Need to Know podcast–Episode 363

I reflect on the significance of the day before diving into the week’s major developments, including the arrival of the Microsoft AI Tour in Sydney. The episode covers both partner and public events, with a focus on enterprise-level AI advancements and networking opportunities.

The podcast features a comprehensive weekly news roundup:

  • The general availability of Copilot Agent capabilities in Microsoft 365 apps.

  • New data security tools for AI in Microsoft Purview.

  • Innovations in identity resilience and backup with Microsoft Entra.

  • Microsoft’s $25 billion investment in Australian AI infrastructure and training.

  • Practical security playbooks for tenant protection and device analytics.

  • Updates on decluttering promotional mail with Microsoft Defender.

  • Guidance on preventing oversharing in Copilot, deploying Defender, and enforcing data security with Purview.

I also share my workflow for automating podcast production using Copilot Cowork, including narration scripts and link management. I discuss experimenting with AI-driven voice narration and invites listener feedback on pacing and voice options.

The episode concludes with reflections on the Microsoft AI Tour’s enterprise focus, the importance of networking, and the challenges SMBs face in accessing relevant content. Listeners are encouraged to reach out with questions or feedback and to stay tuned for upcoming events like Microsoft Build and Ignite.

Brought to you by www.ciaopspatron.com

you can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-363-hello-cowork/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

or Spotify:

https://open.spotify.com/show/7ejj00cOuw8977GnnE2lPb

Don’t forget to give the show a rating as well as send me any feedback or suggestions you may have for the show

Resources

CIAOPS Need to Know podcast – CIAOPS – Need to Know podcasts | CIAOPS

X – https://www.twitter.com/directorcia

director@ciaops.com

CIAOPS Blog – CIAOPS – Information about SharePoint, Microsoft 365, Azure, Mobility and Productivity from the Computer Information Agency

Join my Teams shared channel – Join my Teams Shared Channel – CIAOPS

CIAOPS Merch store – CIAOPS

Become a CIAOPS Patron – CIAOPS Patron

CIAOPS Brief – CIA Brief – CIAOPS

CIAOPS Labs – CIAOPS Labs – The Special Activities Division of the CIAOPS

Support CIAOPS – Support CIAOPS

Get your M365 questions answered via email

Join the CIAOPS Email list – Please fill out this form

A special thanks to the CIAOPS Patron community for making this podcast possible. You can find the benefits of a subscription to the community and become a member at https://www.ciaopspatron.com

Show notes

Microsoft 365 Insider Round-Up — April 2026

Declutter and Defend: Reducing Promotional Mail Noise with Microsoft Defender

Prevent Oversharing in Microsoft 365 Copilot

Microsoft Defender Deployment Tool

From Oversharing to Enforcement: A Practical Guide to AI Data Security with Microsoft Purview

Investing in Australia’s AI Future

Copilot’s Agentic Capabilities in Word, Excel and PowerPoint Are Generally Available

Predictive Shielding: Just-in-Time Tamper Protection

Threat Hunting Agent in Advanced Hunting

Bringing Transparency to AI-Generated Content with Watermarks in Microsoft 365

Microsoft 365 Copilot Readiness and Resiliency with SharePoint and Microsoft 365 Backup

Introducing the Microsoft Sentinel Training Lab

A Practical Look at Device Analytics and Risk Signals with Microsoft Intune

Innovations in OneDrive for Collaboration, Intelligence and Control

Strengthening Identity Resilience: A Deep Dive Into Microsoft Entra Backup and Recovery

Detection Strategies for Cloud Identities Against Infiltrating IT Workers (Jasper Sleet)

Safeguarding Sensitive Data in Microsoft 365 Copilot Interactions: DLP for Microsoft 365 Copilot

Detecting Plain-Text Password Exposure Using Custom Regex in Microsoft Purview

Cross-Tenant Helpdesk Impersonation to Data Exfiltration: A Human-Operated Intrusion Playbook

Step-by-step: Find deleted file logs for a SharePoint site

image

Option 1: Use the Microsoft Purview audit portal

This is the easiest method for most admins.

  1. Sign in to Microsoft 365

  2. Open Audit

    • In the left menu, go to Solutions > Audit.

