M365.FM - Modern work, security, and productivity with Microsoft 365

The Probability Shift: How AI is Rewriting Power Platform Design

Most Power Platform automations are failing for one simple reason: they were built for a world that no longer exists. Traditional low-code systems depend on rigid “if-then” logic, clean data, and predictable inputs. But modern enterprise data is chaotic, unstructured, and constantly changing. The result is what many organizations are experiencing right now — brittle automations that collapse the moment reality gets messy. This episode explores the massive architectural shift happening across the Power Platform ecosystem as AI transforms automation from deterministic logic into probabilistic design. Instead of asking, “Is this exactly correct?” modern systems ask, “How likely is this to be correct?” That subtle change is rewriting how enterprise workflows are designed, governed, and scaled. THE DEATH OF DETERMINISTIC AUTOMATION For years, enterprise automation depended on exact matches and structured logic. If a field matched perfectly, the flow continued. If a single character changed, the system failed. That worked when business data lived inside carefully structured databases. But today, most enterprise information exists in emails, PDFs, Teams chats, voice transcripts, and unstructured documents. Traditional Power Automate flows struggle in this environment because they cannot understand context or intent. A deterministic system sees “Invoice 202” and “Inv-202” as completely unrelated values. AI-powered systems see similarity instead of exactness. That shift changes everything. KEY TOPICS COVERED * Why rigid low-code automations keep breaking * The rise of probabilistic workflow design * How confidence scores redefine governance * Why fuzzy matching matters more than exact matching The future of automation is not about perfection. It is about resilience. THE RISE OF CONFIDENCE-BASED ROUTING One of the biggest changes AI introduces into Power Platform design is the concept of the confidence score. Instead of binary true-or-false logic, AI models return probabilities that quantify uncertainty. That means workflows can finally understand doubt instead of pretending certainty always exists. This episode breaks down the architecture behind confidence-based routing and explains how modern Power Platform solutions now separate actions into Green, Yellow, and Red confidence zones. High-confidence outputs move automatically. Medium-confidence results trigger human review. Low-confidence outputs are rejected or escalated before they damage production systems. WHY CONFIDENCE SCORES MATTER * They expose uncertainty instead of hiding it * They reduce silent automation failures * They align business risk with automation logic * They enable scalable human-in-the-loop governance This is the foundation of what the episode calls the “Approximate Enterprise” — a world where systems are designed to tolerate ambiguity instead of collapsing because of it. FUZZY MATCHING AND SEMANTIC LOGIC The conversation also dives deep into fuzzy matching, semantic reasoning, and the evolution from character-based automation toward meaning-based automation. Traditional systems compare syntax. AI compares concepts. That means a probabilistic system can understand that “IBM” and “I.B.M.” likely refer to the same entity, or that “Customer” and “Client” often represent identical business meaning. This dramatically increases match rates and reduces the amount of manual cleanup required to keep workflows operational. The episode explores how techniques like Levenshtein distance, semantic embeddings, and AI-powered classification are changing the way architects design resilient low-code systems capable of handling imperfect human-generated data. BUILDING SELF-CORRECTING WORKFLOWS AI systems are powerful, but they hallucinate. That reality forces architects to rethink reliability from the ground up. Instead of trying to eliminate every error, modern workflow design focuses on recovery, validation, and self-correction. This episode introduces the Dual-Path Validation pattern, where AI handles soft reasoning tasks while deterministic systems enforce hard constraints. Large Language Models extract intent and contextual meaning, while traditional logic validates totals, calculations, compliance rules, and financial accuracy. MODERN SELF-HEALING DESIGN PRINCIPLES * Never let an LLM handle critical calculations alone * Separate reasoning layers from validation layers * Use deterministic systems as verification engines * Design recovery paths instead of assuming perfection The result is a workflow architecture capable of adapting instead of crashing when the unexpected happens. THE HUMAN-IN-THE-LOOP REALITY One of the most important themes in this episode is that AI does not eliminate humans from