1
00:00:03,520 --> 00:00:05,679
Welcome to episode 409
2
00:00:05,679 --> 00:00:08,720
of the Microsoft Cloud IT Pro podcast recorded
3
00:00:08,720 --> 00:00:11,460
live on 08/22/2025.
4
00:00:11,679 --> 00:00:13,835
This is a show about Microsoft three sixty
5
00:00:13,835 --> 00:00:15,994
five in Azure from the perspective of IT
6
00:00:15,994 --> 00:00:18,234
pros and end users, where we discuss a
7
00:00:18,234 --> 00:00:20,475
topic or recent news and how it relates
8
00:00:20,475 --> 00:00:22,954
to you. In this episode, we explore the
9
00:00:22,954 --> 00:00:23,454
configuration
10
00:00:23,835 --> 00:00:25,295
decisions tenant administrators
11
00:00:25,675 --> 00:00:28,460
face when preparing their Microsoft three sixty five
12
00:00:28,460 --> 00:00:29,600
environment for Copilot.
13
00:00:30,059 --> 00:00:32,700
And, really, just in general, when thinking about
14
00:00:32,700 --> 00:00:35,820
data security in Microsoft three sixty five, we
15
00:00:35,820 --> 00:00:38,299
dive into some of the key questions every
16
00:00:38,299 --> 00:00:40,715
IT professional should be asking when it comes
17
00:00:40,715 --> 00:00:44,015
to users' access to content within the Microsoft
18
00:00:44,075 --> 00:00:47,054
three sixty five tenant. So let's dive in.
19
00:00:49,435 --> 00:00:52,469
Welcome back from vacation, Ben. Thanks. It was
20
00:00:52,469 --> 00:00:54,310
fun all the up until the part where
21
00:00:54,310 --> 00:00:55,530
I got back from vacation.
22
00:00:58,550 --> 00:01:00,630
I kinda did the same thing. I'm looking
23
00:01:00,630 --> 00:01:02,310
forward. We have a US holiday, Labor Day,
24
00:01:02,310 --> 00:01:04,230
coming up next week. So Is that next
25
00:01:04,230 --> 00:01:05,829
week? Yeah. I'm looking forward to having an
26
00:01:05,829 --> 00:01:08,115
extended weekend. That's kind of our last national
27
00:01:08,115 --> 00:01:10,435
holiday, federal holiday, for a little while here
28
00:01:10,435 --> 00:01:12,515
in The US, so enjoy it while it
29
00:01:12,515 --> 00:01:14,834
lasts. No. Vacation was good. Like, we got
30
00:01:14,834 --> 00:01:16,355
to go up to Michigan, spend some time
31
00:01:16,355 --> 00:01:17,015
up there,
32
00:01:17,314 --> 00:01:19,155
then had a family reunion. This is a
33
00:01:19,155 --> 00:01:20,834
lot of people's scout. Went out to Denver
34
00:01:20,834 --> 00:01:22,594
for, like, a long weekend for a family
35
00:01:22,594 --> 00:01:25,280
reunion. With my wife's family, there were 58
36
00:01:25,280 --> 00:01:27,920
people that were all out there. So that
37
00:01:27,920 --> 00:01:29,540
was kinda fun. Lot of family.
38
00:01:30,000 --> 00:01:32,000
It is. But it was cool. Like, there
39
00:01:32,000 --> 00:01:34,239
must have been, like, 10 or 12 kids
40
00:01:34,239 --> 00:01:36,734
all between the ages of, like, six and
41
00:01:36,734 --> 00:01:37,875
10, which are close
42
00:01:38,254 --> 00:01:40,495
to our boys' age. And, I mean, it's
43
00:01:40,495 --> 00:01:42,974
Colorado. Right? Weather's beautiful. We're out in the
44
00:01:42,974 --> 00:01:44,734
woods. The mountains of boys are just outside
45
00:01:44,734 --> 00:01:47,295
playing with all the other kids. Sticks and
46
00:01:47,295 --> 00:01:48,674
rocks and yeah.
47
00:01:49,135 --> 00:01:51,530
Exactly. Made up games with, like, I don't
48
00:01:51,530 --> 00:01:53,369
even know what they were doing with volleyballs
49
00:01:53,369 --> 00:01:54,729
and throwing them up on the roof of
50
00:01:54,729 --> 00:01:57,310
one of the houses we were staying at.
51
00:01:57,369 --> 00:01:59,209
Let them go at it and do what
52
00:01:59,209 --> 00:02:00,890
they need to do. Yep. One of my
53
00:02:00,890 --> 00:02:03,290
wife's cousins is actually big into, like, he
54
00:02:03,290 --> 00:02:06,109
lives out near Denver, big into rock climbing,
55
00:02:06,329 --> 00:02:06,829
hiking.
56
00:02:07,145 --> 00:02:09,645
So he actually, one day, took us
57
00:02:10,264 --> 00:02:11,865
we took the rental Jeep. He's like, oh,
58
00:02:11,865 --> 00:02:13,305
we can make it here. It's a rental
59
00:02:13,305 --> 00:02:13,805
Jeep.
60
00:02:14,344 --> 00:02:16,745
I hope he got his did not get
61
00:02:16,745 --> 00:02:19,145
charged extra for that run rental Jeep, but
62
00:02:19,145 --> 00:02:20,830
took it on a road that we didn't
63
00:02:20,830 --> 00:02:22,509
think was that bad. Let's just say there
64
00:02:22,509 --> 00:02:23,709
was one point in time where I think
65
00:02:23,709 --> 00:02:25,550
only two tires of the Jeep were on
66
00:02:25,550 --> 00:02:27,310
the ground. The other two were, like, up
67
00:02:27,310 --> 00:02:28,909
in the air, but then went to our
68
00:02:29,069 --> 00:02:31,069
Jeeps have solid axles. Right? You need two
69
00:02:31,069 --> 00:02:33,469
eighteen millimeter wrenches and hop under and disconnect
70
00:02:33,469 --> 00:02:35,865
that sway bar. They you're all good. You
71
00:02:35,865 --> 00:02:37,705
have to have those two wrenches or the
72
00:02:37,705 --> 00:02:39,645
sway bar disconnect on there, but,
73
00:02:40,025 --> 00:02:42,185
yeah, that that's funny. We did a similar
74
00:02:42,185 --> 00:02:43,245
thing on our vacation.
75
00:02:43,784 --> 00:02:45,705
We we drove through the Red Redwoods in
76
00:02:45,705 --> 00:02:46,205
California.
77
00:02:46,520 --> 00:02:48,840
There's a road in Jedidiah State Forest, it's
78
00:02:48,840 --> 00:02:51,159
called Holland Hills Road. Okay. But you you
79
00:02:51,159 --> 00:02:53,560
kinda read about it, and some people say,
80
00:02:53,560 --> 00:02:55,000
like, oh, don't take your rental car on
81
00:02:55,000 --> 00:02:56,840
there, don't do that. But when you go
82
00:02:56,840 --> 00:02:58,199
to the park station in the morning and
83
00:02:58,199 --> 00:02:59,639
you say, like, hey, like, we're here for
84
00:02:59,639 --> 00:03:01,485
these types of experiences, where should you go?
85
00:03:01,564 --> 00:03:03,405
They just ask you. Like like the rangers,
86
00:03:03,405 --> 00:03:04,525
they ask. They say, hey, what kind of
87
00:03:04,525 --> 00:03:05,965
car do you have? And as long as
88
00:03:05,965 --> 00:03:07,805
you have a car with four wheels and
89
00:03:07,805 --> 00:03:09,104
you're not towing a trailer,
90
00:03:09,884 --> 00:03:12,525
they give you directions to this random To
91
00:03:12,525 --> 00:03:15,020
go on this road? Dirt forest Service road.
92
00:03:15,020 --> 00:03:17,180
It's a four it's like a 11 mile
93
00:03:17,180 --> 00:03:19,120
forest service road, and then it's got yank
94
00:03:19,180 --> 00:03:21,259
pull offs for some of the various, like,
95
00:03:21,259 --> 00:03:23,360
redwood groves and things like that. But
96
00:03:23,819 --> 00:03:26,460
we did that, like, halfway through our road
97
00:03:26,460 --> 00:03:27,854
trip on on the West Coast.
98
00:03:28,254 --> 00:03:30,175
And from the day we did that on,
99
00:03:30,175 --> 00:03:32,334
that car was never clean again. Like, it
100
00:03:32,334 --> 00:03:35,074
had a layer of thick dust on it
101
00:03:35,694 --> 00:03:37,935
just going through. I was totally expecting to
102
00:03:37,935 --> 00:03:39,614
get, like, a ding from the rental car
103
00:03:39,614 --> 00:03:40,114
company.
104
00:03:40,560 --> 00:03:42,879
Thankfully, it rained, like, at the hotel we
105
00:03:42,879 --> 00:03:44,480
were staying at before we flew back the
106
00:03:44,480 --> 00:03:46,800
next day to get it, and that cleaned,
107
00:03:46,800 --> 00:03:48,080
like, most of it up. But up until
108
00:03:48,080 --> 00:03:49,400
that last day, it had, like, a good
109
00:03:49,520 --> 00:03:51,920
like, it felt like a this is an
110
00:03:51,920 --> 00:03:52,995
exaggeration, but it felt this
111
00:03:55,394 --> 00:03:55,821
this way. It felt like it had a
112
00:03:55,821 --> 00:03:56,354
half inch of dirt on it, right? Just
113
00:03:56,354 --> 00:03:57,794
like everything. You could only see through the
114
00:03:57,794 --> 00:03:59,634
windshield, and the only part you could see
115
00:03:59,634 --> 00:04:01,235
out of the back windshield was where it
116
00:04:01,235 --> 00:04:02,775
had the rear windshield wiper.
117
00:04:03,394 --> 00:04:05,314
I had gone to gas stations and tried
118
00:04:05,314 --> 00:04:07,094
to clean it up, and it was like,
119
00:04:07,340 --> 00:04:09,419
this is just a lost cause. So Not
120
00:04:09,419 --> 00:04:11,099
gonna work. Jeeps are tough. Yeah. You'll be
121
00:04:11,099 --> 00:04:12,620
fine. All good. So we did fun. But
122
00:04:12,620 --> 00:04:13,819
once we got to the end of that,
123
00:04:13,819 --> 00:04:15,659
it was to a rock climbing spot where
124
00:04:15,659 --> 00:04:17,019
there were routes set up. So he, like,
125
00:04:17,019 --> 00:04:18,860
set up routes for us with the ropes,
126
00:04:18,860 --> 00:04:20,699
and he had all the harnesses for the
127
00:04:20,699 --> 00:04:22,060
kids, so he got to do, like, some
128
00:04:22,060 --> 00:04:24,394
real rock climbing because we live in Florida
129
00:04:24,394 --> 00:04:26,074
where the biggest rock you climb is, like,
130
00:04:26,074 --> 00:04:27,754
a boulder in the front yard of some
131
00:04:27,754 --> 00:04:29,035
place Yep. Where you have to do a
132
00:04:29,035 --> 00:04:30,875
gym. So it was a good trip. And
133
00:04:30,875 --> 00:04:33,274
then from there, I went I came home
134
00:04:33,274 --> 00:04:35,339
and was home for, like, sixteen hours and
135
00:04:35,339 --> 00:04:38,060
then flew to Atlanta for TechCon three sixty
136
00:04:38,060 --> 00:04:40,480
five. That leads us into today's topic.
