MVP 2025-26

Excited and proud to share that I’ve been awarded Microsoft MVP for 2025–26! This is now 14 years as a Microsoft MVP.

Huge thanks to Microsoft and the Microsoft MVP team for the continued recognition and support. It’s a privilege to be part of such a passionate and innovative community and I look forward to another year of helping others work with the Microsoft Cloud.

Of course, thanks also to everyone who reads, listens or consumes the things that I create. It is always great to hear the benefits that this content has helped, so don’t be shy in reaching out if I have been able to help in any way. Your continued support of my endeavours is what drives me every day to create more.

This past year, I’ve been all-in on Microsoft 365—especially Copilot. From building agents and using notebooks with podcasts to exploring automations and more, it’s been incredible to see how AI is transforming the way I work and exciting to see what the future brings with AI.

Grateful for the opportunities to learn, share, and collaborate—and looking forward to another year of building, breaking (in the lab), and helping others get the most out of Microsoft 365 + Copilot and everything in the Microsoft Cloud.

Let’s keep pushing what’s possible.

Thank you.

Exchange Online PowerShell configuration rules and policy relationship

In the context of configuring anti-spam settings in Exchange (particularly Exchange Online, which uses Exchange Online Protection or EOP), “rules” and “policies” work together to define how email is processed and protected. PowerShell is the primary tool for granular control over these settings.

Here’s a breakdown of their relationship:

1. Policies (Anti-Spam Policies):

What they are: Policies are the core configuration containers that define the overall anti-spam settings. They specify what actions to take when a message is identified with a certain spam confidence level (SCL) or other anti-spam verdict (e.g., spam, high-confidence spam, phishing, bulk email).
Key settings within policies:
- Spam Actions: What to do with messages identified as spam (e.g., move to Junk Email folder, quarantine, add X-header, redirect).
- High-Confidence Spam Actions: Similar to spam actions, but for messages with a very high probability of being spam.
- Phishing Actions: Actions for phishing attempts.
- Bulk Email Thresholds (BCL – Bulk Complaint Level): How to treat bulk mail (e.g., newsletters, marketing emails) that isn’t necessarily spam but users might not want.
- Allowed/Blocked Senders and Domains: Lists of specific senders or domains that should always be allowed or blocked, bypassing some or all spam filtering.
- Advanced Spam Filter (ASF) settings: More granular options like increasing spam score for specific characteristics (e.g., certain languages, countries, or specific URLs/patterns).
Default Policies: Exchange/EOP comes with built-in default policies (e.g., “Default,” “Standard Preset Security,” “Strict Preset Security”) that provide a baseline level of protection.
Custom Policies: You can create custom anti-spam policies to apply different settings to specific users, groups, or domains within your organization.
PowerShell Cmdlets:
- Get-HostedContentFilterPolicy: Views existing anti-spam policies.
- New-HostedContentFilterPolicy: Creates a new custom anti-spam policy.
- Set-HostedContentFilterPolicy: Modifies an existing anti-spam policy.
- Get-HostedOutboundSpamFilterPolicy, Set-HostedOutboundSpamFilterPolicy, New-HostedOutboundSpamFilterPolicy: Manage outbound spam policies.

