Building Multi-Agent AI Systems with Copilot Studio: From Ideas to Intelligent Automation with David Lorenzo Lopez [MVP]

Building Multi-Agent AI Systems with Copilot Studio: From Ideas to Intelligent Automation with David Lorenzo Lopez [MVP]

Artificial Intelligence is rapidly evolving from simple chatbots into sophisticated multi-agent systems capable of automating complex business processes, collaborating across services, and delivering real business value. In this episode of the M365 Podcast, Mirko Peters sits down with Microsoft MVP David Lorenzo Lopez to explore the future of intelligent automation and how organizations can leverage Microsoft Copilot Studio, Azure AI Foundry, and the Microsoft Agent Framework to build scalable AI solutions.David shares his journey from web development and .NET programming to becoming a leading voice in AI-driven automation. He explains how the arrival of GPT models transformed the technology landscape and why the real challenge today is no longer generating impressive demos but creating measurable business outcomes with AI. WHAT ARE MULTI-AGENT AI SYSTEMS? One of the core topics of this conversation is the concept of multi-agent systems. David compares modern AI architectures to the evolution from monolithic applications to microservices. Instead of building one giant AI agent responsible for everything, organizations can create specialized agents focused on individual tasks and orchestrate them through a central coordinator.Key benefits include: * Improved scalability and maintainability * Better task specialization and accuracy * Easier testing and optimization * Reusable AI components across multiple business scenarios * Greater control over automation workflows COPILOT STUDIO VS AZURE AI FOUNDRY Microsoft now offers multiple ways to build AI-powered solutions, and David explains when to choose each platform.The discussion covers how Copilot Studio enables rapid low-code development using Power Platform integrations, while Azure AI Foundry provides greater flexibility, customization, and scalability for advanced AI implementations. As Microsoft continues to integrate these platforms, organizations have more options than ever to match their technical and business requirements.Topics covered include: * Copilot Studio connected agents * Azure AI Foundry orchestration * MCP connectors * Knowledge integration * Low-code versus pro-code development * AI workflow design patterns HUMAN-IN-THE-LOOP AND RESPONSIBLE AI While autonomous AI systems are becoming more capable, David strongly advocates for maintaining human oversight in critical business processes. He explains why AI should support decision-making rather than completely replace it, especially when financial, legal, or operational risks are involved.The conversation explores: * Approval workflows * Human validation processes * Governance strategies * Compliance considerations * Risk mitigation for AI automation MICROSOFT AGENT FRAMEWORK AND THE FUTURE OF AI DEVELOPMENT A major highlight of the episode is Microsoft's new Agent Framework. David explains how the framework combines capabilities from Semantic Kernel and other Microsoft AI initiatives to create a powerful platform for building enterprise-grade agents.Listeners will learn how developers can: * Create custom AI agents * Build complex orchestration workflows * Deploy scalable AI solutions * Integrate with Azure services * Develop reusable intelligent systems GOVERNANCE, SECURITY, AND THE EU AI ACT As AI adoption accelerates across Europe, governance and compliance have become essential topics. David discusses how Microsoft addresses security, data residency, privacy, and regulatory requirements through Azure AI services and emerging governance tools such as Agent 365 Control Plane.The discussion also covers: * Data protection requirements * European AI regulations * Azure OpenAI compliance * Model selection strategies * AI governance best practices CONTROLLING AI COSTS AND FINOPS One of the biggest challenges organizations face is understanding and controlling AI costs. David explains why estimating AI consumption is difficult and how businesses can establish practical monitoring and optimization strategies. Learn about: * Token consumption * Copilot Studio credits * Pay-as-you-go models * Cost optimization techniques * AI FinOps best practices KEY TAKEAWAYS This episode delivers practical insights for architects, developers, IT leaders, and business decision-makers looking to move beyond AI hype and create sustainable business value through intelligent automation.David's final message is simple yet powerful: AI is a wave that is transforming every industry. Organizations and individuals can either let it pass over them or learn how to ride it. Those who embrace AI responsibly, strategically, and thoughtfully will be best positioned for the future.CONNECT WITH M365 FMIf you enjoyed this episode, subscribe to M365 FM on Apple Podcasts, Spotify, YouTube, and your favorite podcast platform. Don't forget to leave a review and share the episode with colleagues interested in Microsoft Copilot, AI Agents, Azure AI Foundry, and the future of intelligent automation. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].