137
00:04:40,939 --> 00:04:44,139
So we've been kinda going back and forth
138
00:04:44,139 --> 00:04:47,180
between maybe talking about, like, Copilot and how
139
00:04:47,180 --> 00:04:49,180
to enable it in your organization, maybe some
140
00:04:49,180 --> 00:04:51,555
things your users can use it for. We
141
00:04:51,555 --> 00:04:53,254
just got done kinda talking
142
00:04:54,115 --> 00:04:56,675
through MCP and that's how that's helpful and
143
00:04:56,675 --> 00:04:59,095
maybe some agentic workflows and stuff like that.
144
00:04:59,395 --> 00:05:01,955
But it's been a little bit, and we've
145
00:05:01,955 --> 00:05:03,475
never really taken a deep dive on it.
146
00:05:03,475 --> 00:05:05,654
So so you had this talk at TechCon
147
00:05:06,329 --> 00:05:08,110
about securing Copilot.
148
00:05:08,730 --> 00:05:10,889
So so really kind of like, you have
149
00:05:10,889 --> 00:05:13,129
to prepare for Copilot in certain ways. There's
150
00:05:13,129 --> 00:05:15,290
licenses you need to turn on, there's things
151
00:05:15,290 --> 00:05:16,269
you might want to
152
00:05:16,970 --> 00:05:19,529
think about within your organization and who has
153
00:05:19,529 --> 00:05:21,629
access to what and things like that.
154
00:05:21,955 --> 00:05:24,115
But there's more than just lighting up a
155
00:05:24,115 --> 00:05:25,955
license to think about. Kinda like when you
156
00:05:25,955 --> 00:05:27,715
maybe did, like, SharePoint search back in the
157
00:05:27,715 --> 00:05:28,995
day or you do, like, an m three
158
00:05:28,995 --> 00:05:31,395
sixty five search thing today, there's all this
159
00:05:31,395 --> 00:05:33,715
security trim stuff out there and the these
160
00:05:33,715 --> 00:05:35,715
experiences, they have access to a lot of
161
00:05:35,715 --> 00:05:37,175
data per user.
162
00:05:37,579 --> 00:05:39,339
So you did a talk at TechCon called
163
00:05:39,339 --> 00:05:42,300
Preparing for Copilot Securing your Microsoft three sixty
164
00:05:42,300 --> 00:05:43,680
five Data and Beyond
165
00:05:44,139 --> 00:05:45,420
and I think this is a good one
166
00:05:45,420 --> 00:05:46,319
to dive into.
167
00:05:47,180 --> 00:05:48,399
It's Copilot
168
00:05:48,699 --> 00:05:51,404
centric but a lot of the concepts in
169
00:05:51,404 --> 00:05:53,485
here, right, like like just kind of thinking
170
00:05:53,485 --> 00:05:55,485
about and taking a step back and, hey,
171
00:05:55,485 --> 00:05:57,485
like, let's take a beat and think about
172
00:05:57,485 --> 00:06:00,064
what type of data is in my Microsoft
173
00:06:00,204 --> 00:06:03,180
three sixty five environment, like what's the sensitivity
174
00:06:03,319 --> 00:06:05,160
of that data, maybe I need licensing for
175
00:06:05,160 --> 00:06:07,660
things that give me capabilities like sensitivity labels,
176
00:06:08,199 --> 00:06:09,580
all that. And then
177
00:06:10,680 --> 00:06:12,520
once you've put it together, how do you
178
00:06:12,520 --> 00:06:14,600
have to tweak it, what does that look
179
00:06:14,600 --> 00:06:16,920
like, and kind of maintenance and everything beyond.
180
00:06:16,920 --> 00:06:19,085
So I figured it'd be a good kind
181
00:06:19,225 --> 00:06:21,625
of topic to hop into, and since it's
182
00:06:21,625 --> 00:06:23,404
been top of mind for you,
183
00:06:24,504 --> 00:06:27,944
it's certainly like fresh and right there. And
184
00:06:27,944 --> 00:06:30,300
you've got all the context from the conference
185
00:06:30,360 --> 00:06:32,600
and questions attendees asked you and things like
186
00:06:32,600 --> 00:06:35,000
that. So be a fun little whirlwind tour.
187
00:06:35,000 --> 00:06:37,160
It is, and it'll definitely be whirlwind because
188
00:06:37,160 --> 00:06:39,319
this was a seventy five minute session. Granted,
189
00:06:39,319 --> 00:06:41,180
there were demos and stuff in there, but
190
00:06:41,319 --> 00:06:43,319
it has been. It's been an interesting topic,
191
00:06:43,319 --> 00:06:45,194
and not only did I I kind of
192
00:06:45,194 --> 00:06:46,814
did a session on it because
193
00:06:47,194 --> 00:06:48,954
I don't even know how many clients I've
194
00:06:48,954 --> 00:06:51,595
had ask me about this recently. Like, hey,
195
00:06:51,595 --> 00:06:52,975
we want to deploy Copilot.
196
00:06:53,354 --> 00:06:54,875
What should we be thinking about? What does
197
00:06:54,875 --> 00:06:57,354
our environment look like? How do we prepare
198
00:06:57,354 --> 00:06:59,340
for it? And to your point, it's an
199
00:06:59,340 --> 00:07:01,660
interesting one because it's like, well, technically, this
200
00:07:01,660 --> 00:07:03,900
is stuff you should have been doing all
201
00:07:03,900 --> 00:07:06,139
along. But Copilot is just bringing it to
202
00:07:06,139 --> 00:07:07,900
the forefront to that point of that we've
203
00:07:07,900 --> 00:07:11,525
talked about before, is Copilot doesn't necessarily
204
00:07:12,225 --> 00:07:15,345
introduce any new security vulnerabilities. Like, I I
205
00:07:15,345 --> 00:07:16,785
don't know how many times I've talked about
206
00:07:16,785 --> 00:07:19,365
this. It just it brings to the forefront
207
00:07:19,824 --> 00:07:23,125
quicker and easier mistakes that maybe you've done
208
00:07:23,185 --> 00:07:24,004
in the past
209
00:07:24,360 --> 00:07:27,339
with your Microsoft three sixty five environment. And
210
00:07:27,560 --> 00:07:29,819
that's kinda where even this slide is, like
211
00:07:30,040 --> 00:07:31,800
and I'm sharing kind of the slides that
212
00:07:31,800 --> 00:07:33,639
I did at the presentation. We can work
213
00:07:33,639 --> 00:07:35,660
through those as we talk through it. But
214
00:07:35,720 --> 00:07:37,574
it all starts with what should you be
215
00:07:37,574 --> 00:07:40,535
thinking about when it comes to Copilot, and
216
00:07:40,535 --> 00:07:42,694
a lot of these bullet points too. The
217
00:07:42,694 --> 00:07:44,295
things I think through are like, what types
218
00:07:44,295 --> 00:07:45,895
of data do you have in Microsoft three
219
00:07:45,895 --> 00:07:47,435
sixty five? In particular,
220
00:07:47,975 --> 00:07:49,654
SharePoint. What type of data do you put
221
00:07:49,654 --> 00:07:52,069
in SharePoint? Because Copilot has access
222
00:07:52,689 --> 00:07:55,009
to Exchange or Outlook, your Teams, conversations, all
223
00:07:55,009 --> 00:07:56,930
of that stuff. But by and large, that's
224
00:07:56,930 --> 00:07:59,330
already secured. Right? Like It should be. It
225
00:07:59,330 --> 00:08:01,889
should be. And I don't think Copilot actually
226
00:08:01,889 --> 00:08:03,925
even has access yet to share mailboxes. I
227
00:08:03,925 --> 00:08:06,165
think that's one limitation is if someone shared
228
00:08:06,165 --> 00:08:08,085
their mailbox with you, they have access to
229
00:08:08,085 --> 00:08:08,905
a shared mailbox.
230
00:08:09,285 --> 00:08:12,004
I don't believe Copilot can reason over that.
231
00:08:12,004 --> 00:08:14,004
So I try to frame it as what
232
00:08:14,004 --> 00:08:15,605
types of data are out there. You wanna
233
00:08:15,605 --> 00:08:18,405
think about should Copilot have access to sensitive
234
00:08:18,405 --> 00:08:18,899
data.
235
00:08:19,300 --> 00:08:21,540
And this is one that maybe you haven't
236
00:08:21,540 --> 00:08:24,180
thought about before, but it's maybe you need
237
00:08:24,180 --> 00:08:26,100
access to sensitive data for your day to
238
00:08:26,100 --> 00:08:28,519
day work. Right? Like, you're in finance,
239
00:08:29,139 --> 00:08:30,439
you're in education,
240
00:08:31,404 --> 00:08:33,105
maybe there's data around
241
00:08:33,804 --> 00:08:35,585
bank accounts out there, there's
242
00:08:35,964 --> 00:08:38,304
financial spreadsheets out there, there's
243
00:08:38,845 --> 00:08:40,705
student data that's in your environment.
244
00:08:41,085 --> 00:08:43,644
People legitimately need access to some of that
245
00:08:43,644 --> 00:08:45,899
to do work, but do you want Copilot
246
00:08:46,040 --> 00:08:47,820
to have the same access to it that
247
00:08:47,879 --> 00:08:49,960
a user does if they just go open
248
00:08:49,960 --> 00:08:52,759
a particular file? So that's another thing to
249
00:08:52,759 --> 00:08:54,440
think about. And then one is just who
250
00:08:54,440 --> 00:08:56,040
has access to your content. Where has stuff
251
00:08:56,040 --> 00:08:58,225
been overshared? This one's been talked about a
252
00:08:58,225 --> 00:09:00,065
ton. And then thinking through, so how do
253
00:09:00,065 --> 00:09:02,245
you start fixing it, and how do you
254
00:09:02,304 --> 00:09:03,904
maintain it once you've done it? You have
255
00:09:03,904 --> 00:09:05,205
ten years of bad practices.
256
00:09:05,665 --> 00:09:07,985
You go spend six months fixing it. How
257
00:09:07,985 --> 00:09:10,404
do you keep those bad practices from continuing
258
00:09:10,785 --> 00:09:12,690
after you fix it? It's this kinda, like,
259
00:09:13,090 --> 00:09:14,710
whirlwind thing, and
260
00:09:16,129 --> 00:09:18,230
as I get more into the world
261
00:09:18,610 --> 00:09:21,429
in my day job of thinking about
262
00:09:21,889 --> 00:09:22,389
agentic
263
00:09:22,769 --> 00:09:25,169
AI and, like, some of the MCP stuff
264
00:09:25,169 --> 00:09:27,264
that we talked about, So if you look
265
00:09:27,264 --> 00:09:28,725
at tools like Copilot,
266
00:09:29,345 --> 00:09:31,845
you can go create your own declarative agent,
267
00:09:32,065 --> 00:09:33,504
you can maybe go create an agent in
268
00:09:33,504 --> 00:09:34,565
Copilot Studio,
269
00:09:35,105 --> 00:09:37,504
there's tools out there or there's services out
270
00:09:37,504 --> 00:09:39,745
there like Azure AI Foundry that then have
271
00:09:39,745 --> 00:09:41,504
their own tool integrations, all these kinds of
272
00:09:41,504 --> 00:09:44,519
things. So we're kind of on this weird
273
00:09:44,659 --> 00:09:46,360
cusp again of
274
00:09:46,820 --> 00:09:49,220
you have to rationalize things like Copilot and
275
00:09:49,220 --> 00:09:51,940
the value and TCO and all that for
276
00:09:51,940 --> 00:09:52,679
your organization,
277
00:09:53,460 --> 00:09:55,379
but now we're kind of looping back around
278
00:09:55,379 --> 00:09:55,879
to
279
00:09:56,259 --> 00:10:00,495
user access plus agent access or agentic access.