2. Rules (Anti-Spam Rules / Mail Flow Rules / Transport Rules):

What they are: Rules are used to apply policies to specific recipients or groups of recipients, or to implement more dynamic and conditional anti-spam actions. While “anti-spam rules” are directly linked to anti-spam policies, “mail flow rules” (also known as “transport rules”) offer a broader range of conditions and actions, including those that can influence spam filtering.
Relationship to Policies:
- Anti-Spam Rules (specifically): An anti-spam rule (e.g., created with New-HostedContentFilterRule) links an anti-spam policy to specific conditions (e.g., applying the policy to members of a certain distribution group). A single anti-spam policy can be associated with multiple rules, but a rule can only be associated with one policy. This allows you to apply different policies to different sets of users.
- Mail Flow Rules (broader impact): Mail flow rules can also be used to influence anti-spam behavior, even if they aren’t strictly “anti-spam rules.” For example:
  - Bypassing spam filtering: You can create a mail flow rule to set the Spam Confidence Level (SCL) of a message to -1 (Bypass spam filtering) if it meets certain conditions (e.g., from a trusted internal system, or specific external partners).
  - Increasing SCL: You can increase the SCL of messages that contain specific keywords or come from particular sources, forcing them to be treated more aggressively by anti-spam policies.
  - Redirecting/Quarantining: Mail flow rules can directly redirect suspicious messages to a quarantine mailbox or add specific headers for further processing, often based on content or sender characteristics that might indicate spam or phishing.
PowerShell Cmdlets:
- Get-HostedContentFilterRule: Views existing anti-spam rules.
- New-HostedContentFilterRule: Creates a new anti-spam rule and links it to an anti-spam policy.
- Set-HostedContentFilterRule: Modifies an existing anti-spam rule.
- Get-TransportRule, New-TransportRule, Set-TransportRule: Manage general mail flow (transport) rules, which can include anti-spam related actions.

How they work together (with PowerShell in mind):

Define the “What”: You use New-HostedContentFilterPolicy or Set-HostedContentFilterPolicy to define the core anti-spam behavior (e.g., “quarantine spam, move high-confidence spam to junk, block these specific senders”).
Define the “Who/When”: You then use New-HostedContentFilterRule to create a rule that applies that specific policy to certain users or under specific conditions. You can prioritize these rules using the -Priority parameter on the Set-HostedContentFilterRule cmdlet, where a lower number means higher priority.
Advanced Scenarios: For more nuanced control, or to handle edge cases not covered directly by anti-spam policies, you leverage New-TransportRule or Set-TransportRule. These allow you to:
- Exempt certain senders/domains from all spam filtering (SCL -1).
- Apply custom actions based on message headers (e.g., from a third-party spam filter).
- Implement more sophisticated content-based filtering using keywords or regular expressions before the message hits the main anti-spam policies.

Example Scenario and PowerShell:

Let’s say you want to:

Apply a strict anti-spam policy to your “Executives” group.
Allow a specific partner domain to bypass most spam filtering.

Using PowerShell, you might:

Create a custom anti-spam policy for executives:

PowerShell

New-HostedContentFilterPolicy -Name "ExecutiveSpamPolicy" -HighConfidenceSpamAction Quarantine -SpamAction Quarantine -BulkThreshold 4 -MarkAsSpamBulkMail $true

Create an anti-spam rule to apply this policy to the “Executives” group:

PowerShell

New-HostedContentFilterRule -Name "ApplyExecutiveSpamPolicy" -HostedContentFilterPolicy "ExecutiveSpamPolicy" -SentToMemberOf "ExecutivesGroup" -Priority 1

Create a mail flow rule to bypass spam filtering for the partner domain:

PowerShell

New-TransportRule -Name "BypassSpamForPartner" -FromScope OutsideOrganization -FromDomainIs "partnerdomain.com" -SetSCL -1 -Priority 0 # Higher priority to ensure it's processed first

In summary:

Policies define the actions for different spam verdicts and general anti-spam behavior.
Rules (both anti-spam rules and broader mail flow/transport rules) define the conditions under which those policies or other anti-spam actions are applied.

PowerShell gives administrators the power to create, modify, and manage these policies and rules with a high degree of precision and automation, which is crucial for effective anti-spam protection in Exchange environments.

M365 Copilot reasoning agents limits

Yes, there is a usage limit for Research and Analyst Agent prompts in Microsoft 365 Copilot. These agents are included in a Microsoft 365 Copilot license but not with the free Copilot Chat.

According to Microsoft’s official documentation and recent updates, each user with a Microsoft 365 Copilot license is allowed to run up to 25 combined queries per calendar month using the Researcher and Analyst agents

Researcher and Analyst Usage Limits | Microsoft Community Hub

Researcher and Analyst are now generally available | Microsoft 365 Blog

This limit resets on the 1st of each month, not on a rolling 30-day basis

This cap is in place because the Research Agent performs deep, multi-step reasoning and consumes more compute resources than standard Copilot Chat. It’s designed for complex, structured tasks—like generating detailed reports with citations—rather than quick, conversational queries.

