Episode 415 – Diving Into Ignite 2025 for IT Pros and AI Agent Management

November 20, 2025

Episode Transcript

Welcome to Episode 415 of the Microsoft Cloud IT Pro Podcast. Ben and Scott discuss the major announcements from Microsoft Ignite 2025, focusing on the dominant themes of AI agents and security. The conversation centers on three key areas: Security Copilot updates, Agent 365 for governance, and the broader security and management implications for IT professionals.

Key Discussion Topics

Security Copilot Expansion to E5 Customers
- 12 new Security Copilot agents coming to Defender, Entra, Intune, and Purview
- 30+ partner agents being added to the ecosystem
- Major announcement: Security Copilot will now be available to all Microsoft 365 E5 customers
- Rollout begins with Frontier program (Microsoft’s insider ring for Copilot)
- Expanding in coming months to all E5 customers
- Security Copilot spans four pillars:
  - Security Operations (Defender + Sentinel)
  - Data Security (Purview)
  - Identity & Access (Entra)
  - Endpoint Management (Intune)
Microsoft Agent 365 – The Control Plane for Agents
- Addresses the critical problem of agent sprawl and governance
- Think of it as “Entra ID for AI agents”
- Core capabilities:
  - Registry: Complete inventory of all agents (registered, unregistered, and shadow agents
  - Access Control: Conditional access policies and risk-based policies for agents
  - Monitoring: Real-time visibility into agent behavior, performance, and organizational impact
  - Security Integration: Defender protection, Purview data governance
- Key governance features:
  - Approve pending agent requests
  - Identify ownerless agents
  - Apply DLP policies to agents
  - Conditional access for agents
  - Secure score for agents
  - Available now through Frontier program in Microsoft 365 admin center
Overarching Themes
- Agent security is the new frontier: All major product announcements (Purview, Entra, Defender) are focused on agent governance
- 100 trillion daily signals inform Microsoft’s threat intelligence
- Ignite’s evolution: Less about big product launches, more about storytelling and connecting features released throughout the year
- IT Pro focus: Understanding, managing, and securing AI agents is becoming a core competency
Key Observations
- Ignite 2025 is heavily focused on AI and security – limited announcements for traditional products like SharePoint, Teams, or Loop
- The shift reflects Microsoft’s rapid release cadence in the cloud era
- Agent sprawl is real and Microsoft is proactively addressing governance needs
- IT professionals need to embrace this change: “The only way out is through”

Your support makes this show possible! Please consider becoming a premium member for access to live shows and more. Check out our membership options.

Show Notes

About the sponsors

Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let us know!