280
00:10:00,634 --> 00:10:02,154
So like what's the right way to build
281
00:10:02,154 --> 00:10:04,554
those things? What does that look like and
282
00:10:04,554 --> 00:10:06,095
how does that come together?
283
00:10:06,554 --> 00:10:07,054
Because
284
00:10:08,315 --> 00:10:10,875
eventually, it's like these things are all just
285
00:10:10,875 --> 00:10:12,554
going to be like talking to each other.
286
00:10:12,554 --> 00:10:15,190
Like that finance example that you have, it
287
00:10:15,190 --> 00:10:17,269
might be somebody going in and having access
288
00:10:17,269 --> 00:10:18,490
to a
289
00:10:19,029 --> 00:10:21,669
a fine tuned model, right, that helps them
290
00:10:21,669 --> 00:10:23,350
spit out a financial report at the end
291
00:10:23,350 --> 00:10:25,589
of the quarter. Like, use this template. Here's
292
00:10:25,589 --> 00:10:27,929
good examples. Here's how these are legally compliant.
293
00:10:28,205 --> 00:10:30,365
All these kinds of things, but, you know,
294
00:10:30,365 --> 00:10:33,345
those agents are going to either interact as
295
00:10:33,804 --> 00:10:36,205
real applications within the environment, so now you're
296
00:10:36,205 --> 00:10:38,365
back to like application access and thinking about
297
00:10:38,365 --> 00:10:40,784
scoping things, maybe like permissions
298
00:10:41,245 --> 00:10:41,745
for,
299
00:10:42,205 --> 00:10:44,409
for those, and what are the rights that
300
00:10:44,409 --> 00:10:46,570
you give them within the environment. It could
301
00:10:46,570 --> 00:10:48,330
be user access. It could be a mix
302
00:10:48,330 --> 00:10:50,830
of both depending on what was going on
303
00:10:51,049 --> 00:10:53,230
and how it composed and what came together.
304
00:10:53,529 --> 00:10:54,190
And then
305
00:10:54,570 --> 00:10:56,330
you further kind of muddy the waters there
306
00:10:56,330 --> 00:10:58,575
with, like, oh, like, maybe that's not an
307
00:10:58,575 --> 00:11:00,654
agent that's just or a user even that's
308
00:11:00,654 --> 00:11:03,295
interacting with, like, data in a single system
309
00:11:03,295 --> 00:11:03,955
like SharePoint.
310
00:11:04,335 --> 00:11:07,554
What happens when they're using the SAP connector
311
00:11:07,695 --> 00:11:10,240
or they're using the Dynamics connector, like, and
312
00:11:10,240 --> 00:11:12,320
you have these other systems that are talking
313
00:11:12,320 --> 00:11:13,440
to each other on the back end and
314
00:11:13,440 --> 00:11:15,759
these agentic workflows. And I think it does
315
00:11:15,759 --> 00:11:17,540
become, like, an important consideration
316
00:11:18,080 --> 00:11:19,059
along the way,
317
00:11:19,440 --> 00:11:22,879
and it's an it's an interesting thought exercise.
318
00:11:22,879 --> 00:11:24,375
I actually think it's a little scary too
319
00:11:24,375 --> 00:11:26,315
depending on, like, where you sit organizationally
320
00:11:26,774 --> 00:11:28,695
and how things are composed in your environment
321
00:11:28,695 --> 00:11:29,195
today,
322
00:11:29,654 --> 00:11:30,634
just to think about
323
00:11:31,095 --> 00:11:33,254
where we are today and where the world's
324
00:11:33,254 --> 00:11:34,875
gonna be in
325
00:11:35,894 --> 00:11:38,220
the the future. And the future could be
326
00:11:38,220 --> 00:11:39,660
really short. Like, it could be the next
327
00:11:39,660 --> 00:11:41,419
couple months, it could be maybe the next
328
00:11:41,419 --> 00:11:41,919
year.
329
00:11:42,220 --> 00:11:43,740
I don't think you can take you have
330
00:11:43,740 --> 00:11:46,379
the advantage of thinking ahead to five years
331
00:11:46,379 --> 00:11:48,059
from now kind of thing. And speaking of
332
00:11:48,059 --> 00:11:50,460
scary, can I go completely off topic about
333
00:11:50,460 --> 00:11:53,200
a scary, like Squirrel? Squirrel. Yeah. Okay. Squirrel.
334
00:11:53,475 --> 00:11:56,034
So but thinking about Copilot and AI and
335
00:11:56,034 --> 00:11:57,235
how you're asking it, I did see a
336
00:11:57,235 --> 00:11:58,774
really funny I think it was on Instagram
337
00:11:58,834 --> 00:12:00,595
where it was two people walking into a
338
00:12:00,595 --> 00:12:02,834
room or, like, somebody rang the doorbell of
339
00:12:02,834 --> 00:12:04,274
a door, and a guy picked up his
340
00:12:04,274 --> 00:12:06,914
phone and said, hey, ChatGPT, someone's knocking at
341
00:12:06,914 --> 00:12:08,220
my door. What should I do?
342
00:12:08,699 --> 00:12:10,779
And Chad GPT tells him to open it.
343
00:12:10,779 --> 00:12:13,500
And then he opens it, and the lady
344
00:12:13,500 --> 00:12:15,259
outside the door says, Hey, Chad GPT. He
345
00:12:15,259 --> 00:12:17,019
opened the door for me. Now what should
346
00:12:17,019 --> 00:12:19,100
I do? And it was, You should say
347
00:12:19,100 --> 00:12:20,939
hello or walk in the door and say
348
00:12:20,939 --> 00:12:23,495
hello. It was these people that literally were
349
00:12:23,495 --> 00:12:25,575
using their phones to have chat gbt tell
350
00:12:25,575 --> 00:12:27,575
them how to interact with each other, but
351
00:12:27,575 --> 00:12:30,315
I think it does highlight, like, how much
352
00:12:30,455 --> 00:12:31,274
we're asking
353
00:12:31,654 --> 00:12:33,495
AI and, again, a little bit of a
354
00:12:33,495 --> 00:12:35,100
rabbit hole, but how much are we becoming
355
00:12:35,100 --> 00:12:37,580
dependent on it and how it could actually
356
00:12:37,580 --> 00:12:39,759
be one of those scary environments where we,
357
00:12:39,899 --> 00:12:41,899
like, yeah, how it's going to change how
358
00:12:41,899 --> 00:12:43,360
we work, interact,
359
00:12:43,740 --> 00:12:45,899
live, etcetera. I think it can be scary.
360
00:12:45,899 --> 00:12:48,620
Like, it can be exciting, but I also
361
00:12:48,620 --> 00:12:52,584
think it kinda raises the priority or the
362
00:12:52,584 --> 00:12:55,304
importance of, like, thinking about these questions and
363
00:12:55,304 --> 00:12:57,245
thinking through them and making sure that
364
00:12:57,704 --> 00:12:58,204
as
365
00:12:58,584 --> 00:13:00,524
Microsoft three sixty five customers,
366
00:13:00,904 --> 00:13:03,065
could be Azure customer, really, like any kind
367
00:13:03,065 --> 00:13:05,959
of, like, SaaS cloud based product that's adopting
368
00:13:05,959 --> 00:13:07,559
these kinds of things, or even if you're
369
00:13:07,559 --> 00:13:09,879
bringing them into your internal environments, right, like
370
00:13:09,879 --> 00:13:12,759
these are all like I think they're common
371
00:13:12,759 --> 00:13:15,559
sense considerations, like there's nothing in here that's
372
00:13:15,559 --> 00:13:16,059
like,
373
00:13:16,519 --> 00:13:19,455
oh my gosh, like, but you have to
374
00:13:19,455 --> 00:13:21,555
really take the time and be intentional
375
00:13:22,014 --> 00:13:24,894
and go down the path of looking at
376
00:13:24,894 --> 00:13:26,575
all of them. Like it's not just a
377
00:13:26,575 --> 00:13:29,634
one dimensional kind of thing, it's this multidimensional
378
00:13:30,175 --> 00:13:31,475
kind of exercise
379
00:13:32,049 --> 00:13:32,549
to
380
00:13:33,090 --> 00:13:34,070
to get in. So,
381
00:13:35,410 --> 00:13:37,410
like, it's always kinda fun to do these
382
00:13:37,410 --> 00:13:39,330
things with you because I get access to
383
00:13:39,330 --> 00:13:41,170
the decks and your talks and everything, and
384
00:13:41,170 --> 00:13:42,610
we get to talk and plan it out
385
00:13:42,610 --> 00:13:43,809
ahead of time. So, like, I know a
386
00:13:43,809 --> 00:13:45,705
little bit about where the story's going. So
387
00:13:46,585 --> 00:13:48,184
why don't we keep kind of getting in
388
00:13:48,184 --> 00:13:51,225
that and kind of Yeah. Yeah. So I
389
00:13:51,225 --> 00:13:53,065
think, yeah, like, good place to start. Yeah.
390
00:13:53,065 --> 00:13:54,924
Just like, I've got the data out there.
391
00:13:54,985 --> 00:13:56,424
How do I figure out, like, what's out
392
00:13:56,424 --> 00:13:57,705
there and what's going? And like you said,
393
00:13:57,705 --> 00:13:59,429
like, for folks listening here, like, oh my
394
00:13:59,429 --> 00:14:01,429
gosh, these, like, crackpots are talking about Copilot
395
00:14:01,429 --> 00:14:04,009
and AI again. A lot of these concepts
396
00:14:04,149 --> 00:14:07,450
broadly apply to Microsoft March,
397
00:14:07,750 --> 00:14:09,370
and they might apply to,
398
00:14:09,909 --> 00:14:12,175
heck, your on prem SharePoint environment. Right? There
399
00:14:12,175 --> 00:14:14,415
was a CVE for SharePoint on prem last
400
00:14:14,415 --> 00:14:16,654
month. A lot of organizations had to go
401
00:14:16,654 --> 00:14:18,735
through this kind of, like, patching workflow due
402
00:14:18,735 --> 00:14:20,575
to a hack for on prem SharePoint that
403
00:14:20,575 --> 00:14:21,554
came out of China.
404
00:14:21,934 --> 00:14:24,355
All these things are broadly applicable.
405
00:14:24,735 --> 00:14:27,500
And, yeah, it sounds like common sense, but
406
00:14:28,039 --> 00:14:30,840
I encourage you, stick with us, and maybe
407
00:14:30,840 --> 00:14:33,259
you'll hear something in here that says, Oh,
408
00:14:33,320 --> 00:14:35,159
I didn't think about that, or, Oh, you
409
00:14:35,159 --> 00:14:36,519
know what? That one was on the back
410
00:14:36,519 --> 00:14:38,440
burner for me. Maybe I kinda need to
411
00:14:38,440 --> 00:14:40,595
lift it up the priority list and go
412
00:14:40,595 --> 00:14:42,034
spend a little bit more time on it.