If your organization anticipates higher usage, Microsoft offers message packs as an add-on. For example, a couple of packs covering ~50,000 queries might cost around $400/month, while licensing 100 users directly would be about $3,000/month. Microsoft recommends starting with minimal licenses, monitoring usage, and scaling based on actual demand.

The next question is then about how the 25-prompt monthly limit for the Researcher agent in Microsoft 365 Copilot applies when you create a custom agent in Copilot Studio that uses “reason” in its instructions.

Key Clarification

The 25-prompt limit applies specifically to the Researcher agent—a specialized, high-computation mode within Microsoft 365 Copilot designed for deep, multi-step reasoning across enterprise and web data. It’s distinct from standard Copilot chat and is licensed separately.

What Happens in Copilot Studio?

When you create an agent in Copilot Studio and include the word “reason” in the instructions (e.g., “use reasoning to evaluate…”), that does not automatically invoke the Researcher agent or count against your 25 monthly Researcher prompts.

Instead, Copilot Studio agents operate based on:

The generative answer node and its custom instructions.
The data sources you’ve connected (e.g., SharePoint, Dataverse, websites).
The reasoning complexity you’ve built into the flow (e.g., branching logic, memory, variables).

Unless your agent explicitly calls the Researcher agent (via a connector or API that invokes it), or unless Microsoft has integrated Researcher-like capabilities into your agent’s backend (which would be documented), your usage won’t count against the Researcher quota.

Optimize prompts with custom instructions – Microsoft Copilot Studio | Microsoft Learn

Researcher agent in Microsoft 365 Copilot | Microsoft Community Hub

What “Reason” Means in Instructions

Using “reason” in your instructions—such as “reason through the options before answering”—is interpreted as a style or tone directive for the generative AI. It helps shape how the agent responds but doesn’t trigger the Researcher agent’s quota-based behaviour.

✅ Summary

No, using “reason” in Copilot Studio instructions does not count against your 25 Researcher prompts.
The Researcher agent quota applies only when that specific agent is invoked.
You can safely build reasoning-style flows in Copilot Studio without worrying about prompt limits—unless you explicitly integrate the Researcher agent.

Would you like help designing a reasoning-style Copilot Studio agent that stays within standard usage?

References

Optimize prompts with custom instructions – Microsoft Copilot Studio

Researcher agent in Microsoft 365 Copilot

Robert.agent in action

Here’s an example of how clever AI is getting.

Someone sent the following screen shot of PowerShell code to robert.agent@ciaops365.com. Which, if you haven’t seen, is an agent I built to respond automatically to emails using Copilot Studio.

My Copilot Agent was able to read the PowerShell inside the screen shot and return the following 103 lines of PowerShell for that person!

Why don’t you give robert.agent@ciaops365.com a try to get your Microsoft Cloud questions answered?

Exchange Online Mail Flow rules basics

In Exchange Online, mail flow rules (formerly known as transport rules) are a powerful tool that IT administrators can use to fine-tune how emails are handled, and they are intricately tied to an organization’s overall spam policies within Microsoft 365.

Here’s how they are connected in non-technical terms:

1. Exchange Online Protection (EOP) as the Foundation:

**EOP is your first line of defense: Think of Exchange Online Protection (EOP) as the core spam filtering engine built into Microsoft 365. It automatically scans all incoming and outgoing emails for known spam, malware, phishing attempts, and other threats. EOP uses a variety of technologies, including:
- Connection Filtering: Checks the sender’s IP address reputation.
- Spam (Content) Filtering: Analyzes the message content for characteristics of spam. This assigns a Spam Confidence Level (SCL), a numeric score (0-9, higher means more likely spam).
- Anti-Malware and Anti-Phishing: Detects malicious attachments, links, and spoofing attempts.
Anti-Spam Policies: Within EOP, you have “Anti-spam policies” (also called spam filter policies). These policies define what actions EOP should take based on the spam verdict (e.g., if an email is “Spam,” “High Confidence Spam,” or “Bulk Email”). Actions can include:
- Moving the message to the Junk Email folder.
- Quarantining the message (holding it in a safe place for review).
- Rejecting the message.
- Redirecting the message to an administrator.
- Adding an X-header to the message for further processing.
Default Policy: There’s a default anti-spam policy that applies to everyone in your organization, but you can create custom policies for specific users, groups, or domains.

