Need to Know podcast–Episode 367

This episode ultimately reflects on how organisations must adapt to an environment where solutions are no longer neatly balanced between simplicity and capability. Instead, businesses need to reassess priorities, stay informed, and make deliberate choices about which innovations deliver real value. For SMBs, the challenge is not just keeping up—but identifying what’s truly “good enough” in an increasingly complex cloud-first world.

Brought to you by www.ciaopspatron.com

you can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-367-goldilocks-gone/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

or Spotify:

https://open.spotify.com/show/7ejj00cOuw8977GnnE2lPb

Don’t forget to give the show a rating as well as send me any feedback or suggestions you may have for the show

Resources

CIAOPS Need to Know podcast – CIAOPS – Need to Know podcasts | CIAOPS

X – https://www.twitter.com/directorcia

director@ciaops.com

CIAOPS Blog

Join my Teams Shared Channel – CIAOPS

CIAOPS Merch store – CIAOPS

Become a CIAOPS Patron

CIAOPS AI Dojo

CIAOPS weekly news update – CIA Brief – CIAOPS

CIAOPS Labs – The Special Activities Division of the CIAOPS

Support CIAOPS

Get your M365 questions answered via email

Join my email list

A special thanks to the CIAOPS Patron community for making this podcast possible. You can find the benefits of a subscription to the community and become a member at https://www.ciaopspatron.com

AutoJack: How a single page can RCE the host running your AI agent

Azure Sets a New Performance Record for LLM Training Benchmark at Extreme Scale

Forrester names Microsoft a Leader in the 2026 Extended Detection and Response Platforms Wave report

Copilot Cowork is now generally available

Microsoft Defender email security benchmarking: Key insights from one year of data

Stay productive in new Outlook for Windows with these 5 features

What’s new in Power Platform: June 2026 feature update

What’s New in Notebooks | June 2026

Mercedes-AMG PETRONAS F1 Team responds to the intensity of race weekends with Microsoft

AI brands as bait: How threat actors are using the AI hype in social engineering

AI Is Starting to Feel Like the Petrol Bowser

I filled up the car last weekend and did that thing we all do now — glanced at the price per litre, winced a little, and worked out whether to fill the tank or just put in enough to get me through the week. It struck me, standing there, that I’ve started having the exact same conversation about AI.

For a while, AI felt free. You paid your subscription, you used it, and the meter never seemed to run. That era is ending. Token prices, usage caps, premium request limits — the cost of running AI is becoming visible, metered, and impossible to ignore. For a small business, it’s shifting from a novelty into a line item. And like petrol, it’s no longer optional. You can’t really run the business without it, but you can’t ignore what it costs either.

A running cost, not a one-off

The mistake I keep seeing is treating AI like a piece of software you buy once and forget. It isn’t. It behaves far more like fuel or electricity — something you consume, in varying amounts, every single day. Some weeks you’ll barely touch it. Other weeks, when you’re deep in a proposal or cleaning up a quarter’s worth of numbers, you’ll burn through it.

That changes how you should think about it. A running cost needs watching. It needs a budget. And it needs someone, every so often, asking the plain question: are we actually getting value for what we’re spending here?

Spend where the work actually is

Here’s where it gets interesting for a small business. You haven’t got an unlimited tank, so you have to decide where AI earns its keep. For most of the small operations I work with, the answer isn’t exotic. It’s the boring, repetitive, time-sapping work — the email triage, the first draft of a report, the summary of a long meeting nobody wants to rewatch.

That’s exactly where Copilot inside Microsoft 365 pays for itself. Asking Copilot in Outlook to clear and draft replies to a morning’s backlog saves real hours. Having it summarise a Teams meeting you missed, or pull the key figures out of an Excel workbook, turns an afternoon into a few minutes. The trick is to point your spend at the tasks that are costing you time and money today — not the shiny demos that look clever but never touch your actual week.

Economise without going without

The same way you don’t leave the car idling in the driveway, you don’t want AI burning through your allowance on low-value busywork. Be deliberate. Use the everyday Copilot features that already come with your licence before you reach for premium-priced add-ons. Give your people a quick steer on what’s worth asking and what’s just noise. And look at the bill — actually check where the consumption is going, the way you’d question a sudden jump in the power account.