413
00:14:42,034 --> 00:14:44,034
Yeah. And I would say some of these
414
00:14:44,034 --> 00:14:45,414
even are more broad
415
00:14:45,794 --> 00:14:47,975
than just SharePoint. And
416
00:14:48,595 --> 00:14:51,235
this first one, it's tools related to SharePoint,
417
00:14:51,235 --> 00:14:53,475
but it's concepts you need to think about
418
00:14:53,475 --> 00:14:54,679
for any
419
00:14:55,299 --> 00:14:57,539
data that maybe AI has access to. And
420
00:14:57,539 --> 00:14:59,779
when I start thinking about exploring the content,
421
00:14:59,779 --> 00:15:01,139
it's somewhat what I hit at before, but
422
00:15:01,139 --> 00:15:02,919
it's looking at sensitive data.
423
00:15:03,220 --> 00:15:05,700
Where is this sensitive data? What sensitive data
424
00:15:05,700 --> 00:15:07,940
is out there? And to your point, I
425
00:15:07,940 --> 00:15:10,315
was working with one client, and they have
426
00:15:10,315 --> 00:15:12,714
certain policies around what should be in SharePoint
427
00:15:12,714 --> 00:15:15,034
and what shouldn't be. And this was not
428
00:15:15,034 --> 00:15:17,195
even a Copilot exercise. This was just, like,
429
00:15:17,195 --> 00:15:18,334
overall data governance.
430
00:15:18,794 --> 00:15:21,195
And I used Data Explorer, so we'll tie
431
00:15:21,195 --> 00:15:23,034
this in a little bit, Data Explorer in
432
00:15:23,034 --> 00:15:25,529
Microsoft three sixty five. But however you do
433
00:15:25,529 --> 00:15:27,610
this, it's we found data. We're like, did
434
00:15:27,610 --> 00:15:29,610
you know you have these Social Security numbers
435
00:15:29,610 --> 00:15:31,850
in your SharePoint environment? We're like, no. We
436
00:15:31,850 --> 00:15:33,769
had no idea. So they went in and
437
00:15:33,769 --> 00:15:35,529
cleaned that up right away. But that's one
438
00:15:35,529 --> 00:15:36,985
of the first things is how do you
439
00:15:36,985 --> 00:15:39,225
explore this content? Whether it's Data Explorer in
440
00:15:39,225 --> 00:15:42,125
Microsoft three sixty five or there's
441
00:15:42,745 --> 00:15:44,745
what is it? There's I'm drawing a blank
442
00:15:44,745 --> 00:15:46,665
on it. It's is it part of Azure
443
00:15:46,665 --> 00:15:48,524
Information Explorer? It's,
444
00:15:49,250 --> 00:15:50,929
you can use it on a file share
445
00:15:50,929 --> 00:15:53,009
to actually explore the file share and scan
446
00:15:53,009 --> 00:15:55,090
all your content on a file share, and
447
00:15:55,090 --> 00:15:57,409
it has some ties into Purview. Azure Data
448
00:15:57,409 --> 00:15:59,409
Explorer. Yeah. And then Yeah. That ties into
449
00:15:59,409 --> 00:16:00,070
this weird
450
00:16:00,529 --> 00:16:02,384
weird I mean, it is what it is.
451
00:16:02,465 --> 00:16:04,085
Its name's like per Purview,
452
00:16:04,785 --> 00:16:07,424
Activity Explorer, something like that, but that's that
453
00:16:07,424 --> 00:16:10,225
kinda large data volume. Hey. Let me go
454
00:16:10,225 --> 00:16:11,585
and scan that thing. So it's part of
455
00:16:11,585 --> 00:16:14,625
Purview and the compliance stack. Yeah. So there's
456
00:16:14,625 --> 00:16:16,649
that. And then the next one is just
457
00:16:16,809 --> 00:16:17,309
oversharing.
458
00:16:17,610 --> 00:16:19,710
And again, Microsoft three sixty five,
459
00:16:20,490 --> 00:16:23,629
I talk about the data access governance insights.
460
00:16:23,930 --> 00:16:26,670
This one's another one. There's some PowerShell commandlets.
461
00:16:26,809 --> 00:16:28,670
It's start SPO
462
00:16:29,129 --> 00:16:31,804
data access governance insight. We'll put links to
463
00:16:31,804 --> 00:16:34,444
this PowerShell commandlet in the show notes. But
464
00:16:34,444 --> 00:16:36,464
you can go run this particular
465
00:16:36,845 --> 00:16:39,824
report and look at OneDrive for business
466
00:16:40,204 --> 00:16:42,384
and look at SharePoint and
467
00:16:42,845 --> 00:16:44,225
spit out a summary
468
00:16:45,289 --> 00:16:48,990
of how many different types of sharing links
469
00:16:49,129 --> 00:16:51,289
exist in your environment. I was looking at
470
00:16:51,289 --> 00:16:53,450
one client. We looked at OneDrive. We found
471
00:16:53,450 --> 00:16:55,070
out this particular individual
472
00:16:55,529 --> 00:16:57,450
had content in their OneDrive, and one of
473
00:16:57,450 --> 00:16:59,370
the aspects of this report is how many
474
00:16:59,370 --> 00:17:01,585
people it's shared with. He had content shared
475
00:17:01,585 --> 00:17:03,845
with almost 2,500
476
00:17:04,144 --> 00:17:05,045
different people
477
00:17:05,585 --> 00:17:08,144
hosted in his OneDrive. There's also some data
478
00:17:08,144 --> 00:17:10,465
access governance reports in the SharePoint admin center
479
00:17:10,465 --> 00:17:12,785
that get included with Copilot now. I've written
480
00:17:12,785 --> 00:17:14,884
some custom PowerShell scripts where
481
00:17:15,259 --> 00:17:17,820
it actually goes through and looks at all
482
00:17:17,820 --> 00:17:19,980
the content in SharePoint and spits out sharing
483
00:17:19,980 --> 00:17:21,980
links and URLs and the title of the
484
00:17:21,980 --> 00:17:23,980
files and all of that. But this is
485
00:17:23,980 --> 00:17:25,440
really going back to
486
00:17:25,740 --> 00:17:27,519
where is content shared
487
00:17:27,914 --> 00:17:30,715
with people that shouldn't have access to it,
488
00:17:30,715 --> 00:17:33,394
whether it was laziness and just putting in
489
00:17:33,515 --> 00:17:34,875
I mean, not a file share, putting in,
490
00:17:34,875 --> 00:17:36,735
oh, we'll just share this with domain users
491
00:17:36,795 --> 00:17:37,934
and then not realizing
492
00:17:38,475 --> 00:17:41,295
what people have maybe dropped in that particular
493
00:17:41,434 --> 00:17:43,055
folder that shouldn't be there
494
00:17:43,410 --> 00:17:45,830
or forgetting that it was shared with everybody
495
00:17:46,369 --> 00:17:48,210
or somebody meant to do it at a
496
00:17:48,210 --> 00:17:50,130
subfolder and accidentally did it at the parent
497
00:17:50,130 --> 00:17:50,630
folder.
498
00:17:50,930 --> 00:17:53,730
All those same things apply to file shares,
499
00:17:53,730 --> 00:17:54,390
to SharePoint.
500
00:17:54,769 --> 00:17:56,950
I mean, technically, it can apply to Dropbox,
501
00:17:57,090 --> 00:17:57,590
Box.
502
00:17:57,944 --> 00:18:00,365
Anywhere where you have content is really thinking
503
00:18:00,505 --> 00:18:01,005
through,
504
00:18:01,704 --> 00:18:04,024
and how do you report on where is
505
00:18:04,024 --> 00:18:06,505
content shared more broadly than it should be,
506
00:18:06,904 --> 00:18:08,744
or where are folders? This is the other
507
00:18:08,744 --> 00:18:11,065
interesting one. Where are folders shared more broadly
508
00:18:11,065 --> 00:18:13,019
than they should be? And people can just
509
00:18:13,019 --> 00:18:14,620
drop content into it, and all of a
510
00:18:14,620 --> 00:18:17,340
sudden it becomes shared because they just dropped
511
00:18:17,340 --> 00:18:19,180
it in a folder or a SharePoint site
512
00:18:19,500 --> 00:18:22,220
Mhmm. Or a Teams SharePoint site, any of
513
00:18:22,220 --> 00:18:22,720
those.
514
00:18:26,535 --> 00:18:28,695
Do you feel overwhelmed by trying to manage
515
00:18:28,695 --> 00:18:30,934
your Office three sixty five environment? Are you
516
00:18:30,934 --> 00:18:34,315
facing unexpected issues that disrupt your company's productivity?
517
00:18:34,535 --> 00:18:36,535
IntelliJunk is here to help. Much like you
518
00:18:36,535 --> 00:18:38,375
take your car to the mechanic that has
519
00:18:38,375 --> 00:18:40,535
specialized knowledge on how to best keep your
520
00:18:40,535 --> 00:18:43,529
car running, Intelligent helps you with your Microsoft
521
00:18:43,589 --> 00:18:47,109
cloud environment because that's their expertise. Intelligent keeps
522
00:18:47,109 --> 00:18:49,129
up with the latest updates in the Microsoft
523
00:18:49,190 --> 00:18:51,429
cloud to help keep your business running smoothly
524
00:18:51,429 --> 00:18:53,269
and ahead of the curve. Whether you are
525
00:18:53,269 --> 00:18:55,195
a small organization with just a few users
526
00:18:55,195 --> 00:18:55,241
up to an organization of several thousand employees,
527
00:18:55,241 --> 00:18:55,929
they want to partner with you to
528
00:18:56,595 --> 00:18:57,095
implement
529
00:19:00,755 --> 00:19:04,934
and administer your Microsoft cloud technology. Visit them
530
00:19:05,075 --> 00:19:07,815
at inteligink.com/podcast.
531
00:19:08,115 --> 00:19:14,759
That's intelligink.com/podcast
532
00:19:15,140 --> 00:19:17,220
for more information or to schedule a thirty
533
00:19:17,220 --> 00:19:19,319
minute call to get started with them today.
534
00:19:19,619 --> 00:19:22,980
Remember, Intelligink focuses on the Microsoft cloud so
535
00:19:22,980 --> 00:19:24,734
you can focus on your business.
536
00:19:26,894 --> 00:19:27,775
So that was one of,
537
00:19:28,575 --> 00:19:29,075
configuration
538
00:19:29,375 --> 00:19:32,115
changes, again, where somebody accidentally changes permissions,
539
00:19:32,414 --> 00:19:35,375
sets up permissions the wrong way. One interesting
540
00:19:35,375 --> 00:19:36,974
thing that came out, I hadn't thought of
541
00:19:36,974 --> 00:19:37,795
this before,
542
00:19:38,259 --> 00:19:40,099
but somebody else brought it up at the
543
00:19:40,099 --> 00:19:41,779
conference and I was like, oh, that's an
544
00:19:41,779 --> 00:19:45,480
interesting one, is comparing sites or duplicate content.
545
00:19:45,700 --> 00:19:47,779
How many companies have you been in, Scott,
546
00:19:47,779 --> 00:19:49,859
where, like, somebody creates a file and then
547
00:19:49,859 --> 00:19:51,494
creates that file v two and v three
548
00:19:51,494 --> 00:19:52,535
and v four and v five and v
549
00:19:52,535 --> 00:19:54,134
six and v seven, all the way up
550
00:19:54,134 --> 00:19:56,134
to whatever, and now you have, like, 20
551
00:19:56,134 --> 00:19:59,575
copies of a nearly identical file all out
552
00:19:59,575 --> 00:20:01,914
there? Guess what gets really confused
553
00:20:02,590 --> 00:20:04,910
about pulling accurate information when you have 10
554
00:20:04,910 --> 00:20:07,890
or 20 nearly identical files? Doctor. Nearly identical
555
00:20:08,910 --> 00:20:11,890
and also mixed in with identical identical, right?