2. Mail Flow Rules (Transport Rules) as the Customization Layer:

Mail flow rules work with EOP policies: While EOP and its anti-spam policies provide a robust baseline, mail flow rules allow you to create custom, highly specific conditions and actions that can interact with, bypass, or enhance the default spam filtering behavior.
How they’re tied to spam policies:
- Setting the SCL: A primary way mail flow rules tie into spam policies is by allowing you to set the Spam Confidence Level (SCL) for messages that meet certain criteria. For example:
  - If you receive legitimate newsletters that are frequently marked as “Bulk,” you can create a rule that says: “If an email is from newsletter@example.com, set its SCL to -1 (Bypass Spam Filtering).” This tells EOP to treat that specific sender’s emails as non-spam, effectively allowing them to bypass the regular spam filters and directly reach the inbox.
  - Conversely, if you notice a new type of spam getting through that contains specific keywords or phrases, you can create a rule that says: “If the subject or body contains ‘Urgent crypto investment opportunity,’ set the SCL to 9 (High Confidence Spam).” This will ensure that anti-spam policies apply their “High Confidence Spam” action (e.g., quarantine or delete) to those messages, even if EOP’s default content filters haven’t yet caught up.
- Overriding or Enhancing Actions: Mail flow rules can also take actions independently or in conjunction with anti-spam policies. For instance:
  - You might have an anti-spam policy that quarantines “high confidence spam.” A mail flow rule could say: “If an email is from badspammer.com AND it’s marked as ‘High Confidence Spam,’ also send a notification to the security team.”
  - You can create rules to completely bypass spam filtering for certain trusted senders or internal communication, preventing false positives (legitimate emails being mistaken for spam).
  - You can block messages outright based on criteria like sender domain, specific keywords, or attachments, even before EOP fully processes them for spam, providing a very direct defense.
  - You can tag messages with custom headers that can then be used by other systems or for further processing.
Order of Processing: It’s important to understand that mail flow rules have a priority, and they are processed before or alongside the standard anti-spam policies. This allows administrators to ensure critical rules are applied first.

In essence:

EOP and Anti-Spam Policies provide the automated, intelligent, and broad-spectrum defense against spam.
Mail Flow Rules are your administrative scalpel, allowing you to fine-tune, customize, override, or supplement that broad defense for specific scenarios unique to your organization. They let you proactively respond to new threats, ensure delivery of critical legitimate mail, and implement your own nuanced email handling policies beyond the default spam filtering.

Small Business, Big AI Impact: Understanding the AI MCP Server

Imagine Artificial Intelligence (AI) as a super-smart assistant that can answer questions, write emails, or even create images. However, this assistant usually only knows what it was taught during its “training.” It’s like a brilliant student who only knows what’s in their textbooks.

Now, imagine this assistant needs to do something practical for a business, like check a customer’s order history in your sales system, or update a project status in your team’s tracking tool. The problem is, your AI assistant doesn’t automatically know how to “talk” to all these different business systems. It’s like our brilliant student needing to call different departments in a company, but not having their phone numbers or knowing the right way to ask for information.

This is where an AI MCP server comes in.

In non-technical terms, an AI MCP server (MCP stands for Model Context Protocol) is like a universal translator and connector for your AI assistant.