    • If prompted, enable auditing if it isn’t already on.

  3. Start a new search

    • Select New Search.

  4. Set the date range

    • Choose the period when you think the file was deleted.

    • Be aware that audit retention depends on licensing:

      • Many non-E5 tenants keep audit data for 180 days
      • E5 and some add-on licenses can retain some audit data for 1 year by default citehttps://learn.microsoft.com/purview/audit-search#before-you-search-the-audit-log

  5. Choose activities

    • In the activity filter, look for SharePoint file deletion-related actions such as:

      • Deleted file (FileDeleted)

      • Recycled a file (FileRecycled)

      • Deleted file from recycle bin (FileDeletedFirstStageRecycleBin)

      • Deleted file from second-stage recycle bin (FileDeletedSecondStageRecycleBin) citehttps://learn.microsoft.com/purview/audit-log-activities#file-and-page-activities

  6. Filter by site, file, or user

    • Use available filters to narrow results:

      • Site URL
      • File name
      • User
    • If you know the person who deleted the file, filtering by user makes results much easier to review.

  7. Run the search

    • Click Search.

  8. Review the results

    • Open matching events to see details such as:

      • who performed the action

      • when it happened

      • the file involved

      • the site URL

      • the operation type

  9. Check the event sequence

    • A typical deletion trail may look like this:

      • FileRecycled = file moved to recycle bin

      • FileDeletedFirstStageRecycleBin = removed from first-stage recycle bin

      • FileDeletedSecondStageRecycleBin = permanently removed from second-stage recycle bin citehttps://learn.microsoft.com/purview/audit-log-activities#file-and-page-activities

What the log entries mean

For SharePoint deleted files, these are the most useful audit events:

  • FileDeleted
    A user deleted a document from a site. citehttps://learn.microsoft.com/purview/audit-log-activities#file-and-page-activities

  • FileRecycled
    A user moved a file into the SharePoint recycle bin. citehttps://learn.microsoft.com/purview/audit-log-activities#file-and-page-activities

  • FileDeletedFirstStageRecycleBin
    A user deleted a file from the site’s recycle bin. citehttps://learn.microsoft.com/purview/audit-log-activities#file-and-page-activities

  • FileDeletedSecondStageRecycleBin
    A user deleted a file from the second-stage recycle bin. citehttps://learn.microsoft.com/purview/audit-log-activities#file-and-page-activities

That sequence helps you determine whether the file is still recoverable or has been permanently removed.

Practical tip for small businesses

If you are only trying to answer:

  • Who deleted the file?
  • When was it deleted?
  • Was it permanently deleted or just moved to the recycle bin?

Then the audit search with the filters:

  • date range

  • user

  • file name

  • SharePoint activities

is usually enough.

If you are trying to restore the file as well, you should also check:

  • the site recycle bin
  • the second-stage recycle bin

because the audit log tells you what happened, but recovery depends on whether the file is still retained in one of those recycle bins.

Option 2: Use PowerShell for more detailed searches

If you prefer scripting or want to export results, Microsoft also supports using the Search-UnifiedAuditLog cmdlet in Exchange Online PowerShell to search and export audit records. citehttps://learn.microsoft.com/purview/audit-log-export-records#use-powershell-to-search-and-export-audit-log-records

High-level process:

  1. Connect to Exchange Online PowerShell.

  2. Run Search-UnifiedAuditLog for the date range.

  3. Search SharePoint-related audit records.

  4. Export the results to CSV for filtering and reporting. citehttps://learn.microsoft.com/purview/audit-log-export-records#use-powershell-to-search-and-export-audit-log-records

This is especially useful if:

  • you need a report,

  • you want to search a large range of data,

  • or you want to automate the process.

Things to check if you can’t find the log

If no results appear, check these common causes:

  1. Wrong date range

    • Expand the time window.