556
00:20:12,110 --> 00:20:12,850
Doctor. Right.
557
00:20:13,869 --> 00:20:15,009
Doctor. I do this sometimes
558
00:20:15,309 --> 00:20:15,809
where
559
00:20:16,865 --> 00:20:18,465
somebody writes a paper and I'm like, Oh,
560
00:20:18,465 --> 00:20:19,984
I want to save that as an example
561
00:20:19,984 --> 00:20:21,664
for later. So I take that and put
562
00:20:21,664 --> 00:20:23,105
it in my OneDrive and it's still like
563
00:20:23,105 --> 00:20:25,345
the canonical version still sits, but I want
564
00:20:25,345 --> 00:20:27,184
like that point in time snapshot maybe to
565
00:20:27,184 --> 00:20:28,484
reference back to you later
566
00:20:28,865 --> 00:20:31,205
as a doc, a PDF, a PowerPoint, whatever.
567
00:20:31,399 --> 00:20:33,099
So my OneDrive is like just
568
00:20:33,480 --> 00:20:36,200
absolutely littered with things like that. I can
569
00:20:36,200 --> 00:20:38,119
tell you very specifically what does not do
570
00:20:38,119 --> 00:20:40,940
a good job here is Copilot notebooks,
571
00:20:41,240 --> 00:20:42,299
which we talked about.
572
00:20:42,919 --> 00:20:44,759
I actually did this recently where I had
573
00:20:44,759 --> 00:20:45,293
a couple iterations of not the same document,
574
00:20:45,293 --> 00:20:45,471
but similar documents. It was more like there
575
00:20:45,471 --> 00:20:46,139
was a section in this one,
576
00:20:58,575 --> 00:21:00,515
limitations of Copilot notebooks
577
00:21:00,849 --> 00:21:03,409
because what the notebook was doing was while
578
00:21:03,409 --> 00:21:05,250
it was grounded in the information that was
579
00:21:05,250 --> 00:21:06,929
available in there, right, I added these, like,
580
00:21:06,929 --> 00:21:08,929
I actually went beyond the limit. I had
581
00:21:08,929 --> 00:21:11,250
to take docs out because you can only
582
00:21:11,250 --> 00:21:12,470
have, like, up to 20
583
00:21:12,974 --> 00:21:15,694
documents in a Copilot notebook right now or
584
00:21:15,694 --> 00:21:17,554
combination of documents and OneNote
585
00:21:17,855 --> 00:21:19,214
and things like that. So I was at,
586
00:21:19,214 --> 00:21:20,894
like, 28 or something. So I was really
587
00:21:20,894 --> 00:21:22,815
trying to confuse it, but it was getting,
588
00:21:22,815 --> 00:21:25,375
like, extra confused because not only were the
589
00:21:25,375 --> 00:21:27,750
documents in the Copilot notebook where I'd said,
590
00:21:27,750 --> 00:21:29,430
hey. Here they are. Like, here's the canonical
591
00:21:29,430 --> 00:21:29,930
version,
592
00:21:30,470 --> 00:21:32,470
but other people had copies of them out
593
00:21:32,470 --> 00:21:34,630
there, like you said. Like, they had the
594
00:21:34,789 --> 00:21:36,390
like, they've done the thing I did, right,
595
00:21:36,390 --> 00:21:38,170
where they made a copy in their own
596
00:21:38,230 --> 00:21:39,589
space. But when they made a copy in
597
00:21:39,589 --> 00:21:41,505
their own space, like, some folks put those
598
00:21:41,505 --> 00:21:43,505
in other public areas that I have access
599
00:21:43,505 --> 00:21:45,105
to, or they might have emailed it to
600
00:21:45,105 --> 00:21:47,265
me. So, like, figuring out how to wrangle
601
00:21:47,265 --> 00:21:49,664
the prompts and get things to where, like,
602
00:21:49,664 --> 00:21:51,184
oh, I actually can do what I wanna
603
00:21:51,184 --> 00:21:52,945
do with this, super hard to do. I
604
00:21:52,945 --> 00:21:55,025
wasted more time in the Copilot notebook trying
605
00:21:55,025 --> 00:21:56,519
to get it to behave the right way
606
00:21:56,759 --> 00:21:58,779
when I literally could've just
607
00:21:59,080 --> 00:22:01,559
walked over to my 32 inch monitor and
608
00:22:01,559 --> 00:22:03,160
pulled up five docs on the top row
609
00:22:03,160 --> 00:22:04,440
and five docs on the bottom row and
610
00:22:04,440 --> 00:22:05,900
just started, like, scrolling through.
611
00:22:06,599 --> 00:22:08,839
I I would've been better off for the
612
00:22:08,839 --> 00:22:10,484
amount of time that I was trying to
613
00:22:10,484 --> 00:22:12,565
fight that process and have it come through.
614
00:22:12,565 --> 00:22:13,845
But it was a good lesson for me,
615
00:22:13,845 --> 00:22:15,684
like, hey. Right tool for the right job.
616
00:22:15,684 --> 00:22:17,464
Here's the limitation of this thing.
617
00:22:17,765 --> 00:22:19,545
But it it did kinda
618
00:22:20,005 --> 00:22:21,525
get the back of my head tingling, like
619
00:22:21,525 --> 00:22:23,625
the Spidey sense going, right, to say, like,
620
00:22:23,859 --> 00:22:27,399
I wonder, like, what happens to other people
621
00:22:27,460 --> 00:22:29,460
or how this is out here. So it
622
00:22:29,460 --> 00:22:30,579
it was one of those things I saw
623
00:22:30,579 --> 00:22:32,019
it in the presentation here. I was like,
624
00:22:32,419 --> 00:22:34,819
like, good. Ben Ben's thought about this too.
625
00:22:34,819 --> 00:22:36,419
I'm not crazy. Doctor. I'm thinking about this,
626
00:22:36,419 --> 00:22:38,625
and this is a tool I recently found
627
00:22:38,625 --> 00:22:41,345
out. It's the site policy comparison tool in
628
00:22:41,345 --> 00:22:43,984
the SharePoint admin center, and it'll go I've
629
00:22:43,984 --> 00:22:45,105
never even heard of that one, but I
630
00:22:45,105 --> 00:22:46,384
haven't I haven't spent a lot of yeah.
631
00:22:46,384 --> 00:22:47,585
I haven't spent a lot of time in
632
00:22:47,585 --> 00:22:50,005
SharePoint lately. The downside is it doesn't necessarily
633
00:22:50,304 --> 00:22:51,365
look for duplicate
634
00:22:52,349 --> 00:22:54,670
files, but it will tell you if you
635
00:22:54,670 --> 00:22:55,890
have two sites
636
00:22:56,349 --> 00:22:57,950
where over 70%
637
00:22:57,950 --> 00:23:00,769
of the content on the sites is duplicated.
638
00:23:01,309 --> 00:23:03,150
So it's like if somebody took a copy
639
00:23:03,150 --> 00:23:05,230
of a site or copied all the contents
640
00:23:05,230 --> 00:23:07,684
of a site to another site, it would
641
00:23:07,684 --> 00:23:09,684
be nice to maybe see it expanded in
642
00:23:09,684 --> 00:23:12,505
the future to look for just duplicate files.
643
00:23:12,565 --> 00:23:14,964
Like, do a file comparison of how many
644
00:23:14,964 --> 00:23:17,765
nearly duplicate files do I have across my
645
00:23:17,765 --> 00:23:19,924
environment. I imagine it that takes a little
646
00:23:19,924 --> 00:23:23,440
bit more processing power, but it's it's definitely
647
00:23:23,440 --> 00:23:24,740
a thing. And then
648
00:23:25,120 --> 00:23:26,640
I wrapped up here too when I was
649
00:23:26,640 --> 00:23:28,559
giving this presentation with just a few tools
650
00:23:28,559 --> 00:23:30,019
and examples of
651
00:23:30,320 --> 00:23:31,539
using custom PowerShell
652
00:23:32,000 --> 00:23:33,860
to look for some of these things. Microsoft
653
00:23:33,920 --> 00:23:34,660
has reports.
654
00:23:35,025 --> 00:23:37,664
They're not always as detailed as you need,
655
00:23:37,664 --> 00:23:39,505
and that's where I wrote some of these
656
00:23:39,505 --> 00:23:41,744
reports to pull a list of all my
657
00:23:41,744 --> 00:23:43,825
files and all my sharing links across all
658
00:23:43,825 --> 00:23:45,924
of SharePoint. I need to go tweak it.
659
00:23:46,305 --> 00:23:48,144
I looked ran this against a site that
660
00:23:48,144 --> 00:23:50,220
had, like, millions of items. I think the
661
00:23:50,220 --> 00:23:53,179
PowerShell script was running for, like, three weeks.
662
00:23:53,179 --> 00:23:55,259
Takes a hot minute to enumerate that much
663
00:23:55,259 --> 00:23:57,420
data. Yeah. Yeah. But then I had a
664
00:23:57,420 --> 00:23:59,339
CSV from all of the sites in the
665
00:23:59,339 --> 00:24:01,579
environment with all of the sharing links, and
666
00:24:01,579 --> 00:24:02,779
I went and threw them out in Azure
667
00:24:02,779 --> 00:24:04,555
Data Explorer, And then I could do a
668
00:24:04,555 --> 00:24:07,914
bunch of KQL to go help narrow it
669
00:24:07,914 --> 00:24:10,555
down, like, how many organizational wide sharing links
670
00:24:10,555 --> 00:24:12,154
do I have? Which sites have the most
671
00:24:12,154 --> 00:24:13,134
sharing links?
672
00:24:13,515 --> 00:24:15,900
Where are all my links that don't have
673
00:24:16,059 --> 00:24:18,220
expiration dates on them, and they've just been
674
00:24:18,220 --> 00:24:20,400
shared indefinitely for years and years?
675
00:24:20,779 --> 00:24:23,099
So just a couple different ways there to
676
00:24:23,099 --> 00:24:25,180
help dig through the content a little bit
677
00:24:25,180 --> 00:24:27,500
more. I think it's generally manageable and goes
678
00:24:27,500 --> 00:24:29,035
back to the a little bit of, like,
679
00:24:29,035 --> 00:24:31,115
hey. Like, this stuff is known, but you
680
00:24:31,115 --> 00:24:34,095
as a customer need to go out and
681
00:24:34,955 --> 00:24:37,055
spend that time, do that research,
682
00:24:37,595 --> 00:24:39,115
and figure out what that is. Like, a
683
00:24:39,115 --> 00:24:40,555
lot of the things you're talking about here,
684
00:24:40,555 --> 00:24:42,394
like, maybe like a PowerShell script for that
685
00:24:42,394 --> 00:24:45,170
discovery aspect, like, these things exist. There's a
686
00:24:45,170 --> 00:24:46,390
bunch of community examples,
687
00:24:46,690 --> 00:24:49,910
blog posts, stuff on GitHub from community contributors,
688
00:24:50,210 --> 00:24:52,869
from Microsoft themselves. Right? But
689
00:24:53,250 --> 00:24:55,009
you don't have to reinvent the wheel, but
690
00:24:55,009 --> 00:24:56,529
you do gotta do some work along the
691
00:24:56,529 --> 00:24:58,674
way. From there, then it's, okay, now I
692
00:24:58,674 --> 00:25:00,755
know what I have. How do you go
693
00:25:00,755 --> 00:25:01,734
in and
694
00:25:02,115 --> 00:25:03,494
fix it all? And
695
00:25:04,035 --> 00:25:05,555
this is where I get a ton of
696
00:25:05,555 --> 00:25:06,695
discussion because,
697
00:25:07,315 --> 00:25:08,055
for instance,
698
00:25:08,434 --> 00:25:10,674
another example, one of my clients, they had,
699
00:25:10,674 --> 00:25:12,375
like, 45,000
700
00:25:12,515 --> 00:25:13,015
links
701
00:25:13,330 --> 00:25:14,390
across their organization.