See full episode transcriptTranscript is autogenerated by AI

1 00:00:03,359 --> 00:00:05,839 Welcome to episode 415 2 00:00:05,839 --> 00:00:09,139 of the Microsoft Cloud IT Pro podcast recorded 3 00:00:09,199 --> 00:00:13,460 live from Microsoft Ignite on 11/18/2025. 4 00:00:13,519 --> 00:00:15,839 This is a show about Microsoft '3 65 5 00:00:15,839 --> 00:00:17,734 in in Azure from the perspective of IT 6 00:00:17,734 --> 00:00:19,815 pros and end users, where we discuss a 7 00:00:19,815 --> 00:00:22,135 topic or recent news and how it relates 8 00:00:22,135 --> 00:00:25,414 to you. It's Microsoft Ignite week. So, surprise, 9 00:00:25,414 --> 00:00:27,595 surprise, we have an Ignite show for you. 10 00:00:27,654 --> 00:00:28,154 Unfortunately, 11 00:00:28,695 --> 00:00:30,855 Scott wasn't able to join Ben at Ignite 12 00:00:30,855 --> 00:00:33,149 this week. So Scott is recording from home 13 00:00:33,149 --> 00:00:35,229 while Ben is bringing you all the live 14 00:00:35,229 --> 00:00:37,870 action from Ignite. Hopefully, we'll get Scott back 15 00:00:37,870 --> 00:00:40,450 out here next year. But, in this episode, 16 00:00:40,510 --> 00:00:42,109 we cover a bit of the theme of 17 00:00:42,109 --> 00:00:45,149 Ignite this year, how Ignite announcements have kinda 18 00:00:45,149 --> 00:00:47,234 changed over the years, and of course, a 19 00:00:47,234 --> 00:00:48,695 couple of the big announcements 20 00:00:49,075 --> 00:00:53,234 focused around Microsoft Security Copilot and Microsoft Agent 21 00:00:53,234 --> 00:00:56,054 three sixty five. Let's dive into the show. 22 00:00:58,435 --> 00:01:00,215 Welcome, Ben, to 23 00:01:00,675 --> 00:01:01,175 Ignite 24 00:01:01,620 --> 00:01:04,420 twenty twenty five. Made it to another one. 25 00:01:04,420 --> 00:01:06,260 We get to listen to a congested Ben 26 00:01:06,260 --> 00:01:07,719 who's been on flights 27 00:01:08,099 --> 00:01:11,060 and traveling across the country to get all 28 00:01:11,060 --> 00:01:12,260 the way out to Ignite for us and 29 00:01:12,260 --> 00:01:14,564 be our remote reporter this year. Our boots 30 00:01:14,564 --> 00:01:16,484 on the ground as it were. And Scott 31 00:01:16,484 --> 00:01:18,185 waking me up early because 32 00:01:18,644 --> 00:01:20,484 I'm on the West Coast now. Well, you're 33 00:01:20,484 --> 00:01:22,244 still on East Coast time. So I am 34 00:01:22,405 --> 00:01:24,405 I am still on East Coast time, but, 35 00:01:24,405 --> 00:01:26,165 yes, my alarm went off. Well, it is 36 00:01:26,165 --> 00:01:28,564 8AM for me and 5AM for you. Let's 37 00:01:28,564 --> 00:01:30,640 be honest. It's really still 8AM for you 38 00:01:30,640 --> 00:01:34,079 until probably Wednesday or Thursday when you finally 39 00:01:34,319 --> 00:01:36,079 Yeah. Crash out and come back the other 40 00:01:36,079 --> 00:01:38,319 way. I adjusted probably quicker than I thought 41 00:01:38,319 --> 00:01:39,840 I would because I took a late flight 42 00:01:39,840 --> 00:01:41,439 in Sunday night. So I didn't get to 43 00:01:41,439 --> 00:01:43,840 my hotel till, like, 10PM West Coast time 44 00:01:43,840 --> 00:01:45,994 Sunday night. And then I was out late 45 00:01:45,994 --> 00:01:48,634 last night because it's ignite and it's friends 46 00:01:48,634 --> 00:01:49,375 and it's 47 00:01:49,754 --> 00:01:52,814 dinners and parties and all the things. 48 00:01:53,194 --> 00:01:55,515 So realistically, I didn't go to bed last 49 00:01:55,515 --> 00:01:58,075 night until, like, ten or 11PM West Coast 50 00:01:58,075 --> 00:02:00,180 time. I did set an alarm this morning 51 00:02:00,180 --> 00:02:01,379 in 04:45 52 00:02:01,379 --> 00:02:03,700 or 04:30, whenever it went off. Felt early. 53 00:02:03,700 --> 00:02:05,799 Alright. Well, let's get you through this and 54 00:02:06,099 --> 00:02:08,180 get you back to bed soon. Meetings and 55 00:02:08,180 --> 00:02:09,620 I can go take my nap. I'm gonna 56 00:02:09,620 --> 00:02:11,139 go take a nap after this before the 57 00:02:11,139 --> 00:02:12,944 keynote. You can go take take a nap 58 00:02:12,944 --> 00:02:15,664 before Judson's keynote and get that out there. 59 00:02:15,664 --> 00:02:16,164 So 60 00:02:16,544 --> 00:02:19,824 Ignite this year, interesting one. We continue to 61 00:02:19,824 --> 00:02:21,205 see a lot of AI 62 00:02:21,584 --> 00:02:23,844 AI. I don't think there's any big surprises 63 00:02:23,985 --> 00:02:24,485 there 64 00:02:24,849 --> 00:02:27,250 And security, yep, with AI. I would say, 65 00:02:27,250 --> 00:02:30,310 like, those two. Yeah. That is partly AI. 66 00:02:30,449 --> 00:02:32,610 But I don't know like, we got the 67 00:02:32,610 --> 00:02:34,370 book of news. Right? And I was talking 68 00:02:34,370 --> 00:02:37,110 to other people about this last night too 69 00:02:37,250 --> 00:02:37,750 because 70 00:02:38,145 --> 00:02:39,745 a lot of us got a little bit 71 00:02:39,745 --> 00:02:41,764 of a preview of what's coming. 72 00:02:42,064 --> 00:02:44,805 And it really is. It's like AI and 73 00:02:45,264 --> 00:02:46,965 security people are like, there's like 74 00:02:47,425 --> 00:02:48,324 no big 75 00:02:48,625 --> 00:02:51,905 SharePoint stuff, no big Teams stuff, nothing around 76 00:02:51,905 --> 00:02:52,965 Teams devices. 77 00:02:54,680 --> 00:02:56,519 Like, if you go look, I don't know 78 00:02:56,519 --> 00:02:57,580 that there's anything 79 00:02:57,959 --> 00:02:58,459 like 80 00:02:58,840 --> 00:03:01,400 loop or I just look for loop. Loop 81 00:03:01,400 --> 00:03:03,639 is mentioned once in the entire book of 82 00:03:03,639 --> 00:03:06,939 news and it's not a product loop. It's 83 00:03:07,165 --> 00:03:07,665 looping 84 00:03:08,044 --> 00:03:08,544 between 85 00:03:08,844 --> 00:03:10,925 different things. There was a little bit of 86 00:03:10,925 --> 00:03:11,504 a like 87 00:03:11,805 --> 00:03:15,085 Ignite is not like where's all these other 88 00:03:15,085 --> 00:03:16,865 products that Microsoft has 89 00:03:17,165 --> 00:03:18,705 because it's really focused 90 00:03:19,004 --> 00:03:19,504 on 91 00:03:19,805 --> 00:03:22,125 AI and security and really security is still 92 00:03:22,125 --> 00:03:24,739 focused on AI because there's not there's a 93 00:03:24,739 --> 00:03:26,340 couple things I saw in here from a 94 00:03:26,340 --> 00:03:28,199 security device management 95 00:03:29,139 --> 00:03:32,659 Intune perspective that wasn't AI, but it was 96 00:03:32,659 --> 00:03:35,175 very limited and few and far between. I 97 00:03:35,335 --> 00:03:36,694 mean, we'll get into some of these announcements. 98 00:03:36,694 --> 00:03:38,215 I think it could be two things. One, 99 00:03:38,215 --> 00:03:40,775 rapid release cadence. Right? The cloud makes it 100 00:03:40,775 --> 00:03:42,935 different. People are not gonna be holding back 101 00:03:42,935 --> 00:03:45,574 SharePoint announcements for six months and not coming 102 00:03:45,574 --> 00:03:46,474 out with anything 103 00:03:46,935 --> 00:03:47,435 between 104 00:03:47,814 --> 00:03:50,314 April and November or May and November 105 00:03:50,840 --> 00:03:53,080 just to have a whole big splash of 106 00:03:53,080 --> 00:03:54,300 announcements at Ignite. 107 00:03:54,760 --> 00:03:56,680 So I feel like Ignite is turning into 108 00:03:56,840 --> 00:03:58,040 I don't know if I'd call it a 109 00:03:58,040 --> 00:04:00,520 Microsoft trade show, but it's not as much 110 00:04:00,520 --> 00:04:02,840 focused, I don't think, on big announcements because 111 00:04:02,840 --> 00:04:06,125 of rapid releases of the cloud. And as 112 00:04:06,125 --> 00:04:08,144 such, you don't see 113 00:04:08,685 --> 00:04:11,164 maybe as many of those things because nothing's 114 00:04:11,164 --> 00:04:12,685 been held back to have a big release 115 00:04:12,685 --> 00:04:14,604 about here's everything coming to SharePoint in the 116 00:04:14,604 --> 00:04:16,685 next year because you've gotten it trickle out 117 00:04:16,685 --> 00:04:18,009 over the last six months. I look at 118 00:04:18,009 --> 00:04:19,129 it in a couple of different ways. You 119 00:04:19,129 --> 00:04:21,610 mentioned trade show. Absolutely. Like, there's tons of 120 00:04:21,610 --> 00:04:24,089 partners there. I think if you go into 121 00:04:24,089 --> 00:04:26,490 the Expo Hall any given year, and this 122 00:04:26,490 --> 00:04:28,969 year It's big this year. I walked through 123 00:04:28,969 --> 00:04:31,294 it already. Yep. There's a ton of partners 124 00:04:31,294 --> 00:04:34,014 in there, tons of kinda partner stories and 125 00:04:34,014 --> 00:04:36,095 