automation — it changes their role entirely. Most enterprise AI workflows still require human verification, especially for medium-confidence outputs and high-risk decisions. Instead of acting as data-entry operators, humans become reviewers, governors, and exception handlers. Successful automation strategies build verification directly into the architecture instead of treating it like a temporary workaround. This shift transforms productivity models across the enterprise. Teams stop wasting time on repetitive tasks and focus instead on reviewing edge cases that genuinely require human judgment. THE AGENTIC ENTERPRISE The episode concludes by exploring the rise of the Agentic Enterprise — a future where AI agents become first-class digital workers operating inside orchestrated low-code environments. Instead of static flows solving narrow problems, intelligent agents dynamically evaluate context, select tools, adapt behavior, and route work autonomously. Power Platform is rapidly evolving from an app builder into an orchestration layer for AI-driven business operations. Governance, security, compliance, and automation are all becoming probabilistic systems driven by confidence, anomaly detection, and behavioral analysis. The organizations that continue building brittle “if-then” systems will spend the next decade trapped in maintenance cycles. The organizations that embrace probabilistic architecture will build workflows capable of adapting at the speed of modern business. FINAL THOUGHTS The probability shift is not just another AI trend. It is a fundamental redesign of how enterprise systems think, adapt, and survive uncertainty. Low-code development is moving away from rigid syntax and toward semantic understanding, confidence-driven governance, and resilient self-correcting architectures. If your Power Automate flows are constantly failing because of messy inputs, inconsistent formatting, or unstructured data, this episode provides a blueprint for building systems that bend instead of break. Follow M365FM for deeper conversations on AI architecture, Power Platform governance, automation resilience, Copilot Studio, and the future of intelligent enterprise design. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].

M365 Backup Isn't Enough: The Case for Isolated Vault Architecture

Most IT leaders still believe Microsoft 365 native redundancy equals protection. It doesn’t. High Availability was designed to keep services running, not to recover your business after a destructive attack. The same synchronization engine that delivers collaboration at cloud speed can also replicate corruption, ransomware, and deletion events instantly across your environment. In 2026, the biggest threat isn’t infrastructure failure. It’s the assumption that synchronization equals safety. The reality is brutal. When ransomware hits a tenant, Microsoft 365 replication works perfectly. Every encrypted file, every malicious edit, and every destructive change is synchronized across SharePoint, OneDrive, and Teams before security teams can react. Native redundancy protects uptime, not integrity. And attackers know it. THE SYNCHRONIZATION TRAP Modern cloud environments are built around real-time replication. That speed is excellent for productivity but catastrophic during a cyberattack. The moment a malicious script starts modifying data, the platform distributes those changes everywhere. What most organizations think is “backup” is often just another synchronized copy of compromised data. The 501-version attack proves how dangerous this design really is. Many administrators believe version history acts like a recovery vault. It doesn’t. Versioning is simply metadata attached to a file. If attackers perform enough automated edits, the clean versions disappear permanently. Using Microsoft Graph API automation, ransomware groups can wipe recovery history across thousands of files in minutes. KEY RISKS INSIDE THE SYNC TRAP * Version history can be overwritten intentionally * Recycle Bin protections can be bypassed or emptied * Graph API automation accelerates tenant-wide destruction * Recovery points remain connected to production identity systems The problem isn’t that Microsoft 365 is broken. The problem is that it performs exactly as designed. The sync engine does not understand intent. It simply moves data faster than humans can respond. THE SINGLE IDENTITY FAILURE Most organizations unknowingly place production data and backup systems behind the same identity perimeter: Microsoft Entra ID. That means one compromised Global Admin account can potentially access both the live environment and the “protected” recovery environment. At that point, your backup isn’t isolated. It’s just another room inside the same burning building. This is where the modern ransomware model becomes devastating. Attackers no longer focus