --> 00:20:15,640 sales goes and just clicks next on a 548 00:20:15,640 --> 00:20:17,720 SaaS product that was maybe And gets it 549 00:20:17,720 --> 00:20:19,400 all out there. A little wily in your 550 00:20:19,400 --> 00:20:21,434 environment, and then that has the ability to 551 00:20:21,434 --> 00:20:23,355 get configured. And then what does it have 552 00:20:23,355 --> 00:20:25,115 access to, and what's it have going on? 553 00:20:25,115 --> 00:20:26,875 Like, it's one thing to hear an MCP 554 00:20:26,875 --> 00:20:29,515 horror story about, like, WhatsApp data exfiltration. Tell 555 00:20:29,515 --> 00:20:30,875 you what, it's gonna be another one to 556 00:20:30,875 --> 00:20:32,414 hear about a a Salesforce 557 00:20:33,029 --> 00:20:35,350 CRM horror story when all of a sudden, 558 00:20:35,350 --> 00:20:37,190 like, all your sales records leak or all 559 00:20:37,190 --> 00:20:39,269 your contacts or things like that. So for 560 00:20:39,269 --> 00:20:41,430 this one, I think It's the security copilot 561 00:20:41,430 --> 00:20:43,430 agents, like, the 30 agents that third parties 562 00:20:43,430 --> 00:20:45,269 are adding. So I agree with you. It's 563 00:20:45,269 --> 00:20:48,444 not necessarily Microsoft agents. It's agents are coming 564 00:20:48,444 --> 00:20:50,764 everywhere from third parties. I think you need 565 00:20:50,764 --> 00:20:52,605 to think about those. So so there's always 566 00:20:52,605 --> 00:20:55,184 been the shadow IT thing. And businesses 567 00:20:55,484 --> 00:20:58,365 and organizational units and divisions are always gonna 568 00:20:58,365 --> 00:20:59,724 go out and what do what they do. 569 00:20:59,724 --> 00:21:02,250 I think it is more important than ever 570 00:21:02,329 --> 00:21:05,150 to be vigilant about these things and understand 571 00:21:05,210 --> 00:21:06,589 what's running in your environment, 572 00:21:06,890 --> 00:21:09,609 who's it associated with, who are the users 573 00:21:09,609 --> 00:21:11,210 that use it, all those kinds of things. 574 00:21:11,210 --> 00:21:12,650 So I think this next topic's a good 575 00:21:12,650 --> 00:21:14,509 one. So let's kind of dive into 576 00:21:14,809 --> 00:21:17,535 Microsoft Agent three sixty five. And as we're 577 00:21:17,535 --> 00:21:19,934 talking about this one, folks can think about 578 00:21:19,934 --> 00:21:20,755 this as 579 00:21:21,855 --> 00:21:24,674 a control plane or a manageability layer 580 00:21:25,055 --> 00:21:26,515 for AI agents 581 00:21:26,894 --> 00:21:28,115 within your, 582 00:21:28,494 --> 00:21:31,375 today, Microsoft three sixty five environment. This is 583 00:21:31,375 --> 00:21:34,309 gonna manifest in other ways across things like 584 00:21:34,309 --> 00:21:37,269 Azure AI Foundry and other parts of the 585 00:21:37,269 --> 00:21:38,330 Azure ecosystem, 586 00:21:38,789 --> 00:21:40,710 but we'll kind of focus on Microsoft three 587 00:21:40,710 --> 00:21:43,190 sixty five agent, what's there. So we know 588 00:21:43,190 --> 00:21:45,029 that teams are out there. Right? They're adding 589 00:21:45,029 --> 00:21:45,529 agents 590 00:21:45,934 --> 00:21:49,315 or they're deploying MCP servers to augment their 591 00:21:49,375 --> 00:21:51,934 workflows and probably almost, like, every single one 592 00:21:51,934 --> 00:21:54,015 that's out there. Your sales team is gonna 593 00:21:54,015 --> 00:21:56,974 have their own CRM thing. HR is gonna 594 00:21:56,974 --> 00:21:59,400 have something maybe tied into, like, Monday or 595 00:21:59,400 --> 00:22:01,720 Workday or something like that. You're gonna have 596 00:22:01,720 --> 00:22:04,840 custom agents, all the Copilot agents. You're gonna 597 00:22:04,840 --> 00:22:07,100 have your IT department with, like, a troubleshooting 598 00:22:07,240 --> 00:22:08,840 agent or, like, a little bit of, like, 599 00:22:08,840 --> 00:22:10,759 a help desk, things like that that are 600 00:22:10,759 --> 00:22:12,600 out there. So it's a little different than 601 00:22:12,600 --> 00:22:14,424 the world of, we bought a SaaS app 602 00:22:14,424 --> 00:22:16,184 where things are more like static and you 603 00:22:16,184 --> 00:22:17,785 could go read the manual and understand their 604 00:22:17,785 --> 00:22:18,285 functionality. 