Need to Know podcast–Episode 365

In this episode, we dig into Cowork Skills and why they represent a genuine shift from “AI as a novelty” to “AI as part of how work actually gets done.” Not more prompts. Not more tools. But fewer decisions, less friction, and more consistency across the business.
If you’ve ever thought “Copilot is interesting, but it’s not really embedded yet”, this episode is for you.

Brought to you by www.ciaopspatron.com

you can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-365-skills-not-apps/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

or Spotify:

https://open.spotify.com/show/7ejj00cOuw8977GnnE2lPb

Don’t forget to give the show a rating as well as send me any feedback or suggestions you may have for the show

Resources

CIAOPS Need to Know podcast – CIAOPS – Need to Know podcasts | CIAOPS

X – https://www.twitter.com/directorcia

director@ciaops.com

CIAOPS Blog – CIAOPS – Information about SharePoint, Microsoft 365, Azure, Mobility and Productivity from the Computer Information Agency

Join my Teams shared channel – Join my Teams Shared Channel – CIAOPS

CIAOPS Merch store – CIAOPS

Become a CIAOPS Patron – CIAOPS Patron

CIAOPS Brief – CIA Brief – CIAOPS

CIAOPS Labs – CIAOPS Labs – The Special Activities Division of the CIAOPS

Support CIAOPS – Support CIAOPS

Get your M365 questions answered via email

Please fill out this form

A special thanks to the CIAOPS Patron community for making this podcast possible. You can find the benefits of a subscription to the community and become a member at https://www.ciaopspatron.com
CIAOPS MSP Skills

Microsoft Build

Choose how OneNote opens Microsoft 365 file links

How Storm-2949 turned a compromised identity into a cloud-wide breach

Disrupting Fox Tempest: A cybercrime service that turned “verified” software into a pathway for ransomware

Exposing Fox Tempest: A malware-signing service operation

A faster, more efficient Editor experience with Narrator in Word

Launched: Microsoft 365 Copilot Adoption Hub Redesign

Copilot prompt libraries for your tenant

Most Copilot rollouts I see have a strange shape. The licences are bought. The admin centre is half-configured. And nobody is using it.

Six months in, a few power users are saving an hour a week. Everyone else opens Copilot, stares at a blank box, and closes the tab.

That’s not a Copilot problem. That’s a prompting problem.

And the worst part? Microsoft has already shipped the fix. Most tenants haven’t turned it on.

What is a tenant prompt library, really?

A prompt library is a list of known-good prompts pinned inside the Copilot experience itself. Your users see them when they open Copilot — in chat, in Word, in Excel, in Outlook, wherever you’ve published them.

Two layers matter for SMBs and MSPs.

The first is the Microsoft Copilot Prompt Gallery — the public set Microsoft maintains. Useful. Generic.

The second is promoted prompts — your own prompts, pushed to your own users from the Microsoft 365 admin centre. This is the layer almost nobody uses, and it’s the one that actually changes behaviour.

Think of it as the difference between handing someone a generic cookbook and putting a Post-it on their fridge that says “this is how we make pasta”.

Step-by-Step: publishing a tenant prompt library

Portal walkthrough, no PowerShell.

Open the admin centre

Sign in to the Microsoft 365 admin centre as a Global or Copilot admin. Expand Copilot in the left nav, then Settings, then Promoted prompts.

Write the prompt your users actually need

Don’t reach for a clever one. Reach for the boring one your help desk keeps explaining. “Summarise this week’s emails from my customers and group by client.” “Draft a weekly status update for my manager based on my meetings and Teams chats.” Plain English, written the way a non-technical user would actually type it.

Pin it to the right app

You can target the prompt to Microsoft 365 Copilot chat, Word, Excel, PowerPoint, Outlook, Teams, or OneNote. Pin one prompt per app where it’s actually useful. Five great prompts beats fifty mediocre ones.

Set the audience

Use a group, not “everyone”. Roll it to a pilot. Sales gets the sales prompts. Finance gets the finance prompts. The prompt is the training material.

Publish and watch adoption move

Promoted prompts surface at the top of the Copilot prompt UI for the assigned users within a few hours. Microsoft’s Copilot Prompt Gallery documents the surfaces they show up on.

