Where Your Hours Go: A Calendar Lesson Worth Borrowing

I’ve been thinking a lot about calendars lately — mine in particular. There’s a quiet truth most of us would rather not admit: we aren’t running our calendars, our calendars are running us. Show me a fortnight of someone’s diary and I can usually tell you, with uncomfortable accuracy, what they actually care about. The hours don’t lie.

So I opened Outlook last Saturday morning and had a long, honest look at my own.

The Calendar Is the Confession

Most weeks of mine look fine on the surface. Meetings stacked tidily, deliverables ticking along, inbox manageable. But I tried something different this time — I colour-coded a fortnight of activities. Green for what energises me. Red for what drains me. The picture changed quickly. Most of the red was email triage, status check-ins that should have been a paragraph in a chat, and busywork dressed up as “real work”. I’d been treating execution time and thinking time as the same currency. They aren’t, and the account that pays out on each is very different.

The shift I’m trying to make is at an identity level. Stop measuring myself on output volume and start measuring myself on the quality of the decisions I make. A clear head making one good call beats a frantic day producing eight average ones. The problem is your calendar has to actually let you do that — and most calendars don’t.

Where Copilot Earns Its Seat

This is where Microsoft 365 Copilot has genuinely changed something in my week. Not in a flashy way — in a quietly structural way. The red activities on my audit, the energy-drain ones, are exactly the tasks Copilot is now doing for me.

Outlook is the obvious one. Copilot drafts replies, summarises long threads, and pulls out the actual ask buried six paragraphs deep. The hour I used to lose to inbox every morning is now closer to fifteen minutes. In Teams, Copilot recaps the meetings I couldn’t attend in plain prose, with decisions and action items separated — so I don’t have to sit through the recording at 1.5x speed pretending it’s productive. In Word and PowerPoint, the first draft writes itself from a few prompts, and I edit instead of starting from a blank page. In Excel, the analysis I used to wait on someone else for is now a conversation I have with the spreadsheet.

The principle behind all of this is simple. Pay someone, or something, to take low-value work off your plate so you can spend more hours on what only you can do. Copilot is the cheapest, most consistent assistant most of us will ever have. It doesn’t call in sick. It doesn’t need handover notes. And it’s already sitting inside the apps you use every day.

Design the Week First

The bit of this I’m trying hardest to apply is the simplest one. Schedule the personal commitments before the work ones. Block the gym session, the family dinner, the thinking time — then let work fit around what’s already there. It feels backwards the first time you do it, and right by the end of the week.

I’m watching my own calendar more carefully now. Not for gaps to fill, but for patterns I’d rather not repeat. If Copilot can hand me back ten hours a week of red-zone work, the question stops being “how do I find time” and becomes “what am I going to do with the time I’ve reclaimed”. That second question, I think, is the one worth answering well.

Retention Policies vs Retention Labels: The One Rule That Governs Both

Most Microsoft 365 tenants I look at have both retention policies and retention labels configured. Usually set up by different people at different times, with something like “applied for legal” in the ticket notes. Nobody documented which one wins.

That’s a governance problem. When your client’s solicitor asks why a document that should have been kept for seven years was deleted after three, “we had both configured” isn’t an answer.

Here’s what cuts through all of it: preserve always beats delete.

If any retention setting — policy or label — says retain, the content stays. A delete-only cleanup policy cannot overrule a retain policy. That’s the first principle of retention in Microsoft Purview, and it’s the one rule worth tattooing on your brain before you touch anything else.

What a retention policy does and what a label does, really

A retention policy is a net cast over an entire location. All Exchange mailboxes. All SharePoint sites. All Teams messages. You configure it once and it runs silently in the background. Users don’t see it and can’t override it.

A retention label is a tag applied to a specific item — a document, a folder, an email thread. Item-level control, which means exceptions. A label can be applied manually by a user, or automatically via content inspection rules.

They’re not competing tools. They’re two layers of the same system.

Microsoft’s overview puts it plainly: use a policy when everything in a location should be treated the same, use a label when you need item-level exceptions. Most mature tenants use both — a policy as the floor, labels as the ceiling.