only on passwords. They target OAuth consent flows, application registrations, and persistent tokens that bypass MFA entirely. Once malicious applications receive broad Graph API permissions, they can manipulate production data and backup repositories simultaneously. WHY NATIVE IMMUTABILITY FAILS * Shared identity boundaries create a single blast radius * Backup systems often trust the same compromised credentials * OAuth abuse bypasses traditional authentication defenses * Immutable storage becomes meaningless if attackers can disable it True isolation requires a completely separate trust boundary. Without identity separation, there is no air-gap. There is only the illusion of one. THE COMPLIANCE AND LEGAL EXPOSURE The regulatory landscape is changing rapidly. Frameworks like SEC Rule 17a-4, NIS2, and DORA increasingly focus on provable resilience and immutable record retention. Regulators don’t just want protected data. They want assurance that compromised administrators cannot manipulate that data retroactively. Native Microsoft 365 retention policies often fail this test because the audit trail lives inside the same operational boundary as the production tenant. If attackers compromise the environment, they can potentially alter retention settings, remove evidence, or destroy chain-of-custody records. The legal implications are becoming personal. CISOs and executives can now face direct accountability for “recovery negligence” if investigators determine that production and recovery systems lacked proper isolation. High Availability is not the same as immutable storage, and regulators increasingly understand the difference. THE REAL COST OF NATIVE BACKUP Many organizations assume native backup solutions are cheaper because they are integrated directly into Microsoft 365. But the economics tell a different story. Native environments accumulate massive storage bloat from deleted items, preservation hold libraries, version histories, and duplicate replicas. At enterprise scale, this becomes extremely expensive. Two petabytes of protected Microsoft 365 data can generate hundreds of thousands of dollars annually in Azure storage charges. Meanwhile, isolated vault architectures using object storage platforms can reduce costs dramatically while increasing security and resilience. THE ADVANTAGES OF ISOLATED VAULT ARCHITECTURE * Separate identity perimeter from production systems * WORM-based immutable object storage * Lower long-term storage costs * Clean-room recovery capabilities * Independent compliance and audit validation The isolated vault model doesn’t just improve security. It fundamentally changes the economics of long-term recovery strategy. BUILDING A TRUE ISOLATED VAULT The future of resilience is identity-first architecture. That means creating a completely separate Entra tenant dedicated solely to backup and recovery operations. No synchronization. No federation. No shared privileged accounts. The recovery environment must remain invisible to compromised production identities. Inside that isolated environment, organizations should implement immutable WORM storage with vault locks that cannot be disabled by administrators. Recovery operations should require multi-party approval workflows, ensuring no single compromised identity can destroy protected recovery data. Modern recovery also requires clean-room restoration. When ransomware compromises a tenant, the production environment becomes contaminated. Organizations must restore data into isolated forensic sandboxes first, validate integrity, scan for dormant threats, and only then reconnect restored workloads to operational systems. ZERO TRUST FOR BACKUP IDENTITY Backup infrastructure should behave like a ghost. Invisible, isolated, and inaccessible from the production network. Managed identities eliminate static credentials, Zero Trust Network Access removes public exposure, and behavioral analytics detect anomalous token usage before attackers can pivot deeper into recovery infrastructure. The core principle is simple: if your production identities can see the vault, attackers can too. Isolation isn’t optional anymore. It is the foundation of modern cyber resilience. FINAL THOUGHTS The shift from redundancy to resilience is one of the most important architectural transformations facing Microsoft 365 organizations today. Native synchronization protects uptime, but isolated vault architecture protects survival. The organizations that understand this distinction will recover from the next generation of attacks. The ones that don’t may discover too late that their backup was never truly separate from the disaster itself. Subscribe to M365FM for deeper conversations on cyber resilience, Microsoft 365 architecture, compliance strategy, and the future of isolated recovery design. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].