605 00:22:18,664 --> 00:22:21,465 Now you have these little autonomous things just 606 00:22:21,465 --> 00:22:23,705 running out there. They can potentially talk to 607 00:22:23,705 --> 00:22:26,080 users. Users can interact with them. They can 608 00:22:26,080 --> 00:22:27,759 also interact with each other if they have 609 00:22:27,759 --> 00:22:29,519 the right set of hooks and identity and 610 00:22:29,519 --> 00:22:31,440 all those kinds of things. And in some 611 00:22:31,440 --> 00:22:33,759 cases, they're taking action on behalf of users 612 00:22:33,759 --> 00:22:35,600 because I can tell you not every user 613 00:22:35,600 --> 00:22:37,119 is reading the prompt and saying, like, oh, 614 00:22:37,119 --> 00:22:39,285 no. Don't do that. They're just Nexting their 615 00:22:39,585 --> 00:22:41,105 way through it. So you wanna make sure 616 00:22:41,105 --> 00:22:42,945 you understand what's out there. There's a ton 617 00:22:42,945 --> 00:22:44,325 of sprawl. Traditional 618 00:22:44,785 --> 00:22:45,285 I'm 619 00:22:45,904 --> 00:22:46,964 identity and access 620 00:22:47,424 --> 00:22:48,244 wasn't necessarily 621 00:22:48,704 --> 00:22:50,704 built for this kind of stuff. And now 622 00:22:50,704 --> 00:22:53,519 you have this explosion of potentially service principles, 623 00:22:53,660 --> 00:22:54,559 managed identities, 624 00:22:54,940 --> 00:22:57,500 all these other things within your environment that 625 00:22:57,500 --> 00:22:59,359 you need out there. So 626 00:22:59,980 --> 00:23:02,859 Microsoft three sixty five agent or agent three 627 00:23:02,859 --> 00:23:06,059 sixty five is a new offering that's gonna 628 00:23:06,059 --> 00:23:08,414 kinda wrap this together and give you a 629 00:23:08,414 --> 00:23:10,494 little bit of an umbrella and this control 630 00:23:10,494 --> 00:23:11,315 plane for 631 00:23:11,615 --> 00:23:13,454 AI agents. So one way you can think 632 00:23:13,454 --> 00:23:16,015 about this is maybe like the it's the 633 00:23:16,015 --> 00:23:17,315 Entra ID for agents 634 00:23:17,615 --> 00:23:20,654 without being Entra because there's identity components and 635 00:23:20,654 --> 00:23:21,714 management components 636 00:23:22,210 --> 00:23:24,130 and things that are out there. But I 637 00:23:24,130 --> 00:23:26,230 think it's gonna be really cool. It brings 638 00:23:26,850 --> 00:23:30,369 a registry component. So as agents are deployed 639 00:23:30,369 --> 00:23:32,789 in your environment, they'll enter into 640 00:23:33,330 --> 00:23:35,615 a single registry. So not just the ones 641 00:23:35,615 --> 00:23:38,414 that your IT department deploys, but over time 642 00:23:38,414 --> 00:23:39,315 as M365 643 00:23:39,694 --> 00:23:41,875 is seeing hooks and other things, they'll automatically 644 00:23:41,934 --> 00:23:43,394 add them to the registry 645 00:23:43,694 --> 00:23:45,615 that's out there. You'll be able to track 646 00:23:45,615 --> 00:23:48,220 your agents with unique IDs. You'll be able 647 00:23:48,220 --> 00:23:50,019 to see the agents that are like official 648 00:23:50,019 --> 00:23:52,099 in your organization. Maybe think about it as 649 00:23:52,099 --> 00:23:54,980 like registered versus unregistered. So you'll start to 650 00:23:54,980 --> 00:23:57,700 get visibility into stuff that you can't see 651 00:23:57,700 --> 00:23:59,799 out there. You get access control. 