  2. Audit retention expired

    • Older events may no longer be available depending on license. citehttps://learn.microsoft.com/purview/audit-search#before-you-search-the-audit-log

  3. Wrong activity selected

    • Try both:

      • deleted

      • recycled

      • recycle bin deletion events

  4. Auditing not enabled

    • In most tenants this is on, but if it was disabled previously, older activity may not exist. Microsoft notes audit log ingestion can be turned on or off. citehttps://learn.microsoft.com/purview/audit-search#before-you-search-the-audit-log

  5. Looking in SharePoint site settings instead of Purview

    • File deletion history is generally tracked in the Microsoft 365 unified audit log, not as a simple “deletion report” inside the SharePoint site itself.

Simple example

If a user says, “The file Budget.xlsx disappeared from the Finance SharePoint site,” you would:

  1. Open Purview Audit
  2. Search the last 7–30 days

  3. Filter activities to:

    • FileDeleted

    • FileRecycled

    • FileDeletedFirstStageRecycleBin

    • FileDeletedSecondStageRecycleBin
  4. Filter by:

    • Site URL = Finance site

    • File name = Budget.xlsx
  5. Review who deleted it and whether it is still recoverable

CIA Brief 20260425

image

Microsoft 365 Copilot & AI Productivity

Security – Defender & Threat Protection

Data Protection & Purview

Identity (Entra)

Devices & Endpoint Management

Collaboration & OneDrive

Industry & Regional

After hours

Coyote vs ACME  – https://www.youtube.com/watch?v=H-43VeYGiPM

Editorial

If you found this valuable, the I’d appreciate a ‘like’ or perhaps a donation at https://ko-fi.com/ciaops. This helps me know that people enjoy what I have created and provides resources to allow me to create more content. If you have any feedback or suggestions around this, I’m all ears. You can also find me via email director@ciaops.com and on X (Twitter) at https://www.twitter.com/directorcia.

If you want to be part of a dedicated Microsoft Cloud community with information and interactions daily, then consider becoming a CIAOPS Patron – www.ciaopspatron.com.

Watch out for the next CIA Brief next week

The Quiet Shame We Don’t Talk About in MSPs

image

Let’s talk about something uncomfortable.

Not ransomware.
Not margins.
Not Microsoft licensing.

Shame.

Most MSPs I speak to carry some form of business shame. Quiet, private, often unspoken. It’s the thing you don’t put on your website. The thing you hope no one asks too many questions about. The thing you keep tolerating because “we’ll fix it later”.

And “later” never comes.

Maybe it’s your internal documentation. You know it’s a mess. Half-written KBs, outdated screenshots, tribal knowledge locked in one senior tech’s head. You keep telling yourself you’ll clean it up “when things slow down”. They never do.

Maybe it’s that half‑finished project. A security uplift. A standardisation initiative. A proper onboarding process. You started strong, then client work got busy, fires popped up, and now it’s sitting there like an abandoned renovation — expensive, unfinished, and quietly mocking you.

Or maybe it’s you.

Your calendar is chaos. You’re still the escalation point for everything. You know deep down that the business relies too heavily on your heroics rather than good systems. You tolerate it because you’re capable, because clients like you, because it’s easier than changing.

But here’s the hard truth.

What you tolerate is what you choose.

If something in your business causes you embarrassment, frustration, or a knot in your stomach every time you think about it — that’s a signal. Not a failure. A signal.

What Have You Been Tolerating for Too Long?

Ask yourself honestly:

  • What do I avoid looking at?

  • What do I explain away with “that’s just how we do things here”?

  • What would I be embarrassed to show another MSP owner?

That’s your shame point.

And no, this isn’t about beating yourself up. MSPs are hard. Growth is messy. Most of us built our businesses reactively, not from some perfectly designed playbook.

But ignoring the shame doesn’t make it go away. It just makes it normal.

Now Flip the Question

Instead of asking “Why is this still broken?”, ask:

“What would this look like if I was genuinely proud of it?”

Not “acceptable”.
Not “good enough”.
Proud.

What would that neglected project look like if it actually reflected your standards?

  • Properly scoped

  • Properly finished

  • Properly documented

  • Properly embedded into how the business runs

What would change if you decided that this thing was no longer allowed to be embarrassing?

Here’s the interesting part: you already know the answer.

You know what needs to be done. You know the next step. You’ve probably written it down three times already.

