Need to Know podcast–Episode 366

Join me as I unpack the most impactful Microsoft Build 2026 announcements for SMBs, including Work IQ’s general availability, new autopilot and Scout agent features, enhanced agent security with Microsoft Execution Containers, and the latest MAI models for code, image, and voice. Discover how upcoming Work IQ APIs, OpenClaw integration with Windows, and the shift toward hybrid AI solutions are shaping the future of business technology, with practical insights on cost control, disaster recovery, and agentic security. Don’t miss this episode for actionable takeaways and expert analysis on the evolving AI landscape.

Brought to you by www.ciaopspatron.com

you can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-366-build-2026/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

or Spotify:

https://open.spotify.com/show/7ejj00cOuw8977GnnE2lPb

Don’t forget to give the show a rating as well as send me any feedback or suggestions you may have for the show

Resources

CIAOPS Need to Know podcast – CIAOPS – Need to Know podcasts | CIAOPS

X – https://www.twitter.com/directorcia

director@ciaops.com

CIAOPS Blog

Join my Teams Shared Channel – CIAOPS

CIAOPS Merch store – CIAOPS

Become a CIAOPS Patron

CIAOPS AI Dojo

CIAOPS weekly news update – CIA Brief – CIAOPS

CIAOPS Labs – The Special Activities Division of the CIAOPS

Support CIAOPS

Get your M365 questions answered via email

Join my email list

A special thanks to the CIAOPS Patron community for making this podcast possible. You can find the benefits of a subscription to the community and become a member at https://www.ciaopspatron.com

Microsoft Build 2026 blog – Be yourself at work

Developer-Tech – AI agents, Copilot, Windows developer tools

VentureBeat – AI agents and enterprise use cases

Thurrott – Scout personal work agent and AI models

VentureBeat – Data silos and Microsoft IQ

Windows Report – Securing code agents and AI models

Engadget – Build 2026 live blog

Microsoft Learn – Work IQ in Azure Foundry

Firstpost – MXC, OpenClaw, and OpenShell

Copilot in PowerPoint

Most people type “make me a presentation about cyber security” into Copilot, watch it spit out ten generic slides, and decide the whole thing is a gimmick.

I don’t blame them. That output is rubbish.

But that’s not Copilot failing. That’s Copilot doing exactly what you asked — building from nothing, with no source, no structure, no brand.

Garbage in, garbage slides out.

Here’s the shift. Copilot in PowerPoint isn’t a “write my deck” button. It’s a converter. You already have the content — a Word doc, a PDF proposal, last quarter’s report. The job isn’t inventing slides. It’s turning what you’ve already written into something you can stand up and present.

What is Copilot in PowerPoint, really?

Think of it as the worst part of your week, automated.

You know the drill. The thinking is done. The report is written. The client signed off on the wording. Now you’ve got two hours of copy-pasting into slides, fighting text boxes, and nudging the logo a pixel to the left.

Copilot eats that two hours.

You point it at a file. It reads the structure, pulls the key points, and drafts slides — text, layout, the lot. You’re not staring at a blank slide anymore. You’re editing a first draft.

That’s the whole game. Not creativity. Removal of drudgery.

Step-by-Step: building a deck that doesn’t look generic

Open your template first

This is the step everyone skips, and it’s the one that matters most.

Before you touch Copilot, open your organisation’s PowerPoint template — your branded .potx, your client’s deck, whatever carries the right fonts and colours. Microsoft is explicit about this: start from your template and Copilot keeps the theme and reuses your existing layouts.

Skip it, and you get Microsoft’s house style. Every. Single. Time.

Reference your file, don’t describe it

Open the Copilot pane, then reference a file — click the paperclip, or just type / and pick the document. Word, PDF, Excel, a Loop page. Now Copilot reads the actual content instead of guessing at it.

Write a prompt that points, not pleads

Don’t ask for a slide “about the project”. Tell it exactly where to look:

Create slides from the attached proposal.
Use the "Scope" and "Pricing" sections only.
One slide per phase. Key points, not full sentences.

Notice what’s missing? Any mention of colours, fonts, or design. You don’t ask Copilot for those — your template already decided them. Ask once, point clearly, and let the template do the rest.