None of this is about spending less for its own sake. It’s about spending on purpose.

Where I’ve landed

Petrol taught small business owners to think in terms of value per trip, not just price per litre. AI is heading the same way. The ones who do well won’t be those who spend the most or the least — they’ll be the ones who know exactly what they’re buying and why. Watch your usage, back the work that matters, and treat AI like the utility it’s quietly becoming. The meter is running now. Best to know what it’s running on.

The Clients You Need to Let Go

Last Saturday morning I sat down with a coffee and went through my client list properly. Not the polished version on a spreadsheet — the honest one. The list where you stop and ask yourself which names make your shoulders drop when they appear in your inbox.

Out of every hundred clients, maybe twenty fit that description. They weren’t bad people. But they were the ones who turned a thirty-minute call into ninety. The ones who treated every standard you set as optional. The ones who had a complaint queued up before they’d even tried what you suggested.

And here’s the part most MSP owners don’t want to admit out loud: those clients aren’t just slightly more work. They quietly run the place.

The Maths You’ve Been Avoiding

Sit down and add up the hours. Not the billable ones. The total ones. The Friday afternoon you spent re-explaining MFA for the fifth time. The Sunday email you answered because they wrote at 9pm and you didn’t want them to think you’d ignored them. The team meeting that ran twenty minutes long because someone needed to vent about a client who refuses to follow the playbook.

If you log it honestly for a fortnight, the pattern is uncomfortable. A small handful of clients eat a disproportionate slice of your week, your team’s morale, and your own headspace. The rest of your book — the ones who pay on time, listen to your advice, and treat your team with respect — get whatever scraps of attention are left over.

Copilot Can Show You What You Already Suspect

Here is where Microsoft 365 quietly earns its keep. Ask Copilot in Outlook to summarise the volume and tone of messages you’ve exchanged with a particular client over the last quarter. Open your Teams channels and let Copilot in Teams surface the recurring complaints by topic. Pull up the recap from your last quarterly review with that client and read it back without the emotion of being in the room.

You will see it plainly. The same three issues raised four quarters in a row. The same standards politely ignored. The same tone in every second message. Copilot isn’t telling you anything new. It’s just laying out the evidence you’ve been too busy or too loyal to read properly.

I have started doing this every quarter. It takes about twenty minutes per client, and it removes the wishful thinking. You stop asking “are they really that bad?” and start asking the more useful question: “Why am I still putting up with this?”

The Conversation Itself

When you do decide to end the relationship, do it cleanly. Refund what is fair. Offer to hand over their data in a tidy package via OneDrive. Recommend a provider who is genuinely a better fit for them — not a punishment, just a different match.

I draft the offboarding email in Word with Copilot’s help, sit on it overnight, then read it again in the morning. If it still says what needs saying, I send it. No long justification. No door left ajar. A short, professional close.

What You Get Back

The first time I did this properly, three things shifted within a month. My team felt lighter. Monday mornings stopped starting with dread. And the clients I genuinely respect — the ones who do the work, follow the advice, ask good questions — got noticeably more of me.

That last shift is the one that matters. The people paying for your best work deserve your best attention, and you simply cannot offer it while a small group is quietly running off with the fuel.

Sensitivity labels and auto-labelling: put a name on your data

Most people meet sensitivity labels the wrong way.

They see encryption and Purview and compliance in the same sentence and decide it’s an enterprise problem. Something for banks. Something that needs E5, a consultant, and six months.

So they leave the whole thing switched off.

Then a client emails a payroll spreadsheet to the wrong “David” in the address book, and it becomes very much their problem.

Here’s what I want you to understand. A sensitivity label isn’t a lock. It’s a name tag you put on information so Microsoft 365 knows how to treat it — and most of the value shows up before you’ve encrypted a single file.

What are sensitivity labels, really?

A sensitivity label is a tag that travels with the content. Apply Confidential to a Word doc and that label rides along into SharePoint, OneDrive, Teams, and the email it’s attached to — even off your tenant, if you allow it.