What’s missing isn’t knowledge. It’s permission.

Permission to slow down briefly so you can speed up later.
Permission to say no to new work while you fix the foundations.
Permission to stop tolerating something that’s draining energy every single week.

Pride Is a Business Strategy

The MSPs that last — the ones that scale, that attract good staff, that don’t burn out their owners — they work on the unsexy stuff.

They finish projects.
They close loops.
They turn shame into systems.

Not because it’s fun, but because pride compounds.

When you’re proud of how something is built, you maintain it. You protect it. You improve it. And that pride quietly leaks into everything else — culture, delivery, confidence.

So here’s your challenge.

Pick one thing you’ve been tolerating too long.

Just one.

Decide what “I’d be proud of this” actually looks like.

Then take the first uncomfortable step towards finishing it properly.

You don’t need to fix everything.

But you do need to stop pretending that the shame isn’t there.

Because the moment you turn and face it, it loses most of its power.

And that’s where real progress starts.

3 Ready‑to‑Use Copilot Cowork SKILL.md Examples for MSPs

3 Ready-to-Use Copilot Cowork SKILL.md Examples for MSPs

image


Below are three practical, production‑ready Copilot Cowork custom skills designed specifically for MSP use cases.
Each skill follows Microsoft’s supported structure:
YAML frontmatter (name, description) followed by Markdown instructions,
and is intended to live in:

/Documents/Cowork/Skills/<skill-name>/SKILL.md


Copilot Cowork automatically discovers these skills at the start of each conversation.
Each one targets repeatable, high‑value MSP workflows rather than one‑off prompts.

1) MSP Client Monthly Executive Summary (QBR‑lite)

Folder: /Documents/Cowork/Skills/msp-client-exec-summary/
File: SKILL.md

---
name: MSP Client Executive Summary
description: Creates a monthly executive summary for an MSP client using M365 activity evidence (emails, meetings, files) and a consistent MSP-friendly format.
---

## Purpose
Produce a client-ready monthly executive summary (QBR-lite) that is consistent, factual, and easy for non-technical stakeholders to read.

## Inputs to request (ask if missing)
1. Client name (exact)
2. Reporting period (e.g., "March 2026")
3. Where client artefacts live (SharePoint site / Teams name / OneDrive folder path)
4. Any key initiatives/projects to include (list)
5. Any sensitive exclusions (e.g., "do not mention incident details")

## Data gathering rules
- Prefer evidence from Microsoft 365 content: emails, meeting notes, and files in OneDrive/SharePoint.
- Use only artefacts the user has access to.
- If you can’t find evidence for an item, mark it as “No supporting evidence found in M365 sources provided”.

## Output format (Word document)
Create a Word document titled:
"Executive Summary - <Client> - <Reporting Period>"

Use these sections and headings exactly:

1. Headline Summary (5 bullets max)
   - Outcomes delivered (business language)
   - Risks/issues (non-alarmist)
   - Decisions needed from client (if any)

2. Service Health Snapshot
   - Identity & access notes
   - Device management posture
   - Security themes at a high level

3. Work Completed (Outcomes, not tasks)
   - Outcome
   - Evidence reference
   - Business value

4. Open Items & Blockers
   - What’s stuck
   - Who owns it
   - Next trigger/date

5. Recommendations for Next Month
   - 3–5 pragmatic recommendations
   - Include effort (S/M/L) and impact (Low/Med/High)

6. Appendix: Evidence List
   - Files, meetings, and email subjects used

## Tone & constraints
- Australian English.
- No vendor hype.
- Client-safe wording only.

2) MSP Incident Communications Pack

Folder: /Documents/Cowork/Skills/msp-incident-comms-pack/
File: SKILL.md

---
name: MSP Incident Comms Pack
description: Drafts an MSP incident communications pack (client update + internal summary + next-steps checklist) with approval-safe wording.
---

## Purpose
Create consistent, calm, defensible communications during an incident.

## Inputs to request (ask if missing)
1. Client name
2. Incident label (short)
3. Timeline of events
4. Confirmed facts vs suspected items
5. Client audience
6. Desired update cadence

## Data gathering rules
- Use M365 artefacts only (emails, meetings, Teams messages, files).
- Do not invent technical detail.
- Ask for clarification where facts are missing.

