CIA Brief 20260418

image

Security & Threat Intelligence
Microsoft Defender & Security Copilot
Identity (Microsoft Entra)
Data Security & Governance (Microsoft Purview)
Microsoft Sentinel
Microsoft 365 Copilot
Microsoft Teams & Meetings
Developer Tools (GitHub)

After hours

Smarter Inspections Powered by Google Gemini Robotics | Boston Dynamics  – https://www.youtube.com/watch?v=kBwxmlI2yHQ

Editorial

If you found this valuable, the I’d appreciate a ‘like’ or perhaps a donation at https://ko-fi.com/ciaops. This helps me know that people enjoy what I have created and provides resources to allow me to create more content. If you have any feedback or suggestions around this, I’m all ears. You can also find me via email director@ciaops.com and on X (Twitter) at https://www.twitter.com/directorcia.

If you want to be part of a dedicated Microsoft Cloud community with information and interactions daily, then consider becoming a CIAOPS Patron – www.ciaopspatron.com.

Watch out for the next CIA Brief next week

Watching Copilot Videos Isn’t the Same as Using Copilot

image

There’s a mistake I see constantly when it comes to Microsoft 365 Copilot adoption.

People think they’re “learning” Copilot because they’re consuming content about it.

Videos. Webinars. Tutorials. Prompt lists. Social posts. Endless demos showing what might be possible one day.

It feels productive. It looks productive. But it’s mostly theatre.

You can easily spend hours watching Copilot content and still be no better at using it in your actual work. I see it all the time with MSPs and business users who say, “I’ve watched heaps of Copilot videos, but I don’t really use it yet.”

That’s not a Copilot problem. That’s a learning problem.

Copilot isn’t something you understand by observing. It’s something you understand by friction — by using it badly, getting average results, refining your approach, and slowly integrating it into what you already do every day.

Until Copilot is touching real work, it’s just entertainment.

The Gap Between Knowing and Doing

Here’s the uncomfortable truth:
Most people don’t fail at Copilot because it’s too complex. They fail because they never move it into their workflow.

They treat Copilot like a separate activity. Something to “play with” when they have time. Something they’ll roll out properly later. Something they’ll get serious about once they’ve watched enough tutorials.

That moment never comes.

Meanwhile, the people getting real value from Copilot aren’t the ones with the biggest prompt libraries. They’re the ones who picked one boring, repeatable task and handed it to Copilot without overthinking it.

Not tomorrow. Not next quarter. Today.

The Only Fix That Actually Works

If you want Copilot to stick, stop thinking about everything it could do and focus on one thing you already do.

Every single day.

Something mundane. Something slightly annoying. Something that consumes mental energy but doesn’t really need to.

For most people, that’s one of these:

  • Summarising meeting notes

  • Drafting emails or client updates

  • Turning rough ideas into a first draft

  • Rewriting content to sound clearer or more professional

  • Pulling key points out of documents or threads

  • Preparing agendas, reports, or handover notes

Pick one. Just one.

Then deliberately route that task through Copilot every time you do it.

Not as an experiment. Not as a test. As the default.

Where Copilot Actually Shines for SMBs

This is where Microsoft 365 Copilot quietly outperforms standalone AI tools, especially for SMBs.

Copilot already lives where the work lives.

Your emails are in Outlook.
Your documents are in Word and SharePoint.
Your notes are in OneNote.
Your conversations are in Teams.

Copilot doesn’t need you to copy and paste everything into a separate interface. It works in context, with the data you already have permission to access.

That’s not a “nice to have”. That’s the difference between novelty and adoption.

When Copilot becomes part of an existing workflow — instead of another tool to manage — usage stops being optional. It becomes habitual.

Habits Beat Tutorials Every Time

Here’s what real Copilot learning looks like:

  • You use it.

  • The output isn’t great.

  • You adjust how you ask.

  • You try again tomorrow.

  • It gets slightly better.

  • You trust it with more work.

  • You stop thinking about “using AI” and just get work done faster.

That cycle never starts by watching another video.

It starts when Copilot saves you five minutes on something you do every day. Then ten. Then thirty.

And once that happens, you don’t need motivation to keep using it. You feel the absence when you don’t.

Start Smaller Than You Think

If you’re advising clients — or trying to get your own team using Copilot — stop leading with features and demos.

