M365 Show Podcast cover art

M365 Show Podcast

M365 Show Podcast

By: Mirko Peters
Listen for free

About this listen

 Welcome to the M365 Show — your essential podcast for everything Microsoft 365, Azure, and beyond. Join us as we explore the latest developments across Power BI, Power Platform, Microsoft Teams, Viva, Fabric, Purview, Security, and the entire Microsoft ecosystem. Each episode delivers expert insights, real-world use cases, best practices, and interviews with industry leaders to help you stay ahead in the fast-moving world of cloud, collaboration, and data innovation. Whether you're an IT professional, business leader, developer, or data enthusiast, the M365 Show brings the knowledge, trends, and strategies you need to thrive in the modern digital workplace. Tune in, level up, and make the most of everything Microsoft has to offer.



Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-show-podcast--6704921/support.Copyright Mirko Peters / m365.Show Politics & Government
Episodes
  • AI Agents Are The New Shadow IT

    AI Agents Are The New Shadow IT
    Dec 16 2025
    Shadow IT didn’t die — it automated.Your “helpful” agents are quietly moving data like interns with keys to the vault, while you assume Purview, Entra, and Copilot Studio have you covered. Spoiler: they don’t. In this episode, we expose how agents become Shadow IT 2.0, why delegated Graph permissions blow open your attack surface, and how to redesign your governance before something breaks silently at 2 a.m. Stay to the end for the single policy map that cuts agent blast radius in half — and a risk scoring rubric you can deploy this month. 🧨 The Mess: How Agents Become Shadow IT 2.0Business urgency + IT backlog = bots stitched together with broad Graph scopes.Agents impersonate humans, bypass conditional access, and run with rights no one remembers granting.Browser-based tools and MCP bridges create hidden exfil paths your legacy allowlist can’t see.Overshared SharePoint data fuels “leakage by summarization.”Third-party endpoints mask destinations, leaving you blind during incidents.Result: autonomous smuggling tunnels disguised as productivity. 💡 The Case For Agents (When They’re Built Right) Agents crush toil when:They have narrow scope and clear triggersThey run under Entra Agent ID, not a humanThey operate on labeled data with Purview DLP enforcing the boundariesThey’re monitored with runtime visibility via Global Secure AccessThey live inside solution-aware Power Automate environmentsDone right, agents behave like reliable junior staff — fast, predictable, auditable. ⚠️ The Case Against Agents (How They Break in Real Life)Delegated Graph becomes “tenant-wide read.”Shadow data in old SharePoint sites surfaces through Copilot.Unmanaged browsers ignore DLP entirely.Zombie flows run without owners.Third-party connectors hide egress, killing investigations.No access reviews = identity drift.Every one of these expands your blast radius — silently. 🏗️ Reference Architecture: Governed Agents on Microsoft 365 Your governed stack should include: IdentityEvery agent gets an Entra Agent IDBlueprint-based permissionsConditional access per agent typeAutomatic disable on sponsor departurePermissionsGraph app roles, not delegatedSharePoint access scoped to named sitesExplicit connector allow/deny listsDataPurview auto-labelingEndpoint + browser DLP for AI/chat domainsEncryption-required labels for sensitive dataNetworkGlobal Secure AccessURL/API allowlistsMCP server controlsLifecycleSolution-based ALMQuarterly access reviewsDeprovision on inactivityThis is the skeleton you operate — not duct tape. 🛠️ Operational Playbook: Policies, Auditing & Incident FlowInventory all agents + connectors weeklyEnforce a registry-first modelPeer-review flows before promotionManaged solutions in test + prodDLP, SIEM, and Insider Risk integratedDefined incident flow: triage → isolate → revoke → postmortemNo more “we discovered the blast radius after the blast.” 🔥 Risk Scoring Rubric (0–30) Score agents across:IdentityData classificationPermissionsNetwork controlsMonitoringLifecycle governance0–8: High risk — fix now9–16: Medium — 30-day sprint17–25: Low26–30: Model agent — template it Numbers end arguments. ⚡ Counterpoints & Rebuttals“This slows innovation.” → Blueprints make it faster.“Delegated Graph is simpler.” → So is leaving the server room open.“Network inspection breaks agents.” → Only the brittle ones.“Users route around controls.” → Endpoint DLP meets them where they work.Smart friction beats catastrophic friction. 🏁 Conclusion Agents aren’t the threat — unaccountable access is.The three bolts that keep the wheels on:IdentityLabelsLeast privilegeDo these next:Create your first 3 agent blueprintsPush DLP to endpoints & browsersRun the risk scoring rubric on your top 10 agentsSubscribe for the next episode where we tear down a real agent and rebuild it the right way.Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-show-podcast--6704921/support.Follow us on:LInkedInSubstack
    Show More Show Less
    24 mins
  • Your Power App Is A Lie