Title: Weekly client summary
App:   Microsoft 365 Copilot chat
Prompt:
Summarise emails and Teams messages from
my customers this week. Group by client.
Highlight any unanswered questions.

Notice what’s missing? No mention of how Copilot does the work. No file picker. No talk of Work IQ. The user just asks once and gets the outcome. That’s the brief.

Why this actually changes behaviour

Most adoption programmes hand out PDFs nobody reads. Promoted prompts put the training inside the product, at the moment of use.

“I don’t know what to ask Copilot for.”

That sentence kills more rollouts than any licensing or governance issue. A prompt library answers it.

Three things shift the day you publish one:

New users see a starting point on day one instead of a blinking cursor.
Power users stop reinventing the same prompt twelve different ways.
You finally have a measurable, governable surface to iterate on.

That last one matters for MSPs. You can review the prompt library quarterly with your client, the same way you review a security baseline. Copilot doesn’t get tired. Use that.

For the deeper guidance on what makes a prompt land, Microsoft’s own write effective prompts page is worth lifting language from when you draft yours.

One closing thought

If you’re rolling out Copilot to a client and you haven’t published a single promoted prompt, you’re charging them for a tool and shipping them a blank page.

Promoted prompts aren’t there to teach people how to use Copilot. They’re there to remove the moment of not knowing what to ask completely.

Director or Doer? The AI Question Nobody’s Asking

Most of the AI conversations I have these days start the same way. Someone leans in and quietly asks, “Do you think AI is going to take my job?” I understand the worry — it’s everywhere, and it’s loud. But I think it’s the wrong question. The one worth asking is sharper and far more uncomfortable. Are you using AI, or is AI using you? That single reframing changes the whole game. And the window to land on the right side of it is narrowing faster than most people realise.

The Doer Trap

I see the Doer pattern everywhere. Someone types a rushed prompt, reads whatever comes back, tidies up a comma or two, and ships it. The email goes out. The deck gets shared. The summary lands in a meeting. The person feels productive because something got done — but they didn’t really direct any of it. The tool picked the angle, the structure, the tone, even the conclusion. They just drove the delivery truck.

The thing that makes this dangerous is that it feels like progress. Output is going up. Calendars are clearing. But the thinking is going down. The muscles that matter — judgement, taste, point of view — quietly shrink while everyone is busy celebrating how much faster the work moves. If AI is setting the pace, choosing the framing, and deciding what “good” looks like, you are no longer in charge of your own work. You are assisting it.

The Director Shift

The people I watch pulling away from the pack work very differently. They treat AI the way a good manager treats a capable team. They brief it properly. They tell it the audience, the constraint, the outcome they want, and what to leave out. They read the output the way an editor reads a draft — with scepticism, not relief. They push back. They ask it to try a sharper angle, to argue the opposite, to shorten by half. They know what great looks like before they ask for it, and they recognise when the answer is merely adequate.

Being the Director is harder. It takes domain knowledge, taste, and the patience to iterate. But the work that comes out the other side is genuinely yours. The ideas are yours, the standards are yours, the reasoning is yours. AI is doing the heavy lifting on the mechanics while you do the heavy lifting on the thinking. That’s the right shape of the partnership.

The Window Is Closing

Here’s what I think people underestimate. The gap between Directors and Doers is compounding. Every week spent actively learning how to brief, evaluate, and steer these tools is a week of skill you’re banking. Every week spent passively accepting output is a week of skill you’re quietly losing. Six months from now, a year from now, that gap will be visible from across the room — in the quality of decisions, the confidence of arguments, the crispness of output.

The people who dig in now, who actually invest the hours to learn this properly, aren’t just getting better at AI. They’re becoming more valuable than they were before AI existed. Their judgement is sharper. Their output is broader. Their leverage is higher. The people waiting for it to settle down are going to wake up behind, and it will take a lot more than a weekend of prompting tutorials to catch up.

So I’d stop asking whether AI is coming for your job. Ask instead who’s running whose day. Because that answer — today, this week, this month — is the one that decides where you end up.