702
00:25:14,930 --> 00:25:17,029
Like, how do we even begin to
703
00:25:17,410 --> 00:25:19,490
fix this or evaluate it? You cross your
704
00:25:19,490 --> 00:25:21,890
fingers and you hope for the best. Right?
705
00:25:21,890 --> 00:25:25,109
And it's that whole combination of one is
706
00:25:25,330 --> 00:25:26,930
we need to get a lot better at
707
00:25:26,930 --> 00:25:29,734
permissions in SharePoint. I'm guilty of this, Scott.
708
00:25:29,734 --> 00:25:31,815
I have examples. I can think of examples
709
00:25:31,815 --> 00:25:32,474
with clients
710
00:25:32,775 --> 00:25:34,855
where I totally did the whole security by
711
00:25:34,855 --> 00:25:37,595
obscurity. Mhmm. Again, maybe not a big deal
712
00:25:37,654 --> 00:25:38,154
because
713
00:25:38,615 --> 00:25:39,974
a lot of times when I did this,
714
00:25:39,974 --> 00:25:41,609
it's, yeah, we don't necessarily
715
00:25:42,150 --> 00:25:44,789
want people to just stumble across it. If
716
00:25:44,789 --> 00:25:46,630
they find it, it's not the end of
717
00:25:46,630 --> 00:25:47,289
the world.
718
00:25:47,750 --> 00:25:49,109
We just wanna make it a little bit
719
00:25:49,109 --> 00:25:52,069
more difficult. Well, with Copilot, that difficulty becomes
720
00:25:52,069 --> 00:25:53,690
a lot less. So I think you
721
00:25:54,304 --> 00:25:56,704
you definitely want to be thinking about permissions
722
00:25:56,704 --> 00:25:59,265
a lot more in SharePoint, avoiding the whole
723
00:25:59,265 --> 00:26:01,825
security by obscurity and doing security the right
724
00:26:01,825 --> 00:26:04,304
way. There's these opportunities, right, to go and
725
00:26:04,304 --> 00:26:05,904
think about these things. Yep. The thing I
726
00:26:05,904 --> 00:26:08,304
always think about in the back of my
727
00:26:08,304 --> 00:26:10,769
head I'm a little spoiled here, right? Like
728
00:26:10,769 --> 00:26:14,230
like my employer kinda just has every capability
729
00:26:14,450 --> 00:26:15,349
lit up, and
730
00:26:16,369 --> 00:26:19,029
everything's available to me there as a user,
731
00:26:19,329 --> 00:26:21,809
as a developer, as an admin, like I
732
00:26:21,809 --> 00:26:23,970
can go make all those things happen and
733
00:26:23,970 --> 00:26:26,184
play in the playground, and it's all hunky
734
00:26:26,184 --> 00:26:27,484
dory and great. But
735
00:26:27,865 --> 00:26:30,285
I think there is a step for customers
736
00:26:30,345 --> 00:26:32,684
to rationalize along the way, things like licensing.
737
00:26:32,744 --> 00:26:33,644
Right? Like,
738
00:26:34,505 --> 00:26:36,125
now not only do I need to evaluate
739
00:26:36,184 --> 00:26:37,865
if I need the feature, now I need
740
00:26:37,865 --> 00:26:39,404
to weigh out, do I need the feature,
741
00:26:39,545 --> 00:26:40,045
and
742
00:26:40,490 --> 00:26:42,570
can I afford the feature, or does the
743
00:26:42,570 --> 00:26:44,109
feature have the right kind
744
00:26:44,490 --> 00:26:45,230
of TCO
745
00:26:45,529 --> 00:26:47,630
for my company? So that could be things
746
00:26:47,690 --> 00:26:49,070
like the ability
747
00:26:49,490 --> 00:26:49,990
to
748
00:26:50,410 --> 00:26:53,450
apply sensitivity labels, right, and enforce them. It
749
00:26:53,450 --> 00:26:54,190
could be
750
00:26:54,535 --> 00:26:56,454
some of the Purview components that are out
751
00:26:56,454 --> 00:26:57,894
there. Like, those are gonna cost you money
752
00:26:57,894 --> 00:27:00,214
for maybe Purview. They might cost you money
753
00:27:00,214 --> 00:27:02,535
per API call, right, to to come in
754
00:27:02,535 --> 00:27:04,775
and figure that. So, like, hey, are you
755
00:27:04,775 --> 00:27:06,855
gonna figure out that like, like, how do
756
00:27:06,855 --> 00:27:08,454
you figure out, like and sit down. Like,
757
00:27:08,454 --> 00:27:10,910
you gotta do some kinda hard modeling and
758
00:27:10,910 --> 00:27:12,369
a little bit of work and extrapolation
759
00:27:12,750 --> 00:27:13,650
and other things
760
00:27:14,109 --> 00:27:17,710
based on your environment, your users, your corpus
761
00:27:17,710 --> 00:27:18,369
of data,
762
00:27:18,910 --> 00:27:21,070
all that kind of stuff. I will say,
763
00:27:21,070 --> 00:27:24,054
generally, like, it feels like the TCO is
764
00:27:24,054 --> 00:27:25,494
there and like the juice is worth the
765
00:27:25,494 --> 00:27:27,275
squeeze as of right now,
766
00:27:27,654 --> 00:27:30,535
but, you know, my thinking, like I said,
767
00:27:30,535 --> 00:27:32,214
is kind of colored by just having access
768
00:27:32,214 --> 00:27:33,595
to everything all the time.
769
00:27:33,974 --> 00:27:36,474
And I don't know that I'm so grounded
770
00:27:36,775 --> 00:27:37,275
in,
771
00:27:37,769 --> 00:27:41,049
here's like a vanilla tenant. Right? Somebody who
772
00:27:41,049 --> 00:27:43,210
never came off, like, e threes or something
773
00:27:43,210 --> 00:27:45,450
like that, and they're still in in that
774
00:27:45,450 --> 00:27:46,349
world because
775
00:27:46,730 --> 00:27:48,650
I've been in different one for a while
776
00:27:48,650 --> 00:27:50,170
now, and I think it does, like, change
777
00:27:50,170 --> 00:27:51,849
and color my thinking. We could go down
778
00:27:51,849 --> 00:27:52,515
a whole licensing
779
00:28:05,795 --> 00:28:08,329
features that you pay for. If you use
780
00:28:08,329 --> 00:28:09,710
everything that's in the license,
781
00:28:10,730 --> 00:28:12,329
I can't I feel like it's worth it.
782
00:28:12,329 --> 00:28:14,970
I'm also a small company. You work for
783
00:28:14,970 --> 00:28:16,970
the company that owns it all. It is
784
00:28:16,970 --> 00:28:18,109
absolutely expensive.
785
00:28:18,424 --> 00:28:20,505
I'm not gonna deny that either. I look
786
00:28:20,505 --> 00:28:22,345
at some of these bills where you get
787
00:28:22,345 --> 00:28:24,765
into eight, ten thousand person companies
788
00:28:25,144 --> 00:28:25,644
spending
789
00:28:26,025 --> 00:28:26,765
$50
790
00:28:27,544 --> 00:28:30,345
on an e five. I mean, that's, yeah,
791
00:28:30,345 --> 00:28:30,845
50.
792
00:28:31,480 --> 00:28:33,799
You're hundreds of thousands or millions of dollars
793
00:28:33,799 --> 00:28:35,480
a year in investment, and then there are
794
00:28:35,480 --> 00:28:37,399
companies that are still using other third parties.
795
00:28:37,399 --> 00:28:39,559
I was on with one today, and they're
796
00:28:39,559 --> 00:28:41,960
using a different antivirus. They're using something else
797
00:28:41,960 --> 00:28:43,799
for MDM. And I'm like Mhmm. Do I
798
00:28:43,799 --> 00:28:45,904
think you could use e five? Yeah. Is
799
00:28:45,904 --> 00:28:47,585
it a little harder to justify it when
800
00:28:47,585 --> 00:28:49,345
you're not gonna use all the features because
801
00:28:49,345 --> 00:28:50,964
you're using other third party features?
802
00:28:51,345 --> 00:28:53,345
Absolutely. Mhmm. Do you need to make that
803
00:28:53,345 --> 00:28:55,184
choice of where you want it to sit?
804
00:28:55,184 --> 00:28:56,804
I think it's part of, like, the rationalization.
805
00:28:57,105 --> 00:28:59,845
Right? So once you've onboarded to these things,
806
00:29:00,070 --> 00:29:02,470
kind of opened a little bit your talk
807
00:29:02,470 --> 00:29:03,289
track around
808
00:29:03,910 --> 00:29:06,809
maintenance and governance and ongoing kinds of things,
809
00:29:07,269 --> 00:29:09,670
these are certainly part of that conversation. So
810
00:29:09,670 --> 00:29:11,990
you might start off your journey at license
811
00:29:11,990 --> 00:29:12,970
level a,
812
00:29:13,315 --> 00:29:15,474
and then you sit and you hear about
813
00:29:15,474 --> 00:29:17,474
like a new capability or something that might
814
00:29:17,474 --> 00:29:18,755
be in a license, it might be a
815
00:29:18,755 --> 00:29:20,755
one off feature you can buy, so you're
816
00:29:20,755 --> 00:29:23,174
kind of on this constant path of evaluation.
817
00:29:23,315 --> 00:29:24,914
I I used to think about this all
818
00:29:24,914 --> 00:29:26,455
the time when I was doing
819
00:29:26,835 --> 00:29:28,855
SharePoint and Office three sixty five
820
00:29:29,259 --> 00:29:29,759
consulting
821
00:29:30,299 --> 00:29:31,599
and kind of administration
822
00:29:32,059 --> 00:29:32,799
for organizations
823
00:29:33,259 --> 00:29:34,640
and things like that, like,
824
00:29:35,259 --> 00:29:35,759
is
825
00:29:36,380 --> 00:29:37,920
your role goes from
826
00:29:38,700 --> 00:29:40,720
hugging servers and managing infrastructure
827
00:29:41,259 --> 00:29:42,799
to changing a lot into
828
00:29:43,099 --> 00:29:44,345
just rationalizing
829
00:29:44,964 --> 00:29:46,664
ROI for your organization,
830
00:29:47,285 --> 00:29:49,684
what's your total cost of ownership. So, like,
831
00:29:49,684 --> 00:29:51,325
you know, that ten hours a week that
832
00:29:51,325 --> 00:29:53,285
you used to spend patching servers, well, guess
833
00:29:53,285 --> 00:29:54,884
what? You're spending ten hours a week now
834
00:29:54,884 --> 00:29:57,359
maybe doing, like, comparative research and going out
835
00:29:57,359 --> 00:29:59,440
there, and may maybe doing things like lighting
836
00:29:59,440 --> 00:30:01,460
this up in, like, test environments
837
00:30:02,160 --> 00:30:04,740
and really trying to figure it out. So
838
00:30:05,039 --> 00:30:06,720
the world is changing rapidly. I think we
839
00:30:06,720 --> 00:30:08,240
all kinda see that, right? Like, it's all
840
00:30:08,240 --> 00:30:10,099
moving at a kind of a crazy pace
841
00:30:10,345 --> 00:30:10,845
going
842
00:30:11,305 --> 00:30:14,125
in different directions and often feels like diverging
843
00:30:14,184 --> 00:30:15,164
directions. Like,
844
00:30:15,545 --> 00:30:16,745
all of a sudden, you were going to
845
00:30:16,745 --> 00:30:17,705
the right and you were on a path,
846
00:30:17,705 --> 00:30:19,625
and you're like, no. I gotta turn the
847
00:30:19,625 --> 00:30:20,904
car around, do a one eighty, and go
848
00:30:20,904 --> 00:30:22,184
back the other way, and drive just as
849
00:30:22,184 --> 00:30:23,384
far as you just came, but in the
850
00:30:23,384 --> 00:30:26,160
opposite direction, and then some kind of thing.