how they integrate into the ecosystem. To your 126 00:04:36,095 --> 00:04:38,095 point about things trickle out over the course 127 00:04:38,095 --> 00:04:40,175 of time, like, just when they're ready, let's 128 00:04:40,175 --> 00:04:42,095 put them out there. I think that is 129 00:04:42,095 --> 00:04:45,279 very much true. That's certainly the approach, like, 130 00:04:45,279 --> 00:04:48,000 within my organization. Like, we don't hold things 131 00:04:48,000 --> 00:04:50,000 back. We wanna put it out there. But 132 00:04:50,000 --> 00:04:53,120 Ignite, for me at least, and for my 133 00:04:53,120 --> 00:04:55,759 team, and my product managers, and for my 134 00:04:55,759 --> 00:04:56,259 peers, 135 00:04:56,584 --> 00:04:58,504 It's our opportunity to come together and tell 136 00:04:58,504 --> 00:05:00,904 a story. So here's all these things that 137 00:05:00,904 --> 00:05:02,425 we have released over the course of the 138 00:05:02,425 --> 00:05:03,324 last six months, 139 00:05:03,705 --> 00:05:06,745 but, you know, you saw them as this 140 00:05:06,745 --> 00:05:09,064 thing and this thing. How does it all 141 00:05:09,064 --> 00:05:11,680 actually compose and come together? Because I think 142 00:05:11,680 --> 00:05:13,279 every time, we'd love to push everything out 143 00:05:13,279 --> 00:05:15,199 there all at once, but that's just not 144 00:05:15,199 --> 00:05:18,399 the way release cadence works and everything else 145 00:05:18,399 --> 00:05:20,959 comes together. So yeah. So I think what 146 00:05:20,959 --> 00:05:22,180 we can do for 147 00:05:22,480 --> 00:05:24,240 this one is we're kinda going through things 148 00:05:24,240 --> 00:05:26,419 rather than just doing, like, a rundown of 149 00:05:26,675 --> 00:05:29,495 the random news and kinda smattering of things. 150 00:05:29,555 --> 00:05:32,214 Given that there's this large focus on AI, 151 00:05:32,514 --> 00:05:35,175 I think there's also an undercurrent 152 00:05:36,115 --> 00:05:39,014 and a little bit of thematic flow here 153 00:05:39,074 --> 00:05:39,574 to 154 00:05:39,970 --> 00:05:41,110 things like security, 155 00:05:41,490 --> 00:05:41,990 governance, 156 00:05:42,449 --> 00:05:42,949 manageability 157 00:05:43,569 --> 00:05:44,629 of your workloads, 158 00:05:45,089 --> 00:05:47,970 and for these AI clients and AI agents 159 00:05:47,970 --> 00:05:50,470 that exist out there. Like, more and more 160 00:05:50,610 --> 00:05:53,410 as IT pros, developers who are involved in 161 00:05:53,410 --> 00:05:55,029 this ecosystem of 162 00:05:55,404 --> 00:05:58,204 Azure and Microsoft three sixty five, you are 163 00:05:58,204 --> 00:06:00,204 either going to be building these things, you're 164 00:06:00,204 --> 00:06:02,365 gonna be managing them, or you're certainly gonna 165 00:06:02,365 --> 00:06:04,444 be encountering them as a user. So I 166 00:06:04,444 --> 00:06:05,264 think understanding 167 00:06:05,644 --> 00:06:07,404 what some of those constraints are, what some 168 00:06:07,404 --> 00:06:09,165 of the tools that are available to you. 169 00:06:09,165 --> 00:06:11,779 Like, I know, like, every single day, there's 170 00:06:11,779 --> 00:06:14,120 a new article that comes out that says, 171 00:06:14,339 --> 00:06:18,040 hey. Here's how an MCP server was jailbroken, 172 00:06:18,740 --> 00:06:19,240 or 173 00:06:19,620 --> 00:06:21,699 it leaked something out there, or it did 174 00:06:21,699 --> 00:06:23,540 something weird. Like, you sent me an article 175 00:06:23,540 --> 00:06:26,264 a couple days ago about MCP horror stories, 176 00:06:26,324 --> 00:06:29,285 WhatsApp data exfiltration. Right? Like, so so so 177 00:06:29,285 --> 00:06:30,884 these things are very real. Like, they sit 178 00:06:30,884 --> 00:06:32,504 out there. They run-in your environments. 179 00:06:32,884 --> 00:06:34,985 They're often running under identities 180 00:06:35,524 --> 00:06:36,024 that 181 00:06:36,564 --> 00:06:38,759 you might not even have known existed depending 182 00:06:38,759 --> 00:06:40,920 on your governance system and what happened. So 183 00:06:40,920 --> 00:06:42,120 what I was thinking we could do today 184 00:06:42,120 --> 00:06:43,500 is focus on 185 00:06:44,040 --> 00:06:45,180 some of these security 186 00:06:45,560 --> 00:06:46,060 governance 187 00:06:46,839 --> 00:06:49,560 management constructs that are out there that are 188 00:06:49,560 --> 00:06:52,139 going to help IT pros and developers 189 00:06:52,555 --> 00:06:55,375 kinda come together and think about ways that 190 00:06:55,754 --> 00:06:57,134 they can start to, 191 00:06:57,514 --> 00:06:58,654 if they haven't already, 192 00:06:59,035 --> 00:07:01,595 embrace this change. Like, it is coming. It's 193 00:07:01,595 --> 00:07:03,115 it's it's gonna be pushed on you one 194 00:07:03,115 --> 00:07:04,875 way or another, and the the only way 195 00:07:04,875 --> 00:07:06,714 out is through. So let's go ahead and 196 00:07:06,714 --> 00:07:08,519 kind of embrace it, get back to our 197 00:07:08,519 --> 00:07:10,759 roots, and think about how to do some 198 00:07:10,759 --> 00:07:12,360 of that stuff. So to your point of, 199 00:07:12,360 --> 00:07:14,199 like, loops not in the book of news, 200 00:07:14,199 --> 00:07:15,639 like, well, we're not gonna spend a lot 201 00:07:15,639 --> 00:07:17,639 of time on, like, fuzzy stuff or maybe 202 00:07:17,639 --> 00:07:19,000 things that have been out there before. I 203 00:07:19,000 --> 00:07:20,954 just wanna kinda focus on a couple of 204 00:07:21,034 --> 00:07:23,595 high level points that'll help guide folks in. 205 00:07:23,595 --> 00:07:25,754 Like, if you are an IT pro, if 206 00:07:25,754 --> 00:07:28,074 you're a developer who's interested in managing these 207 00:07:28,074 --> 00:07:30,414 things, having a more kinda secure state 208 00:07:30,794 --> 00:07:33,995 for these AI agents, AI workflows in your 209 00:07:33,995 --> 00:07:34,495 environment, 210 00:07:34,839 --> 00:07:36,439 what are the tools that are available to 211 00:07:36,439 --> 00:07:38,439 you both today, and then what are the 212 00:07:38,439 --> 00:07:40,600 things that are coming? And I think that's 213 00:07:40,600 --> 00:07:42,360 what it what Ignite is good for is 214 00:07:42,360 --> 00:07:43,959 also saying, like, hey. Back to that whole, 215 00:07:43,959 --> 00:07:45,800 let's tell the story around all the things 216 00:07:45,800 --> 00:07:48,214 that are already there. There's absolutely new things 217 00:07:48,214 --> 00:07:50,375 coming as well that are gonna be tacked 218 00:07:50,375 --> 00:07:52,955 on to that and continue to extend that 219 00:07:53,654 --> 00:07:55,035 over the the next several 220 00:07:55,335 --> 00:07:57,735 months to a year depending on how things 221 00:07:57,735 --> 00:07:59,735 go and rollouts and everything else that's out 222 00:07:59,735 --> 00:08:02,395 there. So being those themes, security, governance, manageability, 223 00:08:02,830 --> 00:08:03,730 why don't we start 224 00:08:04,509 --> 00:08:07,310 with security? I think there's some goodness coming 225 00:08:07,310 --> 00:08:10,029 for Security Copilot, so maybe we can start 226 00:08:10,029 --> 00:08:11,389 with that one. Quick before I get into 227 00:08:11,389 --> 00:08:13,069 that, I think even looking through the book 228 00:08:13,069 --> 00:08:15,069 of news, it's similar to what you said 229 00:08:15,069 --> 00:08:16,995 where as we looked through it, you could 230 00:08:16,995 --> 00:08:19,794 pull out new releases or new features. But 231 00:08:19,794 --> 00:08:21,794 if you combine all those new features together 232 00:08:21,794 --> 00:08:23,154 in the book of news, I think it 233 00:08:23,154 --> 00:08:24,995 does start to tell a story this year 234 00:08:24,995 --> 00:08:28,595 about kinda what Microsoft's focus is, particularly around 235 00:08:28,595 --> 00:08:31,180 agents and security. So it is. It's not 236 00:08:31,180 --> 00:08:33,419 just feature releases, but if you kinda combine 237 00:08:33,419 --> 00:08:34,860 all of them together, like, what are they 238 00:08:34,860 --> 00:08:36,539 coming out with in all these different products? 