The Rise of Private LoRA: Architecting Secure AI on Proprietary Data

Everyone is talking about AI adoption. Far fewer are talking about AI sovereignty. Organizations have rushed to deploy Microsoft Copilot, Azure OpenAI, ChatGPT Enterprise, Claude, Gemini, and dozens of AI-powered productivity tools. The results have been impressive. Productivity has increased. Development cycles have accelerated. Knowledge discovery has improved. But beneath the excitement lies a growing concern. What happens when your organization's most valuable asset—its proprietary knowledge—starts flowing into AI systems you don't fully control? In this episode, we explore the rise of Private LoRA (Low-Rank Adaptation), why data sovereignty is rapidly becoming one of the most important architectural challenges in enterprise AI, and how organizations can build secure, domain-specific AI models without training foundation models from scratch. We examine the convergence of AI governance, regulatory compliance, Microsoft cloud architecture, sovereign AI, LoRA fine-tuning, quantization, federated learning, and enterprise security. If your organization views proprietary data as a strategic advantage, this episode explains why the future of AI may not belong to the biggest models—but to the most specialized ones. THE SHADOW AI CRISIS Most organizations believe their AI strategy is governed. The reality is very different. Employees routinely paste sensitive information into public AI systems because they are faster and easier than approved tools. This phenomenon has a name: Shadow AI. We explore how: * Proprietary business data leaks into public models * Internal documents are shared outside governance boundaries * Competitive intelligence leaves the organization * Customer information becomes exposed * Security teams lose visibility The risk isn't always a breach. Sometimes it's simply the slow erosion of proprietary knowledge. WHY DATA SOVEREIGNTY MATTERS The conversation around AI is shifting. Organizations are no longer asking: "Can we use AI?" They're asking: "Where does the data go?" This episode explores the growing importance of: * AI Sovereignty * Data Residency * Data Localization * Cross-Border Data Restrictions * Intellectual Property Protection * AI Governance * Digital Sovereignty As regulatory pressure increases, organizations are discovering that data location is becoming as important as model performance. THE REGULATORY WALL IS ARRIVING Compliance is no longer a future problem. It's becoming an architectural requirement. We examine the impact of: * EU AI Act * GDPR * CPRA * LGPD * Data Localization Requirements * Financial Regulations * Healthcare Compliance Frameworks You'll learn why AI architectures designed for unrestricted global data movement may struggle in a world increasingly defined by jurisdictional boundaries. MICROSOFT'S APPROACH TO AI SECURITY Microsoft provides some of the strongest enterprise AI protections available today. But even with: * Microsoft 365 Copilot * Azure OpenAI * Azure AI Foundry * Microsoft Purview * Microsoft Entra ID * Azure Confidential Computing There remains a gap between approved enterprise AI usage and actual user behavior. We discuss how organizations can extend Microsoft's security model while maintaining control over proprietary intelligence. THE FALSE CHOICE BETWEEN PUBLIC AI AND BUILDING YOUR OWN MODEL Many organizations believe they have only two options: Option One Use public AI services. Option Two Build and train a foundation model from scratch. In reality, there is a third option. Private LoRA. This episode explains how LoRA enables organizations to customize powerful open-weight models without the extraordinary cost and complexity of full model training.  HOW LORA ACTUALLY WORKS  LoRA, or Low-Rank Adaptation, changes the economics of AI customization. Instead of retraining billions of parameters, LoRA introduces lightweight trainable layers that adapt an existing model to a specific domain. We break down: * Full Fine-Tuning * Parameter-Efficient Fine-Tuning * Adapter Architectures * Rank Selection * Training Efficiency * Model Specialization * Domain Adaptation The result is a highly customized AI model with a fraction of the cost and infrastructure requirements. QUANTIZATION CHANGES EVERYTHING LoRA becomes even more powerful when paired with quantization. Using techniques such as: * 8-bit Quantization * 4-bit Quantization * NF4 * QLoRA Organizations can dramatically reduce hardware requirements while maintaining strong performance. We explain how: * Memory consumption drops * Training costs decrease * Inference becomes affordable * Single-GPU deployments become practical This is one of the key innovations making sovereign AI achievable for mainstream enterprises. THE SINGLE-GPU ENTERPRISE AI MODEL  One of the most surprising insights in this episode is how little infrastructure is required. Using modern open-weight models and LoRA adaptation, organizations can: * Train on a single GPU * Deploy internally * Retain data sovereignty * Eliminate API dependencies * Reduce operating costs We explore architectures built around: * Llama * Mistral * Open-Weight Models * Azure GPU Infrastructure * Azure Kubernetes Service * Azure Machine Learning The economics are far more accessible than many organizations assume. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].