Review, then refine in place

Copilot drafts. You read. Then you tell it what’s wrong — “tighten slide three”, “drop the jargon”, “add a summary slide” — in plain English, right there in the pane. No re-prompting from scratch.

A couple of traps before you sell this to clients

Two things will bite you.

First, dense slides. Copilot tends to lift whole paragraphs straight off the page. If your source doc reads like a report, your slides will too. Fix it in the prompt — “bullet points, not sentences” — or trim after.

Second, the file has to be readable. Text-based PDFs work. Scanned images and password-protected files don’t. And keep source files under 24MB, or the results get flaky.

Old thinking: “I’ll block out the afternoon to build the deck.” New thinking: “I’ll point Copilot at the doc and spend the afternoon making it good.”

That’s not a small change. That’s where your hours go back.

Why this actually changes behaviour

Here’s the real win for anyone running this in a business.

Your team already produces the content. Proposals, reports, meeting notes — the substance exists. What kills them is the packaging. The deck that has to look right for the board, the client, the pitch.

Copilot collapses the gap between “we’ve written it” and “we can present it”. The expensive part — the thinking — stays human. The tedious part disappears.

And be straight about the cost. The file-referencing piece sits behind the paid Microsoft 365 Copilot add-on, not the base subscription. For a lot of SMB clients, this is the use case that justifies the licence. Not chatbots. This.

Show a client how an afternoon of slide-building becomes ten minutes, and the conversation about value is over.

If you’re running Microsoft 365 for clients and you’re not showing them this, you’re leaving real money — theirs and yours — on the table.

Copilot in PowerPoint isn’t there to make your slides.

It’s there to delete the part of the job nobody ever wanted.

The Quietest Cancellation You’ll Never Hear

The hardest clients to keep are the ones who never tell you they’re leaving.

I’ve been turning this over for a while. The clients who churn loudly — the ones who ring up annoyed, send the sharp email, ask for a refund — those are actually the easy ones. You know where you stand. You can fix something, part ways cleanly, or at least learn from it.

It’s the silent ones that hurt. The ones who stop replying to your monthly check-ins. Skip the review. Renew once out of inertia, then quietly don’t renew the second time. And somewhere down the track, you’ll hear from a friend of a friend that they felt burned by your business.

Nobody robbed them. They just never really bought.

Sold isn’t the same as bought

There’s a real difference between a client who bought and a client who was sold. Small word, big gap.

A client who bought made the decision. They walked in with a problem, recognised what you offered, and chose it. They own the outcome. Even when things get bumpy, they stay engaged because it’s their decision to defend.

A client who was sold went along with it. Maybe you were persuasive. Maybe they didn’t want to look uncertain in front of their team. Maybe the proposal looked sharp and they signed before they’d really thought it through. They never crossed the line from interested to committed — but on paper, the deal got done.

The first kind tells their friends about you. The second kind tells their friends about the business that talked them into something.

Where I see it most in MSP land

I see this constantly with Copilot rollouts right now. An MSP gets excited, runs a slick pitch, the client nods along, the licences get assigned in the Microsoft 365 admin centre, and then… nothing. Six months later the usage reports look flat. Nobody has Copilot pinned in Outlook. Nobody is asking it to summarise a Teams meeting they missed. Nobody is in Word using it to redraft a proposal or in Excel asking it to explain a column of numbers.

That client didn’t buy Copilot. They bought the meeting being over.

The same pattern shows up with backup uplifts, security stack changes, anything that lives behind a quote. If the conversation was about us getting the agreement signed instead of them understanding what changes on a Tuesday morning, the meter starts ticking on a quiet exit.

The signal isn’t loud. It’s a slower email reply. A “we’ll think about adoption training next quarter.” A skipped quarterly business review. By the time it shows up in your churn report, the relationship was over months ago.

Make them buy, don’t sell them

The fix isn’t softer language or better slides. It’s slowing the conversation down before the contract goes out. The best deals I’ve seen lately are the ones where the close was almost anticlimactic — because the buying decision had already been made out loud, by the client, weeks earlier.