851
00:30:26,160 --> 00:30:26,660
So
852
00:30:27,039 --> 00:30:27,940
it is important
853
00:30:28,400 --> 00:30:31,059
to think through this stuff to go back
854
00:30:31,119 --> 00:30:33,519
and look at it, and kind of figure
855
00:30:33,519 --> 00:30:36,419
out and weigh it. And is that justification
856
00:30:38,035 --> 00:30:40,355
there along the way for you? And then
857
00:30:40,355 --> 00:30:42,914
even once the justification's there, there's still all
858
00:30:42,914 --> 00:30:43,894
the hard work
859
00:30:44,674 --> 00:30:46,914
of what's now like, hey. Great. I got
860
00:30:46,914 --> 00:30:50,009
access to, I don't know, sensitivity labels. Like,
861
00:30:50,089 --> 00:30:52,009
how am I gonna configure those? What part
862
00:30:52,009 --> 00:30:53,130
of the stack am I gonna do it
863
00:30:53,130 --> 00:30:54,329
in? Like, you still have to go and
864
00:30:54,329 --> 00:30:56,329
evaluate the corpus of data in your environment,
865
00:30:56,329 --> 00:30:59,210
understand how your users talk to it, understand
866
00:30:59,210 --> 00:31:01,130
the impacts of maybe applying things like that,
867
00:31:01,130 --> 00:31:03,150
what type of training you need to give,
868
00:31:03,289 --> 00:31:05,654
and all that stuff. So it's a
869
00:31:06,195 --> 00:31:06,695
it's
870
00:31:07,234 --> 00:31:09,555
a lot, but it also keeps us all
871
00:31:09,555 --> 00:31:11,015
employed, which is kinda fun.
872
00:31:11,474 --> 00:31:13,734
Pays the bills. Anyways, that was, like, permissions.
873
00:31:14,035 --> 00:31:16,275
The other thing I've seen, people created a
874
00:31:16,275 --> 00:31:18,595
lot of public sites, and that's especially in
875
00:31:18,674 --> 00:31:19,734
or public teams
876
00:31:20,049 --> 00:31:21,910
in Microsoft three sixty five groups,
877
00:31:22,289 --> 00:31:23,430
especially initially
878
00:31:23,809 --> 00:31:25,349
without thinking through
879
00:31:25,970 --> 00:31:28,769
or maybe even realizing it sometimes that if
880
00:31:28,769 --> 00:31:31,970
it's public, anybody can go grant themselves access
881
00:31:31,970 --> 00:31:33,794
to that group and just get access to
882
00:31:33,794 --> 00:31:36,115
all the content in it. So another one
883
00:31:36,115 --> 00:31:36,774
of those,
884
00:31:37,154 --> 00:31:39,494
I think people really need to think about
885
00:31:39,714 --> 00:31:41,554
where do we need to either move content
886
00:31:41,554 --> 00:31:43,575
out of public groups or
887
00:31:43,954 --> 00:31:46,934
create private groups going forward as the default.
888
00:31:47,075 --> 00:31:49,789
Mhmm. That's something to think about. Correctly configure
889
00:31:49,850 --> 00:31:52,250
default sharing links. This is becoming one of
890
00:31:52,250 --> 00:31:55,289
my pet peeves. People that leave org wide
891
00:31:55,610 --> 00:31:56,750
Nobody does this.
892
00:31:57,610 --> 00:31:59,610
They don't. Maybe they do, and I'm I'm
893
00:31:59,610 --> 00:32:01,664
just not seeing it. I see it a
894
00:32:01,664 --> 00:32:03,125
lot in customers.
895
00:32:04,625 --> 00:32:06,305
It it it's kinda fun to go through,
896
00:32:06,305 --> 00:32:09,184
like, the Office three sixty five subreddit and
897
00:32:09,184 --> 00:32:11,025
things like that and just see some of
898
00:32:11,025 --> 00:32:11,525
the,
899
00:32:12,065 --> 00:32:14,404
the issues that pop up over time to
900
00:32:14,849 --> 00:32:17,910
ultimately, like, what's a low hanging fruit configuration
901
00:32:18,210 --> 00:32:20,369
task, but I get it takes time. Like,
902
00:32:20,369 --> 00:32:22,210
again, like, you can't just shut it off
903
00:32:22,210 --> 00:32:24,609
wholesale without understanding how your users are using
904
00:32:24,609 --> 00:32:25,890
it and and what's going on out there.
905
00:32:25,890 --> 00:32:27,490
And, like, all of a sudden, like, that
906
00:32:27,490 --> 00:32:29,164
little thing where it's like, yeah, let me
907
00:32:29,164 --> 00:32:31,565
change that configuration item turns into, like, a
908
00:32:31,565 --> 00:32:34,224
project or something that requires
909
00:32:34,605 --> 00:32:35,424
a little bit
910
00:32:35,804 --> 00:32:38,144
a little bit more long term thinking, but
911
00:32:38,365 --> 00:32:40,204
it is funny how that's kinda ends up
912
00:32:40,204 --> 00:32:41,105
being the
913
00:32:41,490 --> 00:32:42,950
just the default state
914
00:32:43,250 --> 00:32:45,170
in a lot of places. And then these
915
00:32:45,170 --> 00:32:46,369
are often the things that you hear about
916
00:32:46,369 --> 00:32:48,369
in the news, right? Like when somebody gets
917
00:32:48,369 --> 00:32:50,450
quote unquote hacked, and it's like, no, they
918
00:32:50,450 --> 00:32:52,849
didn't get hacked. They were just configured wrong.
919
00:32:52,849 --> 00:32:54,734
They were wide open from the start. Yeah.
920
00:32:54,734 --> 00:32:56,974
Your Facebook account wasn't hacked. You just stayed
921
00:32:56,974 --> 00:32:58,734
signed in on a device someone else had
922
00:32:58,734 --> 00:33:00,994
access to. Mhmm. 100%. And
923
00:33:01,375 --> 00:33:03,615
if you leave it as org wide, guarantee
924
00:33:03,615 --> 00:33:05,535
it's nothing people are doing intentionally. They just
925
00:33:05,535 --> 00:33:07,535
click share content and click the copy link
926
00:33:07,535 --> 00:33:09,554
button. They don't even realize what they're doing.
927
00:33:09,730 --> 00:33:11,409
So I also place some of the blame
928
00:33:11,409 --> 00:33:12,849
here on people that just roll this out
929
00:33:12,849 --> 00:33:15,409
without training their end users on how to
930
00:33:15,409 --> 00:33:17,970
properly share. Org wide is easy. You still
931
00:33:17,970 --> 00:33:20,369
need to train your users. Don't click org
932
00:33:20,369 --> 00:33:23,409
wide only or organizational link. This is what
933
00:33:23,409 --> 00:33:25,914
it does. One nice thing I do, Microsoft
934
00:33:25,914 --> 00:33:27,115
is coming out I don't know if you've
935
00:33:27,115 --> 00:33:29,115
seen this on the roadmap, with the hero
936
00:33:29,115 --> 00:33:32,335
links coming the end of this year, where
937
00:33:32,714 --> 00:33:34,634
right now when you go share it, it
938
00:33:34,634 --> 00:33:37,194
actually creates multiple links. Every time you share
939
00:33:37,194 --> 00:33:38,335
it, it creates
940
00:33:38,680 --> 00:33:41,000
another link. So you have one organizational wide
941
00:33:41,000 --> 00:33:42,359
link, and then you have an edit link,
942
00:33:42,359 --> 00:33:43,400
and then you have a view link, you
943
00:33:43,400 --> 00:33:44,220
know, all of this.
944
00:33:44,599 --> 00:33:47,320
It is changing so that in December, when
945
00:33:47,320 --> 00:33:49,080
this new hero link comes out, it creates
946
00:33:49,080 --> 00:33:51,480
one link, and then you're actually just able
947
00:33:51,480 --> 00:33:52,539
to adjust permissions
948
00:33:53,080 --> 00:33:55,234
on a single link. So you don't need
949
00:33:55,234 --> 00:33:56,755
to go back and clean up a whole
950
00:33:56,755 --> 00:33:58,194
bunch of links. You're just gonna have one
951
00:33:58,194 --> 00:34:00,115
link. You're gonna have to manage permissions on
952
00:34:00,115 --> 00:34:00,615
it.
953
00:34:00,994 --> 00:34:02,054
The other thing
954
00:34:02,434 --> 00:34:05,014
that is going to be part of this,
955
00:34:05,075 --> 00:34:07,634
even better than hero links, is changing the
956
00:34:07,634 --> 00:34:08,134
default
957
00:34:08,500 --> 00:34:10,019
right now, and I've heard a lot of
958
00:34:10,019 --> 00:34:12,019
people complain about this. You can't set the
959
00:34:12,019 --> 00:34:15,140
default to people with existing access. You can
960
00:34:15,140 --> 00:34:17,619
either set it to specific people or set
961
00:34:17,619 --> 00:34:19,780
it to org wide. You can set it
962
00:34:19,780 --> 00:34:22,554
to just by default create a link, but
963
00:34:22,554 --> 00:34:25,275
only people that have access already are gonna
964
00:34:25,275 --> 00:34:27,675
use this link. That's kinda bundled in this
965
00:34:27,675 --> 00:34:30,414
hero links is setting that default now to
966
00:34:30,954 --> 00:34:34,635
existing people only, so you're not Yes. It
967
00:34:34,635 --> 00:34:36,307
makes it a lot easier to share a
968
00:34:36,307 --> 00:34:38,480
link and not have it change permissions
969
00:34:38,940 --> 00:34:41,500
than kind of that experience today. That's another
970
00:34:41,500 --> 00:34:43,280
one. The SharePoint indexes,
971
00:34:43,660 --> 00:34:46,219
you can remove stuff from Copilot by just
972
00:34:46,219 --> 00:34:48,780
turning off the search index. Downside is it.