239 00:08:36,539 --> 00:08:39,019 It's like, oh, there is very much a 240 00:08:39,019 --> 00:08:40,860 theme here, I felt like, to some of 241 00:08:40,860 --> 00:08:42,695 this. But like you said, with 242 00:08:42,995 --> 00:08:46,195 Security Copilot, this one's an interesting one. I 243 00:08:46,195 --> 00:08:49,735 want to see more articles around this particular 244 00:08:49,875 --> 00:08:51,495 one and this one specifically 245 00:08:52,355 --> 00:08:54,514 because when I read the book of news, 246 00:08:54,514 --> 00:08:56,340 I was like, I think I know what 247 00:08:56,340 --> 00:08:57,000 this means, 248 00:08:57,779 --> 00:08:58,759 but I'm not 249 00:08:59,139 --> 00:09:00,200 a 100% 250 00:09:00,500 --> 00:09:01,000 sure. 251 00:09:01,460 --> 00:09:01,960 So 252 00:09:02,580 --> 00:09:05,299 this starts out and it talks about Security 253 00:09:05,299 --> 00:09:08,335 Copilot and new Security Copilot agents. So there's 254 00:09:08,335 --> 00:09:11,394 12 new Security Copilot agents that are gonna 255 00:09:11,455 --> 00:09:13,235 built into Defender that are coming 256 00:09:13,535 --> 00:09:15,075 around Entra, Intune, 257 00:09:15,615 --> 00:09:16,115 Purview. 258 00:09:16,575 --> 00:09:19,475 Some of these are available in Preview now. 259 00:09:19,535 --> 00:09:22,110 There's also gonna be 30 new agents coming 260 00:09:22,110 --> 00:09:23,090 from partners 261 00:09:23,870 --> 00:09:27,730 to help tie more agents into security copilot, 262 00:09:28,269 --> 00:09:30,910 help with your sock, with your identity, with 263 00:09:30,910 --> 00:09:31,889 data security. 264 00:09:32,669 --> 00:09:34,850 But then as you get through this, 265 00:09:35,434 --> 00:09:38,495 down under, like, all these announcements around agents 266 00:09:38,794 --> 00:09:41,034 again, we're talking about security copilot. Everybody's like, 267 00:09:41,034 --> 00:09:43,195 well, I can't afford $90 a year for 268 00:09:43,195 --> 00:09:46,634 security copilot or a 120 or Microsoft's base 269 00:09:46,634 --> 00:09:48,095 recommendation isn't there. 270 00:09:48,419 --> 00:09:50,740 It says to help security teams get started 271 00:09:50,740 --> 00:09:52,279 with agents more quickly, 272 00:09:52,740 --> 00:09:56,039 Security Copilot will be available to all 273 00:09:56,419 --> 00:09:59,240 Microsoft three sixty five e five customers. 274 00:09:59,940 --> 00:10:01,894 Rollout Stouts starts in 275 00:10:02,195 --> 00:10:05,394 Frontier, which is kinda like Microsoft's insider ring 276 00:10:05,394 --> 00:10:07,394 now for Copilot. I recommend that folks go 277 00:10:07,394 --> 00:10:08,674 sign up for that one. At least have 278 00:10:08,674 --> 00:10:10,434 one person in your org. Like, go and 279 00:10:10,434 --> 00:10:13,095 click that button and fill out that form, 280 00:10:13,440 --> 00:10:16,000 and sign up for the Frontier program if 281 00:10:16,000 --> 00:10:16,580 you haven't. 282 00:10:16,960 --> 00:10:19,360 Yep. Coming out in the coming months. This 283 00:10:19,360 --> 00:10:21,840 is interesting. Right? Security Copilot is technically already 284 00:10:21,840 --> 00:10:23,840 available for e five customers. You just have 285 00:10:23,840 --> 00:10:26,095 to pay for it. Does this mean I 286 00:10:26,095 --> 00:10:27,455 think this is a lot about, like, the 287 00:10:27,455 --> 00:10:28,894 agents that are coming out. So we were 288 00:10:28,894 --> 00:10:30,495 chatting a little bit about this before we 289 00:10:30,495 --> 00:10:32,915 started recording. So particularly with 290 00:10:33,455 --> 00:10:37,695 remote hosted agents, so they're running compute, often 291 00:10:37,695 --> 00:10:40,039 GPU as well, to be able to 292 00:10:40,419 --> 00:10:43,059 respond to LLMs, pull in their context windows, 293 00:10:43,059 --> 00:10:44,980 all these kinds of things. So, like, it's 294 00:10:44,980 --> 00:10:47,860 very nice when there's things like remote MCP 295 00:10:47,860 --> 00:10:50,259 servers there. I don't know what the runway 296 00:10:50,259 --> 00:10:53,000 is for all SaaS and service providers 297 00:10:53,394 --> 00:10:56,214 to continue to provide remote MCPs for free, 298 00:10:56,274 --> 00:10:58,214 but certainly enjoy them while they're here 299 00:10:58,674 --> 00:11:00,434 and the functionality that you get with them 300 00:11:00,514 --> 00:11:02,434 Yeah. And things like that. So I imagine 301 00:11:02,434 --> 00:11:05,095 some of this is like you mentioned, there's 302 00:11:05,610 --> 00:11:08,570 10 plus new agents coming to Security Copilot. 303 00:11:08,570 --> 00:11:10,809 So these are baked agents ready to go, 304 00:11:10,809 --> 00:11:12,190 purpose built. So there's 305 00:11:12,570 --> 00:11:15,149 the governance agent, there's the IT, 306 00:11:15,690 --> 00:11:17,769 the ID security agent, and then you're gonna 307 00:11:17,769 --> 00:11:19,514 be able to build your own agents on 308 00:11:19,514 --> 00:11:21,995 things like the Graph SDKs, on top of 309 00:11:21,995 --> 00:11:25,375 the Microsoft three sixty five agent ID SDK 310 00:11:25,514 --> 00:11:27,835 and the agent SDK, all these different things 311 00:11:27,835 --> 00:11:29,774 that are out there. So these all take 312 00:11:30,075 --> 00:11:31,855 resources, and those resources 313 00:11:32,339 --> 00:11:35,059 today are very finite. Like, GPUs are not 314 00:11:35,059 --> 00:11:37,940 running around, like, freely available still. Like, it's 315 00:11:37,940 --> 00:11:40,019 not like we're all just going into, like, 316 00:11:40,019 --> 00:11:42,259 our local micro center or Best Buy or 317 00:11:42,259 --> 00:11:43,699 whatever and able to get, like, the hottest 318 00:11:43,699 --> 00:11:45,379 and latest GPU, and certainly not for data 319 00:11:45,379 --> 00:11:48,024 center providers either. So I I imagine part 320 00:11:48,024 --> 00:11:50,284 of this is both enable the licenses, 321 00:11:50,664 --> 00:11:52,105 but make sure that you can push down 322 00:11:52,105 --> 00:11:52,845 the functionality 323 00:11:53,225 --> 00:11:55,544 in a measured way and get it out 324 00:11:55,544 --> 00:11:57,644 there so that you can start to understand, 325 00:11:57,865 --> 00:12:00,504 like, literally, what's the size of the fleet 326 00:12:00,504 --> 00:12:01,565 that I need to run 327 00:12:02,500 --> 00:12:04,820 for resources on the back end, for compute, 328 00:12:04,820 --> 00:12:06,440 GPU, memory, networking, 329 00:12:07,139 --> 00:12:09,379 all those kinds of things to to get 330 00:12:09,379 --> 00:12:10,899 them to where they need to be? I 331 00:12:10,899 --> 00:12:13,860 think the more interesting thing will be, does 332 00:12:13,860 --> 00:12:15,539 a shoe drop here, because we've seen this 333 00:12:15,539 --> 00:12:17,605 a couple times in Microsoft three sixty five 334 00:12:17,605 --> 00:12:21,045 land, where experiences come out built around AI 335 00:12:21,045 --> 00:12:24,424 experiences, like Copilot, things like that, where 336 00:12:24,804 --> 00:12:27,125 they've started let's take m three sixty five 337 00:12:27,125 --> 00:12:29,524 Copilot as an example. When it came out, 338 00:12:29,524 --> 00:12:31,679 it was an add on SKU. Like, go 339 00:12:31,679 --> 00:12:34,419 pay an extra $30 per user per month. 340 00:12:34,559 --> 00:12:36,720 And now some of that functionality has started 341 00:12:36,720 --> 00:12:38,799 to trickle down into the regular m three 342 00:12:38,799 --> 00:12:41,220 sixty five SKUs without an additional add on. 343 00:12:41,360 --> 00:12:44,080 That said, those SKUs got incrementally a little 344 00:12:44,080 --> 00:12:45,059 bit more expensive. 345 00:12:45,495 --> 00:12:47,495 So I wonder if this is kinda just 346 00:12:47,495 --> 00:12:49,495 sign of the times for e fives where 347 00:12:49,495 --> 00:12:51,835 they've been quite baked for a while now, 348 00:12:52,134 --> 00:12:53,654 and you've had a good set of add 349 00:12:53,654 --> 00:12:55,575 ons, but those add ons really added up. 350 00:12:55,575 --> 00:12:57,014 I mean, you can get to a 100 351 00:12:57,014 --> 00:12:59,159 plus dollars a month per user per month 352 00:12:59,480 --> 00:13:02,120 very quickly, even in e five land. I 353 00:13:02,120 --> 00:13:04,279 wonder if this is just let's start to 354 00:13:04,279 --> 00:13:06,059 push down some of that basic functionality, 355 00:13:06,759 --> 00:13:09,399 figure out over time what those costs are, 356 00:13:09,399 --> 00:13:11,980 what the material benefit is to customers versus 357 00:13:12,384 --> 00:13:15,284 service provider and Microsoft and things like that, 358 00:13:15,584 --> 00:13:17,264 and where it all bakes out. I saw 359 00:13:17,264 --> 00:13:18,464 this when you pointed it out to me. 360 00:13:18,464 --> 00:13:19,904 I kinda giggled in the back of my 361 00:13:19,904 --> 00:13:22,144 head, and I said, well, e fives, enjoy 362 00:13:22,144 --> 00:13:24,625 your current run rates while they're there until 363 00:13:24,625 --> 00:13:27,504 your next renewal because it's probably gonna be 364 00:13:27,504 --> 00:13:29,149 $2, $3, whatever, 365 00:13:29,529 --> 00:13:31,289 US dollars a month more. Yeah. And this 366 00:13:31,289 --> 00:13:32,970 is what I would say to keep an 367 00:13:32,970 --> 00:13:34,889 eye on because I'm curious too, like, are 368 00:13:34,889 --> 00:13:36,049 they going to bring 369 00:13:36,490 --> 00:13:37,789 like, is the SCU 370 00:13:38,169 --> 00:13:40,350 as we know it going to go away 371 00:13:40,409 --> 00:13:42,669 because it's gonna be bundled with e five 372 00:13:42,730 --> 00:13:43,950 and it's gonna be 373 00:13:44,264 --> 00:13:46,425 there or is it going to be Right. 