The Death of the Dropdown: Why Manual Tagging is Killing Your Governance

or years, organizations believed metadata governance was a training problem.If users understood the taxonomy better, governance would improve.If the dropdown lists were clearer, metadata quality would improve.If more communication and documentation were provided, compliance would improve.But what if the problem was never the user?What if the real problem is that governance logic was placed in the wrong layer of the architecture entirely?In this episode, we explore why manual metadata tagging has become one of the biggest obstacles to modern governance, compliance, enterprise search, and AI readiness. We examine the collapse of traditional metadata models, the rise of Graph-powered governance, and how organizations are replacing manual tagging with automated classification, contextual intelligence, and real-time metadata injection.If your governance strategy still depends on users selecting values from dropdown menus, this episode may fundamentally change how you think about Microsoft 365 governance. THE MANUAL METADATA CRISIS Modern work has changed.Governance models haven't.Content is now created continuously across Teams, SharePoint, OneDrive, Outlook, mobile devices, and third-party integrations. Files arrive at a pace that no human-driven classification model can realistically keep up with.Yet many organizations still rely on users to manually classify: * Department * Project * Content Type * Sensitivity * Retention Category The result is predictable.Users skip fields.Users select defaults.Users guess.And governance slowly collapses under the weight of incomplete metadata.We explore why manual tagging doesn't fail because users are careless.It fails because the architecture assumes human behavior can scale indefinitely. THE HIDDEN COST OF DARK DATA Every untagged file creates a governance blind spot.The organization continues paying for: * Storage * Security * Backup * eDiscovery * Compliance Monitoring But receives none of the governance value metadata was supposed to provide.This episode examines the concept of dark data and how millions of documents become effectively invisible despite remaining stored and protected.Learn how missing metadata impacts: * Search * Compliance * Records Management * Retention * Analytics * AI Readiness And why many organizations are sitting on enormous repositories of information they can no longer govern effectively. WHY DROPDOWNS ARE A DESIGN FAILURE Most governance teams blame users.User experience research tells a different story.Dropdowns were designed to enforce consistency.Instead, they introduce friction.We discuss: * Decision fatigue * Metadata abandonment * Long taxonomy lists * User behavior patterns * Classification inconsistency * Cognitive overload The problem isn't that people refuse to govern content.The problem is that governance interrupts the flow of work.Every additional field creates another opportunity for bad metadata. THE COMPLIANCE IMPACT OF BAD TAGGING Poor metadata quality isn't just inconvenient.It creates regulatory risk.This episode explores how inconsistent classification directly affects: * Microsoft Purview * Data Loss Prevention (DLP) * Retention Policies * eDiscovery * Records Management * GDPR Compliance * HIPAA Controls When metadata is wrong, governance policies become unreliable.Sensitive data may be missed.Retention schedules may fail.Search results become incomplete.And compliance teams lose visibility into critical information assets. MICROSOFT GRAPH AS THE ORGANIZATIONAL NERVOUS SYSTEM Most organizations think Microsoft Graph is simply an API.In reality, it is a live representation of how work happens inside the enterprise.Graph understands: * Users * Teams * Groups * Files * Projects * Relationships * Permissions * Collaboration Patterns Instead of asking users to describe content, Graph can infer context automatically.We explore how Graph provides the foundation for a completely different governance model where metadata is generated from organizational signals rather than manual input. CONTEXT-AWARE GOVERNANCE Traditional metadata is static.Context is dynamic.A file's meaning depends on: * Who created it * Where it was created * Which project it belongs to * Who can access it * How it is being used This episode explains how governance systems can derive metadata automatically using Graph relationships rather than relying on user declarations.The result is richer, more accurate metadata that evolves as content moves through its lifecycle. AI-POWERED CLASSIFICATION Manual tagging isn't the only alternative.Modern AI services can classify content automatically.We explore: * Microsoft Syntex * AI Builder * Machine Learning Classification * Natural Language Processing * Document Understanding * Pattern Recognition * Sensitive Information Detection Learn how AI-driven classification improves consistency, reduces cost, and scales across millions of files. ARCHITECTING THE MIDDLEWARE LAYER One of the most important concepts discussed in this episode is the governance middleware layer.Think of it as a customs checkpoint for content.Before files are stored, middleware: * Intercepts uploads * Queries Microsoft Graph * Applies classification logic * Injects metadata * Assigns labels * Triggers governance policies All without requiring user interaction.We break down how Azure Functions, Microsoft Graph, webhooks, and event-driven architectures combine to make this possible. AZURE FUNCTIONS AND EVENT-DRIVEN GOVERNANCE Modern governance should happen at the moment content is created.Not months later during an audit.This episode explains how organizations are using: * Azure Functions * Microsoft Graph SDK * Webhooks * Delta Queries * Event Grid * Managed Identity To build real-time governance platforms that classify and enrich content automatically.The user saves the file.The platform handles governance. DYNAMIC PROPERTY INJECTION Metadata doesn't need to be manually entered.It can be generated.We explore how middleware automatically injects: * Project Codes * Department Ownership * Content Categories * Sensitivity Levels * Retention Schedules * Governance Attributes Using: * Property Bags * Schema Extensions * Open Extensions * Graph Metadata This creates a living metadata layer that remains accurate as content evolves. GOVERNANCE AT THE POINT OF ACTION Traditional governance is reactive.Modern governance is preventative.Rather than discovering problems months later, governance occurs at the exact moment content is created, modified, or shared.We discuss: * Real-time classification * Immediate policy enforcement * Automated retention assignment * Continuous metadata enrichment * Event-driven governance This shift fundamentally changes the economics of compliance and information management. SEARCH THAT ACTUALLY WORKS Most enterprise search failures are metadata failures.Search engines can only work with the information they receive.When metadata is incomplete, search becomes unreliable.This episode examines how automated metadata dramatically improves: * Microsoft Search * SharePoint Search * Knowledge Discovery * Content Discovery * Enterprise Findability * Information Retrieval The difference between searchable content and invisible content is often metadata. AI READINESS STARTS WITH GOVERNANCE One of the most important messages in this episode is simple:AI readiness is metadata readiness.Microsoft Copilot, AI agents, and retrieval systems depend on accurate content classification.Without metadata: * AI hallucinates more often * Search quality declines * Context is lost * Knowledge becomes fragmented With metadata: * AI retrieves better information * Recommendations improve * Summaries become more accurate * Organizational knowledge becomes accessible The future of enterprise AI depends on the quality of the governance layer beneath it. BUILDING YOUR AUTOMATION ROADMAP Moving beyond manual tagging requires a phased strategy.We walk through a practical implementation roadmap:Phase 1: AuditUnderstand your metadata gaps.Phase 2: Taxonomy DesignDefine the minimum metadata that drives governance.Phase 3: PilotAutomate one content type and one team.Phase 4: ScaleExpand automation across Microsoft 365.Phase 5: OptimizeImprove models, classifications, and governance policies over time.The goal isn't eliminating governance.The goal is removing governance from the user experience. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].