973
00:34:48,780 --> 00:34:50,300
Also, it turns off the search index. You
974
00:34:50,300 --> 00:34:53,065
remove a search. Yeah. Securing content with policies,
975
00:34:53,125 --> 00:34:55,684
sensitivity labels, setting DLP. We're gonna run out
976
00:34:55,684 --> 00:34:57,444
of time here, Scott. We might have to
977
00:34:57,444 --> 00:34:59,605
do part two. And then the other one
978
00:34:59,605 --> 00:35:01,364
I wanna mention here, there's a button now
979
00:35:01,364 --> 00:35:03,684
in the SharePoint admin center that says restrict
980
00:35:03,684 --> 00:35:06,339
content from Copilot on each site. I can
981
00:35:06,339 --> 00:35:08,500
go into a site, click the little radio
982
00:35:08,500 --> 00:35:11,319
button that says restrict content or restrict access
983
00:35:11,699 --> 00:35:13,859
to Copilot. I want Microsoft to change the
984
00:35:13,859 --> 00:35:16,260
verbiage on this. This is very deceptive to
985
00:35:16,260 --> 00:35:17,319
me because
986
00:35:17,699 --> 00:35:19,539
the way it reads, I would think, oh,
987
00:35:19,539 --> 00:35:21,454
I click this. This site's not gonna be
988
00:35:21,454 --> 00:35:23,614
included in Copilot. If you click on the
989
00:35:23,614 --> 00:35:24,515
little information
990
00:35:25,054 --> 00:35:27,695
bubble and hover over it and then click
991
00:35:27,695 --> 00:35:29,454
on learn more, and maybe it even has
992
00:35:29,454 --> 00:35:30,275
it in the bubble,
993
00:35:30,735 --> 00:35:33,235
this is not just remove it from Copilot.
994
00:35:33,454 --> 00:35:34,079
This is
995
00:35:34,480 --> 00:35:35,219
don't return
996
00:35:35,760 --> 00:35:38,079
content from this site in Copilot or in
997
00:35:38,079 --> 00:35:41,440
search if it hasn't been recently accessed by
998
00:35:41,440 --> 00:35:43,680
the user. So if a user goes to
999
00:35:43,680 --> 00:35:46,239
it and clicks on it or interacts with
1000
00:35:46,239 --> 00:35:47,619
it or somehow
1001
00:35:48,434 --> 00:35:49,655
accesses that content
1002
00:35:49,954 --> 00:35:52,035
recently, it's all of a gust setting gonna
1003
00:35:52,035 --> 00:35:53,894
start showing up in Copilot and SharePoint.
1004
00:35:54,195 --> 00:35:56,835
Does it help in the cleanup? Yeah. But
1005
00:35:56,835 --> 00:35:58,855
does it really restrict it from Copilot?
1006
00:36:00,114 --> 00:36:01,875
They need to make it more clear. It's
1007
00:36:01,875 --> 00:36:04,340
not what it seems to be. The devil's
1008
00:36:04,340 --> 00:36:06,739
in the details. So so, you know, that
1009
00:36:06,739 --> 00:36:09,400
feature is called restricted content discovery.
1010
00:36:10,099 --> 00:36:12,519
It is not called block content discovery
1011
00:36:12,820 --> 00:36:15,160
or never do content discovery
1012
00:36:15,539 --> 00:36:16,954
again. I think
1013
00:36:17,815 --> 00:36:19,355
the rub with that one is
1014
00:36:20,215 --> 00:36:21,195
recent interaction.
1015
00:36:21,494 --> 00:36:24,454
Like if somebody just hears the word recent
1016
00:36:24,454 --> 00:36:26,614
interaction, right? Like, All right, well, what was
1017
00:36:26,614 --> 00:36:28,795
a recent interaction for me? Was that
1018
00:36:29,335 --> 00:36:31,675
thirty days? Was it ninety days?
1019
00:36:32,989 --> 00:36:35,150
And, you know, however it comes together. And
1020
00:36:35,150 --> 00:36:36,929
then what do you do with your users
1021
00:36:37,069 --> 00:36:38,829
who I I think this is the other
1022
00:36:38,829 --> 00:36:40,609
side of that one, is
1023
00:36:41,069 --> 00:36:42,750
you turn that feature on, and they have
1024
00:36:42,750 --> 00:36:44,429
a good experience on day one, which is
1025
00:36:44,429 --> 00:36:45,789
what you want them to do. Like, you've
1026
00:36:45,789 --> 00:36:48,054
gone through, you've configured your environment, That so
1027
00:36:48,054 --> 00:36:49,815
you restricted it. They had the recent interaction.
1028
00:36:49,815 --> 00:36:51,434
They were able to use it in Copilot
1029
00:36:51,655 --> 00:36:52,155
and
1030
00:36:52,534 --> 00:36:55,355
in Teams and business chat, all those things.
1031
00:36:55,655 --> 00:36:56,394
And then
1032
00:36:56,695 --> 00:36:59,675
maybe their role is, like, quarterly or biyearly.
1033
00:37:00,140 --> 00:37:01,500
So they only come back and they touch
1034
00:37:01,500 --> 00:37:03,019
that thing, and then next time it's horrible.
1035
00:37:03,019 --> 00:37:04,539
Like, it doesn't give them the same result.
1036
00:37:04,539 --> 00:37:06,780
It doesn't do the same thing. Features like
1037
00:37:06,780 --> 00:37:08,860
that are nice, but, like, they're also, like,
1038
00:37:08,860 --> 00:37:11,340
really hard to rationalize, particularly as a user.
1039
00:37:11,340 --> 00:37:12,320
Like, why is
1040
00:37:12,864 --> 00:37:15,125
why is a system that's already nondeterministic
1041
00:37:16,224 --> 00:37:19,684
already being like, it's being, like, super nondeterministic
1042
00:37:20,224 --> 00:37:20,724
now?
1043
00:37:21,184 --> 00:37:22,405
Like, what did it do,
1044
00:37:22,785 --> 00:37:24,885
and which way did it go? So,
1045
00:37:25,260 --> 00:37:26,000
yeah, I
1046
00:37:26,619 --> 00:37:29,179
think, in general, there is a bunch for
1047
00:37:29,179 --> 00:37:31,199
folks to think about here.
1048
00:37:31,579 --> 00:37:32,880
We'd love to hear about
1049
00:37:33,579 --> 00:37:36,460
how you're thinking about securing your environments. Like,
1050
00:37:36,460 --> 00:37:37,980
do you have any tips and tricks? Maybe
1051
00:37:37,980 --> 00:37:40,000
you've got, like, a favorite repo of
1052
00:37:40,454 --> 00:37:43,015
PowerShell scripts or things like that that you're
1053
00:37:43,015 --> 00:37:44,715
go that you're using for
1054
00:37:45,094 --> 00:37:45,914
go to management.
1055
00:37:46,215 --> 00:37:47,114
Maybe you have
1056
00:37:47,414 --> 00:37:49,735
alternatives for some of these things, like Ben
1057
00:37:49,735 --> 00:37:50,394
was mentioning
1058
00:37:51,015 --> 00:37:52,715
finding duplicate files earlier.
1059
00:37:53,059 --> 00:37:54,579
I know there's third party products that do
1060
00:37:54,579 --> 00:37:56,019
that. Maybe you're one of these customers who's
1061
00:37:56,019 --> 00:37:57,940
like a like you said, Ben, you do
1062
00:37:57,940 --> 00:38:00,260
the Ben thing, like you described, with multiple
1063
00:38:00,260 --> 00:38:00,760
licenses,
1064
00:38:01,619 --> 00:38:04,039
lots of ISV tooling, things like that. Like,
1065
00:38:04,179 --> 00:38:05,880
we'd love to hear more about the ecosystem
1066
00:38:06,260 --> 00:38:08,954
and your experience with it. So we've
1067
00:38:09,914 --> 00:38:12,494
contact form on the website, which you can
1068
00:38:12,875 --> 00:38:13,614
go to. It's pretty easy.
1069
00:38:14,235 --> 00:38:16,315
M s cloud I t pro podcast dot
1070
00:38:16,315 --> 00:38:18,175
com, and you'll see a big
1071
00:38:18,474 --> 00:38:21,480
contact us button there. That just sends Ben
1072
00:38:21,480 --> 00:38:24,119
an email, and then he usually just loops
1073
00:38:24,119 --> 00:38:25,800
me in on on on the thread. You
1074
00:38:25,800 --> 00:38:27,320
can also get us get ahold of us
1075
00:38:27,320 --> 00:38:28,059
on LinkedIn.
1076
00:38:28,440 --> 00:38:30,039
The podcast has a page on LinkedIn if
1077
00:38:30,039 --> 00:38:32,440
you wanna directly ask questions there. Ben's on
1078
00:38:32,440 --> 00:38:34,855
LinkedIn. I'm on LinkedIn as well. So,
1079
00:38:35,234 --> 00:38:36,914
like, come back. Give us some feedback. Let
1080
00:38:36,914 --> 00:38:38,835
us know how you're using it. We're eager
1081
00:38:38,835 --> 00:38:40,674
to hear. And maybe like you said, Ben,
1082
00:38:40,674 --> 00:38:42,454
maybe we can kinda come back and do
1083
00:38:42,835 --> 00:38:44,454
a part two on this one.
1084
00:38:44,835 --> 00:38:45,335
And
1085
00:38:45,714 --> 00:38:48,690
or if not, like, finish the conversation because
1086
00:38:48,769 --> 00:38:50,530
maybe we should come back and talk about
1087
00:38:50,530 --> 00:38:51,429
some of the,
1088
00:38:52,289 --> 00:38:53,589
DSPM stuff,
1089
00:38:53,969 --> 00:38:55,589
some of the reporting aspects,
1090
00:38:56,210 --> 00:38:57,589
how to do risk assessments,
1091
00:38:58,769 --> 00:39:00,449
and all that. And that way, we can
1092
00:39:00,449 --> 00:39:02,250
kind of round out the entire story. Yeah.
1093
00:39:02,250 --> 00:39:03,650
I think we should do a part two
1094
00:39:03,650 --> 00:39:05,144
on DSPM for
1095
00:39:05,444 --> 00:39:08,244
AI and DLP and sensitivity labels and some
1096
00:39:08,244 --> 00:39:10,244
of that. So we'll come back and talk
1097
00:39:10,244 --> 00:39:12,724
more about that in a later episode. Alright.
1098
00:39:12,724 --> 00:39:14,324
Come back and check us out for that
1099
00:39:14,324 --> 00:39:16,980
one. As always, thanks, Ben. Much appreciate it.
1100
00:39:16,980 --> 00:39:19,000
Glad to have you back from vacation, and
1101
00:39:19,380 --> 00:39:21,780
we'll get back on track here. Alright. Thank
1102
00:39:21,780 --> 00:39:23,539
you, and have a good weekend. Talk to
1103
00:39:23,539 --> 00:39:24,760
you next time. Thanks, Ben.
1104
00:39:26,659 --> 00:39:28,835
If you enjoyed the podcast, go leave us
1105
00:39:28,835 --> 00:39:31,154
a five star rating in iTunes. It helps
1106
00:39:31,154 --> 00:39:32,835
to get the word out so more IT
1107
00:39:32,835 --> 00:39:34,994
pros can learn about Office three sixty five
1108
00:39:34,994 --> 00:39:35,654
and Azure.
1109
00:39:36,194 --> 00:39:37,875
If you have any questions you want us
1110
00:39:37,875 --> 00:39:40,034
to address on the show, or feedback about
1111
00:39:40,034 --> 00:39:42,434
the show, feel free to reach out via
1112
00:39:42,434 --> 00:39:44,601
our website, Twitter, or Facebook.
1113
00:39:44,901 --> 00:39:46,820
Thanks again for listening, and have a great
1114
00:39:46,820 --> 00:39:47,320
day.