I want the client describing the problem in their own words. I want them telling me what their inbox looks like on a bad day. I want them booking the adoption sessions before the deal is signed, not after. If they won’t put time in their calendar to actually use the thing, that’s the answer — and it’s better to hear it now than read it in a Google review later.

Selling closes a deal. Buying starts a relationship. One of those keeps the lights on this quarter; the other builds the kind of business worth referring.

Defender Vulnerability Management

Most people treat Defender Vulnerability Management like a weather report. They glance at the exposure score, nod, and close the tab.

That’s a waste.

The score isn’t the point. The workflow behind it is. And the part almost nobody uses — the bit that actually moves the needle — is the security baselines assessment sitting right next to it.

Here’s the thing. Patching tells you whether software is current. A baseline tells you whether it’s configured the way it’s supposed to be. Those are two completely different questions, and the second one is where most SMB environments quietly fall apart.

What are security baselines, really?

A baseline is a benchmark of configuration settings — things like password policy, BitLocker, account lockout, audit logging — measured against an industry profile.

In Defender, you assess your devices against the CIS or STIG benchmarks, pick a level (L1 is sensible-default, L2 is locked-down), and the tool tells you, device by device, setting by setting, where you comply and where you don’t.

Not “you’re missing 14 patches.” More like “BitLocker isn’t enforced on 9 machines and your audit policy is wide open.” That’s the stuff attackers love and scanners ignore.

The security baselines assessment documentation walks through the profile options if you want the full menu.

Step-by-Step: Build a baseline profile

You’ll need Defender for Endpoint Plan 2 with the MDVM add-on, or the MDVM Standalone licence. Then head to the Microsoft Defender portal → Exposure management → Baselines assessment.

Create the profile

Give it a name, choose your benchmark (CIS or STIG), choose your OS, choose your level. Start at L1. You can tighten later — leading with L2 just buries you in red.

Scope it to a device group

Don’t boil the ocean. Point it at one group — a handful of servers, or the managed laptops — and let it run.

Read the results by setting, not by score

Open the profile and sort by compliance. Each failing setting lists exactly which devices miss it. This is your work queue.

Now the part that earns its keep: exceptions

Here’s the reality every MSP knows. Some findings you can’t fix. The line-of-business app needs that legacy setting. The client won’t approve the downtime. The vendor says “don’t touch it.”

So what do most people do? Nothing. The finding sits there, red, forever — and after a while everyone stops looking because the dashboard is always angry.

That’s the trap. A permanently-red dashboard is the same as no dashboard.

The fix is the exception workflow. When you genuinely can’t remediate something, you file an exception — with a justification and an expiry date — and that finding drops out of your active exposure number. It doesn’t vanish. It’s parked, documented, and time-boxed.

Request the remediation first

For anything you can fix, connect Defender to Intune (it’s a toggle in the portal) and raise a remediation request straight from the recommendation. It lands in Intune as a tracked task instead of a Post-it note. The remediation request process covers the Intune connection.

File an exception for the rest

For the genuine “we can’t touch that,” create an exception with a real reason and a review date. The exceptions overview explains the justification types and how exceptions affect your exposure score.

“Doesn’t an exception just hide the problem?”

No. Hiding is when you ignore the red and hope. An exception is a decision — recorded, owned, and due for review. The difference is accountability.

Why this actually changes behaviour

Once you’re running baselines plus a disciplined exception workflow, “we can’t patch that one” stops being a silent gap. It becomes a documented, time-boxed choice with someone’s name on it.

That’s not a security feature. That’s a governance habit.

And it’s the exact thing that turns a vague “yeah, we’re secure” into a report you can hand a client.

If you’re not showing your clients their baseline posture and the exceptions you’ve signed off on, you’re leaving value — and trust — on the table.

The exposure score was never the deliverable. The conversation it lets you have is.

CIAOPS AI Dojo 13

What’s the session about?

This month we will be focusing on new Copilot features and updates as well as optimising AI for Small Business.

Who should attend?

