CIA Brief 20250111

If you found this valuable, the I’d appreciate a ‘like’ or perhaps a donation at https://ko-fi.com/ciaops. This helps me know that people enjoy what I have created and provides resources to allow me to create more content. If you have any feedback or suggestions around this, I’m all ears. You can also find me via email director@ciaops.com and on X (Twitter) at https://www.twitter.com/directorcia.

If you want to be part of a dedicated Microsoft Cloud community with information and interactions daily, then consider becoming a CIAOPS Patron – www.ciaopspatron.com.

Watch out for the next CIA Brief next week

The missed SMB AI opportunity

This is a follow to my article:

Talent versus Skill

As we now approach the 12 month anniversary of when Microsoft 365 Coplot was available widely in SMB (16 January 2024), I thought I’d reflect on what I see in the market.

It is my experience that only now, 12 months after the release of Microsoft 365 Copilot, are the most progressive resellers and MSPs orientating themselves to understand and make AI part of their business and what they offer to their customers. This means even the most progressive are already at least 12 months behind.

As I have said previously, I see the reaction to Ai from SMB IT Professionals and MSPs much like what happened with the move to the cloud. In short, that cynicism at best and denial at worst, seems to have again reappeared.

If you simply look at the business opportunity presented by AI it is hard for me to grasp why more IT Professionals and MSPs are not taking advantage of this unique opportunity for their business.

Most commentators agree that AI is one of the fastest adopted technologies in history and is now widely in use by individuals and business, because it part it is so easy to use. This explosive growth and penetration represents business opportunity that many IT Professionals and MSPs are well positioned to take advantage of, yet there seems to a hesitancy like there was moving to the cloud.

In fact, I see the IT Professional and MSP adoption curve with AI trending more and more away from adoption and integration into their businesses. To be brutally honest, the peak in that Reseller adoption curve, in my books, is at least 3 – 5 years behind already.

Thus, the adoption gap continues to increase. So too the opportunity.

Alternatively, if you look at the customer trends, you find they are adopting AI much faster and looking to integrate into their business to remain competitive. The net result is that customers and their IT providers are trending in opposite directions when it comes to adopting AI from what I see.

Any new technology requires re-tooling and an investment in knowledge. Both of these don’t magically just appear inside a business or an individual, they require a dedicated approach to integrating these as well as some work. From what I see, customers are prepared to do this work because they see the business benefits but most IT Providers don’t. To me, that represents a huge risk that many incumbent IT providers wil miss out on the opportunity that the AI wave presents. The worst case scenario is that customers will ‘do it themselves’ with any need of an IT Provider.

At its core I believe the mismatch I’m seeing is the result of the incumbent MSP model being ‘reactive’. That is, waiting until something breaks and then fix it. It is like the fire brigade that waits until the bell rings and then goes to put out the fire. I think we are shifting to work where more consideration has to be given to a proactive approach to solving business needs before they arise rather than waiting for them to happen and reacting. To many technology providers AI represents something that will ‘break’ the status quo and that is not something they desire.

A reactive business I would suggest is not appropriate in the age of AI. Why? Because Ai doesn’t break, doesn’t need configuring, doesn’t require on going maintenance, password resets, etc. The age of AI is all about software and creators not mechanics as most IT Providers are. The reality now is that you don’t need to be an ‘expert’ in your field, even when it comes technology. Many people, when augmented with Ai can perform a lot more tasks and topics than they ever could. The agent that I have built with Copilot Studio and publish into Teams to answer technical questions continues to amaze me daily with the quality of answers while reducing my need to do that manually. Why hasn’t every MSP implemented something like that in their business already? The tools are there to get more value from the knowledge in their business, make their lives easier and business more profitable.

Another factor I see is one of demographics. Most small MSPs are run by what you might euphemistically call ‘industry veterans’, meaning they have been doing what they do for a long time. This ‘time in business’ tends towards an inertia and a hesitancy to embrace or enthusiastically embrace change. The pace of technology change is increasing, not decreasing and that requires adaptation to the ever changing environment. This will always be challenging when the trend is to inertia.

A common approach with many SMB IT Providers is their belief that they have to do it all. Whether than belief comes from a desire for revenue or fear of competition, it is not something that is really possible in today’s diverse environment. Like ever other business, an IT provider runs a BUSINESS and the primary goal of any business is to make a profit to provide the freedom to grow, enjoy, help others, etc. Any business needs to make business decisions about what they do to generate revenue in their business. Sometimes, these business decisions are not easy. Generally, these decisions will also involve some form of risk. But, they need to be made for the business to succeed.