Step-by-Step: Creating and publishing a retention label

Setting up a retention policy is straightforward: Purview portal > Solutions > Data Lifecycle Management > Policies > Retention policies > New. Labels take a few more steps because you create them first, then publish them separately.

Open the Purview portal and navigate to Labels

Go to Solutions > Data Lifecycle Management > Labels and select Create a label.

Name it and set the retention action

Give it a meaningful name — Contracts – Retain 7 Years is better than Label 3. Set the retention period and what happens at the end: retain only, delete after retention, or retain then delete. If the item needs to be declared a record, tick that here — it adds immutability.

Publish via a label policy

Labels don’t apply themselves. Go to Label policies > Publish labels, choose your label, and set the locations (SharePoint, OneDrive, Exchange). This makes the label available for users to apply manually in those apps.

Set up auto-apply

For most SMB clients, relying on users to apply labels manually doesn’t work. They won’t. Back in Label policies, choose Auto-apply a label, set your content condition — keywords, sensitive information types, or a trainable classifier — select the label, and let Purview do the tagging.

Allow up to seven days for labels to propagate to SharePoint and OneDrive. Don’t test immediately and assume it’s broken.

What actually happens when a policy and a label disagree

Say you have an org-wide Exchange retention policy that keeps email for three years and then deletes. And a specific retention label on a contract thread that says retain for seven years.

Which wins?

The label wins. Because it specifies the longer retention period (Principle 2: longest retention wins), and because a label is explicit — a deliberate decision about a specific item, not a blanket setting over a location (Principle 3: explicit beats implicit).

The old thinking: “We have a seven-year legal hold… somewhere. I think.”
The new reality: You can show exactly which items carry which label, when they expire, and prove it via the Purview content explorer.

A delete-only policy can only affect content that has no retain setting at all. It cannot shorten a label’s retention period. It cannot override a retain policy. Preserve always wins.

The MSP angle: adaptive scopes

Adaptive scopes are the part of retention most MSPs haven’t touched — and they make multi-tenant governance dramatically simpler.

Instead of pointing a policy at a static list of sites or mailboxes, you write a query. The scope dynamically targets whoever matches it, updated daily. A client with Finance retaining for ten years and Sales retaining for five no longer needs two separately maintained group memberships. You build two adaptive scopes off the Department attribute in Entra ID, and the policy follows the org chart automatically.

My recommendation? Start with an org-wide retention policy as your baseline. Add labels for the high-value exceptions — contracts, HR records, anything with a different period or a record declaration. Then look at adaptive scopes when you’re ready to stop maintaining static lists across every client tenant.

If you’re not showing clients that their data governance is this deliberate and this auditable, you’re leaving a genuine service conversation on the table.

Retention policies set the floor. Retention labels set the ceiling. Preserve always wins.

CIA Brief 20260627

Security & Threat Intelligence

One intrusion, two cyberattackers: Uncovering parallel threat activity
A good reminder that compromises are no longer single-actor events. This research shows how multiple threat actors can exploit the same breach simultaneously, reinforcing the need for layered visibility and rapid response.
https://www.microsoft.com/en-us/security/blog/2026/06/22/one-intrusion-two-cyberattackers-uncovering-parallel-threat-activity/
StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them
Breakdown of two common infostealers and how they’re packaged and distributed via cybercrime-as-a-service models. Useful insight into how attackers are scaling credential theft.
https://www.microsoft.com/en-us/security/blog/2026/06/24/stealc-and-amadey-breaking-down-infostealers-and-the-cybercrime-services-that-deliver-them/
AutoJack: How a single page can RCE the host running your AI agent
Highlights a potential remote code execution path via AI agents. Worth understanding as more organisations start deploying AI-driven workflows.
https://www.microsoft.com/en-us/security/blog/2026/06/18/autojack-single-page-rce-host-running-ai-agent/
Five Eyes Cyber Security Agencies Statement
Joint statement from international cybersecurity agencies outlining shared priorities and the need for coordinated defence against evolving global threats.
https://www.cisa.gov/news-events/news/five-eyes-cyber-security-agencies-statement
Scaling cybercrime disruption through innovation and AI
Microsoft outlines how AI and collaboration are being used to disrupt cybercrime infrastructure, with a focus on proactively scaling defence capability.
https://blogs.microsoft.com/on-the-issues/2026/06/24/scaling-cybercrime-disruption-through-innovation-and-ai/