Think of it as:

A “smart switchboard”: Instead of your AI needing to learn a new way to communicate with every single business tool (like your accounting software, email system, or inventory database), the MCP server acts as a central hub. Your AI assistant just “talks” to the MCP server, and the MCP server knows how to connect to all your different business systems and translate the information back and forth.
A “library of instructions”: The MCP server contains the “recipes” or “instructions” for how your AI can interact with specific tools and data sources. So, if your AI needs to find a customer’s last purchase, the MCP server tells it exactly how to ask your sales system for that information, and then presents the answer back to the AI in a way it understands.
A “security guard”: It also helps manage what information the AI can access and what actions it can take, ensuring sensitive data stays secure and the AI doesn’t do anything it shouldn’t.

Why is this important for small businesses?

For small businesses, an AI MCP server is incredibly important because it allows them to:

Unlock the full potential of AI without huge costs: Instead of hiring expensive developers to build custom connections between your AI and every piece of software you use, an MCP server provides a standardized, off-the-shelf way to do it. This saves a lot of time and money.
Make AI truly useful and practical: Generic AI is helpful, but AI that understands and interacts with your specific business data (like customer details, product stock, or project deadlines) becomes a game-changer. An MCP server makes your AI assistant “aware” of your business’s unique context, allowing it to provide much more accurate, relevant, and actionable insights.
Automate tasks that require multiple systems: Imagine your AI automatically updating your customer relationship management (CRM) system, sending an email confirmation, and updating your inventory, all from a single request. An MCP server enables this kind of multi-step automation across different software.
Improve efficiency and save time: By connecting AI directly to your existing tools and data, employees spend less time manually searching for information, switching between applications, or performing repetitive data entry. This frees up staff to focus on more strategic and valuable tasks.
Enhance customer service: An AI-powered chatbot connected via an MCP server can instantly access real-time customer data (purchase history, support tickets) to provide personalized and accurate responses, leading to happier customers.
Stay competitive: Larger businesses often have the resources for complex AI integrations. An MCP server helps level the playing field, allowing small businesses to adopt advanced AI capabilities more easily and gain a competitive edge.
Future-proof their AI investments: As new AI models and business tools emerge, an MCP server helps ensure that your existing AI setup can adapt and connect to them without major overhauls.

In essence, an AI MCP server transforms AI from a clever but isolated tool into a powerful, integrated assistant that can truly understand and interact with the unique workings of a small business, making operations smoother, smarter, and more efficient.

M365 Copilot Chat vs. Copilot Research Agent: Use Cases and Examples

Microsoft 365 Copilot serves as your AI-powered assistant across Office apps and Teams, helping with everyday tasks through a conversational chat interface. In contrast, the Copilot Research Agent is a specialized AI mode for deep, multi-step research that can comb through vast amounts of data (both your enterprise data and web) to produce comprehensive, evidence-backed reports. Choosing the right tool will ensure you get the best results for your needs. Below, we break down the strengths, ideal use cases, and examples for each, as well as when not to use one versus the other.

Overview of the Two Copilot Modes

M365 Copilot Chat (Standard Copilot): This is the default Copilot experience integrated into Microsoft 365 apps (such as Teams, Outlook, Word, etc.). It provides quick, near real-time responses in a conversational way[1]. Copilot Chat can draft content, answer questions, summarize information, and help with tasks in seconds using the context you provide or your work data via Microsoft Graph[2]. It’s like an AI assistant always available in-app to help you “work smarter” on everyday tasks.

Copilot Research Agent (Researcher Mode): This is an advanced reasoning agent for in-depth research. It uses a more powerful, iterative reasoning process to handle complex, multi-step queries that require analyzing multiple sources. The Research agent will take longer (often a few minutes per query) to gather information from across emails, chats, meetings, documents, enterprise systems, and even the web, then synthesize a thorough answer[1][3]. The output is usually a well-structured report or detailed response with sources cited for verification[1][1]. In short, Researcher acts like a diligent analyst digging through all data available to answer your question with high accuracy and detail – albeit with a slower response time than standard Chat.