Lead with behaviour change.

One task. One workflow. One daily habit.

That’s how Copilot stops being interesting and starts being indispensable.

And that’s the difference between “we’ve enabled Copilot” and “we actually get value from Copilot.”

The Entrepreneurs Who Win Work Harder on Themselves Than on Their Business

image

Most MSPs are obsessed with fixing their business.

More tools.
More services.
More marketing.
More frameworks.
More hustle.

But the entrepreneurs who actually win long term? They spend more time working on themselves than they do on their business.

That’s not a motivational poster. That’s an uncomfortable truth.

Because the work that really moves the needle is internal. It’s boring. It’s unsexy. And it’s exactly why most people avoid it.

The Work Nobody Posts About

You’ll see plenty of LinkedIn posts about revenue growth, new hires, vendor partnerships, and shiny dashboards.

What you won’t see people talking about is:

  • Learning how to think clearly under pressure

  • Fixing their inability to say “no” to bad clients

  • Confronting the fact they’re the bottleneck in every decision

  • Developing discipline instead of relying on motivation

  • Improving communication so expectations are actually understood

  • Letting go of ego, control, and the need to be right

That’s the real work. And it doesn’t screenshot well.

There’s no applause for finally building proper boundaries with clients. No likes for admitting you don’t know enough about finance, leadership, or sales psychology. No dopamine hit for doing the slow grind of personal improvement.

But that’s where the edge is.

Your Business Is a Mirror

Here’s the hard truth most MSP owners don’t want to hear:

Your business is a reflection of you.

  • If your business is chaotic, you probably are too.

  • If your clients don’t respect boundaries, you probably don’t enforce them.

  • If your team is confused, you’re not communicating clearly enough.

  • If growth has stalled, you’ve likely stalled as well.

You can’t outgrow your own thinking.

You can add tools, processes, and people, but eventually the ceiling you hit isn’t technical — it’s personal.

The size of your business is constrained by:

  • Your decision‑making ability

  • Your tolerance for discomfort

  • Your capacity to learn

  • Your emotional control

  • Your clarity of thought

Until those expand, everything else plateaus.

Why MSPs Get Stuck

The MSP industry makes this worse.

We’re trained to believe the answer is always external:

  • Another product

  • Another certification

  • Another vendor

  • Another compliance framework

  • Another pricing model

And don’t get me wrong — those matter.

But they’re leverage, not foundations.

If you don’t know how to think strategically, no framework will save you. If you avoid hard conversations, no PSA will fix your margins. If you chase every opportunity, no positioning will stick. If you’re reactive, no automation will feel like enough.

Tools amplify behaviour. They don’t replace it.

The Boring Stuff Is the Advantage

The entrepreneurs who pull ahead do the things others skip:

  • They read, reflect, and think deeply — not just consume content

  • They invest in coaching, not just courses

  • They review decisions, not just outcomes

  • They build routines instead of relying on bursts of effort

  • They learn how to manage energy, not just time

None of this is flashy. All of it compounds.

Over time, they make better decisions with less effort. They choose better clients. They design better offers. They say no faster. They build businesses that support their life instead of consuming it.

That’s not luck. That’s internal work paying dividends.

Growth Isn’t a Business Problem

When MSP owners say “I want to grow”, what they usually mean is: “I want things to be easier.” “I want less stress.” “I want more control.” “I want better clients.” “I want more freedom.”

None of those are solved purely by scaling the business.

They’re solved by becoming someone capable of operating at a higher level.

Your business will never outgrow your personal growth. It can only reflect it.

So if things feel stuck, don’t just ask: “What does my business need next?”

Ask: “What do I need to become next?”

That’s where the real leverage is. And that’s why the entrepreneurs who win don’t just build better businesses — they build better selves first.

Why Most People Fail at AI (and How Copilot Fixes That)

image

I see the same pattern play out with AI adoption over and over again.

People collect tools.

ChatGPT for writing.
Another AI for images.
Something else for meetings.
Yet another for data analysis.

Before long, they’re juggling half a dozen interfaces, prompts, logins, and workflows. The result isn’t leverage. It’s fragmentation. Lots of motion, very little progress.

Learning AI this way is like trying to learn three musical instruments at the same time. You might make some noise, but you won’t make music. Depth never comes from constant switching.