Cryptographic Agility: The Only Defense Against Quantum

Most discussions about quantum computing focus on a single question:When will quantum computers break encryption?The better question is this:How quickly can your organization replace encryption when it happens?Because the organizations that survive the quantum transition won't necessarily be the ones that adopt the newest algorithms first. They'll be the organizations that can change algorithms without rebuilding their infrastructure.In this episode, we explore the growing reality of post-quantum cryptography, the harvest-now-decrypt-later threat, Microsoft's evolving quantum-safe roadmap, and why cryptographic agility is becoming one of the most important architectural disciplines in enterprise security.We examine the technologies, standards, governance models, and operational practices required to prepare Microsoft 365, Azure, Active Directory, Entra ID, Azure Key Vault, VPN infrastructure, certificate services, and enterprise applications for a future where today's cryptography can no longer be trusted.If your organization expects data to remain confidential beyond 2030, this episode explains why preparation can no longer wait. THE HARVEST-NOW, DECRYPT-LATER THREAT Many organizations assume quantum risk begins when a quantum computer arrives.In reality, the risk started years ago.Adversaries can capture encrypted traffic today and store it indefinitely. Once cryptographically relevant quantum computers emerge, that archived data can potentially be decrypted retroactively.We explore: * Harvest-now, decrypt-later attacks * Long-term confidentiality risks * Why encryption can fail years after data is stolen * The impact on healthcare, finance, government, and intellectual property * How retention periods influence quantum risk For organizations protecting data with multi-decade value, the threat already exists. UNDERSTANDING QUANTUM COMPUTING Quantum computing is often misunderstood.It's not simply a faster computer.Quantum systems use entirely different computational models built around qubits, superposition, interference, and entanglement.This episode explains: * Physical versus logical qubits * Error correction challenges * Shor's Algorithm * Grover's Algorithm * Why quantum computers threaten public-key cryptography * Why symmetric encryption remains more resilient Understanding the technology helps separate realistic risk from sensational headlines. THE GLOBAL QUANTUM TIMELINE Nobody knows exactly when Q-Day will arrive.What matters is that governments, vendors, and standards organizations are already planning for it.We discuss: * NIST standardization efforts * IBM quantum roadmaps * Google Quantum AI milestones * Quantinuum and IonQ developments * Government transition mandates * Expert forecasts for cryptographically relevant quantum computers The conversation is no longer about if organizations need to prepare.It's about whether they can prepare in time. THE COLLAPSE OF RSA AND ECC Modern digital trust depends on public-key cryptography.The internet, cloud computing, software updates, identity systems, VPNs, and certificates all rely on mathematical assumptions that quantum computers threaten to break.We examine: * RSA * Elliptic Curve Cryptography (ECC) * Diffie-Hellman key exchange * Digital signatures * PKI infrastructures * Identity systems When these foundations fail, the impact extends far beyond encryption. THE NEW GENERATION OF POST-QUANTUM ALGORITHMS The replacement algorithms already exist.After years of evaluation, NIST selected a new generation of post-quantum standards designed to resist both classical and quantum attacks.This episode explores: * ML-KEM (formerly CRYSTALS-Kyber) * ML-DSA (formerly CRYSTALS-Dilithium) * SLH-DSA (formerly SPHINCS+) * FN-DSA (FALCON) * Lattice-based cryptography * Hash-based signatures Learn how these algorithms work and why they represent one of the largest cryptographic transitions in history. THE PERFORMANCE REALITY OF POST-QUANTUM CRYPTOGRAPHY Quantum-safe cryptography isn't free.The computational performance is often excellent.The bandwidth impact is not.We discuss: * Larger key sizes * Larger signatures * TLS handshake expansion * Certificate chain growth * Network fragmentation * Mobile and IoT constraints * Performance trade-offs Discover why the challenge isn't CPU performance but infrastructure scalability. WHY MOST ORGANIZATIONS DON'T KNOW WHERE THEIR CRYPTOGRAPHY LIVES One of the biggest obstacles to migration is visibility.Many organizations cannot accurately identify every location where cryptography is used across their environment.This episode examines: * Hidden certificate dependencies * Hard-coded cryptographic libraries * Legacy applications * VPN infrastructures * SSH deployments * SaaS integrations * API security dependencies You can't migrate what you can't find. THE CRYPTOGRAPHIC BILL OF MATERIALS (CBOM) Before organizations can migrate, they must inventory.The Cryptographic Bill of Materials is emerging as a critical capability for modern security programs.We explain: * CBOM fundamentals * Continuous cryptographic discovery * Dependency mapping * Vendor risk analysis * Algorithm inventories * Compliance reporting A cryptographic inventory becomes the foundation of every migration strategy. CRYPTOGRAPHIC AGILITY EXPLAINED The most important concept in this episode is cryptographic agility.Rather than hard-coding algorithms into applications and infrastructure, organizations build systems capable of changing algorithms without disrupting operations.We explore the four pillars of agility:ModularitySeparating cryptographic services from application logic.AbstractionUsing APIs and services that hide algorithm implementation details.Policy SeparationManaging cryptographic choices through policy rather than code.Hybrid CryptographyCombining classical and post-quantum algorithms during transition periods.These principles transform cryptography from a static dependency into an adaptable capability. HYBRID CRYPTOGRAPHY AND THE ROAD TO POST-QUANTUM The future won't arrive all at once.The transition period will rely heavily on hybrid cryptographic approaches.We discuss: * X25519MLKEM768 * Hybrid TLS * Dual-signing strategies * Transitional architectures * Browser support * Cloud provider adoption Hybrid models provide protection today while enabling a gradual migration path. HARDWARE SECURITY MODULES IN THE QUANTUM ERA Hardware Security Modules remain the root of trust for enterprise cryptography.But they also need to evolve.This episode explores: * Crypto-agile HSMs * Firmware-based algorithm updates * Azure Managed HSM * Azure Key Vault * Key rotation automation * Quantum-safe trust anchors The future of cryptography depends on flexible trust infrastructure. MICROSOFT'S POST-QUANTUM ROADMAP Microsoft has already begun integrating post-quantum cryptography across its ecosystem.We take a detailed look at: * SymCrypt * Windows 11 * Windows Server 2025 * .NET 9 * Azure Key Vault * Azure Managed HSM * Active Directory Certificate Services * Microsoft Edge * Azure infrastructure Many organizations are already benefiting from post-quantum protections without realizing it. BUILDING A QUANTUM READINESS PROGRAM Technology alone isn't enough.Successful migration requires governance, ownership, accountability, and long-term planning.We discuss how organizations should establish: * Enterprise Cryptography Programs * Steering Committees * Migration roadmaps * Risk prioritization models * Continuous inventories * Vendor management processes * Compliance reporting frameworks The organizations that succeed will treat cryptography as a strategic capability rather than a technical implementation detail. THE MICROSOFT 365 IMPACT For Microsoft-centric organizations, the transition touches nearly every platform.We explore implications for: * Microsoft 365 * Entra ID * Active Directory * Exchange Online * SharePoint Online * Teams * Azure * Power Platform * Azure API Management * Azure Networking The quantum transition is not a single project.It's an enterprise-wide transformation. WHO SHOULD LISTEN? This episode is designed for: * CISOs * CIOs * CTOs * Enterprise Architects * Security Architects * Azure Architects * Microsoft 365 Architects * PKI Administrators * Identity Engineers * Infrastructure Teams * Compliance Leaders * Risk Managers * Government Technology Teams If your organization manages sensitive data, regulated workloads, or long-term digital assets, this episode provides a practical roadmap for navigating one of the most significant security transitions of the next decade. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].

Microsoft Purview in the Age of AI: Securing Copilot with Peter Rising [Microsoft]

As organizations race to adopt Microsoft 365 Copilot, AI Agents, and Generative AI, one critical question continues to emerge: is your data ready for AI? In this episode of M365 FM, Mirko Peters sits down with Peter Rising, Senior Partner Solution Architect at Microsoft, to explore Microsoft Purview, Zero Trust, Data Governance, Compliance, Security, and the growing importance of protecting information in the age of AI. Peter shares his remarkable journey from IT support in the 1990s to becoming one of Microsoft's leading voices on Security, Compliance, Identity, and Microsoft Purview. Having worked with some of Microsoft's most strategic partners across the UK and Ireland, Peter helps organizations securely adopt Microsoft 365 Copilot, Agents, and AI technologies while maintaining strong governance, compliance, and security foundations. WHY AI HAS CHANGED THE SECURITY CONVERSATION For years, organizations focused heavily on identity and endpoint protection through technologies such as Microsoft Entra ID and Microsoft Defender. However, the rise of Microsoft Copilot, AI Agents, and Agentic AI has dramatically increased the importance of understanding and governing organizational data. Peter explains why Microsoft Purview has become one of the most important platforms in the Microsoft ecosystem. AI systems depend on data as their fuel source, meaning organizations must understand, classify, secure, and govern their information before deploying AI at scale. Without proper governance, oversharing, compliance violations, and accidental data exposure become significant risks. Key takeaways: * Why AI makes data governance more