What the label does is up to you. It can simply mark the document with a header, footer, or watermark. It can show a visual classification users notice. Or it can go further and encrypt the file so only the right people open it.

That range is the bit people miss. You don’t have to start with encryption. You can start with classification — and classification on its own changes how people handle a file.

Step-by-Step: build your first label

Everything lives in the Microsoft Purview portal at purview.microsoft.com, under Information Protection. Microsoft seeds new tenants with a default set, but build and publish your own so the names actually mean something to your client.

Turn on labels for files

Before a label will stick to documents in SharePoint and OneDrive, go to Settings > Information Protection and turn on co-authoring for files with sensitivity labels. Skip this and your labels won’t apply to files at rest. It catches everyone once.

Create the label

Under Information Protection > Sensitivity labels, select Create a label. Give it a name your users will understand, not a compliance codeword. Set the scope to Files and emails.

Decide what it does

Now choose protection. Content marking — a header, footer, or watermark — is the gentle option. Access control with encryption is the heavy one. For your first label, pick marking. You can add teeth later.

Publish it

A label nobody can see does nothing. Create a label policy, add your label, and publish it to a group of users. Now it shows up under the Sensitivity button in Word, Excel, PowerPoint, and Outlook.

That’s a working label. Manual, user-applied, and included with the sensitivity-label entitlement most of your Business Premium clients already hold.

Step-by-Step: let the tenant do the labelling

Manual labels rely on people remembering. People don’t. So the next step is auto-labelling — and this is where the licensing line sits, so be straight with clients.

Pick your method

There are two. Client-side auto-labelling prompts or applies a label while someone edits a document in Office. Service-side auto-labelling policies scan content already sitting in SharePoint and OneDrive, plus mail moving through Exchange, with no user involved at all.

Run it in simulation first

This is the setting that saves you. An auto-labelling policy runs in simulation mode — it shows you exactly what would get labelled across the tenant without touching a thing. My recommendation? Always simulate, read the matches, fix your conditions, then turn it on.

Mind the licence

Auto-labelling — both flavours — needs the E5-tier Information Protection entitlement, not the base Business Premium one. Manual labels are included. Automatic ones aren’t. Don’t promise a client auto-labelling on a licence that doesn’t carry it.

“So do I need encryption on everything?” No. Most of my labels never encrypt anything. They classify. Encryption is reserved for the one or two labels that genuinely need it.

Here’s a starter taxonomy worth copying:

Personal
Public
General
Confidential
Highly Confidential

Notice what’s missing? Encryption — on four of the five. The top label might lock files down. The rest just name the sensitivity so people, and the tenant, treat them accordingly. Classification first, control second.

Why this actually changes behaviour

A labelled file behaves differently. DLP policies can key off the label. Auto-labelling can find the credit-card numbers your user forgot were buried in an old quote. And both SharePoint and Copilot respect the access a label enforces — which matters more every month.

But the quiet win is human. When someone clicks Confidential and a watermark appears, they slow down. They think before they forward. The label is doing the teaching.

Set it up once. It keeps working while everyone’s asleep.

Sensitivity labels aren’t there to make compliance harder. They’re there to make a careless mistake hard to make by accident.

If you’re rolling out Microsoft 365 and your clients’ data still has no name on it — that’s the gap. Put a name on it.

Your first Copilot Studio agent — and the bits the demo skips

Everyone wants to build an agent right now.

It’s the demo that makes the room go quiet. You describe what you want in plain English, and thirty seconds later there’s a working assistant answering questions from your own documents.

Then the bill arrives. Or worse — it doesn’t, because nobody published the thing and it’s sitting in a maker’s personal environment doing nothing.

Here’s what I keep seeing. People treat an agent as a science project. They build one, screenshot it, post it on LinkedIn, and move on. The client never touches it.

That’s not a product. That’s a party trick.

If you’re an MSP, the agent isn’t the deliverable. The service around it is. Let me show you the bits people skip.

What is a Copilot Studio agent, really?

Strip away the marketing and an agent is three things: instructions, knowledge, and tools.

Instructions are the job description — what it does, the tone it takes, when to give up and send someone to a human. Knowledge is what it’s allowed to read: a SharePoint site, a public page, a handful of documents. Tools are the actions it can take, like logging a ticket or looking up an order.