How Enterprises Should Govern Microsoft Copilot

Microsoft Copilot is not just another productivity tool. It is a structural stress test for your entire Microsoft 365 environment. Most organizations still operate under a legacy “open by default” mindset built for human navigation, but AI changes the equation completely. Copilot can surface sensitive files, forgotten SharePoint content, orphaned Teams channels, and years of overshared documents within seconds. The challenge is not whether Copilot respects permissions—it does. The real problem is that most enterprise permissions were never designed for machine-speed retrieval. In this episode, we break down why governance—not licensing—is now the single most important factor in successful Copilot deployment. WHY “OUT-OF-THE-BOX” SECURITY ISN’T ENOUGH Many organizations assume Copilot is secure because it only shows users content they already have access to. But decades of poor SharePoint hygiene, inherited permissions, and “Everyone except external users” groups have created a massive visibility gap inside most tenants. AI eliminates obscurity. Sensitive documents hidden deep inside legacy sites are no longer difficult to find. Copilot can instantly synthesize and summarize information that employees were never actively searching for before. This episode explains how oversharing becomes exponentially more dangerous in the AI era and why organizations must move from “trust by default” to “verify by context.”  KEY TOPICS COVERED * The “Oversharing Multiplier” and why legacy SharePoint permissions are now a major AI risk * How indirect prompt injection attacks like EchoLeak and Reprompt change enterprise security models * Why traditional DLP is no longer enough for AI-powered workflows * How Microsoft Purview becomes the governance backbone for Copilot deployments THE NEW AI ATTACK SURFACE Copilot introduces a completely new category of enterprise risk. Instead of malware or traditional exploits, organizations now face natural-language attacks that manipulate AI behavior through documents, emails, and embedded instructions. The episode explores how Retrieval-Augmented Generation (RAG) pipelines can unintentionally process malicious instructions hidden inside business content. We discuss why prompt injection is becoming the “SQL injection” of the generative AI era and how enterprises must rethink security boundaries around prompts, context windows, and AI interactions themselves.  RISK-TIERED DEPLOYMENT STRATEGIES Turning Copilot on for everyone at once is one of the biggest mistakes organizations make. Instead, successful enterprises are following a tiered rollout model. Tier 0 focuses entirely on remediation and data cleanup before any licenses are assigned. Tier 1 introduces Copilot to low-risk technical users and Centers of Excellence. Tier 2 expands adoption to broader business units like sales and marketing, while Tier 3 is reserved for highly sensitive domains such as Finance, HR, and Legal. This episode explains how a phased deployment model prevents rollout failures, reduces governance panic, and creates measurable ROI over time.  GOVERNANCE STRATEGIES DISCUSSED * Restricted SharePoint Search as a temporary containment mechanism * Adaptive scopes and sensitivity labels inside Microsoft Purview * Prompt-level DLP enforcement for AI interactions * Lifecycle management for AI-generated content and summaries PURVIEW, DLP, AND AI GOVERNANCE IN 2026 Microsoft Purview is evolving into the operational control plane for enterprise AI. In this episode, we explore how Purview enables organizations to classify content dynamically, monitor AI interactions in real time, and enforce AI-specific governance policies. We also discuss the rise of Interaction DLP—security controls designed specifically for prompts and generated responses rather than static files. From preventing sensitive prompts from reaching external web grounding to monitoring AI-generated summaries, modern governance now operates directly inside the interaction layer itself.  THE EXECUTIVE TRUST PARADOX Enterprise leaders understand that AI is strategically necessary, but many still lack confidence in their organization’s data foundation. This creates what we call the “Executive Trust Paradox”—the tension between urgency to deploy AI and fear of catastrophic oversharing or hallucination events. The episode explores why governance maturity—not technology maturity—is now the primary blocker for enterprise-scale Copilot adoption. We also discuss how telemetry, auditability, and measurable controls help organizations move from policy theater to operational reality.  BUILDING A GOVERNANCE-AWARE CULTURE Technology alone will not solve AI governance challenges. Organizations must also close the “Prompt Literacy” gap by teaching employees how to interact with AI systems responsibly and effectively. We explain why prompting is becoming a core digital skill and why governance frameworks must include training, departmental AI champions, human-in-the-loop verification, and clear accountability standards for AI-generated content. Successful Copilot deployments are ultimately built on a combination of technical controls, operational discipline, and cultural maturity.  IN THIS EPISODE YOU’LL LEARN * Why Copilot exposes existing governance failures instead of creating new ones * How enterprises should structure AI rollout tiers based on risk * The role of Microsoft Purview in AI governance and compliance * Why AI-generated content requires lifecycle management and retention policies * How organizations can measure realized ROI instead of theoretical productivity gains * Why governance-aware culture is now a competitive advantage Microsoft Copilot has the potential to fundamentally transform enterprise productivity, but only if organizations treat governance as infrastructure instead of a compliance afterthought. AI success is no longer determined by who buys the licenses first. It is determined by who builds the safest, cleanest, and most governable digital estate. This episode delivers a practical roadmap for IT leaders, architects, security teams, and executives navigating the future of Microsoft 365 AI governance in 2026 and beyond. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].