## Outputs
### A) Client Update Email (Outlook draft)
Subject:
"Update: <Client> - <Incident> - <Date>"

Include:
- What we know
- What we’re doing
- What we need from the client
- Next update timing

### B) Internal Technician Summary (Teams)
- Incident label + severity
- Current status
- Owner and next actions
- Links to evidence

### C) Next-Steps Checklist (Word)
Include:
1. Containment
2. Investigation
3. Recovery
4. Communications
5. Post-incident follow-up

## Tone & constraints
- Calm, factual, non-alarmist.
- Australian English.
- No blame, no absolutes.

3) MSP Onboarding Kickstart Pack (SMB‑friendly)

Folder: /Documents/Cowork/Skills/msp-onboarding-kickstart-pack/
File: SKILL.md

---
name: MSP Onboarding Kickstart Pack
description: Creates an MSP onboarding pack including welcome email, onboarding schedule, folder structure, and checklists.
---

## Purpose
Deliver a consistent, professional first-30-days onboarding experience for SMB clients.

## Inputs to request (ask if missing)
1. Client name and primary contact
2. Services in scope
3. Target go-live date
4. Preferred meeting times
5. Tenant state (new or existing)

## Outputs
### A) Welcome Email (Outlook draft)
Include:
- Week 1 expectations
- Required client inputs
- Communication model
- Links to onboarding artefacts

### B) Onboarding Plan (Word)
Title:
"Onboarding Plan - <Client> - First 30 Days"

Break down by week:
- Meetings
- Deliverables
- Dependencies

### C) Folder Structure
Create or propose:
- 01 - Commercial & Contacts
- 02 - Tenant Baseline
- 03 - Security & Compliance
- 04 - Devices & Intune
- 05 - Documentation & SOPs
- 06 - Projects
- 07 - Reports

### D) Onboarding Checklist (Word)
Include:
- Identity baseline
- Device enrolment
- Security configuration
- Documentation completion
- Client sign-off points

## Rules
- Step-by-step.
- SMB-realistic (no enterprise bloat).
- Australian English.


Implementation reminder:
Each skill must live in its own folder under /Documents/Cowork/Skills/,
must be named SKILL.md, and should have a specific description so Cowork knows when to load it.

You’ll Never Win Playing a Game That’s Rigged for Someone Else

image

You’ll never win playing a game that’s rigged for someone else to win.

Of course it feels hard. Of course it feels unfair. That’s because it is.

The problem isn’t that you’re bad at the game.
The problem is that you’re playing their game.

Most MSPs are exhausted not because they’re lazy, unskilled, or unlucky — but because they’ve bought into a model that was never designed to let them win. The race to the bottom on price. The endless bundle of “all you can eat” support. The expectation that you’ll absorb risk, complexity, and compliance… for margins that barely justify the stress.

And then we act surprised when it hurts.

If you’re selling the same stack, the same licensing, the same “per seat” offering as every other MSP down the road, you are not competing — you’re commoditising yourself. You’re playing a game where the rules reward scale, not quality. Volume, not insight. Marketing budgets, not experience.

That game is rigged.
And it’s rigged for vendors, marketplaces, and platforms — not for you.

Look at where the incentives sit.

Vendors want adoption. They want logos, seats, and usage metrics. They don’t care if you spend nights cleaning up conditional access, remediating insecure tenants, or explaining to customers why “secure by default” wasn’t actually default. You do the work. They report the growth.

Marketplaces want simplicity. Fixed pricing. Comparability. They want buyers to see MSPs as interchangeable — because that reduces friction. Unfortunately, it also erases differentiation.

Customers, conditioned by years of underpricing, want “everything included” and are shocked when security incidents, audits, or AI projects cost extra. Because no one ever taught them that outcomes have a cost.

And MSPs? MSPs are left trying to make a premium living inside a discount model.

That’s the rigged game.

The mistake most MSPs make is trying to win harder instead of changing the game.

They work longer hours. They add more services “for free”. They chase more customers instead of better ones. They hope automation will save margins that were never there to begin with.