That’s why most AI initiatives stall.

The problem isn’t capability.
It’s focus.

Depth Beats Breadth Every Time

Real skill—whether it’s music, sport, or technology—comes from going deep before going wide. You don’t become competent by tasting everything. You get there by committing to one thing long enough to understand how it really works.

AI is no different.

If you want genuine productivity gains, you need to stop asking “Which AI tool should I try next?” and start asking “Which AI fits how I already work?”

For most SMBs and MSPs, the answer is obvious: Microsoft 365 Copilot.

Not because it’s flashy. Not because it’s perfect. But because it lives inside the tools you already use every day.

Copilot Wins Because It’s Embedded, Not Exotic

Copilot isn’t another destination you have to remember to visit. It’s not a separate browser tab or a disconnected chatbot. It sits inside Outlook, Word, Excel, Teams, SharePoint, and OneNote—the places where work actually happens.

That matters more than people realise.

When AI is embedded into your existing workflows, learning accelerates naturally. You don’t have to rethink how you work. You just augment it.

Drafting emails becomes faster.
Meeting notes stop being an afterthought.
Documents evolve instead of restarting from scratch.
Data gets explained, not just displayed.

This is where Copilot shines for SMBs: incremental improvement at scale, without cultural whiplash.

The 30‑Day Commitment Most People Avoid

Here’s the uncomfortable truth: most people never master Copilot because they never commit to it.

They test it once or twice, get a mediocre result, and move on. That’s not evaluation. That’s impatience.

If you want Copilot to deliver value, treat it like a skill, not a shortcut.

Commit to using Copilot as your primary AI for 30 days.

Not casually. Deliberately.

Use it every day.
Ask better questions.
Refine your prompts.
Push it into edge cases.
See where it breaks—and why.

That’s how understanding forms.

Copilot has quirks. It has limits. It has strengths that only become obvious once you stop dabbling and start relying on it.

Master One, Then Sequence

Once you truly understand Copilot—how it reasons, where it adds value, where it needs structure—you’re in a much stronger position to evaluate other AI tools.

At that point, adding another tool is a strategic decision, not a distraction.

This is the sequencing most organisations get wrong. They expand too early, before they’ve extracted value from what they already have.

Masters don’t rush to accumulate.
They build depth first.
Then they extend deliberately.

The Real AI Advantage for SMBs

The competitive advantage with AI isn’t having access to the most tools. Everyone has access now.

The advantage comes from consistent execution.

SMBs that win with AI won’t be the ones chasing every new model. They’ll be the ones that picked a single, integrated platform, learned it properly, and embedded it into daily work.

For most, that platform is already licensed, already deployed, and already waiting.

Microsoft 365 Copilot isn’t the loudest option.
It’s the most practical one.

And in business, practicality beats novelty every time.

Copilot Adoption: Where Your Customers Really Sit on the Curve

Screenshot 2026-03-18 082550

The image above should look familiar. It’s the classic technology adoption curve: Innovators, Pioneers (early adopters), the Majority, Late Majority, and Laggards. It’s been used for decades to explain why new technology doesn’t spread evenly. What’s interesting is how clearly Microsoft Copilot now fits into this model — and what that means for MSPs and business leaders trying to drive real adoption, not just licence sales.

Right now, most organisations experimenting with Copilot sit firmly on the left side of the curve. Innovators (roughly 2.5%) are the people who will try anything new just to see how it works. They don’t need much convincing. Give them access and they’ll start prompting, breaking things, and discovering value on their own.

Next come the Pioneers, about 13.5%. These are forward‑thinking leaders, power users, and teams who see Copilot as a competitive advantage. They’re curious, optimistic, and willing to tolerate some friction. Most early Copilot success stories live here — not because Copilot is “done”, but because these users are motivated enough to push through the learning curve.

The real challenge — and opportunity — sits in the middle.

The Majority (34%) won’t adopt Copilot because it’s exciting. They’ll adopt it because it clearly makes their work easier, faster, or better than what they’re doing today. This group doesn’t want AI theory, prompt engineering jargon, or hype. They want specific outcomes: “Will this save me time writing emails?”, “Will this help me understand documents faster?”, “Will this reduce rework?”

This is where most Copilot rollouts stall.