That’s it. You’re not training a model. You’re scoping a very literal new hire.

And there are two doors into this. The Agent Builder baked into Microsoft 365 Copilot, and Copilot Studio proper. The choice between them comes down to audience and reach — a quick helper for your own Copilot chat, or a real one you publish out to Teams, a website, wherever your client’s people already work.

Step-by-Step: building your first agent

Portal only. No code.

Open the studio

Go to copilotstudio.microsoft.com and check the environment name in the top right. This matters more than it looks. Build in the wrong environment and you’ll be untangling it later. Pick the client’s environment deliberately, every time.

Describe what you want

You get a box. Type what the agent should do in your own words — that’s the whole guided, no-code start. Mine for a small-business help desk reads like this:

Help our staff with common IT questions — password resets,
VPN setup, who to call for hardware. Answer only from the
company IT knowledge base. If you're not sure, say so and point
them to the service desk. Don't guess.

Notice what’s missing? No model to pick. No temperature dial. No code. You’re writing a job description in plain English. And the load-bearing line is the last one: ask it once to admit when it doesn’t know. An agent that says “I’m not sure” beats one that bluffs with total confidence.

Add knowledge, narrowly

Point it at one good source first. The company FAQ. The IT policy site. Not everything you own — one trusted thing. Test it. Then add more. An agent fed the whole tenant on day one is an agent that confidently surfaces the wrong document.

Test like a real person

Use the test pane on the right. Ask the messy questions: “can’t log in”, “where’s the VPN guide”, “who do I call”. If it waffles, fix the instructions — not the model.

Publish it

This is the step everyone forgets. An agent does nothing until you hit Publish. And every change you make afterwards needs publishing again, or your users sit on the old version. Then add a channel — Teams and Microsoft 365 Copilot are the obvious two — and decide who’s allowed in.

By default it’s Authenticate with Microsoft, which means your tenant and no one else. Leave it there. “No authentication” hands a working link to the entire internet. For an internal SMB agent, that is never what you want.

The licensing question you answer first, not last

Here’s the bit the demos never mention.

Agents built in the Agent Builder inside Microsoft 365 Copilot ride along with the licence your client already pays for. The custom agents you build and publish in Copilot Studio consume Copilot Credits — and since September 2025 that’s the currency Microsoft meters them in. Pay-as-you-go, or prepaid packs.

“So I just describe it and it works?” Yes — and that’s exactly the trap. The describing is the easy part. The scoping, the publishing, and the consumption call are the actual job.

So before you build, settle one thing: is this an internal helper for a few Copilot users, or a published agent the whole company will hammer all day? The answer decides which door you walk through and whether there’s a consumption bill hanging off it.

Get that wrong and you’ve either over-built a toy or under-budgeted a product.

The point of an agent isn’t to look clever for ninety seconds in a demo.

It’s to take a repetitive question off a human’s desk and answer it the same way, every time, at 2am. A published agent earns its keep. An unpublished one is a screenshot.

Build one narrow agent, publish it properly, and put your name on the governance around it. If you’re not showing your clients this, someone else will — and they’ll be the ones charging for it.

The Hiring Shift Copilot Has Quietly Forced

A few weeks ago I watched someone forward a Copilot-drafted email to a client without really reading it. The tone was off. A figure was wrong. The client picked it up before they did. Nobody was being lazy — they were being efficient, in the exact way we’ve all been trained to be efficient. Get the task done. Move to the next one. That small moment has stuck with me, because I think it points at something much bigger that’s quietly reshaping how small businesses need to think about the people they hire, and the behaviours they reward.

For most of my working life, businesses hired people to do things. Send the email. Build the report. Process the invoice. Update the spreadsheet. Speed and responsiveness were the metrics that mattered most. If you could turn incoming requests into completed work quickly and reliably, you were valuable. That model held up because doing the thing was the hard part, and doing it well took real skill, attention and time.