The simplest metric for making these decisions is profit. Will this decision generate my business more profit than this decision? Is the question du jour. This undoubtably means leaving somethings on the tables as well as abandoning others as time changes. To wit:

“You can’t do today’s job with yesterday’s methods and be in business tomorrow” – George W. Bush

The position that any business (or individual) is in today is a product of the choices they have made over time. Future success, thus, will also be a product of choices made now and into the future. All decisions come with a cost, the best choice for a business is the one which has the least risk and most profit opportunity?

Over many years, and having been through a few new technology cycles, I have learned that sometimes you can lead a horse to water but you can’t make them drink. Sometimes, inertia is too powerful and change doesn’t happen no matter how much you try. A better use of effort is with those that want the opportunity change brings. The good news for those select few is that, thanks to inertia, your competition is much smaller than it probably is in existing business models.

I am not suggesting that you throw the baby out with the bathwater here when it comes to AI and wholesale abandon business models that are currently profitable. What I am suggesting is to look to the future and see where the ‘ball is going’ and be there to meet it. Today, that only takes a small investment but overtime that investment will become larger and larger just to get onboard. As have highlighted with something like Bitcoin, a small investment early would today reap substantial rewards. You would never go all in, but a few hundred dollars back in the early days when most people scoffed at blockchain technology would certain see you having the last laugh now.

This AI stuff is, by all accounts, moving faster than any previous technology, which means the risks of getting left behind are much greater. It seems clear that Ai is going to have a major impact in all businesses, including small business. All businesses are looking to skilled providers to assist them with understanding and adopting AI. The good news I see for the very few SMB IT providers who ‘get’ Ai and integrating it into their business, is that there little competition now and into the foreseeable future. In an environment with increasing demand your chances of profitability are extremely high. It just takes a small amount of effort to overcome the effects of inertia and ride the coat tails of what certainly will be the next great wave in technology.

My Tech Books – 2025

Tech is as much a lifestyle choice these days as it is a career. The geeks and nerds have risen to rule the world. Don’t believe me? Ask Bill Gates and Elon Musk! Sometimes it is good to step back and take a wide look at how technology has changed the world we live in – for better and worse.

To see my list from last year visit – My Tech Books 2024

My selections below, both fiction and non fiction, I have found to be enjoyable and thought provoking in many different ways and I recommend them to everyone who is interested in tech.

Mentions from 2024

AI Snake Oil. What Artificial Intelligence Can Do, What it Can’t and How to Tell the Difference – Arvind Narayanan

Hackers: Heroes of the Computer Revolution – Steven Levy

You can follow all the books, tech, business, non-fiction, etc that I read over at Goodreads. You can view my activity here:

https://www.goodreads.com/director_cia

1. Daemon – Daniel Suarez [Fiction]

A glimpse into the future of where drones and augmented reality may take us. That may not necessarily be a good place either.

2. Freedom TM – Daniel Suarez [Fiction]

A follow up to Daemon. What happens when technology dominates the world? Who benefits?

3. Ready Player One – Ernest Cline [Fiction]

Much like the Matrix. What is life like if you live inside the machine? You can be just about anyone you choose. I also love this book for all the retro technology that was part of my life. TRS-80 anyone? This book has become so popular that there is now a movie. Believe me, the book is better.

4. Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers – Andy Greenberg [Non-Fiction]

This is a great book if you are interested in IT security. It is also a very current book which makes it even more engrossing. It is easy to read and quite comprehensive in its approach, not only dealing with the technology of security attack but also the geopolitical reasons and consequences.

It reveals that shadow world of nation state cyber attacks and illustrates how they are happening today and likely to increase in the future. The connected world of the Internet has brought us many benefits but it is now increasing risks as our dependencies increase to the point that there are few manual backups that don’t depend on technology.

I think this book is a real glimpse into the future and what we may be in store for in the even of rising global conflicts. If you like tech, you’ll love this!

5. Future Crimes: Inside the Digital Underground and the Battle for our Connected World – Marc Goodman [Non-fiction]

Technology will ultimately doom us all I believe because we are building our world on stuff that unfortunately places a low regard for security and privacy. This book will show you why that is a road to ruination.

6. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon – Kim Zetter [Non-Fiction]

If you don’t believe cyber warfare is real then read this book to understand how software is now a weapon as potentially devastating as any nuclear device.

7. Beyond Fear: Thinking Sensibly about Security in an Uncertain World – Bruce Schneier [Non-Fiction]

Security is important but it is important in context. We need to be rational when we consider our security not emotional. A great level headed approach to how we need to be secure.