Driver & firmware update management via Intune

Walk into most MSP-managed Windows fleets and the update story stops at quality and feature rings.

Drivers? “Windows Update grabs those.” Firmware? “The OEM utility does that.”

That’s not a strategy. That’s three different cooks in the same kitchen, and you’re praying none of them serves up a bad BIOS on a Friday afternoon.

Here’s the real win. Intune has had a dedicated approval surface for driver and firmware updates for a while now. And almost nobody’s switched it on.

What is a driver update policy, really?

It’s a separate Intune profile that sits alongside your existing update rings. It shows you every driver and firmware update Windows Update has queued for your managed devices, and lets you decide — one at a time — whether to ship it.

Approve, pause, defer, hold back the one dodgy NIC driver while the rest go through. All in the portal.

Critically, it’s the same pipeline Windows Autopatch uses for drivers. Five-laptop accounting firm on Business Premium or 500-seat shop on M365 E3 — same surface. You need Intune Plan 1 and a Windows licence that includes the Autopatch entitlement (Business Premium and M365 E3/E5 both have it), devices must be Entra joined or Entra hybrid joined, and telemetry must be set to Required or higher. That’s the lot.

Step-by-Step: switching it on

Check your existing rings aren’t blocking drivers

This is the bit that catches people. If your existing Update Ring or Settings Catalog policy blocks drivers, the whole feature does nothing. In your update ring, set Windows driver to Allow. In the Settings Catalog, set Exclude WU Drivers in Quality Update to Allow Windows Update drivers.

Both default to Allow, but I’ve found plenty of older tenants where someone clicked Block years ago and forgot.

Open the right blade

Sign in to the Microsoft Intune admin centre → Devices → By platform → Windows → Manage updates → Windows 10 and later updates → Driver updates tab → Create profile.

Pick an approval mode

You get two:

Automatically approve all recommended driver updates — anything the OEM tags “recommended” gets approved on its own, with a deferral you set between 0 and 30 days.
Manually approve and deploy driver updates — every driver lands as Needs review and waits for you.

Approval method:   Automatically approve all recommended driver updates
Make updates       7
available after:

Notice what’s missing? There’s no per-vendor split and no per-device override. One policy, one device — stack two driver policies on the same machine and you’ll fight yourself.

Assign and stage

Pilot group of around 10% — your own laptops, IT, one tolerant power user. Watch it for a fortnight. Then 25%. Then the rest. The per-driver pause button is your friend the first time something breaks.

Why this actually changes behaviour

Most clients have never had a driver controlled by anyone other than Windows Update itself. The first time a Lenovo BIOS update bricks a laptop at 4pm on a Friday, that’s the conversation you do not want to be having with the owner.

With a policy on, you see the update before it hits anyone. You pause it. The rest of the fleet still ships. The client doesn’t even know it happened — and that’s the point.

“But surely Windows Update already knows what’s safe?”

Windows Update knows what applies. It doesn’t know your fleet. You do.

One last wrinkle. The policy doesn’t honour the OEM’s Computer Hardware ID targeting — so managed devices can pick up a newer “recommended” driver even when the OEM reserved a CHID-matched build for that exact model. My recommendation? Use manual approval on hardware you don’t have a spare of in a drawer to test against.

Driver update policies aren’t there to give you more buttons to click. They’re there to take the OEM utility, the random Windows Update behaviour, and the 4pm Friday surprise off the table completely.

If you’re not running one on every managed tenant, you’re outsourcing your hardware change control to luck.