Too Many Places for Notes: Navigating OneNote, Loop, Copilot, and More with Karinne Diamond Bessette [MVP]

In this episode of the m365.fm podcast, Mirko Peters sits down with Microsoft MVP, educator, technical storyteller, and community leader Karinne Diamond Bessette to explore one of the biggest productivity challenges in the modern workplace: information chaos. Between OneNote, Loop, Teams, Copilot, Planner, Whiteboard, Outlook, and SharePoint, employees today have more places than ever to store ideas, tasks, meeting notes, project updates, and collaborative content. The result? Many organizations struggle to decide where information should actually live and how to keep everything organized, searchable, and actionable. THE EVOLUTION OF MICROSOFT 365 COLLABORATION Karinne shares her journey from support engineering and operations into the world of enablement, technical storytelling, and Microsoft 365 advocacy. Her experience helping both technical and non-technical users gives her a unique perspective on how collaboration tools should work in real-world environments. Throughout the episode, she repeatedly emphasizes the importance of translating technology into something humans can actually understand and use effectively. One of the central themes in the discussion is the growing complexity of the Microsoft 365 ecosystem. What once started as a productivity suite focused on Word, Excel, and Outlook has evolved into a massive connected collaboration platform with overlapping tools, AI integrations, and constantly changing workflows. Karinne explains that while flexibility is valuable, it also creates a major challenge for users trying to decide where to create notes, how to manage information, and how to avoid duplication. WHY ONENOTE STILL MATTERS The conversation dives deeply into the evolution of note-taking itself. Karinne explains how she originally moved from scattered text files on her desktop into OneNote because it allowed her to centralize and search information more effectively. However, she also introduces one of the most memorable quotes of the episode: “OneNote is where notes go to die.” The problem, according to Karinne, is not that OneNote is bad. The issue is that many users capture information inside notebooks but never revisit it, organize it properly, or connect it to actionable workflows. Important ideas often disappear into large personal notebook structures without reminders, visibility, or collaboration. HOW LOOP IS CHANGING TEAMWORK This naturally leads into one of the episode’s biggest topics: Microsoft Loop. Karinne explains why Loop has become one of her favorite tools inside the Microsoft ecosystem. She describes Loop as a bridge between email, Teams, tasks, and collaborative content. Rather than creating multiple copies of information across different applications, Loop allows users to maintain a single shared component that stays synchronized everywhere it appears. This creates what she calls a “single source of truth” experience for collaboration. The episode explores several practical use cases where Loop becomes extremely powerful: * Shared meeting notes * Collaborative task tracking * Persistent project updates * Cross-team coordination One of the most interesting insights from the discussion is that many organizations are already using Loop without realizing it. Karinne explains how modern Microsoft Teams meeting notes now automatically generate Loop-powered collaborative pages behind the scenes. Instead of meeting notes disappearing inside endless Teams chats, organizations can now maintain persistent collaborative workspaces connected to tasks, updates, and shared action items. COPILOT PAGES, NOTEBOOKS & AI CONTEXT The conversation also dives into Microsoft Copilot Pages and Copilot Notebooks, which Karinne sees as the next evolution of contextual AI collaboration. These tools allow organizations to gather multiple information sources into centralized workspaces that can then ground AI responses against a specific project context. Karinne shares a practical example from a large event project where she combined: * Emails * Teams messages * Planning calls * Loop pages into one centralized