374 00:13:46,425 --> 00:13:48,024 Or is it gonna be like these agents? 375 00:13:48,024 --> 00:13:50,285 We're gonna give you like Security Copilot 376 00:13:50,665 --> 00:13:53,245 lite. There's gonna be a reduced version where 377 00:13:53,545 --> 00:13:55,945 you can leverage these agents in Intune and 378 00:13:55,945 --> 00:13:56,445 Defender 379 00:13:57,049 --> 00:13:58,730 for some of that. But you're not gonna 380 00:13:58,730 --> 00:14:01,069 get like the full blown let me go 381 00:14:01,449 --> 00:14:03,230 query everything in Sentinel 382 00:14:03,689 --> 00:14:04,909 with Security Copilot 383 00:14:05,529 --> 00:14:07,149 and build out the full blown security 384 00:14:07,610 --> 00:14:09,850 experience. So this is when I would say 385 00:14:10,089 --> 00:14:12,434 Again, we're recording this before the announcements, so 386 00:14:12,514 --> 00:14:13,634 so we're using it from the book of 387 00:14:13,634 --> 00:14:15,475 news. By the time you hear this on 388 00:14:15,475 --> 00:14:15,975 Thursday, 389 00:14:16,514 --> 00:14:18,034 the things we're gonna be talking about are 390 00:14:18,034 --> 00:14:19,634 gonna be out in the public. There's gonna 391 00:14:19,634 --> 00:14:21,235 be more blog posts about it. There's gonna 392 00:14:21,235 --> 00:14:22,674 be sessions about it. I would go back 393 00:14:22,674 --> 00:14:24,274 and look at this one especially if you're 394 00:14:24,274 --> 00:14:25,735 interested in Security Copilot. 395 00:14:26,220 --> 00:14:29,199 There are three breakout sessions around this 396 00:14:29,579 --> 00:14:30,720 four, around 397 00:14:31,259 --> 00:14:33,500 Security Copilot protect at the speed and scale 398 00:14:33,500 --> 00:14:36,559 of AI, transform security with IT Security Copilot 399 00:14:36,699 --> 00:14:37,199 agents, 400 00:14:37,579 --> 00:14:38,959 AI powered data security, 401 00:14:39,259 --> 00:14:41,254 predictive SOC, and then what are on building 402 00:14:41,254 --> 00:14:43,575 the SOC of the future. So there's gonna 403 00:14:43,575 --> 00:14:45,254 be some things that I would go watch 404 00:14:45,254 --> 00:14:47,195 if you're interested in this to see 405 00:14:47,654 --> 00:14:49,254 how all of this shakes out and what 406 00:14:49,254 --> 00:14:50,855 the coming months are gonna look like for 407 00:14:50,855 --> 00:14:51,754 Security Copilot. 408 00:14:55,690 --> 00:14:57,850 Do you feel overwhelmed by trying to manage 409 00:14:57,850 --> 00:15:00,169 your Office three sixty five environment? Are you 410 00:15:00,169 --> 00:15:03,470 facing unexpected issues that disrupt your company's productivity? 411 00:15:03,690 --> 00:15:05,690 Intelligink is here to help. Much like you 412 00:15:05,690 --> 00:15:07,529 take your car to the mechanic that has 413 00:15:07,529 --> 00:15:09,690 specialized knowledge on how to best keep your 414 00:15:09,690 --> 00:15:12,715 car running, Intelligent helps you with your Microsoft 415 00:15:12,774 --> 00:15:14,955 cloud environment because that's their expertise. 416 00:15:15,415 --> 00:15:17,654 Intelligent keeps up with the latest updates in 417 00:15:17,654 --> 00:15:19,815 the Microsoft cloud to help keep your business 418 00:15:19,815 --> 00:15:22,054 running smoothly and ahead of the curve. Whether 419 00:15:22,054 --> 00:15:24,134 you are a small organization with just a 420 00:15:24,134 --> 00:15:26,610 few users up to an organization of several 421 00:15:26,610 --> 00:15:27,589 thousand employees, 422 00:15:27,970 --> 00:15:29,970 they want to partner with you to implement 423 00:15:29,970 --> 00:15:32,710 and administer your Microsoft cloud technology. 424 00:15:33,409 --> 00:15:36,870 Visit them at inteliginc.com/podcast. 425 00:15:37,250 --> 00:15:43,914 That's intelligink.com/podcast 426 00:15:44,294 --> 00:15:46,455 for more information or to schedule a thirty 427 00:15:46,455 --> 00:15:48,475 minute call to get started with them today. 428 00:15:48,774 --> 00:15:49,914 Remember, Intelligink 429 00:15:50,269 --> 00:15:52,509 focuses on the Microsoft cloud so you can 430 00:15:52,509 --> 00:15:53,889 focus on your business. 431 00:15:56,110 --> 00:15:58,909 When I think about Security Copilot, maybe I'm 432 00:15:58,909 --> 00:16:01,549 always a little simplistic about it. So I 433 00:16:01,549 --> 00:16:03,889 always kinda think about it first as 434 00:16:04,509 --> 00:16:05,009 Sentinel 435 00:16:05,465 --> 00:16:06,365 and then Intune 436 00:16:06,825 --> 00:16:09,705 and then Entra. Like, hey. Let's kinda wrap 437 00:16:09,705 --> 00:16:10,924 those three things together. 438 00:16:11,544 --> 00:16:14,184 But that actually doesn't cover the whole suite 439 00:16:14,184 --> 00:16:16,924 of things because Security Copilot is also Defender, 440 00:16:17,465 --> 00:16:20,360 and then it's also Purview. So the way 441 00:16:20,580 --> 00:16:22,340 Microsoft frames it, like, if you were gonna 442 00:16:22,340 --> 00:16:23,539 go out and try and figure out, like, 443 00:16:23,539 --> 00:16:25,220 hey, which pillars do all these fit fit 444 00:16:25,220 --> 00:16:28,259 into, is you've got security operations. So we 445 00:16:28,259 --> 00:16:30,580 talked about SOC stuff and all these sessions 446 00:16:30,580 --> 00:16:33,365 being focused on SOC. So security operations is 447 00:16:33,365 --> 00:16:36,164 really Defender and Sentinel. That's it. Done. Out 448 00:16:36,164 --> 00:16:36,824 the door. 449 00:16:37,125 --> 00:16:40,164 Data security is Purview. Great. Let's manage things, 450 00:16:40,164 --> 00:16:42,485 have DLP, all that kind of stuff. Identity 451 00:16:42,485 --> 00:16:45,544 and access control, Entra, and then endpoint management 452 00:16:45,605 --> 00:16:47,580 with Intune. But you do have those kind 453 00:16:47,580 --> 00:16:50,620 of four buckets of security operations, data security, 454 00:16:50,620 --> 00:16:53,259 identity and access, and endpoint management to get 455 00:16:53,259 --> 00:16:55,340 through. So I wonder over time if maybe 456 00:16:55,340 --> 00:16:58,059 some of that kind of functionality or what 457 00:16:58,059 --> 00:17:00,674 comes in the free versus the paid or 458 00:17:00,674 --> 00:17:02,754 not the free, but the included versus the 459 00:17:02,754 --> 00:17:05,714 paid. E five version versus yeah. Is like, 460 00:17:05,714 --> 00:17:08,515 do you get Security Copilot with Sentinel, but 461 00:17:08,515 --> 00:17:10,835 maybe you're missing some things in Purview? Do 462 00:17:10,835 --> 00:17:13,529 you get Security Copilot with Entrance Sentinel, but 463 00:17:13,609 --> 00:17:14,970 But then maybe you're missing some things in 464 00:17:14,970 --> 00:17:17,289 Intune. I don't know how that's gonna bake 465 00:17:17,289 --> 00:17:18,970 and what it's gonna come out like. I 466 00:17:18,970 --> 00:17:21,529 do think at some point, like, you're not 467 00:17:21,529 --> 00:17:23,450 gonna see it all there for free. So 468 00:17:23,450 --> 00:17:25,930 the number of signals that Sentinel pulls in, 469 00:17:25,930 --> 00:17:28,410 it's all stored in Kusto and things like 470 00:17:28,410 --> 00:17:30,625 that. It's not free to run those queries 471 00:17:30,625 --> 00:17:32,545 and get all that stuff up and running, 472 00:17:32,545 --> 00:17:34,785 especially when you're talking about, like, a large 473 00:17:34,785 --> 00:17:36,945 scale environment, maybe with tens of thousands of 474 00:17:36,945 --> 00:17:39,904 users. That could be billions of signals, if 475 00:17:39,904 --> 00:17:42,305 not trillions, coming into your environment that you 476 00:17:42,305 --> 00:17:43,904 have to need to filter and sort through. 477 00:17:43,904 --> 00:17:45,900 Like, sorry, folks. Like, that stuff ain't free, 478 00:17:45,900 --> 00:17:47,579 but It's not. We'll see where it bakes 479 00:17:47,579 --> 00:17:49,339 out. I think it is a good one 480 00:17:49,339 --> 00:17:49,839 for 481 00:17:50,140 --> 00:17:52,619 folks who are either in Security Copilot land 482 00:17:52,619 --> 00:17:54,940 today. Like, hey. There's some niceties here for 483 00:17:54,940 --> 00:17:57,099 you. Like, there's new agents. There's new things. 