This session is perfect for:

IT administrators and support staff
Business owners
People looking to get more done with Microsoft 365
Anyone looking to automate their daily grind

Save the Date

Date: Friday the 26th of June 2026

Time: 9:30 AM Sydney AU time

Location: Online (link will be provided upon registration)

Cost: $80 per attendee (free for Dojo subscribers)

CIA Brief 20260606

Events — Microsoft Build 2026

Build 2026: Furthering Windows as the trusted platform for development(opens in new window) At Build 2026, Microsoft laid out a wave of developer-focused Windows updates aimed at reducing setup friction and making Windows the place to build and run AI agents. Highlights include Coreutils for Windows, WSL containers, one-command Windows Developer Configurations, and a new security layer called Microsoft Execution Containers (MXC) that lets developers tightly control what an AI agent can access. It matters because it signals Microsoft’s push to fold secure, on-device AI agents directly into the Windows developer experience.

Announcements — New Products

Introducing Microsoft Scout: Your always-on personal agent(opens in new window) Microsoft unveiled Scout, an “always-on” personal agent that works in the background across your Microsoft 365 apps, holding your priorities and acting on your behalf rather than just answering one-off questions. Scout is part of a new category Microsoft calls “Autopilots” — agents that run autonomously with their own identity, within the permissions you and your organisation set. (Shared as a video; full write-up is on the Microsoft 365 Blog(opens in new window).)

Industry News — Security

The next frontier in endpoint security: Securing local AI agents with Microsoft Defender(opens in new window) Tied to Build 2026, Microsoft extended its Agent 365 and Defender protections to cover AI agents running locally on a device, not just cloud-based ones. The idea is to give security and IT teams the same visibility, governance, and threat protection over local agents that they already have over human users, helping prevent these autonomous agents from becoming a new enterprise risk.

AI

Announcements & Product Launches

Introducing Microsoft Scout (video) — A companion video walkthrough showing Scout in action as a personal agent. It’s a visual introduction to the same Scout launch covered in the blog. https://www.youtube.com/watch?v=3ff6UtpPQv8(opens in new window)
Announcing the new Work IQ APIs — Microsoft announced new Work IQ APIs that let developers and agents tap into real Microsoft 365 work context. This extends Work IQ beyond the CLI/MCP preview into a programmable platform. https://www.microsoft.com/en-us/microsoft-365/blog/2026/06/02/announcing-the-new-work-iq-apis/(opens in new window)
Learning Agent now generally available — Microsoft’s Learning Agent reached general availability, offering personalized AI-driven upskilling for every employee. It aims to help workers build skills directly within their Microsoft 365 experience. https://techcommunity.microsoft.com/blog/microsoft365copilotblog/learning-agent-now-generally-available-%E2%80%94-personalized-ai-upskilling-for-every-em/4524571(opens in new window)

AI Models & Research

Building a hill-climbing machine: Launching seven new MAI models — Microsoft AI announced a set of seven new in-house MAI models, framed as part of an iterative “hill-climbing” approach to model improvement. The post covers the new model lineup and the strategy behind it. https://microsoft.ai/news/building-a-hillclimbing-machine-launching-seven-new-mai-models/(opens in new window)
Frontier Tuning: Teaching AI to work the way you do — A developer-focused post on “Frontier Tuning,” a technique for adapting AI to match individual and organizational working styles. It’s aimed at developers building more personalized agent experiences. https://devblogs.microsoft.com/microsoft365dev/frontier-tuning-teaching-ai-to-work-the-way-you-do/(opens in new window)
OpenClaw + Windows: Microsoft Build 2026 (video) — A Build 2026 session video covering OpenClaw and its integration with Windows. https://www.youtube.com/watch?v=J7ol1VDkg7w(opens in new window)

Events

Frontier Transformation Engineer Summit — An event listing for the Frontier Transformation Engineer Summit, part of Microsoft’s FY26 skilling program. https://www.skilling-hub.com/listing/o::fy26-fps-06(opens in new window)

Productivity & Copilot Tips

Find skill-building volunteer opportunities with Microsoft Copilot — A how-to post showing how Copilot can help you discover volunteer opportunities that also build your skills. It’s a practical tip for using Copilot beyond day-to-day work tasks. https://techcommunity.microsoft.com/blog/Microsoft365InsiderBlog/find-skill-building-volunteer-opportunities-with-microsoft-copilot/4423657

After hours

Microsoft Build 2026: See All the Highlights in 15 Minutes – https://www.youtube.com/watch?v=1PSHObgyJpw

Editorial

If you found this valuable, the I’d appreciate a ‘like’ or perhaps a donation at https://ko-fi.com/ciaops. This helps me know that people enjoy what I have created and provides resources to allow me to create more content. If you have any feedback or suggestions around this, I’m all ears. You can also find me via email director@ciaops.com and on X (Twitter) at https://www.twitter.com/directorcia.