    Your Power App Is A Lie
    Dec 15 2025
    Your Power App works—until it doesn’t. No error. No warning. Just silence.Low-code wasn’t sold as “fragile,” but that’s exactly what you get when you copy-paste formulas, skip environments, and bury dependencies where no one can see them. In this episode, we expose why Power Apps fail without telling you, where the fractures hide, and the one local-scope pattern (With) that stops the bleed. By the end, you’ll know how to restructure your screens, components, and ALM so drift disappears and reliability becomes predictable. Section 1 — The Anatomy of Fragility: Why Your App Actually Fails Power Apps don’t break loudly—they degrade quietly. You only notice after users complain, “It just spins.” Common Failure ModesFormula Drift: Copy-pasted logic across screens evolves separately and silently diverges.No Environment Boundary: Studio “Play” ≠ testing. Dev changes leak into prod instantly.Hidden Dependencies: Collections, globals, and shadow connectors impersonating your identity.Token Thinking: “It worked once” becomes your QA strategy until a schema rename destroys everything.Identity Drift: Permissions become patchwork; app sharing turns into chaos.Delegation Traps: Search, In, StartsWith—harmless at 500 rows, catastrophic at 50,000.Latency Creep: Dataverse + SharePoint joins push work client-side and burn your performance budget.Silent Error Swallowing: Patch failures vanish into thin air; users double-submit and duplicate rows explode.The Real Pattern Every Power Apps failure is a broken contract:Screen → Control → Formula → Data → Permission.When no contract exists, drift fills the vacuum. Section 2 — Forensics: Tracing the Access Paths & Failure Modes You can’t fix an app you can’t see. This section teaches you to run forensic discovery like an engineer—not a guesser. Forensic StepsMap critical flows (Submit, Approve, Report).Inventory every dependency: tables, connectors, roles, variables, component props.Surface invisible state: every Set, UpdateContext, Collect, and App.OnStart cache.Diff formulas: normalize and hash to reveal divergence across screens.Build the dependency graph: see where trust, data, and identity assumptions connect.Rehearse failure: throttle connectors, rename fields, expire tokens, break a flow connection.Define your health model: clear red/yellow/green thresholds for your top user paths.Instrument telemetry: correlation IDs, durations, outcomes, without PII.This is where ghosts lose power—because you finally see them. Section 3 — The Fix Starts Local: With() as the Guardrail The turning point.With() introduces local scope, single truth, named intent, and eliminates formula drift. Why With() WorksContainment: No global side effects.Clarity: Input → Transform → Payload → Output.Predictability: One exit path, memoized work, no duplicated logic.Performance: Heavy calls cached once, not recalculated per row.Safety: Schema coercion and type normalization happen in one place.Patterns You’ll LearnBuild query models inside With() blocksConstruct patch payloads with explicit typesRoute all success/failure through a single result objectMemoize expensive transforms for stable performanceGuard inputs to prevent delegation failuresWhen a screen stabilizes under With(), everything else becomes possible: components, ALM, reuse. Section 4 — Beyond the Screen: Components, UDFs & Enhanced Component Properties Scalability begins when you stop cloning screens and start shipping contracts. Component RulesNo globalsExplicit inputs/outputsLogic passed through ECP behavior slotsNo hidden connector callsNo host-assumed variablesTheme applied through tokens—not hex codes inside controlsUDFs (User Defined Functions) Use them for:Model normalizationType coercionPayload constructionTelemetry formattingGuard checksAvoid them for:Side effectsHidden connector callsGlobal state mutationTogether, Components + UDFs give you repeatable, enforceable patterns across apps. Section 5 — Real ALM: Solutions, Branches & Safe Releases This is where hobby apps become software. ALM RequirementsSolutions-only for Test & ProdThree environments: Dev → Test → ProdBranches for all changesPR reviews with formula diffs, delegation checks, and accessibility lintConnection references instead of personal connectionsEnvironment variables for URLs, endpoints, flagsPipelines enforcing import, smoke tests, and approvalsRollback paths with versioned managed solutionsDev is messy. Prod is sacred. Solutions are the boundary. Section 6 — Proof Under Stress: Testing, Monitoring & Controlled Chaos Resilience isn’t proven on happy paths. You’ll Learn to TestUDF-level assertionsComponent harness screensSynthetic E2E flowsToken expiry drillsSchema rename simulationsThrottling scenariosConnectivity chaosA Power App that survives this will survive in production. Section 7 — The Refactor Plan A practical, step-by-step playbook to stabilize any Power App:Inventory ...
    Show More Show Less
    26 mins
  • STOP Using Power BI Themes That Lie