Too many deployments assume that once licences are assigned, value will magically appear. It won’t. The Majority needs structure: role‑based scenarios, simple starting prompts, guardrails, and reassurance that using Copilot won’t break anything or get them into trouble. Adoption here is less about technology and more about change management.

The Late Majority (another 34%) are even more cautious. They adopt only when Copilot becomes the normal way of working — when peers are already using it and the risk of not using it feels higher than the risk of trying. For this group, success stories, internal champions, and visible leadership usage matter far more than features.

Finally, the Laggards (16%) will resist until the very end. Some will never fully adopt, and that’s fine. Copilot doesn’t need 100% usage to deliver value. Forcing it here usually creates more friction than benefit.

The key takeaway from the image is this: Copilot adoption is not a technical rollout, it’s a staged journey. Each segment of the curve needs a different approach. Innovators need freedom. Pioneers need enablement. The Majority needs clarity and proof. The Late Majority needs confidence and social validation.

For MSPs, this changes the conversation. Success isn’t measured by how fast you sell Copilot licences, but by how effectively you help customers move from left to right on the curve. Those who focus on outcomes, education, and real‑world workflows will win. Those who treat Copilot like just another SKU will get stuck in the trough — wondering why “no one is using it”.

Copilot isn’t early anymore. But meaningful adoption still is.

Existing systems can now enable Windows Smart App Control (and you should)

Screenshot 2026-04-16 210136

What Windows Smart App Control actually is

Smart App Control (SAC) is a pre‑execution application control layer built into Windows 11 that blocks untrusted software before it runs. It lives in Windows Security → App & browser control, and operates independently from Microsoft Defender Antivirus and SmartScreen. [support.mi…rosoft.com], [computerworld.com]

This is important:

Smart App Control is not antivirus.
It is policy‑enforced app allow/deny at launch time, based on trust and reputation.

Think of it as Microsoft sneaking a consumer‑friendly WDAC‑lite into Windows 11.

The security model: how SAC makes decisions

When any executable (EXE, DLL, MSI, script, etc.) attempts to run, Smart App Control applies a deterministic trust pipeline:

1. Cloud reputation check first

Windows queries Microsoft’s cloud‑based app intelligence service, which analyses signals from billions of executions worldwide. [support.mi…rosoft.com], [computerworld.com]

If the app is:

  • Known good

  • Widely deployed

  • Previously classified as safe

It runs

2. Certificate trust validation

If cloud intelligence cannot confidently classify the app, SAC checks:

  • Is the file digitally signed?

  • Is the certificate trusted and valid?

  • Has the binary been tampered with?

Signed software from reputable vendors typically passes this stage. [support.mi…rosoft.com], [howtogeek.com]

Valid signature = allowed

3. Everything else is blocked

If the app is:

  • Unsigned

  • Unknown

  • Newly compiled custom binaries

  • Internally built tooling

Smart App Control blocks execution

There is no “Run anyway”, no whitelist, and no user override in enforcement mode. That is entirely by design. [computerworld.com], [howtogeek.com]

The three Smart App Control states (this matters)

SAC operates in three mutually exclusive modes:

1. Evaluation mode
  • SAC runs silently

  • Nothing is blocked

  • Windows observes your real‑world app usage

  • SAC decides if your system is “compatible” with strict enforcement

This was originally only triggered on clean installs. [howtogeek.com]

2. Enforcement (On)
  • Unknown or untrusted apps are blocked at launch

  • No user bypass

  • No per‑app exceptions

  • Logs are written to Windows Security / Event Viewer

This is where SAC actually provides protection.

3. Off
  • No checks

  • No enforcement

  • Until recently, this was permanent without OS reinstall

Why Smart App Control was widely ignored (until now)

From a pure security model perspective, SAC was solid.
From a real‑world usability perspective, it was borderline hostile.

Until early 2026:

  • If you disabled SAC once, it could never be turned back on
  • Re‑enablement required a full Windows reinstall or reset
  • Upgraded systems were locked to Off
  • MSPs, developers, and power users effectively couldn’t touch it

Microsoft openly acknowledged this rigidity in its own documentation. [support.mi…rosoft.com]

So the result?

Everyone who actually understands Windows workflows turned it off permanently.