It won’t.

You don’t escape a rigged game by playing it better.
You escape by opting out.

That means hard decisions. Uncomfortable positioning. Saying “no” to customers who only value price. Charging properly for risk, compliance, and complexity. Building IP instead of just reselling licences. Teaching customers that security, governance, and AI readiness are not add‑ons — they’re the foundation.

It means shifting from “we’ll do whatever you want” to “this is how we do it, and here’s why.”

It means working on your business model, not just in your ticketing system.

Yes, that’s harder in the short term.
Yes, you’ll lose some customers.
Yes, it will feel risky.

But staying where you are is riskier.

Because the current model doesn’t get easier with time. It gets tighter. More compliance. More security pressure. More AI complexity. More expectation — with the same margins.

The MSPs who will survive — and thrive — aren’t the ones who hustle harder inside broken rules.

They’re the ones who redesign the rules.

They stop competing on sameness and start competing on clarity.
They stop selling hours and start selling outcomes.
They stop apologising for price and start justifying value.

If what you’re doing feels impossibly hard, ask yourself this:

Are you failing…
Or are you just playing a game that was never designed for you to win?

Because once you see the rigging, you have a choice.

And the most powerful move isn’t working harder.

It’s stepping off the board.

Creating Custom Copilot Cowork Skills That Actually Matter for SMBs

image

If you’re still using Copilot like a fancy chatbot, you’re missing the point.

Copilot Cowork is Microsoft’s quiet shift from AI that answers questions to AI that actually does work. And the real power move for SMBs isn’t the built‑in skills—it’s custom Cowork skills that encode how your business actually runs. [learn.microsoft.com]

This is where Copilot stops being impressive and starts being profitable.

What a Custom Cowork Skill Really Is

A custom Cowork skill is not code, not an agent, and not a Power Automate flow. It’s a structured set of instructions written in a simple SKILL.md file and stored in the user’s OneDrive under:

/Documents/Cowork/Skills/<skill-name>/SKILL.md

Copilot Cowork automatically discovers up to 20 custom skills per user at the start of every conversation and loads them when relevant. No prompting gymnastics required. [learn.microsoft.com]

Think of a custom skill as:

“Every time I do this type of work, follow these rules, pull this data, and produce that output.”

For SMBs, that’s gold.

Example 1: Client Meeting Prep for a 10‑Person Consultancy

The problem:
SMB consultants spend 15–30 minutes before every client meeting digging through emails, Teams chats, and old documents. It’s repetitive, error‑prone, and always rushed.

The custom Cowork skill:
Client Meeting Brief

What the skill does:

  • Pulls calendar context for the upcoming meeting

  • Finds recent emails and Teams messages with that client

  • Identifies open actions from last meeting notes in OneDrive

  • Produces a 1‑page Word briefing with:

    • Client objective

    • Outstanding issues

    • Risks and next steps

Why it works for SMBs:
It saves time without introducing new tools. Everything stays inside Microsoft 365, using data they already trust. No CRM integration required. [learn.microsoft.com]

Example 2: Weekly Operations Report for an Owner‑Managed Business

The problem:
Business owners hate status reporting, but flying blind is worse. Most weekly reports are inconsistent, late, or ignored.

The custom Cowork skill:
Weekly Ops Summary

What the skill does:

  • Reviews sent emails and calendar activity from the past 7 days

  • Pulls key numbers from a defined Excel file in OneDrive

  • Generates a consistent Word report using the owner’s template

  • Flags anything that looks overdue or hasn’t progressed

Why it works for SMBs:
Custom skills enforce discipline without admin overhead. The report looks the same every week, uses the same data sources, and takes seconds—not hours—to produce.

Example 3: Standardised Client Follow‑Ups for Professional Services

The problem:
Follow‑up emails are inconsistent. Some are overly casual, others too formal, and key details get missed.

The custom Cowork skill:
Client Follow‑Up Drafter

What the skill does:

  • Detects completed meetings

  • Creates a draft email using the company’s approved structure:

    • Summary

    • Decisions made

    • Actions and owners
  • Saves the draft for approval before sending

Copilot Cowork always asks for confirmation before external communication, which is critical for SMB risk management.