8. American Kingpin: The Epic Hunt or the Criminal Mastermind Behind the Silk Road – Nick Bilton [Non-Fiction]

An amazingly detailed book on the rise and fall of Ross Ulbricht, the creator of the Silk Road web site. In here are asked to think about whether technology plays something more than a neutral role in today’s world.

9. The Coming Wave. Technology, Power and the Twenty-first Century’s Greatest Dilemma – Mustafa Suleyman [Non-Fiction]

A well balanced book on both the pros and cons of artificial intelligence (AI). The future is not going to be all roses unless we stop and think about what we are creating with Ai and what we need to do now to prevent it causing untold harm.

10. This how they tell me the world ends: The cyberweapons arms race – Nicole Perlroth [Non-Fiction]

Highlights the challenges that society has created, mainly from its’ own doing and questions of how we go about fixing this so we don’t end causing infinite harm to both intended targets and unintended victims.

Distributed Password cracking attempts detected by Sentinel

Over the past couple of days I’ve inundated with failed logins from locations all around the world. You can see a partial list of the those IPs reported in Sentinel above.

But, for the first time I also found this alert had triggered an incident in Sentinel – Distributed Password cracking attempts in Microsoft Entra ID, as seen above.

Here is the list and locations so far:

IP Address	Origin (Country)	Potential Organization (if identifiable)
31.141.37.30	Russia	Provider: Rostelecom
38.222.57.97	United States	Comcast Cable Communications
190.99.43.237	Argentina	Telecom Argentina
187.55.129.25	Brazil	Vivo (Telefônica Brasil)
186.77.198.100	Brazil	Oi S.A.
24.152.24.225	United States	Cox Communications
102.212.239.10	Uganda	Uganda Telecom
131.161.44.200	United States	Microsoft Corporation
177.222.169.132	Brazil	TIM Brasil
31.155.228.215	Romania	UPC Romania
168.228.92.190	Brazil	NET Virtua
186.235.247.106	Brazil	Oi S.A.
177.124.90.249	Brazil	Vivo (Telefônica Brasil)
189.84.180.196	Brazil	Oi S.A.
190.89.30.3	Brazil	Vivo (Telefônica Brasil)
201.77.175.53	Brazil	Oi S.A.
206.0.9.157	United States	Comcast Cable Communications
138.0.25.140	Brazil	Oi S.A.
176.29.230.49	Ukraine	Ukrtelecom
191.99.34.144	Brazil	Claro Brasil
87.116.135.139	France	Orange S.A.
170.82.15.6	Brazil	Claro Brasil
84.54.71.37	Spain	Telefónica
170.231.164.96	Brazil	Oi S.A.
45.231.208.166	Mexico	Megacable
190.14.176.31	Colombia	ETB (Empresa de Telecomunicaciones de Bogotá)
85.106.118.20	Italy	TIM (Telecom Italia)
191.189.9.96	Brazil	Claro Brasil
152.249.19.25	Argentina	Telecom Argentina
189.34.199.125	Brazil	Vivo (Telefônica Brasil)
41.225.129.174	Nigeria	MTN Nigeria
85.96.249.52	Italy	Vodafone Italia
197.26.214.34	South Africa	MTN South Africa
187.183.41.6	Brazil	Claro Brasil
177.126.234.232	Brazil	Vivo (Telefônica Brasil)
149.86.137.85	United States	AT&T

Always nice to have Sentinel on the job letting me know what’s going on!

My Teams Copilot can now interpret images

A while back, I built an agent that I published into Teams to provide answers to technical questions on the Microsoft Cloud. I have always been super impressed by the results I get from it, but now, as you see above, it can also interpret images!

You need to enable the Image Input option in Settings for your agent as shown above, and of course, don’t forget to again publish your agent so the updates flow into Teams.

What is even more impressive, is that if you look at the error screen at the top of the page you’ll notice that it isn’t even in English and Copilot has extracted the text from the image, interpreted it and answered in English in Teams. Impressive!

Viewing Copilot prompt and responses across the organisation

To explore Copilot activity in your environment open:

https://purview.microsoft.com

with a user with appropriate access. Select Solutions on the left and then DSPM for AI as shown above.

Then select Activity Explorer and from the list that appears on the right select an entry that says AI interaction as shown above.

You should now see a panel appear from the right with a range of details about that session. Towards the bottom you will find

both the Prompt and Response as shown above. You will also see an resources, for example files or links, used in that session.

A little further up you will also find where that session took place, in this case from inside an Office app.

The Data Security Posture Security Management (DSPM) for AI has many other resources that you can also take advantage of but the above is the simplest method I’ve found to quickly see what a Microsoft 365 Copilot prompt and response in the environment was.