Microsoft Product Updates & Announcements

Microsoft a Leader in The Forrester Wave™ for Endpoint Management Platforms
Microsoft continues to rank strongly in endpoint management, with strengths across device management, security, and integration across its ecosystem.
https://www.microsoft.com/en-us/security/blog/2026/06/25/microsoft-a-leader-in-the-forrester-wave-for-endpoint-management-platforms/
Point-in-time restore for Windows 11 is now generally available
New capability allowing systems to be rolled back to a known good state. This is a practical addition for resilience and incident recovery.
https://techcommunity.microsoft.com/blog/windows-itpro-blog/point-in-time-restore-for-windows-11-is-now-generally-available/4508101
What’s new in Microsoft Intune – June
Monthly update outlining the latest Intune features and improvements that enhance device management and security posture.
https://techcommunity.microsoft.com/blog/microsoftintuneblog/what%E2%80%99s-new-in-microsoft-intune-%E2%80%93-june/4491983
Microsoft 365 Insider Round-Up: June 2026
A consolidated overview of recent Microsoft 365 updates, providing a quick way to stay across platform changes.
https://www.linkedin.com/pulse/microsoft-365-insider-round-up-june-2026-microsoft-365-insider-qz1be/

Cloud & AI

Rethinking cloud operations with agentic observability
Explores how AI-driven observability is helping shift cloud operations from reactive monitoring to more autonomous approaches.
https://blogs.microsoft.com/blog/2026/06/23/rethinking-cloud-operations-with-agentic-observability/

Sustainability

Inside Microsoft’s two-decade push to cut water intensity while scaling for growth
Details Microsoft’s long-term efforts to reduce water consumption while continuing to expand infrastructure globally.
https://blogs.microsoft.com/blog/2026/06/24/inside-microsofts-two-decade-push-to-cut-water-intensity-while-scaling-for-growth/

After hours

When a cyber attack took 100 hospitals offline – https://www.youtube.com/watch?v=WxY6aLRVgcI

Editorial

If you found this valuable, the I’d appreciate a ‘like’ or perhaps a donation at https://ko-fi.com/ciaops. This helps me know that people enjoy what I have created and provides resources to allow me to create more content. If you have any feedback or suggestions around this, I’m all ears. You can also find me via email director@ciaops.com and on X (Twitter) at https://www.twitter.com/directorcia.

If you want to be part of a dedicated Microsoft Cloud community with information and interactions daily, then consider becoming a CIAOPS Patron – www.ciaopspatron.com.

Watch out for the next CIA Brief next week

Your sensitivity labels aren’t doing anything

Most clients I work with have sensitivity labels deployed. They’ll show me the dropdown in Word — Confidential, Internal, General, Public — and say, “We set that up during the M365 rollout.”

Fair enough. But when I ask how much of the content in SharePoint and OneDrive is actually labelled, the answer is almost always a pause. And then: “Not sure, to be honest.”

Which means almost nothing.

Users don’t apply labels manually. Not because they’re careless — but because asking someone to classify a document before they can save it is friction, and people route around friction every single time. If your labelling strategy depends on the human hitting that dropdown, it’s not a strategy. It’s wishful thinking.

That’s not a training problem. That’s a deployment gap.

What is auto-labelling, really?

There are two very different things living under this name, and mixing them up is exactly where most tenants stall.

The first is client-side auto-labelling. This is built into the sensitivity label itself — when a user opens a document or composes an email, the Office app scans the content and either suggests a label or quietly applies one. It’s useful. But it only fires when someone has a file open.

The second — and the one I want you to focus on — is service-side auto-labelling. This is a separate auto-labelling policy you create in Microsoft Purview. It runs in the background, continuously scanning SharePoint, OneDrive, and Exchange. No user involvement. Files sitting in SharePoint from two years ago? Scanned. Emails passing through Exchange right now? Scanned.

The labels go on whether the user ever touched the file or not.