important than ever * The relationship between Copilot and organizational data * Security challenges in the era of Generative AI * Why Purview adoption is accelerating * Common mistakes organizations make before deploying AI UNDERSTANDING ZERO TRUST IN THE REAL WORLD Zero Trust has become one of the most frequently discussed security frameworks, but many organizations still struggle to understand what it actually means in practice. Peter breaks down Microsoft's Zero Trust philosophy into its three core principles: Verify Explicitly, Use Least Privilege, and Assume Breach. He explains why modern organizations can no longer rely on traditional perimeter security and how cloud-first environments require a completely different approach to identity protection, access control, and risk management. The discussion also highlights why small and medium-sized businesses are increasingly targeted by cybercriminals and why security should never be treated as an IT-only responsibility. Topics discussed: * Zero Trust fundamentals * Multi-Factor Authentication (MFA) * Privileged Identity Management (PIM) * Assume Breach methodology * Defense in Depth strategies * Building a security-first culture MICROSOFT PURVIEW EXPLAINED For many Microsoft 365 professionals, Microsoft Purview remains one of the most misunderstood products in the Microsoft portfolio. Peter provides a practical breakdown of Purview and explains why it serves as the foundation for modern data governance, compliance, and information protection. He identifies three core capabilities every organization should prioritize: Sensitivity Labels, Data Loss Prevention (DLP), and Data Lifecycle Management. The conversation explores how these features help organizations classify data, prevent accidental sharing, manage retention requirements, and ensure AI tools like Copilot respect existing security controls and permissions. Key Purview capabilities: * Sensitivity Labels * Data Loss Prevention (DLP) * Data Lifecycle Management * Retention Policies * Information Protection * Compliance Management THE OVERSHARING PROBLEM IN COPILOT One of the most common concerns surrounding Microsoft Copilot is data oversharing. Peter explains why oversharing is not primarily a Copilot problem but a data governance challenge. Copilot can only access information users already have permission to access. If data is incorrectly stored, poorly classified, or overly exposed, AI simply makes those issues more visible. The discussion explores practical strategies organizations can use to identify oversharing risks before deploying AI, including SharePoint Advanced Management, Data Security Posture Management (DSPM), Microsoft Defender for Cloud Apps, and comprehensive data discovery initiatives. Key takeaways: * Oversharing vs governance * Data Security Posture Management (DSPM) * SharePoint Advanced Management * Defender for Cloud Apps * Data discovery and classification * AI readiness assessments RESPONSIBLE AI, GOVERNANCE & COMPLIANCE As AI adoption accelerates, organizations must balance innovation with governance, compliance, and security requirements. Peter discusses what Responsible AI really means and why responsibility extends beyond technology platforms. Successful AI adoption requires collaboration between technology providers, security teams, business leaders, governance specialists, and end users. The conversation covers AI policies, governance frameworks, DLP strategies, pilot programs, user education, change management, and the importance of building strong foundations before deploying AI solutions across the enterprise. Topics covered: * Responsible AI principles * Governance frameworks * AI rollout strategies * Change management * Compliance requirements * Security awareness programs AGENTS, SECURITY COPILOT & THE FUTURE OF AI Looking ahead, Peter shares his perspective on Agentic AI, Microsoft 365 Agents, Security Copilot, and the future of cybersecurity operations. Contrary to popular fears, Peter believes AI will augment security professionals rather than replace them. Security analysts will increasingly focus on higher-value activities while AI handles repetitive analysis, investigation, and operational tasks. The discussion also explores emerging technologies such as quantum computing, autonomous AI systems, and how Microsoft is building security and governance capabilities directly into the future of AI-powered work. Future trends discussed: * Agentic AI * Microsoft 365 Agents * Security Copilot * Quantum Computing * AI-powered Security Operations * Autonomous Systems * Future Cybersecurity Skills COMMUNITY, MENTORING & MAKING TECHNOLOGY MORE HUMAN Beyond technology, Peter shares his passion for mentoring, Women in Tech initiatives, mental health awareness, neurodiversity advocacy, and Tourette Syndrome awareness. He discusses the value of community contributions, content creation, reverse mentoring, and helping the next generation of technology professionals develop successful careers. His message is clear: technology is ultimately about people, and creating inclusive communities is just as important as building secure systems. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].