My podcasts 2025

desk-music-headphones-earphones

You can find the previous year’s selection here:

My podcasts 2024

I do spend a lot of time listening to podcasts, generally in between things, like travelling. However, there is a limit to how many you can consume in a week and that’s why I need to be very discerning about what I listen to.

Regulars

These podcasts are ones that I generally won’t miss an episode of.

Windows Weekly

The latest Microsoft news with some fun and entertainment along the way. Paul Thurrott’s musing make this podcast alone something worth listening to. I still miss Mary Jo Foley I will admit and the show just isn’t as good or enjoyable. I still have no interest in the whiskey part of this show, which I now just fast forward through. I still also find that the show is more ‘ranty’ than informational which can get a bit much at times.

The Tim Ferriss Show

Some really great advice, business insights and strategy. Also lots of life lessons that I have found work really well for me. A weekly must listen for me. Some, I do skip through and some can be quite tough to get through because they are so long, but a worthwhile investment of my time. I am finding these shows are getting longer and longer making them hard to squeeze in but I do try and listen to them all.

Hardcore History

These tend to be quite long, like reading a book, but a very good and very interesting. Luckily, they are not that frequent, so it can make a nice change from all the tech stuff. There hasn’t been much content here of late which is disappointing. If you love history and an interesting story, then this is the podcast for you.

The Intrazone

All the latest news and information about SharePoint, OneDrive for Business, Teams and more directly from Microsoft. Pretty short, which makes it easy to consume. Can try a bit hard to be ‘funky’ at times but good way to stay up to date with the Microsoft collaboration news.

Sync Up

A podcast focused on the Microsoft files experience around OneDrive from Microsoft. More content has dropped but they seems to spend so much time at the beginning of the ‘learning’ about the guests and what do they like etc. I’d really prefer they just get into the content. I’m here for that not, not to take a deep dive into the personalities.

Darknet Diaries

Really well produced cybersecurity focused podcast. Has a nice variety of topics and the content is good and well researched. If you enjoy the security side of IT you’ll love these episodes. Seems to me that Jack has run out of content for these for the time being. recent episode have deviated away from main theme in my opinion. Less regular episodes and the topics are becoming broader, which isn’t necessarily a bad thing but the context has changed.

No such podcast

Giving this a go as it is officially from the US National Security Agency (NSA). Has had some interesting topics but doesn’t provide much actionable knowledge down at the SMB level but I am still finding it enjoyable.

Microsoft Threat Intelligence Podcast

Has some interesting content but tried to be a too ‘whacky, zany and trendy’ at times. Rather high level security information but give good information on the whole threat landscape and interestin personalities and technologies there. Generally around 20 minutes at double speed, so easily digestible.

Once off podcasts

Think of these more of a book you’d read or a TV show you’d watch.

The Lazarus Heist

Another well produced podcast from the BBC that follows the trails of and attempt to steal and launder billions of dollars. Apparently, additional episodes are coming later this year. If you like Darknet Diaries, you’ll like this.

I churn through these mostly at 2x speed to allow me to get through as much content as possible. I do have a few other podcasts on my current podcasting app. I am always on the lookout for good podcasts business, technology, history, whatever. So if you can recommend something you like, I’m all ears. These days, if you have a topic of interested, you’ll find many podcasts you can listen to. Don’t be shy to try them and throw away ones that don’t suit you until you find what you like.

I’ve found that many podcasts have disappeared over the last year and I have been more judicious on what I spend my time listening to. It has to provide valuable information or be enjoyable to listen to and I have become much stricter on those criteria. I have a tried quite a few new podcast in the last year but none of them really stood up to my requirements.

Finally, of course, there is my own podcasting effort:

Need to Know podcast

which covers the Microsoft Cloud (typically Microsoft 365 and Azure) as well as business topics. I encourage you to have a listen and me know what you think. 2025 will be the fifteenth year that it has been available.

Hopefully, there is something of interest to you in what I listen to. Feel free to let me know as well as any recommendations you may have, as I said, I’m all ears! All of these I listen to directly on Spotify these days.

Updated Defender for Endpoint Security Baseline

Microsoft has updated the Defender for Endpoint Security Baseline policy in Intune to Version 24H1 as shown above.

I have managed to extract my own best practice JSON configuration file for this policy and make it available at:

https://github.com/directorcia/bp/blob/main/Intune/Policies/Endpoint/Baselines/dep.json

which means you can import this directly into your environment programmatically (I used PowerShell to do exactly this).

The updates to this policy are huge! The previous version config file was about 350 lines, this new 24H1 version is now about 2,300 lines long! This indicated to me that Microsoft is moving more and more settings into theses baselines.