Labels that apply themselves. That’s the actual goal.

Step-by-Step: Creating a service-side auto-labelling policy

One prerequisite: sensitivity labels must exist and be published before you create auto-labelling policies. If they’re not set up yet, start there.

Then, in the Microsoft Purview portal:

Open Information Protection > Policies > Auto-labelling policies

Sign in to purview.microsoft.com. Navigate to Solutions → Information Protection → Policies → Auto-labelling policies, then select + Create auto-labelling policy.

Choose a template or go Custom

Microsoft provides templates for common data types — financial data, personal data by region (there’s an Australian one), health records. Start with a template to see the shape of a policy, or go Custom if you want full control over which sensitive information types trigger the label.

Name the policy and pick the label

Give it a name that tells a story: “Confidential – Tax File Numbers – SharePoint” is more useful than “Auto-label policy 1.” Then select which sensitivity label gets applied on a match.

Select your locations

Pick SharePoint, OneDrive, Exchange, or all three. Scope to specific sites or users, or leave it at All. Start narrow — one site or department — until you’ve seen the simulation results.

Write the rule

This is the substance of the policy. Here’s a simple example:

If content contains:
  Sensitive info type: Tax file number (Australia)
  Confidence level: High
  Instance count: 1 or more
→ Apply label: Confidential

Notice what’s missing? A user making a decision.

Run simulation first — always

Before the policy applies a single label, run it in simulation mode. Purview crawls the selected locations and shows you a matched-files list without changing anything. Review it. Look for false positives. Check the count. When you’re satisfied, activate the policy.

Why this actually changes behaviour

Once service-side auto-labelling is running, you stop being dependent on user habits to build label coverage.

Here’s the real win: every downstream control that references sensitivity labels now has something to reference. DLP policies that trigger on Confidential content have labelled files to fire on. Conditional Access policies that restrict access by label context have something to evaluate. And Copilot respects sensitivity labels when deciding what to surface in responses — which means your Copilot governance story only works if the labels are actually on the files.

Before: “We set up sensitivity labels in the rollout.”

After: “We have auto-labelling policies running across SharePoint and Exchange, and the Purview dashboard shows 87% of our content is classified.”

One of those answers a cyber insurance question. The other is a checkbox nobody can verify.

The Purview data classification dashboard shows label coverage across your whole tenant. After a few days with auto-labelling running, watch that coverage number move. That’s the metric that matters when an auditor or an insurer asks how sensitive data is classified and protected.

My recommendation? Start with one workload, one sensitive info type, one site. Run simulation. Check the results. Turn it on. Then expand.

The platform knows how to classify. You just have to let it.

Sensitivity labels without auto-labelling are just a menu no one orders from. Turn on the scanner, let Purview do the work your users never will, and then show your clients the dashboard.

Opportunity Is the Enemy

The most dangerous moment for an MSP isn’t a slow quarter. It’s a good one.

When the calendar is full, leads are landing, and a former client pings you about “a quick idea” — that’s when the trouble starts. Suddenly you’re half-thinking about a new managed service line, a side venture with a vendor friend, a property deal someone mentioned at lunch. None of it is bad. That’s the whole problem.

I’ve watched too many capable owners chip themselves into pieces this way. The wins keep arriving, just not in the lane they originally chose. The actual business — the one paying the bills and the team — quietly slows down while they chase the next shiny thing. A year later they wonder how the work they actually built ended up running on autopilot, or not running at all.

Every shiny thing has a real cost

When someone pitches you an opportunity, the cost looks small. A meeting. A few emails. A weekend reading through a deck. Easy.

But every hour spent on something that isn’t your main game is an hour you didn’t spend on the clients, the people, and the systems that pay your mortgage. That trade is rarely visible in the moment. It shows up six months later when renewals slip, your senior tech is restless, and you can’t remember the last proper sit-down with your number one client.

The discipline isn’t in saying yes to the right work. It’s in saying no to the wrong opportunities — especially the flattering ones.

Build a filter, not a willpower contest

Relying on raw willpower to turn things down is a losing strategy. By Friday afternoon you’re tired, someone’s been charming, and the calendar fills back up.