CIA Brief 20260523

Security & Threat Intelligence

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft (2026-05-20) — Microsoft Security details a supply-chain attack on @antv npm packages that steals CI/CD credentials. https://www.microsoft.com/en-us/security/blog/2026/05/20/mini-shai-hulud-compromised-antv-npm-packages-enable-ci-cd-credential-theft/(opens in new window)
How Storm-2949 turned a compromised identity into a cloud-wide breach (2026-05-19) — Case study on how a single compromised identity escalated into a tenant-wide cloud breach. https://www.microsoft.com/en-us/security/blog/2026/05/18/storm-2949-turned-compromised-identity-into-cloud-wide-breach/(opens in new window)
Disrupting Fox Tempest: A cybercrime service (2026-05-19) — Microsoft on the Issues post on the legal/operational action taken against Fox Tempest, which abused “verified” software signing to deliver ransomware. https://blogs.microsoft.com/on-the-issues/2026/05/19/disrupting-fox-tempest-a-cybercrime-service/(opens in new window)
Exposing Fox Tempest: A malware-signing service operation (2026-05-19) — Companion Security Blog post with the technical anatomy of the Fox Tempest malware-signing-as-a-service operation. https://www.microsoft.com/en-us/security/blog/2026/05/19/exposing-fox-tempest-a-malware-signing-service-operation/(opens in new window)
Microsoft Defender for Business — the MSP reality check (2026-05-17) — CIAOPS blog post examining the practical pros and cons of Defender for Business from an MSP delivery perspective. https://blog.ciaops.com/2026/05/17/microsoft-defender-for-business-the-msp-reality-check/(opens in new window)

Microsoft 365 Apps & Productivity

Choose how OneNote opens Microsoft 365 file links (2026-05-21, also re-posted 2026-05-19) — New OneNote setting that lets users control whether linked M365 files open in the desktop app, browser, or Teams. https://techcommunity.microsoft.com/blog/Microsoft365InsiderBlog/choose-how-onenote-opens-microsoft-365-file-links/4520886(opens in new window)
A faster, more efficient editor experience with Narrator in Word (2026-05-19) — Improvements to Narrator’s performance and behaviour inside Word for screen-reader users. https://techcommunity.microsoft.com/blog/microsoft365insiderblog/a-faster-more-efficient-editor-experience-with-narrator-in-word/4507584(opens in new window)

Microsoft 365 Copilot

Launched: Microsoft 365 Copilot Adoption Hub Redesign (2026-05-19) — Announcement of the refreshed Copilot Adoption Hub, with reorganised guidance and resources for rolling out Copilot. https://techcommunity.microsoft.com/blog/microsoft365copilotblog/launched-microsoft-365-copilot-adoption-hub-redesign/4520841

After hours

Clarkson’s Farm Series 5 | Official Trailer – https://www.youtube.com/watch?v=GJxPc3B2osU

Editorial

If you found this valuable, the I’d appreciate a ‘like’ or perhaps a donation at https://ko-fi.com/ciaops. This helps me know that people enjoy what I have created and provides resources to allow me to create more content. If you have any feedback or suggestions around this, I’m all ears. You can also find me via email director@ciaops.com and on X (Twitter) at https://www.twitter.com/directorcia.

If you want to be part of a dedicated Microsoft Cloud community with information and interactions daily, then consider becoming a CIAOPS Patron – www.ciaopspatron.com.

Watch out for the next CIA Brief next week

One Offer, One Deadline — Why Your MSP Marketing Keeps Stalling

I keep seeing the same pattern on MSP websites, in newsletters, and in the sales decks owners email me for a quick review. The front page lists managed services, cyber security, backup, cloud migrations, Copilot workshops, vCIO packages, compliance assessments, and an introductory audit. Everything is on the menu. Nothing is on the clock. Then the owner wonders why prospects keep saying, “Looks great, let me think about it,” and then vanish for six months. The marketing isn’t broken because it’s ugly. It’s broken because it gives people permission to do nothing.

The buffet problem

When you put eight services in front of a prospect, you aren’t being helpful. You’re asking them to become the expert on their own problem before they can even choose who to talk to. Most business owners can’t tell you the difference between endpoint detection and managed detection, and they don’t want to. They want someone to look at their situation and say, “This one. Start here.” Every extra option you add increases the cognitive load and drops the response rate.

And yet I see owners fight this. “But we do all those things,” they tell me. Sure — but not in the same sentence, not on the same page, and not to the same prospect on day one. I’ve watched MSPs double their reply numbers by stripping a landing page down to one service, one price range, and one outcome. Same traffic. Same list. One decision instead of eight.