What changed in 2026 (this is the big deal)

April 2026 Windows 11 security updates fundamentally changed SAC’s lifecycle

Microsoft removed the “one‑way switch” limitation.

As of the April 2026 Windows 11 updates (24H2 / 25H2):

Smart App Control can now be turned ON after install
Smart App Control can be re‑enabled after being turned off
No OS reinstall required
Managed via Windows Security UI

This change is explicitly documented by Microsoft and multiple independent sources. [techrepublic.com], [pureinfotech.com], [windowsreport.com], [msn.com]

Where the toggle now lives
Windows Security
→ App & browser control
→ Smart App Control
→ Smart App Control settings

From there, you can:

  • Switch On
  • Switch Off
  • Let systems enter Evaluation again

[techrepublic.com], [pureinfotech.com]

What did not change (important limitations remain)

Microsoft did not soften SAC’s enforcement model:

  • ❌ Still no per‑app allow

  • ❌ Still blocks unsigned internal apps

  • ❌ Still unsuitable for dev workstations

  • ❌ Still excluded from enterprise‑managed devices

The decision engine is unchanged. Only the lifecycle control was fixed. [msn.com]

Who Smart App Control now makes sense for

✅ Excellent fit
  • SMB users
  • Standard staff PCs
  • BYOD devices
  • Non‑technical users
  • High‑risk email / web exposure roles

Especially when paired with:

  • Defender Antivirus

  • Attack Surface Reduction rules

  • Defender SmartScreen

❌ Poor fit
  • Developers

  • MSP admin machines

  • Script‑heavy workflows

  • Legacy Line‑of‑Business apps

  • Custom PowerShell tooling

For these, WDAC, AppLocker, or Intune‑managed policy is still the correct solution.

MSP‑level takeaway (opinionated, but grounded)

Smart App Control finally crossed the line from:

“Technically interesting but unusable”

to:

“Deployable baseline protection for unmanaged Windows 11 PCs”

It is not a replacement for:

  • Application control

  • Device management

  • Security policy

But it is now a credible default deny layer for Windows 11 endpoints that previously had none.

If You’re Not Thinking AI‑First Right Now, You’re Falling Behind

image

Let’s get something out of the way early:
AI is no longer “coming”. It’s already here. And if you’re still treating it like a side project, an experiment, or something to “look at later”, you’re already behind.

Not because everyone else is smarter than you.
Not because you’ve failed.
But because the way work gets done has fundamentally changed — and most organisations are still trying to bolt AI onto old habits instead of redesigning how work actually flows.

That’s where AI‑first thinking comes in. And for most businesses, that means Microsoft 365 Copilot.

AI‑First Isn’t About Tools. It’s About Decisions.

Most conversations I hear about AI start with tools:

  • “Which AI should we use?”

  • “Should we trial ChatGPT?”

  • “Is Copilot worth it yet?”

Those are the wrong questions.

AI‑first thinking starts with a different mindset:

“If AI can help with this, why would we still do it the old way?”

That question changes everything.

Drafting emails.
Summarising meetings.
Creating reports.
Reviewing documents.
Preparing proposals.

If your default approach is still “I’ll do it manually and see if AI can help later”, you’re already inefficient — whether you realise it or not.

Why Microsoft 365 Copilot Wins (Especially for SMBs)

Here’s the uncomfortable truth: most businesses don’t need more AI tools. They need less context‑switching and better use of the tools they already pay for.

That’s why Copilot matters.

Microsoft 365 Copilot isn’t just “AI bolted on”. It’s AI embedded directly into where work already happens:

  • Word

  • Excel

  • Outlook

  • Teams

  • PowerPoint

  • SharePoint

That integration is the real advantage.

Instead of asking AI to work in isolation, Copilot works with your actual business data, permissions, and workflows. That means:

  • Answers grounded in your documents and emails

  • Summaries that reflect real meetings, not guesses

  • Content created inside governed, secured environments

For SMBs especially, that’s critical. Security, compliance, and data leakage aren’t optional extras — they’re table stakes.

The Real Gap: Adoption, Not Availability

Here’s what I see repeatedly with MSPs and their customers:

  • Copilot is licensed ✅

  • Copilot is enabled ✅

  • Copilot is barely used ❌

Why?

Because nobody changed how work is done.

People were given AI and told, “Go figure it out.”

That doesn’t work.