notebook. She was then able to ask Copilot to generate summaries, identify action items, and surface the most relevant information for her specific responsibilities during the event. Tasks that previously would have required hours of manual review were completed in minutes. THE FUTURE OF ENTERPRISE SEARCH Another major theme throughout the episode is enterprise search and how AI is fundamentally changing the way organizations retrieve information. Karinne explains that traditional folder structures and file organization are becoming less important because Copilot increasingly understands context, relationships, and semantic meaning rather than relying purely on filenames or locations. She shares an example where she could not manually locate an old PowerPoint presentation but was able to ask Copilot about a presentation tied to a specific event date — and the AI surfaced the correct file almost instantly. This shift toward contextual search represents one of the biggest changes in knowledge management the Microsoft ecosystem has ever seen. WHY GOVERNANCE & METADATA MATTER MORE THAN EVER The discussion also highlights the growing importance of metadata, governance, and information hygiene in the AI era. Karinne introduces the concept of “ROT data,” which stands for: * Redundant * Obsolete * Trivial content that pollutes enterprise systems and weakens AI-generated responses. She explains that organizations now face an urgent challenge: AI systems can only be as trustworthy as the information they are trained or grounded on. If outdated documents, duplicated files, poor metadata, or irrelevant content dominate enterprise storage systems, AI tools may surface inaccurate or misleading information. Because of this, Karinne strongly advocates for better governance practices, including document ownership, lifecycle management, expiration reviews, and relevance monitoring. She also discusses how Microsoft is beginning to introduce mechanisms that reduce the importance of stale or untouched content inside AI-powered search experiences. ENABLEMENT IS THE MISSING PIECE Another powerful part of the episode focuses on workplace enablement and digital adoption. Karinne believes organizations need more people acting as translators between technical systems and business users. She explains that technology alone does not create productivity. Companies need internal champions who can guide users, simplify concepts, encourage learning, and help teams understand how tools should actually fit into their daily workflows. The episode highlights how organizations often underestimate the importance of: * Training * Adoption programs * Internal champions * Learning culture without realizing these elements are often the real reason technology projects succeed or fail. AI, CREATIVITY & HUMAN COLLABORATION The episode also touches on AI creativity, collaboration, and the fear that AI may reduce human thinking. Karinne strongly disagrees with the idea that AI makes people less intelligent. Instead, she sees AI as a brainstorming partner and creative accelerator that can help users refine ideas, organize concepts, and improve communication. She shares examples of using AI to enhance presentation structures, storytelling, and content development while still relying heavily on human expertise and editing. According to Karinne, AI works best when humans stay actively involved in shaping the final outcome. THE FUTURE OF WORK INSIDE MICROSOFT 365 Toward the end of the conversation, the discussion shifts toward future Microsoft 365 trends. Karinne highlights how Microsoft is increasingly moving toward AI-grounded collaboration, context-aware productivity, integrated workspaces, and agent-driven workflows. She believes the future of work will rely less on manually navigating applications and more on AI systems capable of understanding intent, surfacing context, and orchestrating workflows automatically. The conversation paints a picture of a future where collaboration becomes: * More contextual * More intelligent * More connected * More AI-assisted while still requiring strong governance, clean information architecture, and Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].