What works better is a written filter. One short paragraph. What you do, who you serve, the size of client you take on, and the kind of work you flat-out refuse. I keep mine in a Loop component pinned at the top of my main planning page in Teams. When a new pitch arrives, I open it, re-read the filter, and the answer is usually obvious before I’ve finished the second sentence.

The tiny ritual takes the emotion out of the decision. The filter said no. Not me.

Let Copilot guard the door

The other shift for me has been using Copilot in Outlook as a first-pass screener. When a long, friendly email arrives proposing something tangential, I ask Copilot to summarise what’s actually being requested, how much time it would cost, and how it fits against my current priorities, which I keep in a short document in OneDrive.

Most of the time, the reply writes itself. Copilot drafts a polite decline and suggests someone better placed to help. I read it, tweak a sentence, send. A minute, instead of an afternoon of overthinking.

I do the same with meeting requests. Before I accept anything outside current client work, I ask Copilot to pull recent threads on the topic and tell me whether I’ve already had this conversation. Half the time, I have. That’s the meeting that quietly doesn’t get booked.

The quieter calendar

The strange part is that turning things down doesn’t make the business shrink. It makes it sharper. The clients I keep get more of me. The team gets more of me. And the work I actually built finally has room to grow into something worth defending.

Opportunity will keep knocking. That’s its job. Mine is to stop answering every time.

June Microsoft 365 Webinar resources

The slides from this month’s webinar are available at:

https://github.com/directorcia/general/blob/master/Presentations/Need%20to%20Know%20Webinars/202606.pdf

and the video recording is also up on Youtube here:

Video URL –

https://www.youtube.com/watch?v=6tx6kidcU-I

Watch out for next month’s webinar.

Before You Buy the Copilot Licence, Do This First

Everyone wants to know what Copilot can do. Almost nobody asks what Copilot will find.

That’s the question that actually matters. Copilot doesn’t create new access — it works entirely within your existing Microsoft 365 permissions. It can only surface what a user is already allowed to see.

Sounds safe. It’s not. Not if your SharePoint environment looks like most tenants I’ve walked through.

Sites shared with “Anyone with the link” since 2021. Files in folders with permissions no one’s reviewed in years. Ownerless sites stuffed with content nobody knows exists. When your finance manager asks Copilot to “summarise what we know about Project X,” it’ll pull from everything she can already access — including documents she’d have had to know to search for directly.

That’s not a Copilot problem. That’s the data governance problem you already had, just made visible.

My recommendation? Run the readiness assessment before you assign a single licence.

What is the Copilot Readiness Assessment, really?

Most people think readiness means “do you have the right licence and update channel.” The Copilot Readiness Report in the Microsoft 365 admin centre does tell you that — which users are technically eligible, which devices are on the right update channel, who your best pilot candidates are.

That’s the easy half.

The hard half is whether your data is in a state that Copilot should be let near. That check lives in a completely different place, and most readiness guides skip it entirely.

Notice what’s missing? Almost every “Copilot readiness checklist” you’ll find online focuses on licence eligibility. The data side is where the actual risk sits.

Step-by-Step: Running a Proper Readiness Check

Open the M365 Copilot Readiness Report

Go to the Microsoft 365 admin centre. In the left nav, select Reports > Usage, then choose Microsoft 365 Copilot and open the Copilot report. Click the Readiness tab.

You’ll see prerequisite licence counts, update channel eligibility, and a user table flagging suggested Copilot candidates. Export the list. It gives you a concrete starting point for a pilot conversation with your client.

Check for Oversharing in SharePoint

Open the SharePoint admin centre. Go to Reports > Data Access Governance. This is where you find the oversharing risk — sites with “Anyone” sharing links active, files broadly accessible across the tenant, high-member-count sites with no clear owner.

Work through the data access governance reports. Anything flagged here is content Copilot can reach on behalf of any user who has permission.

By default, SharePoint sharing is set to the most permissive option. Most tenants have never changed it.

Run the Content Management Assessment

Still in the SharePoint admin centre, go to Advanced Management > Content Management Assessment and select Start assessment. This surfaces inactive sites, ownerless sites, and sites that haven’t been attested by anyone recently.