The work that used to be hard isn’t hard anymore

Copilot has quietly upended a lot of that. Drop into Outlook and you can have a draft reply in seconds. Open Word with a half-formed idea and Copilot will hand you a structured first pass before your coffee has cooled. Excel will summarise a sheet, flag the anomalies, and suggest a formula it thinks you wanted. Teams will catch you up on the meeting you missed and tell you what was decided and who owns what. Every one of those tasks used to be where someone earned their keep. Now they’re table stakes.

What’s left isn’t the doing. It’s the deciding. Was that actually the right answer? Does the draft fit the specific client we’re dealing with, or the average client Copilot has imagined? Is the figure it pulled from SharePoint the current number, or one from two restructures ago that nobody got around to archiving? Should we even send this email, or is there a phone call hiding behind it?

We’ve been training people out of asking

Here’s the part I find uncomfortable. A lot of small businesses have spent years quietly training their people out of pausing. We rewarded responsiveness over reflection. Inbox zero over inbox thoughtful. Closing tickets over questioning whether the ticket made sense in the first place. Over time, some genuinely good people got very fast at moving work between systems without really engaging with any of it.

That worked when the slow, expensive part of the job was producing the output. It doesn’t work now. The slow part is the human bit — the read, the sense-check, the quiet moment of “this doesn’t sit right with me” that keeps a business out of trouble with a client, a regulator, or its own future self.

The maths has flipped

When output was expensive, mistakes were rare almost by accident. There was friction in the system, and friction gave people time to second-guess themselves. A bad proposal took half a day to write, so it usually got read twice before it left the building. A bad proposal now takes ninety seconds, and so do the next ten after it.

The businesses that come out of this next stretch in good shape won’t be the ones with the fastest Copilot adopters. They’ll be the ones that have quietly shifted what they recognise and reward — from doing the thing, to noticing when the thing isn’t right. That’s a hiring conversation, a performance review conversation, and most of all a culture conversation. And in most of the small businesses I see day to day, it’s well overdue.

Copilot Credit Pre-Purchase Plans

Ok, deep breath before we start. In. Out. Let’s start.

If you want to purchase Copilot Credits for use with Cowork you’’ll need access to https://admin.microsoft.com. Then you’ll need to navigate to Copilot | Cost Management | Configuration. You’ll then need to select Buy prepaid credits. Then you need to select a Subscription, then How many credits you want from the table that displays.

Upon selection, you’ll be shown the price and then you can pay via the Checkout.

If you look closely you’ll also see this.

So, billing is measured in CCCUs. 1 x CCCU = 100 credits. CCCU means Copilot Credit Commit Unit.

Given that this PAYG style billing is applied against an existing Azure subscription, if you go into the Azure portal and locate Reservations you find another location where you can pay:

Again, here, we have Copilot Credit Pre-Purchase Plans measured in CCCUs.

At the lowest prepaid tier you get 5% discount and at the pre-paid top tier you get a 20% discount, with remaining tiers in between these two. Any overage returns to be being billed with no discount at the base rate.

If you now look at how usage is reported, you see it is reported in Copilot Credits, not CCCUs. So CCCUs appear to be a billing construct only.

Thus, if we focus on just the Copilot Credits (not CCCUs) we get the Microsoft quoted US$0.01 per Copilot Credit. Thus, the above consumption cost becomes 1,574 x US$0.01 = US$15.74 in real money.

Thus, to enable Copilot Cowork going forward you will need:

– M365 License (e.g. M365 Business Premium)

– M365 Copilot license (to enable premium Copilot capabilities like Cowork)

– An Azure subscription for Copilot Cowork to be billed against

– Cowork consumption and billing is tenant wide, not per user

That will bill Copilot Cowork at a PAYG rate of $0.01 per Copilot Credit. A simple average would be to assume each Cowork interaction will consume around 400 credits. That is, around US$4 every time ANY user uses Cowork. This is because Cowork interactions vary on how many credits they use based on their complexity of the request and actions taken.

You can pre-purchase Copilot Cowork credits at average discounted rates starting from US$0.0095 down to $0.0080 (i.e. 5 – 20% discount) for a fixed annual commitment.

Annual pre-paid Copilot Cowork credits are measured in Copilot Credit Commit Units (CCCUs) which have the ratio of 100 credits per 1 CCCU. The entry level CCCU is 3,000 which provides 300,000 credits across all users in the tenant.