No deadline, no movement

The second half of the problem is the absence of a clock. If the offer is available forever, it will be taken up never. I’ve sat with MSP owners staring at a pipeline full of “warm” prospects who had a proposal three months ago and still haven’t come back. Why would they? Nothing changes if they wait. The price is the same next month. The bonus onboarding session is still there. Your calendar still has room. You’ve quietly trained them that delaying costs them nothing — while your cash flow is the one paying for their indecision.

A deadline isn’t a gimmick. It’s respect, for their time and yours. “We’re taking on three new managed services clients this quarter and we close intake on 31 May” is a sentence that forces a real conversation. Either this is the right time or it isn’t. Both answers are useful to you. “Let me think about it” is not.

Pick one door

Choose one offer. Not your whole catalogue — the single service that matches the kind of client you most want more of. For a lot of MSPs right now that’s a Copilot readiness or adoption engagement, because it opens a door the rest of your stack can walk through later. Attach a real deadline tied to something tangible: an intake window, a limited number of slots, a price that genuinely moves on a date. Say it plainly on the page, in the email, and on the call. Then stop adding extras. Every time you say, “and we can also do…,” you undo the work.

The uncomfortable part is you’ll feel like you’re leaving money on the table by not mentioning everything else. You aren’t. You’re creating a first yes, and everything else becomes a conversation you earn once the client is already working with you.

The close

Marketing isn’t a menu, it’s a door. One door, clearly marked, with a sign that says when it closes. That’s how you stop feeding prospects options and start feeding your business.

Smarter Scheduling with Microsoft Bookings

Most of the small businesses I look at are still scheduling meetings with email.

Three back-and-forth replies. A “does Tuesday at 2 work?”. A “no sorry, Wednesday?”. A reply chain that never quite books anything.

The smarter ones have a Calendly tab open in another browser. Their bookkeeper has Calendly. Their VA has Calendly. Their accountant has Acuity. Somewhere in the mix, another subscription is being paid for.

But every one of those tenants already has Bookings sitting unused inside their Microsoft 365 plan. And almost nobody knows it comes in two flavours.

That’s not a feature gap. That’s an awareness gap.

What is Bookings, really?

Bookings is two products with the same name.

The first is Bookings with me — Microsoft also calls it Personal Bookings. It’s a per-person scheduling page tied to your Outlook calendar. Someone hits your link, picks a meeting type, picks a slot inside your real availability, and the invite lands in both calendars. No mailbox to provision. No staff list. Just you and your calendar.

The second is a shared booking page. A separate scheduling mailbox for a team, a service, or a whole business. Multiple staff, multiple services, different durations. The classic “book a haircut, pick your stylist” page — except it works just as well for “30-minute discovery call with whoever on the team is free”.

Personal page for an individual. Shared page for a business.

Most SMBs need both.

Step-by-Step: standing up your personal page

Open the Bookings app

Go to book.ms, or pin the Bookings app to the rail in Outlook on the web or Teams. On the home page you’ll see Personal booking page at the top — that’s Bookings with me. Microsoft has already published one for you with default 15- and 30-minute meeting types. The detail is in the Personal Bookings FAQ on Microsoft Learn.

Set your meeting types

Edit the defaults. Set duration, location (Teams meeting by default — toggle it off for in-person), and availability hours. Mark each one Public to put it on your link, or Private to share only as a one-off.

Add a buffer

This is the setting people miss. Buffer time before and after each appointment is what stops your day collapsing into back-to-backs. Five or ten minutes on every meeting type. Buffer behaviour lives under Configure service availability.

Drop the link into your signature

Copy the public URL. Paste it into your Outlook signature:

https://outlook.office.com/bookwithme/user@yourdomain.com/

Notice what’s missing? No “let me know what works”. No “looking forward to hearing back”. The link does the asking.

Step-by-Step: standing up a shared page

Create the page

In Bookings, under Shared Bookings, choose Create booking page. Start from scratch unless you’ve got a template to clone. Fill in business name, logo, and hours — the setup walkthrough on Microsoft Learn lists the four required pieces.

Add staff and services

Add bookable staff. For each one, leave Events on Microsoft 365 calendar affect availability on so their Outlook calendar drives free/busy. Then create services — a service is a bookable thing (“30-min discovery”, “60-min onboarding”) with its own duration, buffer, and reminder cadence.