SharePoint admin centre
  > Advanced Management
    > Content Management Assessment
      > Start assessment

Rerun it every 30 days. This isn’t a one-time exercise. It’s a recurring conversation starter with every client who has Copilot.

Review Your Sensitivity Labels

Open the Microsoft Purview compliance portal > Information protection > Labels. Check whether labels are deployed and whether content users will ask Copilot about is actually labelled.

Sensitivity labels travel with content. Copilot honours them at response time — it won’t surface content a user doesn’t have decrypt rights for. No labels means no enforceable control over what ends up in a Copilot response.

They’re not a Copilot feature. They’re the floor you build on.

Why This Actually Changes Behaviour

Here’s the real win.

Running this before you sell the licence gives you a different kind of client conversation. Not “here’s what Copilot can do” — but “here’s what your data looks like right now, and here’s what we need to fix before Copilot is safe to use.” That’s a trusted adviser conversation, not a licence upsell.

Microsoft’s Secure & Governed Data Foundation blueprint organises this into three pillars: remediate oversharing, set up guardrails, meet regulations. It’s worth reading before your next client review. Print it. Take it in.

If you’re not showing clients this work before you enable Copilot, you’re not protecting them — you’re just adding a powerful AI to a mess.

Copilot doesn’t create oversharing. It reveals it. Fix the foundation first, then turn on the power.

Treat Your Calendar Like a Scoreboard

Last Friday I sat down with my Outlook calendar open for the week ahead and felt that familiar drop in the stomach. Eighteen meetings. Two thirty-minute “quick syncs” stacked back to back. A coaching session I’d promised myself I’d run for a client. A “catch-up” with someone whose name I had to look up twice. And the actual deep work — the strategy piece I’d been telling everyone was my top priority for the quarter — nowhere to be seen.

That’s the moment it clicked properly. My calendar wasn’t a plan. It was a confession.

What the diary is really telling you

A diary is a record of where your attention actually goes, not where you wish it went. If the most important work of your year isn’t on it — blocked out, named, defended — then you haven’t really committed to it yet. You’ve just talked about it.

A lot of us treat our calendar like an inbox. Things land in it. People send invites, we accept, and the week fills up by default rather than by design. Then we wonder why the work that actually moves the business forward keeps slipping into Saturday morning.

There’s a simple test I run now. Open Outlook on a Sunday night. Look at the week ahead. Can you point to the block that represents the one thing you said matters most this quarter? If not, the rest of the week is just noise around an empty centre. And the empty centre is the bit you said mattered.

Run a weekly audit, not a weekly hope

Hope isn’t a strategy, and a calendar that fills itself isn’t one either. So I now sit down every Friday afternoon for fifteen minutes and review what I actually did against what I said I would do. Copilot in Outlook makes this surprisingly easy — I ask it to summarise where my time went, who I spent it with, and which blocks moved against my stated priorities. The answer is often uncomfortable.

Then I look at the week ahead and run every single block past one question. Is this taking me closer to the work I said matters, or further from it? If the honest answer is “further”, the meeting goes. I decline it, suggest an async update in Teams, or send a Loop component with the three things I would have said in the room. Nobody has yet complained that they got a clearer written summary instead of a half-attended meeting.

The ones that pass the test get something more important than a tick. They get protected. Title in bold, marked as busy, no overlay. I treat them with the same seriousness I’d give a paying client, because future me is the client.

The feedback loop most leaders skip

Here’s the bit that surprised me. Once I started running this rhythm, my calendar stopped being a source of guilt and started being a source of useful signal. It tells me, week by week, whether I’m actually serious about what I said matters. Or whether I’ve quietly traded it for the comfort of being responsive.

That’s the real value of reading the week before you live it. Mid-game, a scoreline tells you what to do next — push harder, change tactics, stop bleeding time on the wrong play. The diary does the same job, if you’ll let it. It doesn’t argue with you. It just shows you the score.

Copilot can draft the polite decline. Teams can absorb the conversation that didn’t need a meeting. Outlook can hold the block you’ve been avoiding. But none of that matters until you decide, every single week, what’s on the board and what’s just filler.