484 00:17:57,099 --> 00:17:58,945 Not a lot probably changes for you. But 485 00:17:58,945 --> 00:18:01,105 if you're an e five customer who hasn't 486 00:18:01,105 --> 00:18:02,484 adopted the Security Copilot, 487 00:18:02,865 --> 00:18:04,785 even if it is a little bit of 488 00:18:04,785 --> 00:18:05,285 a 489 00:18:05,825 --> 00:18:07,825 mixed offering where maybe it doesn't include all 490 00:18:07,825 --> 00:18:09,505 the pillars or have all those things, I 491 00:18:09,505 --> 00:18:11,025 still think there's gonna be a bunch of 492 00:18:11,025 --> 00:18:12,865 value there. And it's gonna start to get 493 00:18:12,865 --> 00:18:15,140 you into this ecosystem back to that theme 494 00:18:15,140 --> 00:18:16,660 around, like, hey, what's here for you as 495 00:18:16,660 --> 00:18:18,660 an IT pro? Sentinel is not just the 496 00:18:18,660 --> 00:18:21,700 discovery components or security copilot. It's not just 497 00:18:21,700 --> 00:18:25,140 the discovery stuff. There's also manageability aspects and 498 00:18:25,140 --> 00:18:27,059 other things that are important to think about 499 00:18:27,059 --> 00:18:29,160 there. Yeah. And to your point about signals, 500 00:18:29,644 --> 00:18:31,585 in here it talks about Microsoft, 501 00:18:32,204 --> 00:18:35,505 their threat intelligence is informed by over 100,000,000,000,000 502 00:18:35,565 --> 00:18:36,304 daily signals. 503 00:18:36,605 --> 00:18:38,845 So, yeah, it's not cheap or free to 504 00:18:38,845 --> 00:18:40,684 run this because that's a lot of daily 505 00:18:40,684 --> 00:18:42,444 signals to process. A little bit here and 506 00:18:42,444 --> 00:18:44,269 there. Yeah. So I I mean, like the 507 00:18:44,429 --> 00:18:46,349 like I said, there there's goodness there. I 508 00:18:46,349 --> 00:18:48,429 think there's things to watch for. Like, if 509 00:18:48,429 --> 00:18:50,029 you're somebody who's listening to this and you're 510 00:18:50,029 --> 00:18:52,349 like, oh, that sounds interesting, and you didn't 511 00:18:52,349 --> 00:18:54,429 attend Ignite or maybe you wanna come back, 512 00:18:54,429 --> 00:18:55,950 like, check out the show notes. We'll have 513 00:18:55,950 --> 00:18:57,855 links in there to the breakouts and and 514 00:18:57,855 --> 00:18:59,134 things like that so you can go back 515 00:18:59,134 --> 00:19:01,134 and watch the recordings. We kinda I think 516 00:19:01,134 --> 00:19:02,894 most companies, at least in The United States, 517 00:19:02,894 --> 00:19:04,414 had a slow period here as we get 518 00:19:04,414 --> 00:19:06,414 into, like, Thanksgiving and Christmas, things like that. 519 00:19:06,414 --> 00:19:08,174 Like, hey. Maybe this is your chance to 520 00:19:08,174 --> 00:19:09,934 catch up on some learning and figure out 521 00:19:09,934 --> 00:19:11,775 what's out there. Yeah. So with Security for 522 00:19:11,775 --> 00:19:14,319 Copilot, we talked about agents, all the agents 523 00:19:14,319 --> 00:19:17,159 coming. We also recognize that there has been 524 00:19:17,159 --> 00:19:19,539 a bit of a gap here with managing 525 00:19:19,679 --> 00:19:22,640 certain things in Microsoft March. 526 00:19:22,640 --> 00:19:24,644 Right? Like, people are adding agents or adding 527 00:19:24,805 --> 00:19:25,785 agents and agents 528 00:19:26,484 --> 00:19:29,445 and Microsoft is adding agents. And I've started 529 00:19:29,445 --> 00:19:31,605 having these conversations with customers that are like, 530 00:19:31,605 --> 00:19:34,085 well, how do I govern agents? How is 531 00:19:34,085 --> 00:19:37,785 my agent security configured? They're unregovernable. Yeah. Store. 532 00:19:37,924 --> 00:19:39,865 That's not right. How do I manage agents? 533 00:19:40,509 --> 00:19:43,150 All these things, like, the last couple years 534 00:19:43,150 --> 00:19:44,690 have been all about Copilot. 535 00:19:44,990 --> 00:19:46,750 I feel like this year is all about 536 00:19:46,750 --> 00:19:48,509 agents. Like, we have these security agents that 537 00:19:48,509 --> 00:19:51,009 are accessing a bunch of security data. 538 00:19:51,470 --> 00:19:54,075 How do we govern these types of agents 539 00:19:54,234 --> 00:19:56,554 and know what they're accessing or maybe put 540 00:19:56,554 --> 00:19:58,335 certain controls in place because 541 00:19:58,875 --> 00:20:01,115 security? I think it's less about, like, like, 542 00:20:01,115 --> 00:20:03,355 the built in agents than it is about 543 00:20:03,355 --> 00:20:05,514 the custom ones that come or, let's say, 544 00:20:05,514 --> 00:20:08,039 your finance department or your sales team is 545 00:20:08,039 --> 00:20:10,380 working with Salesforce and you use Salesforce CRM, 546 00:20:10,759 --> 00:20:13,240 and you adopt their agent, and somebody in 547 00:20:13,240 --> 00:20:15,640 sales goes and just clicks next on a 548 00:20:15,640 --> 00:20:17,720 SaaS product that was maybe And gets it 549 00:20:17,720 --> 00:20:19,400 all out there. A little wily in your 550 00:20:19,400 --> 00:20:21,434 environment, and then that has the ability to 551 00:20:21,434 --> 00:20:23,355 get configured. And then what does it have 552 00:20:23,355 --> 00:20:25,115 access to, and what's it have going on? 553 00:20:25,115 --> 00:20:26,875 Like, it's one thing to hear an MCP 554 00:20:26,875 --> 00:20:29,515 horror story about, like, WhatsApp data exfiltration. Tell 555 00:20:29,515 --> 00:20:30,875 you what, it's gonna be another one to 556 00:20:30,875 --> 00:20:32,414 hear about a a Salesforce 557 00:20:33,029 --> 00:20:35,350 CRM horror story when all of a sudden, 558 00:20:35,350 --> 00:20:37,190 like, all your sales records leak or all 559 00:20:37,190 --> 00:20:39,269 your contacts or things like that. So for 560 00:20:39,269 --> 00:20:41,430 this one, I think It's the security copilot 561 00:20:41,430 --> 00:20:43,430 agents, like, the 30 agents that third parties 562 00:20:43,430 --> 00:20:45,269 are adding. So I agree with you. It's 563 00:20:45,269 --> 00:20:48,444 not necessarily Microsoft agents. It's agents are coming 564 00:20:48,444 --> 00:20:50,764 everywhere from third parties. I think you need 565 00:20:50,764 --> 00:20:52,605 to think about those. So so there's always 566 00:20:52,605 --> 00:20:55,184 been the shadow IT thing. And businesses 567 00:20:55,484 --> 00:20:58,365 and organizational units and divisions are always gonna 568 00:20:58,365 --> 00:20:59,724 go out and what do what they do. 569 00:20:59,724 --> 00:21:02,250 I think it is more important than ever 570 00:21:02,329 --> 00:21:05,150 to be vigilant about these things and understand 571 00:21:05,210 --> 00:21:06,589 what's running in your environment, 572 00:21:06,890 --> 00:21:09,609 who's it associated with, who are the users 573 00:21:09,609 --> 00:21:11,210 that use it, all those kinds of things. 574 00:21:11,210 --> 00:21:12,650 So I think this next topic's a good 575 00:21:12,650 --> 00:21:14,509 one. So let's kind of dive into 576 00:21:14,809 --> 00:21:17,535 Microsoft Agent three sixty five. And as we're 577 00:21:17,535 --> 00:21:19,934 talking about this one, folks can think about 578 00:21:19,934 --> 00:21:20,755 this as 579 00:21:21,855 --> 00:21:24,674 a control plane or a manageability layer 580 00:21:25,055 --> 00:21:26,515 for AI agents 581 00:21:26,894 --> 00:21:28,115 within your, 582 00:21:28,494 --> 00:21:31,375 today, Microsoft three sixty five environment. This is 583 00:21:31,375 --> 00:21:34,309 gonna manifest in other ways across things like 584 00:21:34,309 --> 00:21:37,269 Azure AI Foundry and other parts of the 585 00:21:37,269 --> 00:21:38,330 Azure ecosystem, 586 00:21:38,789 --> 00:21:40,710 but we'll kind of focus on Microsoft three 587 00:21:40,710 --> 00:21:43,190 sixty five agent, what's there. So we know 588 00:21:43,190 --> 00:21:45,029 that teams are out there. Right? They're adding 589 00:21:45,029 --> 00:21:45,529 agents 590 00:21:45,934 --> 00:21:49,315 or they're deploying MCP servers to augment their 591 00:21:49,375 --> 00:21:51,934 workflows and probably almost, like, every single one 592 00:21:51,934 --> 00:21:54,015 that's out there. Your sales team is gonna 593 00:21:54,015 --> 00:21:56,974 have their own CRM thing. HR is gonna 594 00:21:56,974 --> 00:21:59,400 have something maybe tied into, like, Monday or 595 00:21:59,400 --> 00:22:01,720 Workday or something like that. You're gonna have 596 00:22:01,720 --> 00:22:04,840 custom agents, all the Copilot agents. You're gonna 597 00:22:04,840 --> 00:22:07,100 have your IT department with, like, a troubleshooting 598 00:22:07,240 --> 00:22:08,840 agent or, like, a little bit of, like, 599 00:22:08,840 --> 00:22:10,759 a help desk, things like that that are 600 00:22:10,759 --> 00:22:12,600 out there. So it's a little different than 601 00:22:12,600 --> 00:22:14,424 the world of, we bought a SaaS app 602 00:22:14,424 --> 00:22:16,184 where things are more like static and you 603 00:22:16,184 --> 00:22:17,785 could go read the manual and understand their 604 00:22:17,785 --> 00:22:18,285 functionality. 