AI‑first organisations redesign workflows:

  • Meetings are shorter because summaries are assumed

  • First drafts are expected to be AI‑assisted

  • “Blank page syndrome” disappears

  • Decision‑makers ask better questions, faster

Copilot becomes a thinking partner, not a novelty.

AI‑First Is a Leadership Choice

This isn’t an IT problem.
It’s a leadership decision.

The organisations pulling ahead aren’t the ones with the most licences — they’re the ones that expect AI to be used and support people in using it properly.

That means:

  • Training focused on real work, not features

  • Clear expectations around when Copilot should be used

  • Permission to experiment without fear of “doing it wrong”

MSPs who get this will thrive. Those who don’t will spend the next few years firefighting margin pressure and explaining why clients feel slower than they used to.

The Bottom Line

AI‑first doesn’t mean “replace people”.
It means remove friction.

Microsoft 365 Copilot isn’t magic. It still needs good prompts, good data, and good judgement. But used properly, it changes how quickly work moves — and how much mental energy people waste on low‑value tasks.

If you’re not actively helping your business or your clients think AI‑first right now, someone else is.

And they’re already pulling ahead.

Build Content That Attracts the Right Clients (and Scares Off the Wrong Ones)

image

Most MSPs don’t have a content problem.

They have a courage problem.

They post safe, beige, “me too” content that tries to appeal to everyone — and ends up resonating with no one. If you want content that actually drives leads, conversations, and demand, you need to stop thinking like a marketer and start thinking like a signal flare.

Here’s how.

1. Nail your positioning (before you post a single word)

Content isn’t about volume. It’s about signal.

Your job isn’t to attract more people. It’s to attract the right people — and actively repel the ones who will never value what you do anyway.

That means finding ownable ideas. Topics you can talk about consistently, confidently, and with a point of view. Not “cybersecurity is important” — everyone says that. Instead:

  • “Security outcomes matter more than tools”

  • “Most MSP pricing models are broken”

  • “Compliance theatre is killing real security”

If you’re not willing to make some people uncomfortable, you’re not positioned. You’re just posting noise.

Strong positioning acts like a filter. The right people lean in. The wrong people scroll past or quietly unfollow. That’s a feature, not a bug.

If your content doesn’t cost you anything — lost followers, disagreement, friction — it probably isn’t doing anything useful.

2. Dial in your packaging (make it impossible to ignore)

Great ideas die every day because they’re badly packaged.

Your content doesn’t compete with other MSPs. It competes with everything else in the feed — outrage, memes, hot takes, AI hype, and doomscrolling.

That’s why you need what I call thought grenades.

Short, sharp posts that:

  1. Hook fast – a line that stops the scroll

  2. Build tension – challenge a belief they’re comfortable with

  3. Explode – a payoff that reframes the problem

  4. Point forward – a next step (comment, DM, click, think)

These aren’t fluffy posts. They’re spot on.

“Most MSPs don’t have a sales problem. They have a thinking problem.” “Buying another security tool won’t fix your risk.” “Being ‘nice’ in your content is costing you revenue.”

You’re not posting to inform. You’re posting to move people — emotionally and intellectually — closer to you.

If every post looks like documentation, nobody will read it. If every post sounds like marketing copy, nobody will trust it.

3. Streamline the process (so content becomes automatic)

The goal isn’t to “do content”.

The goal is to remove friction so content becomes a reflex.

When your positioning is clear and your packaging is repeatable, content ideas start showing up everywhere. A client call. A Teams message. A dumb vendor pitch. A security incident. A pricing conversation.

You just see something… and say something.

That’s how you build momentum — and eventually, a cult‑like following. Not because you’re louder, but because you’re clearer.

Stop over‑editing. Stop waiting for perfect. Stop turning every post into a project. Capture the thought while it’s fresh. Polish later if needed.

Consistency doesn’t come from discipline. It comes from simplicity.

The real payoff

This isn’t about likes.

It’s about becoming the obvious choice for the people you want to work with — before they ever talk to you.

Strong positioning attracts. Sharp packaging converts attention. A frictionless process compounds everything.

Do this well, and your content won’t just get seen.

It will pre‑sell, pre‑qualify, and pre‑frame every conversation that follows.

And that’s when content stops being “marketing” and starts becoming leverage.