652 00:24:00,265 --> 00:24:02,765 So let's bring in, like, things like conditional 653 00:24:02,904 --> 00:24:03,804 access policies, 654 00:24:04,105 --> 00:24:06,984 risk based conditional access policies, being able to 655 00:24:06,984 --> 00:24:09,865 limit what agents can talk to and have 656 00:24:09,865 --> 00:24:12,345 that out there. And then this whole kind 657 00:24:12,345 --> 00:24:14,559 of monitoring component, so be able to come 658 00:24:14,559 --> 00:24:15,919 in and see what agents are out there, 659 00:24:15,919 --> 00:24:17,599 how are they performing, what are they doing, 660 00:24:17,599 --> 00:24:20,079 what are the impacts that agents are having 661 00:24:20,079 --> 00:24:21,059 on your organization. 662 00:24:21,599 --> 00:24:23,359 And then, of course, it all ties back 663 00:24:23,359 --> 00:24:26,154 to the security stuff as well. So things 664 00:24:26,154 --> 00:24:26,734 like Defender 665 00:24:27,035 --> 00:24:28,555 will have hooks in to be able to 666 00:24:28,555 --> 00:24:31,194 understand and try and detect inter agent to 667 00:24:31,194 --> 00:24:34,154 agent, user to agent service, attacks, things like 668 00:24:34,154 --> 00:24:35,934 that that are out there. You'll have Purview 669 00:24:36,075 --> 00:24:38,255 with all the data management components 670 00:24:38,799 --> 00:24:40,799 and all that stuff. So I think this 671 00:24:40,799 --> 00:24:42,420 is a good one. It kinda brings 672 00:24:43,839 --> 00:24:46,720 agents as better citizens in your environment. They 673 00:24:46,720 --> 00:24:48,559 all get lifted up, just kinda like your 674 00:24:48,559 --> 00:24:51,940 MSIs and SPNs and regular user accounts 675 00:24:52,404 --> 00:24:53,144 were. So 676 00:24:53,605 --> 00:24:56,265 less an afterthought, more front and center 677 00:24:56,724 --> 00:24:58,484 and ready to go for you. Right. You're 678 00:24:58,484 --> 00:25:00,325 starting to get all of those same security 679 00:25:00,325 --> 00:25:02,424 controls that you can apply to 680 00:25:02,884 --> 00:25:03,384 agents 681 00:25:03,845 --> 00:25:06,359 or security controls that you can apply to 682 00:25:06,359 --> 00:25:08,919 users also being able to apply to agents. 683 00:25:08,919 --> 00:25:09,880 Like you said, now you can go in 684 00:25:09,880 --> 00:25:12,359 and put DLP policies in place that agents 685 00:25:12,359 --> 00:25:13,639 have to adhere to. You can go put 686 00:25:13,639 --> 00:25:15,880 in conditional access policies that agents have to 687 00:25:15,880 --> 00:25:18,359 adhere to. So all of those different security 688 00:25:18,359 --> 00:25:20,525 controls so that, let's face it, an agent 689 00:25:20,525 --> 00:25:23,644 is kinda like a user going in and 690 00:25:23,644 --> 00:25:25,644 querying data and looking at data and accessing 691 00:25:25,644 --> 00:25:27,484 data and all of that. So from a 692 00:25:27,484 --> 00:25:30,045 security perspective, you do want a lot of 693 00:25:30,045 --> 00:25:32,845 those types of controls in place. And that's 694 00:25:32,845 --> 00:25:34,684 kind of the theme that I started picking 695 00:25:34,684 --> 00:25:36,769 up, at least from an IT pro perspective. 696 00:25:36,769 --> 00:25:38,130 As I was looking through the book of 697 00:25:38,130 --> 00:25:40,070 news as it's all the purview announcements 698 00:25:40,529 --> 00:25:43,490 are tied back to kinda like this agent 699 00:25:43,490 --> 00:25:45,650 three sixty five where it's all these purview 700 00:25:45,650 --> 00:25:47,269 features are focused on 701 00:25:47,625 --> 00:25:49,805 securing data that agents can access. 702 00:25:50,345 --> 00:25:50,845 All 703 00:25:51,384 --> 00:25:53,865 the interest security things are focused on we 704 00:25:53,865 --> 00:25:56,585 can now do conditional access and better access 705 00:25:56,585 --> 00:25:57,085 management 706 00:25:57,464 --> 00:26:00,285 for agents. And all the defender stuff is 707 00:26:00,470 --> 00:26:02,549 there's like a secure score for agents now. 708 00:26:02,549 --> 00:26:04,630 So you can go in and get how 709 00:26:04,630 --> 00:26:07,190 secure are my different agents. That seems to 710 00:26:07,190 --> 00:26:09,430 be a big overarching theme of all the 711 00:26:09,430 --> 00:26:11,910 individual announcements in the book of news from 712 00:26:11,910 --> 