605 00:22:18,664 --> 00:22:21,465 Now you have these little autonomous things just 606 00:22:21,465 --> 00:22:23,705 running out there. They can potentially talk to 607 00:22:23,705 --> 00:22:26,080 users. Users can interact with them. They can 608 00:22:26,080 --> 00:22:27,759 also interact with each other if they have 609 00:22:27,759 --> 00:22:29,519 the right set of hooks and identity and 610 00:22:29,519 --> 00:22:31,440 all those kinds of things. And in some 611 00:22:31,440 --> 00:22:33,759 cases, they're taking action on behalf of users 612 00:22:33,759 --> 00:22:35,600 because I can tell you not every user 613 00:22:35,600 --> 00:22:37,119 is reading the prompt and saying, like, oh, 614 00:22:37,119 --> 00:22:39,285 no. Don't do that. They're just Nexting their 615 00:22:39,585 --> 00:22:41,105 way through it. So you wanna make sure 616 00:22:41,105 --> 00:22:42,945 you understand what's out there. There's a ton 617 00:22:42,945 --> 00:22:44,325 of sprawl. Traditional 618 00:22:44,785 --> 00:22:45,285 I'm 619 00:22:45,904 --> 00:22:46,964 identity and access 620 00:22:47,424 --> 00:22:48,244 wasn't necessarily 621 00:22:48,704 --> 00:22:50,704 built for this kind of stuff. And now 622 00:22:50,704 --> 00:22:53,519 you have this explosion of potentially service principles, 623 00:22:53,660 --> 00:22:54,559 managed identities, 624 00:22:54,940 --> 00:22:57,500 all these other things within your environment that 625 00:22:57,500 --> 00:22:59,359 you need out there. So 626 00:22:59,980 --> 00:23:02,859 Microsoft three sixty five agent or agent three 627 00:23:02,859 --> 00:23:06,059 sixty five is a new offering that's gonna 628 00:23:06,059 --> 00:23:08,414 kinda wrap this together and give you a 629 00:23:08,414 --> 00:23:10,494 little bit of an umbrella and this control 630 00:23:10,494 --> 00:23:11,315 plane for 631 00:23:11,615 --> 00:23:13,454 AI agents. So one way you can think 632 00:23:13,454 --> 00:23:16,015 about this is maybe like the it's the 633 00:23:16,015 --> 00:23:17,315 Entra ID for agents 634 00:23:17,615 --> 00:23:20,654 without being Entra because there's identity components and 635 00:23:20,654 --> 00:23:21,714 management components 636 00:23:22,210 --> 00:23:24,130 and things that are out there. But I 637 00:23:24,130 --> 00:23:26,230 think it's gonna be really cool. It brings 638 00:23:26,850 --> 00:23:30,369 a registry component. So as agents are deployed 639 00:23:30,369 --> 00:23:32,789 in your environment, they'll enter into 640 00:23:33,330 --> 00:23:35,615 a single registry. So not just the ones 641 00:23:35,615 --> 00:23:38,414 that your IT department deploys, but over time 642 00:23:38,414 --> 00:23:39,315 as M365 643 00:23:39,694 --> 00:23:41,875 is seeing hooks and other things, they'll automatically 644 00:23:41,934 --> 00:23:43,394 add them to the registry 645 00:23:43,694 --> 00:23:45,615 that's out there. You'll be able to track 646 00:23:45,615 --> 00:23:48,220 your agents with unique IDs. You'll be able 647 00:23:48,220 --> 00:23:50,019 to see the agents that are like official 648 00:23:50,019 --> 00:23:52,099 in your organization. Maybe think about it as 649 00:23:52,099 --> 00:23:54,980 like registered versus unregistered. So you'll start to 650 00:23:54,980 --> 00:23:57,700 get visibility into stuff that you can't see 651 00:23:57,700 --> 00:23:59,799 out there. You get access control. 652 00:24:00,265 --> 00:24:02,765 So let's bring in, like, things like conditional 653 00:24:02,904 --> 00:24:03,804 access policies, 654 00:24:04,105 --> 00:24:06,984 risk based conditional access policies, being able to 655 00:24:06,984 --> 00:24:09,865 limit what agents can talk to and have 656 00:24:09,865 --> 00:24:12,345 that out there. And then this whole kind 657 00:24:12,345 --> 00:24:14,559 of monitoring component, so be able to come 658 00:24:14,559 --> 00:24:15,919 in and see what agents are out there, 659 00:24:15,919 --> 00:24:17,599 how are they performing, what are they doing, 660 00:24:17,599 --> 00:24:20,079 what are the impacts that agents are having 661 00:24:20,079 --> 00:24:21,059 on your organization. 662 00:24:21,599 --> 00:24:23,359 And then, of course, it all ties back 663 00:24:23,359 --> 00:24:26,154 to the security stuff as well. So things 664 00:24:26,154 --> 00:24:26,734 like Defender 665 00:24:27,035 --> 00:24:28,555 will have hooks in to be able to 666 00:24:28,555 --> 00:24:31,194 understand and try and detect inter agent to 667 00:24:31,194 --> 00:24:34,154 agent, user to agent service, attacks, things like 668 00:24:34,154 --> 00:24:35,934 that that are out there. You'll have Purview 669 00:24:36,075 --> 00:24:38,255 with all the data management components 670 00:24:38,799 --> 00:24:40,799 and all that stuff. So I think this 671 00:24:40,799 --> 00:24:42,420 is a good one. It kinda brings 672 00:24:43,839 --> 00:24:46,720 agents as better citizens in your environment. They 673 00:24:46,720 --> 00:24:48,559 all get lifted up, just kinda like your 674 00:24:48,559 --> 00:24:51,940 MSIs and SPNs and regular user accounts 675 00:24:52,404 --> 00:24:53,144 were. So 676 00:24:53,605 --> 00:24:56,265 less an afterthought, more front and center 677 00:24:56,724 --> 00:24:58,484 and ready to go for you. Right. You're 678 00:24:58,484 --> 00:25:00,325 starting to get all of those same security 679 00:25:00,325 --> 00:25:02,424 controls that you can apply to 680 00:25:02,884 --> 00:25:03,384 agents 681 00:25:03,845 --> 00:25:06,359 or security controls that you can apply to 682 00:25:06,359 --> 00:25:08,919 users also being able to apply to agents. 683 00:25:08,919 --> 00:25:09,880 Like you said, now you can go in 684 00:25:09,880 --> 00:25:12,359 and put DLP policies in place that agents 685 00:25:12,359 --> 00:25:13,639 have to adhere to. You can go put 686 00:25:13,639 --> 00:25:15,880 in conditional access policies that agents have to 687 00:25:15,880 --> 00:25:18,359 adhere to. So all of those different security 688 00:25:18,359 --> 00:25:20,525 controls so that, let's face it, an agent 689 00:25:20,525 --> 00:25:23,644 is kinda like a user going in and 690 00:25:23,644 --> 00:25:25,644 querying data and looking at data and accessing 691 00:25:25,644 --> 00:25:27,484 data and all of that. So from a 692 00:25:27,484 --> 00:25:30,045 security perspective, you do want a lot of 693 00:25:30,045 --> 00:25:32,845 those types of controls in place. And that's 694 00:25:32,845 --> 00:25:34,684 kind of the theme that I started picking 695 00:25:34,684 --> 00:25:36,769 up, at least from an IT pro perspective. 696 00:25:36,769 --> 00:25:38,130 As I was looking through the book of 697 00:25:38,130 --> 00:25:40,070 news as it's all the purview announcements 698 00:25:40,529 --> 00:25:43,490 are tied back to kinda like this agent 699 00:25:43,490 --> 00:25:45,650 three sixty five where it's all these purview 700 00:25:45,650 --> 00:25:47,269 features are focused on 701 00:25:47,625 --> 00:25:49,805 securing data that agents can access. 