What Doesn’t Work Well as a Custom Skill

Not everything should be a skill.

Avoid:

  • One‑off tasks (“Summarise this document”)

  • Highly variable creative work

  • Anything that relies on local files (Cowork only accesses OneDrive and SharePoint)

The sweet spot is repeatable, boring, but important work.

Why MSPs Should Care (Even More Than SMBs)

For MSPs, custom Cowork skills become:

  • A standardised service delivery layer
  • A way to encode best practice for L1–L3 staff

  • A differentiator that isn’t just “we sell Copilot licences”

You don’t deploy Copilot.
You operationalise it.

Custom Cowork skills are how you turn AI from a novelty into a system—especially in SMB environments where consistency matters more than scale.

If you’re not teaching your customers how to do this, someone else will.

Further reading:
Microsoft Learn – Create custom Copilot Cowork skills
https://learn.microsoft.com/en-us/microsoft-365/copilot/cowork/use-cowork#create-custom-skills

More People Are Defeated by Blisters Than Mountains

image

Most MSPs don’t fail because the mountain was too big.

They fail because of the blisters.

Everyone loves to talk about the big challenges in this industry. Security threats. AI disruption. Microsoft changing the rules (again). Margin pressure. Talent shortages. Clients who don’t “get it”.

Those are the mountains. They’re visible. They’re dramatic. They make for great conference slides and LinkedIn posts.

But they’re not what usually beats you.

What actually takes MSPs out are the small, constant, grinding irritations that never quite get fixed.

The blisters.

Blisters are the daily annoyances you tolerate because “we’ll deal with that later”. The manual processes. The undocumented exceptions. The one client who’s “special”. The script that almost works. The onboarding checklist that lives in someone’s head. The sales process that depends entirely on you being in the room.

One blister on its own is manageable. You adjust your stride. You push through.

But blisters compound. They rub. They slow you down. They drain energy. And eventually, you stop walking altogether.

I see this constantly with MSPs.

They know where they want to go. Better margins. Fewer clients, higher value. Standardised stacks. Security-first offerings. Maybe even some actual time off.

But they never get there because the day-to-day friction is unbearable.

Take security as an example.

Most MSPs don’t lose customers because they can’t deploy Microsoft Defender or configure Intune. They lose because they never standardised how they do it. Every tenant is slightly different. Every exception is “just this once”. Every review is a bespoke exercise.

The mountain isn’t security.

The blister is inconsistency.

Or look at AI and Copilot adoption.

The mountain feels massive: “How do we sell this? Support this? Price this? Train clients?”

But the blister is simpler and far more dangerous: the MSP hasn’t even embedded AI properly inside their own business. No internal standards. No prompting framework. No documented use cases. No expectation that staff use it daily.

So it becomes yet another thing on the list. Another half‑done initiative. Another source of background frustration.

And then there’s the biggest blister of all: the owner bottleneck.

Most MSPs are not constrained by the market. They’re constrained by the person at the top trying to hold everything together.

If sales requires you. If escalation requires you. If documentation quality depends on you. If decision-making waits for you.

That’s not leadership. That’s friction disguised as control.

The mountain is “scaling the business”.

The blister is refusing to let go of how things are done today.

Here’s the uncomfortable truth:
You don’t need to climb faster.
You need better boots.

Better boots look boring. They’re not sexy. They don’t make great keynote topics.

They look like:

  • Ruthless standardisation, even when it annoys a few clients.

  • Saying “no” to edge cases that don’t fit your model.

  • Documenting the obvious so it stops living in your head.

  • Automating the unglamorous tasks that quietly drain hours.

  • Training your team properly instead of hoping they’ll “figure it out”.

  • Fixing internal friction before chasing external growth.

Mountains are conquered once.

Blisters are endured every single day.

If you want to win long term as an MSP, stop obsessing over the next big summit. Turn your attention inward. Identify the friction you’ve normalised. The pain you’ve accepted. The inefficiencies you excuse because “that’s just how it is”.

Because in this industry, it’s rarely the size of the challenge that defeats you.

It’s the small, preventable pain you refused to address early.