00:26:13,670 what I've read so far on the IT 713 00:26:13,670 --> 00:26:16,375 Pro stuff. Very much so. So I do 714 00:26:16,375 --> 00:26:17,674 hope it, like, coalesces 715 00:26:18,214 --> 00:26:21,174 and kinda does come together and make sense 716 00:26:21,174 --> 00:26:23,255 over time. I think things like having something 717 00:26:23,255 --> 00:26:25,255 like agent three sixty five there, at least 718 00:26:25,255 --> 00:26:27,894 like that centralized registry. Like, let's at least 719 00:26:27,894 --> 00:26:30,054 put all the metadata in the same place 720 00:26:30,054 --> 00:26:31,414 and then start to pull in some of 721 00:26:31,414 --> 00:26:34,210 the operational usage and centralize that as well. 722 00:26:34,429 --> 00:26:37,230 So just looking through and this stuff will 723 00:26:37,230 --> 00:26:39,149 probably change over time, but looking through some 724 00:26:39,149 --> 00:26:39,809 of the 725 00:26:40,109 --> 00:26:43,309 the media screenshots and things, having that registry 726 00:26:43,309 --> 00:26:45,144 is not gonna just tell you, like, the 727 00:26:45,144 --> 00:26:47,144 inventory of things that are out there, who's 728 00:26:47,144 --> 00:26:49,785 using it, potentially how much time they're saving, 729 00:26:49,785 --> 00:26:51,865 things like that. But you'll also be able 730 00:26:51,865 --> 00:26:52,845 to do stuff 731 00:26:53,144 --> 00:26:56,664 like apply those I'm policies, risk based conditional 732 00:26:56,664 --> 00:26:59,319 access policies. Because it's a registry and because 733 00:26:59,319 --> 00:27:01,240 agents are trying to access things in your 734 00:27:01,240 --> 00:27:03,480 environment, so let's say you are installing that 735 00:27:03,480 --> 00:27:06,679 new CRM agent and it wants access to 736 00:27:06,679 --> 00:27:09,160 a SharePoint site, things like that, you're gonna 737 00:27:09,160 --> 00:27:11,400 have the ability to block those flows by 738 00:27:11,400 --> 00:27:13,904 default and then be able to kinda do, 739 00:27:13,904 --> 00:27:15,125 hey. I'm gonna register 740 00:27:15,585 --> 00:27:18,144 this agent. So as an admin, now you're 741 00:27:18,144 --> 00:27:20,384 gonna have operational controls to do things like 742 00:27:20,384 --> 00:27:22,724 go in and approve pending request for agents. 743 00:27:22,865 --> 00:27:24,779 You'll be able to see ownerless agents. So, 744 00:27:24,859 --> 00:27:26,539 again, let's tie that back to metadata and 745 00:27:26,539 --> 00:27:29,019 that registry, have it all all together. You'll 746 00:27:29,019 --> 00:27:29,840 be able to provide 747 00:27:30,220 --> 00:27:30,720 exceptions 748 00:27:31,180 --> 00:27:32,000 for agents. 749 00:27:32,299 --> 00:27:34,380 Unclear, like, what those are, those, like, time 750 00:27:34,380 --> 00:27:35,279 bound exceptions, 751 00:27:35,660 --> 00:27:37,235 or, like like like, what do they need 752 00:27:37,235 --> 00:27:38,875 to be? But I think there's gonna be 753 00:27:38,875 --> 00:27:41,914 a bunch of good, like, operational control there 754 00:27:41,914 --> 00:27:43,835 and just baked in at the top layer 755 00:27:43,835 --> 00:27:45,994 of the admin experience for m three sixty 756 00:27:45,994 --> 00:27:48,154 five. So this isn't gonna be buried in 757 00:27:48,154 --> 00:27:50,315 some submenu or things like that. You're gonna 758 00:27:50,315 --> 00:27:52,769 have, like, Copilot, your users, your role, your 759 00:27:52,769 --> 00:27:55,250 billing agents just sitting right there at the 760 00:27:55,250 --> 00:27:56,390 top and screaming 761 00:27:56,849 --> 00:27:59,089 in your face. And I think Microsoft also 762 00:27:59,089 --> 00:28:00,210 is trying to, like, set a little bit 763 00:28:00,210 --> 00:28:01,890 of expectations just from looking at some of, 764 00:28:01,890 --> 00:28:04,450 like, the marketing screenshots and stuff. So kind 765 00:28:04,450 --> 00:28:06,825 of the one for the overview dashboard has 766 00:28:07,065 --> 00:28:08,744 environment with 58,000 