702 00:25:50,345 --> 00:25:50,845 All 703 00:25:51,384 --> 00:25:53,865 the interest security things are focused on we 704 00:25:53,865 --> 00:25:56,585 can now do conditional access and better access 705 00:25:56,585 --> 00:25:57,085 management 706 00:25:57,464 --> 00:26:00,285 for agents. And all the defender stuff is 707 00:26:00,470 --> 00:26:02,549 there's like a secure score for agents now. 708 00:26:02,549 --> 00:26:04,630 So you can go in and get how 709 00:26:04,630 --> 00:26:07,190 secure are my different agents. That seems to 710 00:26:07,190 --> 00:26:09,430 be a big overarching theme of all the 711 00:26:09,430 --> 00:26:11,910 individual announcements in the book of news from 712 00:26:11,910 --> 00:26:13,670 what I've read so far on the IT 713 00:26:13,670 --> 00:26:16,375 Pro stuff. Very much so. So I do 714 00:26:16,375 --> 00:26:17,674 hope it, like, coalesces 715 00:26:18,214 --> 00:26:21,174 and kinda does come together and make sense 716 00:26:21,174 --> 00:26:23,255 over time. I think things like having something 717 00:26:23,255 --> 00:26:25,255 like agent three sixty five there, at least 718 00:26:25,255 --> 00:26:27,894 like that centralized registry. Like, let's at least 719 00:26:27,894 --> 00:26:30,054 put all the metadata in the same place 720 00:26:30,054 --> 00:26:31,414 and then start to pull in some of 721 00:26:31,414 --> 00:26:34,210 the operational usage and centralize that as well. 722 00:26:34,429 --> 00:26:37,230 So just looking through and this stuff will 723 00:26:37,230 --> 00:26:39,149 probably change over time, but looking through some 724 00:26:39,149 --> 00:26:39,809 of the 725 00:26:40,109 --> 00:26:43,309 the media screenshots and things, having that registry 726 00:26:43,309 --> 00:26:45,144 is not gonna just tell you, like, the 727 00:26:45,144 --> 00:26:47,144 inventory of things that are out there, who's 728 00:26:47,144 --> 00:26:49,785 using it, potentially how much time they're saving, 729 00:26:49,785 --> 00:26:51,865 things like that. But you'll also be able 730 00:26:51,865 --> 00:26:52,845 to do stuff 731 00:26:53,144 --> 00:26:56,664 like apply those I'm policies, risk based conditional 732 00:26:56,664 --> 00:26:59,319 access policies. Because it's a registry and because 733 00:26:59,319 --> 00:27:01,240 agents are trying to access things in your 734 00:27:01,240 --> 00:27:03,480 environment, so let's say you are installing that 735 00:27:03,480 --> 00:27:06,679 new CRM agent and it wants access to 736 00:27:06,679 --> 00:27:09,160 a SharePoint site, things like that, you're gonna 737 00:27:09,160 --> 00:27:11,400 have the ability to block those flows by 738 00:27:11,400 --> 00:27:13,904 default and then be able to kinda do, 739 00:27:13,904 --> 00:27:15,125 hey. I'm gonna register 740 00:27:15,585 --> 00:27:18,144 this agent. So as an admin, now you're 741 00:27:18,144 --> 00:27:20,384 gonna have operational controls to do things like 742 00:27:20,384 --> 00:27:22,724 go in and approve pending request for agents. 743 00:27:22,865 --> 00:27:24,779 You'll be able to see ownerless agents. So, 744 00:27:24,859 --> 00:27:26,539 again, let's tie that back to metadata and 745 00:27:26,539 --> 00:27:29,019 that registry, have it all all together. You'll 746 00:27:29,019 --> 00:27:29,840 be able to provide 747 00:27:30,220 --> 00:27:30,720 exceptions 748 00:27:31,180 --> 00:27:32,000 for agents. 749 00:27:32,299 --> 00:27:34,380 Unclear, like, what those are, those, like, time 750 00:27:34,380 --> 00:27:35,279 bound exceptions, 751 00:27:35,660 --> 00:27:37,235 or, like like like, what do they need 752 00:27:37,235 --> 00:27:38,875 to be? But I think there's gonna be 753 00:27:38,875 --> 00:27:41,914 a bunch of good, like, operational control there 754 00:27:41,914 --> 00:27:43,835 and just baked in at the top layer 755 00:27:43,835 --> 00:27:45,994 of the admin experience for m three sixty 756 00:27:45,994 --> 00:27:48,154 five. So this isn't gonna be buried in 757 00:27:48,154 --> 00:27:50,315 some submenu or things like that. You're gonna 758 00:27:50,315 --> 00:27:52,769 have, like, Copilot, your users, your role, your 759 00:27:52,769 --> 00:27:55,250 billing agents just sitting right there at the 760 00:27:55,250 --> 00:27:56,390 top and screaming 761 00:27:56,849 --> 00:27:59,089 in your face. And I think Microsoft also 762 00:27:59,089 --> 00:28:00,210 is trying to, like, set a little bit 763 00:28:00,210 --> 00:28:01,890 of expectations just from looking at some of, 764 00:28:01,890 --> 00:28:04,450 like, the marketing screenshots and stuff. So kind 765 00:28:04,450 --> 00:28:06,825 of the one for the overview dashboard has 766 00:28:07,065 --> 00:28:08,744 environment with 58,000 767 00:28:08,744 --> 00:28:09,724 active users 768 00:28:10,505 --> 00:28:13,865 and an agent inventory of 26,000 769 00:28:13,865 --> 00:28:15,625 plus. So I think that'll give you an 770 00:28:15,625 --> 00:28:18,105 idea of the sprawl and potentially what you're 771 00:28:18,105 --> 00:28:20,105 talking about managing. But even if you're a 772 00:28:20,105 --> 00:28:20,924 small organization, 773 00:28:21,450 --> 00:28:23,849 I bet you could see potentially hundreds, if 774 00:28:23,849 --> 00:28:26,589 not thousands, of these things just running around 775 00:28:26,730 --> 00:28:28,569 and doing stuff on behalf of your users, 776 00:28:28,569 --> 00:28:30,890 and it's all gotta be controlled. Yes. Agent 777 00:28:30,890 --> 00:28:33,609 sprawl is absolutely a real thing. I'm glad. 778 00:28:33,609 --> 00:28:36,295 I mean, I would have 100% hoped Microsoft 779 00:28:36,355 --> 00:28:37,954 wouldn't have missed the need for that, but 780 00:28:37,954 --> 00:28:39,714 I'm glad to see they did recognize the 781 00:28:39,714 --> 00:28:41,555 need for that. Now, are seem to be 782 00:28:41,555 --> 00:28:43,714 addressing it in a big way in the 783 00:28:43,714 --> 00:28:45,734 coming months to help organizations 784 00:28:46,115 --> 00:28:48,855 manage that agent sprawl, agent security 785 00:28:49,315 --> 00:28:50,535 because it was 786 00:28:51,049 --> 00:28:52,190 absolutely desperately 787 00:28:52,650 --> 00:28:54,410 needed in the platform. Alright. Well, Ted, I 788 00:28:54,410 --> 00:28:55,849 think it takes us through a little bit 789 00:28:55,849 --> 00:28:57,529 of a high level. Again, for folks, if 790 00:28:57,529 --> 00:28:59,450 you're listening to that this week, we hope 791 00:28:59,450 --> 00:29:01,130 you go out, check out some of the 792 00:29:01,130 --> 00:29:03,289 sessions. We'd love to hear about what you 793 00:29:03,289 --> 00:29:03,789 learned. 794 00:29:04,125 --> 00:29:05,964 Please reach out to either Better Myself on 795 00:29:05,964 --> 00:29:07,984 LinkedIn or the podcast page, 796 00:29:08,445 --> 00:29:11,265 and let us know what was exciting and 797 00:29:11,724 --> 00:29:14,525 interesting for you, and we'll see you for 798 00:29:14,525 --> 00:29:15,964 the next one. You'll hear us for the 799 00:29:15,964 --> 00:29:17,484 next one. You'll hear us for the next 800 00:29:17,484 --> 00:29:18,845 one. Yeah. I don't know that we'll hear 801 00:29:18,845 --> 00:29:20,570 them. But yeah. And I'm sure we'll have 802 00:29:20,570 --> 00:29:22,250 some follow-up episodes on some of this too 803 00:29:22,250 --> 00:29:24,490 going into more details around certain aspects of 804 00:29:24,490 --> 00:29:27,230 this. So thanks. Enjoy your week. Enjoy 805 00:29:27,529 --> 00:29:29,609 sunny, warm Florida while I've been raining cold 806 00:29:29,609 --> 00:29:31,529 San Francisco. Well, it's a remote ignite for 807 00:29:31,529 --> 00:29:33,754 me, so I can't complain about the weather. 808 00:29:33,815 --> 00:29:34,315 But 809 00:29:34,615 --> 00:29:36,054 I'll let you have fun this week. Hope 810 00:29:36,054 --> 00:29:37,815 you feel better, and we'll talk to you 811 00:29:37,815 --> 00:29:39,734 next time. Thanks, Ben. Thanks. Talk to another 812 00:29:39,734 --> 00:29:40,234 Scott. 813 00:29:42,134 --> 00:29:44,369 If you enjoyed the podcast, go leave us 814 00:29:44,369 --> 00:29:46,609 a five star rating in iTunes. It helps 815 00:29:46,609 --> 00:29:48,289 to get the word out so more IT 816 00:29:48,289 --> 00:29:50,529 pros can learn about Office three sixty five 817 00:29:50,529 --> 00:29:51,190 and Azure. 818 00:29:51,730 --> 00:29:53,329 If you have any questions you want us 819 00:29:53,329 --> 00:29:55,490 to address on the show, or feedback about 820 00:29:55,490 --> 00:29:57,890 the show, feel free to reach out via 821 00:29:57,890 --> 00:30:00,069 our website, Twitter, or Facebook. 822 00:30:00,415 --> 00:30:02,175 Thanks again for listening, and have a great 823 00:30:02,175 --> 00:30:02,675 day.

Digital Dispatch Podcast Podcast Artwork Image

Microsoft Cloud IT Pro Podcast

Ben Stegink, Scott Hoag

On the MS Cloud IT Pro Podcast, Scott and Ben discuss the Microsoft Cloud with a focus on IT Pros. They'll discuss the latest in Microsoft 365 and Office 365 News, Azure news and talk about their experiences with managing the Microsoft Cloud as well as interview industry experts on various cloud technology. They'll cover things such as SharePoint, Exchange, Microsoft Teams, PowerShell, Azure, Azure AD, Security, Networking, Storage, and the many other technologies and products that have made their way into the Microsoft 365 suite and Azure. To stay up-to-date on the latest in Microsoft Cloud news and gain some valuable knowledge as you deploy it within your own organization, make sure to tune in every week! Find out more at msclouditpropodcast.com.

Contact Show