These credits can be purchased from the M365 admin portal or the Azure portal (vis Reservations).

An administrator can restrict Copilot Cowork in various ways to control costs but that is the subject for additional post.

….. and we are done. Breath. In. Out.

Security baselines in Intune (Windows, Edge, Defender)

Most security baseline deployments I walk into were finished in about four minutes.

Someone opened Intune, found Security baselines, picked the Windows one, clicked through the wizard accepting every default, hit Create, and moved on. Box ticked. Tenant “hardened”.

That’s not security configuration. That’s a screenshot for the onboarding report.

Here’s the thing nobody tells you. A baseline you’ve never read isn’t a baseline. It’s a pile of Microsoft’s opinions you’ve agreed to without looking. And one of those opinions might break BitLocker enrolment on every machine without a TPM.

So let’s actually do this properly. It’s already in the licence your client pays for.

What is a security baseline, really?

A security baseline is Microsoft’s own recommended configuration for a product, bundled into one policy you deploy from Intune.

Not a list of suggestions. Not a report. Actual settings that get pushed to the device — BitLocker, firewall, Defender, password rules, SmartScreen — preset to the values Microsoft’s security team uses internally.

The point is speed. Instead of hand-building forty configuration profiles, you deploy one baseline and you’re 80% of the way to a hardened endpoint. Microsoft maintains the recommended settings and ships new versions as Windows evolves.

You get a few flavours: Windows, Microsoft Defender for Endpoint, Microsoft Edge, and Windows 365. There’s no separate SKU to buy. If your client is on Business Premium, this is already sitting in their tenant waiting.

Step-by-Step: deploying your first baseline

Portal only. No PowerShell.

Open the baselines

Sign in to the Microsoft Intune admin center and go to Endpoint security > Security baselines. You’ll see each baseline type with its current version on the right.

Pick one and create the profile

Start with Security Baseline for Windows 10 and later. Click it, then Create profile. Always take the newest version — older ones go read-only the moment a new one ships.

Name it like you’ll see it again

Give it a name your future self can read at a glance, like WIN-Baseline-Pilot. When a tenant has thirty policies, naming is the documentation.

Read the settings. Actually read them.

This is the step everyone skips. Walk the Configuration settings tabs. The defaults are deliberately restrictive — that’s the point — but restrictive settings break things. BitLocker enforcement on hardware without TPM 2.0 will tank an enrolment. Firewall rules will fight on-prem Group Policy on hybrid devices.

Assign to a pilot, not the fleet

Assign to a device group of ten to twenty machines with mixed hardware. Not your IT team’s identical laptops — include the weird old Dell from accounting. That’s where the breakage hides.

Watch the overview

Give it 24 hours, then check the profile’s Overview. You’ll see four buckets:

Succeeded        – applied cleanly
Error            – failed to apply
Conflict         – this setting is fighting another policy
Not applicable   – device can't support it

Notice what’s missing? There’s no “Secure” status. The portal tells you settings applied — never that you’re protected. Those are different claims, and the gap between them is your job.

Why this actually changes behaviour

Two reasons this matters more than the four-minute version.

First, conflicts are real and they’re silent. If the same setting lives in a baseline and a configuration profile, the device gets neither. It sits in Conflict and quietly does nothing. Run a pilot and you catch it. Deploy to everyone on a Friday and you find out Monday.

Second — and this is the one that catches people — baseline settings tattoo. Remove the assignment and the settings don’t roll back. They stay frozen at the last value applied. There’s no undo button.

“So if I unassign it, doesn’t the device go back to normal?”

No. It stays exactly where the baseline left it. You’d have to push the opposite setting to reverse it. Treat every baseline deployment as a one-way door, because it mostly is.

A baseline is a starting line, not a finish line. Microsoft’s Windows baseline covers maybe 150 of the 450-odd settings a CIS benchmark wants. That’s fine. Start here, layer the rest later.

The four-minute deployment and the real one look identical in a screenshot. They behave nothing alike on the device.

Read the settings once. Pilot once. Then you can tell a client their fleet is hardened and actually mean it.

A baseline isn’t there to make you look secure. It’s there to make you secure — but only if you read it first.