If you want to be part of a dedicated Microsoft Cloud community with information and interactions daily, then consider becoming a CIAOPS Patron – www.ciaopspatron.com.

Watch out for the next CIA Brief next week

Normal Is a Group Decision

I sat in a room recently with a group of MSP owners and listened to a conversation about pricing. Every person at the table was earning a decent living. Every person at the table was also quietly miserable about how hard they were working for it. Nobody was a bad operator. Nobody was lazy. They had simply, over years, settled into a shared idea of what “normal” looked like — and that idea was the ceiling.

That moment stuck with me, because I think most of us underestimate how much the people around us shape what we believe is possible.

Limited isn’t the same as bad

When something feels stuck — your business, your income, your role, your energy — the easy story is that someone is doing you wrong. A bad client. A bad supplier. A bad staff member. In my experience that’s rarely the real problem. The real problem is quieter. You’re surrounded by perfectly decent people who have made peace with a smaller version of the game than you secretly want to play.

Limited people aren’t villains. They’re warm, helpful, often very good at what they do. They just don’t think bigger than what they already have, and over time that becomes the air you breathe. You stop pitching certain projects. You stop charging certain prices. You stop applying for certain rooms. Not because anyone told you not to — because nobody around you is doing it either. The same thing happens with the clients you accept and the staff you hire. Like attracts like, and the average keeps quietly resetting itself downwards.

Audit the room

The room is bigger than you think. It’s the peer group you call when something goes sideways. It’s the chat you scroll while the kettle boils. It’s the three or four voices you hear most often inside your head when you’re making a decision. If those voices have all settled, you will too.

This is where I find Microsoft 365 quietly useful, in a way that has nothing to do with productivity. I use Copilot in Outlook to clear the noise faster, so the time I free up actually goes into conversations with sharper people — not back into more email. I use Copilot Chat to pressure-test my own thinking before I send a proposal: “argue against this”, “what would a more ambitious version look like”, “what am I leaving on the table”. It doesn’t replace good humans. It does stop me defaulting to the average opinion in my own head.

I also pay closer attention to which Teams communities and channels I actually show up in. If every conversation I’m part of is about doing the same thing slightly better, I’ve answered my own question about why my ceiling hasn’t moved. I keep a running Loop page of articles, podcasts and operators who think a level above where I am now, and I make myself read it before I make a decision I might otherwise rush.

Move the ceiling on purpose

You don’t have to fire your friends. You do have to be honest about what each room teaches you. Add one peer group that’s a level above where you are now. Subscribe to one voice who genuinely makes you uncomfortable in a useful way. Spend one hour a week somewhere your current “normal” would feel small.

The ceiling is invisible until you sit somewhere with a higher one. Then you wonder how you ever called the old one a roof.

CIAOPS Need to Know Microsoft 365 Webinar – June

laptop-eyes-technology-computer_thumb

Now in our tenth year!

Join me for the free monthly CIAOPS Need to Know webinar. Along with all the Microsoft Cloud news we’ll be taking a look at SharePoint Skills.

Shortly after registering you should receive an automated email from Microsoft Teams confirming your registration, including all the event details as well as a calendar invite.

You can register for the regular monthly webinar here:

June Registrations

(If you are having issues with the above link copy and paste – https://bit.ly/n2k2606 )

The details are:

CIAOPS Need to Know Webinar – June 2026
Friday 26th of June 2026
11.00am – 12.00am Sydney Time

All sessions are recorded and posted to the CIAOPS Youtube channel.

Also feel free at any stage to email me directly via director@ciaops.com with your webinar topic suggestions.

I’d also appreciate you sharing information about this webinar with anyone you feel may benefit from the session and I look forward to seeing you there.