Decide who can be self-served

Turn off self-service for anything strangers shouldn’t book. Mark internal-only services Private.

Why this actually changes behaviour

“Hey, got a few minutes next week?” becomes “Sure — book a time.”

That one swap is the whole post.

The personal page kills the email tennis between you and your contacts. The shared page kills it between your clients and your team. The calendar becomes the source of truth, not the inbox.

Here’s the real win: it’s already in the licence. Business Basic, Business Standard, Business Premium, the E plans — Bookings is there. Calendly is not.

If your clients are still booking meetings by email, they’re paying for two things and using one of them.

Bookings isn’t there to schedule meetings. It’s there to stop scheduling them at all.

When Your LLM Goes Down: Are MSPs Designing a New Single Point of Failure?

Over the past year, I’ve watched something fascinating—and slightly uncomfortable—happen inside MSPs and their clients’ businesses. AI tools, particularly Microsoft 365 Copilot, have gone from “interesting experiment” to “critical part of how work gets done” at a pace I don’t think many people fully appreciate yet.

And that raises an uncomfortable question we haven’t really answered:

What happens when the LLM isn’t there?

Not slow. Not “a bit less helpful.”
Actually unavailable.

AI Has Quietly Moved Into the Critical Path

In some of the environments I’m seeing, Copilot isn’t just helping draft emails or summarise meetings. It’s shaping decisions.

Staff are using it to draft client responses, interpret data, build proposals, prepare board slides, and make sense of complex information faster than they ever did before. Managers are using it to think through options, not just document outcomes.

That’s important, because it means AI has crossed a line. It’s no longer a convenience layer. It’s becoming part of the business process itself.

From an MSP perspective, that should set off the same internal alarm bells as any other critical dependency. Because if your client’s process assumes Copilot is available, then Copilot downtime is no longer “an inconvenience”. It’s downtime.

The New Form of Business Continuity Risk

We’re very good, as an industry, at talking about disaster recovery in traditional terms. Backups. Redundancy. Failover. RPOs and RTOs.

But AI introduces a different kind of risk—cognitive dependency.

Here’s a simple scenario I’ve already seen play out in smaller ways:

A staff member is used to Copilot summarising long email threads before client calls. One day it’s unavailable. They’re still expected to run the meeting, but they haven’t read the full thread because the process evolved around “the AI will summarise it”.

No data was lost. No system was breached. But productivity drops, confidence drops, and errors creep in.

Now scale that to proposal preparation, reporting, or internal decision-making processes that assume AI assistance.

We haven’t lost data—but we’ve lost thinking capacity under time pressure.

“The AI Will Be Back Soon” Is Not a Strategy

One of the more dangerous assumptions I hear is:
“Microsoft will fix it quickly.”

Maybe. Probably. But that’s not business continuity planning. That’s hope.

As MSPs, we need to start asking different questions during AI discussions:

What manual process exists if AI is unavailable for a day?
Do staff know how to complete the task without AI, or have we trained that muscle out of them?
Which workflows are AI‑assisted—and which are AI‑dependent?

This isn’t about rejecting AI. I’m fully in favour of using Copilot when it genuinely improves outcomes. But professional-grade technology adoption has always meant understanding failure modes, not just success stories.

Designing AI‑Resilient Workflows

The smarter MSPs I’m working with are starting to treat AI like any other tier‑one system:

Document the “AI unavailable” version of key workflows
Set expectations with clients that AI enhances productivity but is not guaranteed
Train staff to validate, understand, and reconstruct work without AI assistance
Decide consciously where AI is optional versus where it must never be the only path

Ironically, the organisations doing this best often get more value from Copilot, not less. Why? Because they understand it as an accelerator—not a replacement for thinking.

The Question MSPs Should Be Asking Right Now

AI isn’t going away. Dependency will increase, not decrease. That makes this a leadership issue, not a technical one.

So here’s the question I think every MSP owner should be asking themselves:

If Copilot vanished tomorrow, which of my clients’ processes would break—and would they even realise why?

If the answer makes you uncomfortable, that’s a good thing.

That discomfort is the early warning system telling you it’s time to evolve disaster recovery thinking for the age of AI.