Secure-by-Design AI: Protecting MLOps in the Microsoft Cloud with Martin Dimovski [MVP-MCT]

In this episode of the m365.fm podcast, Mirko Peters sits down with Microsoft MVP, MCT, cloud security expert, and community leader Martin Dimovski to explore one of the most important topics in modern enterprise IT: securing AI workloads and MLOps environments inside the Microsoft Cloud. Together, they dive deep into secure-by-design architecture, AI security risks, DevSecOps, Prompt Injection attacks, identity protection, Microsoft Defender, GitHub Advanced Security, and the future of AI-driven cyber threats. Martin shares his personal journey from IT support engineer into cloud security and AI security architecture, explaining how years of experience in infrastructure, Azure, DevOps, and Microsoft technologies ultimately pushed him toward cybersecurity and AI governance. The discussion highlights why AI security is no longer optional and why organizations that move too fast without proper security foundations could face major problems in the coming years. WHY AI SECURITY MATTERS NOW MORE THAN EVER One of the strongest themes throughout this episode is the speed at which organizations are deploying AI systems without fully understanding the security implications behind them. Martin explains that many companies are currently: * Deploying AI solutions rapidly * Experimenting with LLM integrations * Building AI agents * Creating cloud-native AI workloads * Using open-source AI models * Integrating APIs into production environments But at the same time, organizations often forget the security fundamentals that should protect these environments. The conversation explores how AI introduces completely new attack surfaces while simultaneously amplifying existing security problems. WHAT “SECURE-BY-DESIGN” REALLY MEANS A major focus of the episode is understanding the concept of secure-by-design architecture. Martin explains that security should never be added after development is complete. Instead, security conversations must begin at the very first design phase of any application or AI project. The discussion covers: * Threat modeling * Architectural reviews * Identity security * Authentication planning * Secure pipelines * Infrastructure protection * Secure APIs * Data governance Martin shares why collaboration between developers, architects, DevOps engineers, and security teams is absolutely essential for building resilient AI systems. One of the key takeaways: Security teams should not become blockers for innovation — they should become partners in building secure systems. UNDERSTANDING MLOPS & DEVSECOPS For listeners newer to AI infrastructure topics, Martin breaks down the differences between: * DevOps * DevSecOps * MLOps * Secure AI pipelines The episode explains how machine learning operations combine infrastructure, automation, data engineering, model deployment, and monitoring into one continuous operational process. Martin also highlights why traditional security approaches are no longer enough once organizations start integrating: * Large Language Models * AI agents * Cloud AI services * AI APIs * AI orchestration pipelines The discussion shows how modern security must now cover not only infrastructure and applications, but also models, prompts, training data, inference pipelines, and AI-generated outputs. THE REAL DANGER OF PROMPT INJECTION One of the most fascinating parts of the episode is Martin’s explanation of Prompt Injection attacks. Using simple real-world analogies, Martin explains how attackers manipulate Large Language Models by overriding or bypassing original system instructions. The conversation explores: * Direct Prompt Injection * Indirect Prompt Injection * AI manipulation * LLM instruction abuse * Malicious prompts * Unsafe AI agents * Context hijacking * Data extraction risks Martin explains why prompt injection is becoming one of the most discussed attack vectors in AI security today and why organizations need to start thinking about AI trust boundaries immediately. THE HIDDEN RISK OF OPEN-SOURCE MODELS Another major topic is the increasing use of publicly available AI models. Martin shares concerns around: * Downloading unverified models * Compromised Hugging Face repositories * Malicious AI packages * Unsafe dependencies * Supply-chain attacks * API key exposure * Secret leakage * Public model poisoning The discussion highlights how organizations may unknowingly introduce compromised models directly into production environments. This section serves as a major warning for companies rushing into AI adoption without proper governance and validation processes. WHY IDENTITY SECURITY IS EVERYTHING Identity and access management become another core theme throughout the episode. Martin strongly emphasizes the importance of: * Microsoft Entra ID * Privileged Identity Management * Just-In-Time access * Least privilege * Identity governance * Access reviews * Role separation * Conditional Access One of the strongest lessons from the conversation is that attackers often do not need to break systems — they simply abuse existing permissions and weak access configurations. Martin explains why organizations should avoid giving permanent privileged access and instead embrace short-lived administrative permissions wherever possible. MICROSOFT DEFENDER & AI SECURITY The episode also dives deeply into the Microsoft security ecosystem and how Microsoft Defender is evolving to protect AI workloads. Martin discusses: * Microsoft Defender for Cloud * Defender XDR * AI workload monitoring * Real-time scanning * Azure AI Foundry protection * Threat visibility * Security telemetry * Cloud-native protection According to Martin, Microsoft Defender is becoming one of the most powerful unified security platforms for organizations heavily invested in Microsoft technologies.  Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].