767 00:28:08,744 --> 00:28:09,724 active users 768 00:28:10,505 --> 00:28:13,865 and an agent inventory of 26,000 769 00:28:13,865 --> 00:28:15,625 plus. So I think that'll give you an 770 00:28:15,625 --> 00:28:18,105 idea of the sprawl and potentially what you're 771 00:28:18,105 --> 00:28:20,105 talking about managing. But even if you're a 772 00:28:20,105 --> 00:28:20,924 small organization, 773 00:28:21,450 --> 00:28:23,849 I bet you could see potentially hundreds, if 774 00:28:23,849 --> 00:28:26,589 not thousands, of these things just running around 775 00:28:26,730 --> 00:28:28,569 and doing stuff on behalf of your users, 776 00:28:28,569 --> 00:28:30,890 and it's all gotta be controlled. Yes. Agent 777 00:28:30,890 --> 00:28:33,609 sprawl is absolutely a real thing. I'm glad. 778 00:28:33,609 --> 00:28:36,295 I mean, I would have 100% hoped Microsoft 779 00:28:36,355 --> 00:28:37,954 wouldn't have missed the need for that, but 780 00:28:37,954 --> 00:28:39,714 I'm glad to see they did recognize the 781 00:28:39,714 --> 00:28:41,555 need for that. Now, are seem to be 782 00:28:41,555 --> 00:28:43,714 addressing it in a big way in the 783 00:28:43,714 --> 00:28:45,734 coming months to help organizations 784 00:28:46,115 --> 00:28:48,855 manage that agent sprawl, agent security 785 00:28:49,315 --> 00:28:50,535 because it was 786 00:28:51,049 --> 00:28:52,190 absolutely desperately 787 00:28:52,650 --> 00:28:54,410 needed in the platform. Alright. Well, Ted, I 788 00:28:54,410 --> 00:28:55,849 think it takes us through a little bit 789 00:28:55,849 --> 00:28:57,529 of a high level. Again, for folks, if 790 00:28:57,529 --> 00:28:59,450 you're listening to that this week, we hope 791 00:28:59,450 --> 00:29:01,130 you go out, check out some of the 792 00:29:01,130 --> 00:29:03,289 sessions. We'd love to hear about what you 793 00:29:03,289 --> 00:29:03,789 learned. 794 00:29:04,125 --> 00:29:05,964 Please reach out to either Better Myself on 795 00:29:05,964 --> 00:29:07,984 LinkedIn or the podcast page, 796 00:29:08,445 --> 00:29:11,265 and let us know what was exciting and 797 00:29:11,724 --> 00:29:14,525 interesting for you, and we'll see you for 798 00:29:14,525 --> 00:29:15,964 the next one. You'll hear us for the 799 00:29:15,964 --> 00:29:17,484 next one. You'll hear us for the next 800 00:29:17,484 --> 00:29:18,845 one. Yeah. I don't know that we'll hear 801 00:29:18,845 --> 00:29:20,570 them. But yeah. And I'm sure we'll have 802 00:29:20,570 --> 00:29:22,250 some follow-up episodes on some of this too 803 00:29:22,250 --> 00:29:24,490 going into more details around certain aspects of 804 00:29:24,490 --> 00:29:27,230 this. So thanks. Enjoy your week. Enjoy 805 00:29:27,529 --> 00:29:29,609 sunny, warm Florida while I've been raining cold 806 00:29:29,609 --> 00:29:31,529 San Francisco. Well, it's a remote ignite for 807 00:29:31,529 --> 00:29:33,754 me, so I can't complain about the weather. 808 00:29:33,815 --> 00:29:34,315 But 809 00:29:34,615 --> 00:29:36,054 I'll let you have fun this week. Hope 810 00:29:36,054 --> 00:29:37,815 you feel better, and we'll talk to you 811 00:29:37,815 --> 00:29:39,734 next time. Thanks, Ben. Thanks. Talk to another 812 00:29:39,734 --> 00:29:40,234 Scott. 813 00:29:42,134 --> 00:29:44,369 If you enjoyed the podcast, go leave us 814 00:29:44,369 --> 00:29:46,609 a five star rating in iTunes. It helps 815 00:29:46,609 --> 00:29:48,289 to get the word out so more IT 816 00:29:48,289 --> 00:29:50,529 pros can learn about Office three sixty five 817 00:29:50,529 --> 00:29:51,190 and Azure. 818 00:29:51,730 --> 00:29:53,329 If you have any questions you want us 819 00:29:53,329 --> 00:29:55,490 to address on the show, or feedback about 820 00:29:55,490 --> 00:29:57,890 the show, feel free to reach out via 821 00:29:57,890 --> 00:30:00,069 our website, Twitter, or Facebook. 822 00:30:00,415 --> 00:30:02,175 Thanks again for listening, and have a great 823 00:30:02,175 --> 00:30:02,675 day.