Key Differences at a Glance

Aspect	M365 Copilot Chat (Standard)	Copilot Research Agent (Researcher)
Response Speed	Near-instant answers (usually seconds). Optimized for real-time use so you can get quick help while working.	Slower, deep processing (often 3–6 minutes for a full response). It spends more time reasoning, gathering and verifying information.
Complexity Handling	Basic to moderate complexity. Great for straightforward or single-step questions and tasks. It can use context but generally handles one prompt at a time without extensive planning.	High complexity, multi-step reasoning. Designed for complex questions that require breaking down into sub-tasks, looking up multiple sources, and synthesising findings. Performs chain-of-thought planning and iterative research.
Data Scope	Immediate context + relevant enterprise data. Can tap into your recent emails, files, chats if needed (via Graph) to give an answer, but typically focuses on the content at hand (e.g., the document or thread you’re viewing).	Broad enterprise and external data. Securely searches across emails, documents, meeting transcripts, chat history, and even external connectors or web sources as needed. It will “search everywhere” to ensure no relevant info is missed.
Typical Output	Brief replies or edits. E.g., a paragraph answering your question, a list of bullet points, a draft email or document section. The style is often concise and may not always cite sources (it’s more like a quick assistant).	Detailed reports or comprehensive answers. Often provides a structured report with sections, detailed explanations, and inline citations to sources for fact-checking. It resembles what an analyst’s researched memo might look like.
Interaction Style	Conversational and interactive. You can have a back-and-forth with Copilot Chat, ask follow-ups instantly, or refine the output. It’s meant for real-time collaboration while you work.	Task-focused sessions. The Research agent might ask clarifying questions up-front then deliver a final report. It’s less about continuous chat and more about digging for answers, though you can still follow up with additional questions (each may invoke a new deep research cycle).
Limitations	May not fully answer very broad or data-heavy queries. It uses faster reasoning, which can sometimes mean less depth or context. Complex multi-source questions might get summary-level answers or require you to prompt multiple times.	Not ideal for trivial or time-sensitive queries. Because it takes longer and uses intensive resources (often even limited to a certain number of uses per month), it’s overkill for simple tasks. You wouldn’t use Researcher for a one-line answer or tiny task you needed immediately.

When to Use M365 Copilot Chat (with Examples)

Use Copilot Chat for day-to-day productivity tasks, especially when you need a quick, on-the-fly response or assistance within the flow of work. Here are the best use cases and examples:

Quick Summaries of Single Sources: When you want a fast summary of a specific item (an email thread, document, or meeting). For example, “Summarise this email chain for me” – Copilot Chat can instantly pull out the key points from a long email conversation[2]. Or in Teams, you might ask, “What were the main action items from the meeting I missed?”, and it will recap the meeting recording or chat for you in seconds. This is ideal for catching up on information without reading everything yourself.
Drafting and Composing Content: Copilot Chat excels at generating initial drafts and content ideas quickly. If you need to write something, you can instruct Copilot to draft it for you, then you refine it. For instance, you could say: *“Draft an email to

References

[1] Researcher agent in Microsoft 365 Copilot

[2] Top 10 things to try first with Microsoft 365 Copilot

[3] Conversation Modes: Quick, Think Deeper, Deep Research

[4] Introducing Researcher and Analyst in Microsoft 365 Copilot

[5] Inside Copilot’s Researcher and Analyst Agents

Need to Know podcast–Episode 349

Explore the future of AI integration, Microsoft Cloud updates, and security innovations tailored for the SMB market. In this episode, we dive into the transformative role of AI MCP servers, the latest Microsoft 365 and Teams updates, and practical security and compliance strategies. Whether you’re an IT pro, business leader, or tech enthusiast, this episode delivers actionable insights and resources to stay ahead in the Microsoft ecosystem.

Brought to you by www.ciaopspatron.com

you can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-349-mcp-is-for-me/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

or Spotify:

https://open.spotify.com/show/7ejj00cOuw8977GnnE2lPb

Don’t forget to give the show a rating as well as send me any feedback or suggestions you may have for the show.

Resources

CIAOPS Need to Know podcast – CIAOPS – Need to Know podcasts | CIAOPS

X – https://www.twitter.com/directorcia

Join my Teams shared channel – Join my Teams Shared Channel – CIAOPS