    STOP Using Power BI Themes That Lie
    Dec 15 2025
    Most creators treat Power BI themes as “brand colors,” but those hues can bury alerts, erase subtotals, distort slicer states, and hide KPIs in plain sight.This episode exposes five invisible theme failures and delivers a ruthless, pass/fail validation protocol to guarantee clarity, accuracy, and accessibility across any report. 1. The Accessibility Reactor — Contrast for Alerts Is Failing Your alerts aren’t “subtle”—they’re disappearing. Low contrast turns KPIs into decorative noise. Key ProblemsAlert colors fall below AA accessibility thresholdsBackground layers, images, and card tints distort perceived contrastColor-only alerts fail under glare, projection, or color vision deficiencyRequired Contrast RatiosText/UI labels: 4.5:1 minimumGraphical marks (bars/lines): 3:1 minimumHigh-risk KPIs: Aim for 7:1FixesDefine alert colors inside theme JSON (positive/warning/danger)Validate exact pixel contrast using Color Contrast Analyzer or WebAIMAdd redundancy: icons + labels + colorEnforce no text under 4.5:1, everStrengthen line/grid contrast so visuals remain readable in motionResult Instantly recognizable alerts, reduced cognitive load, and faster decision-making. 2. Matrix Subtotal Leak — Aggregates Are Camouflaged Subtotals and grand totals often look identical to detail rows, causing executives to miss critical rollups. SymptomsEqual weight and color between detail rows and subtotalsZebra striping or drill indents misleading the eyeTotals disappearing at 80% zoomFixesExplicitly style subtotal + total selectors in theme JSONAdd background bands, stronger text weight, and a divider lineEnsure totals meet 3:1 contrast (4.5:1 for grand totals)Right-align numbers, reduce noise, and clarify unitsPass/Fail ProtocolSubtotals identifiable in <1 second at 80% zoomDivider visibly separates detail vs. aggregateNo conditional formatting overriding subtotal visibility3. Tooltip Chaos Plasma — Hover Context Lost Translucent tooltips, low-contrast text, and inconsistent styles create confusion at the exact moment users seek clarity. Common FailuresHeader and value tones too faintPane transparency letting chart noise bleed throughReport page tooltips violating contrast rulesTooltip DAX slowing the interactionFixesSet tooltip title/value/background styles in theme JSONEnforce 4.5:1 contrast on all tooltip textUse opaque backgrounds with visible shadowsKeep tooltip content minimal and high-signalOptimize queries for sub-150ms renderingPass/FailLegible over dense visualsTitle/value hierarchy obvious in <0.5sNo KPI name truncationNo background noise leaking through4. Card Visual Uranium — Hierarchy Out of Control Card visuals carry enormous perceptual weight. Without governance, they become mismatched, chaotic, and misleading. Common IssuesInconsistent font sizes across pagesLabels and values using identical weightPoor contrast or ghost-gray labelsTruncated numbers and wrapping textKPIs relying solely on color to indicate stateFixesLock font sizes, families, and value:label ratio (1.8–2.2x)Enforce 4.5:1 contrast for both label & valueStandardize number formats (K/M/B, decimals)Align cards across the grid for visual rhythmConstrain width to prevent sprawl or wrappingPass/FailInstant distinction between value and labelNo wrapping/overflowNo card deviates from governed style5. Slicer State Deception — Selected vs. Unselected Lies If users can’t tell what filters are applied, the entire report becomes untrustworthy. Common FailuresSelected, unselected, hover, and disabled states look nearly identicalDate range chips unclearNo redundant checkmarks or iconsHidden reset/filter summaryFixesDefine all four states explicitly in theme JSONUnselected: neutralSelected: strong tint + high-contrast textHover: outline/elevation, not mimicryDisabled: desaturated but still readableAdd checkmarks or icons for state redundancyInclude a clear “Reset filters” buttonAdd filter summary text at top of reportEnsure keyboard/screen reader accessibilityPass/FailState recognizable at 3 feetAll text/icon contrast ≥4.5:1Reset discoverable instantlyHover never impersonates selectedThe Validation Protocol — The Ultimate Governance System 1. Build the Validation Report A single PBIX with:Cards, KPIsMatrix (deep hierarchy)Line/column visuals with gridlinesAll slicer typesTooltips (standard & report page)Light & dark backgroundsDense background image for stress tests2. Automated TestsContrast sweep: Pixel-level testing for each FG/BG pairHierarchy audit: Subtotal visibility & one-second recognition testTooltip readability: Background noise, opacity, truncationRender performance: Sub-150ms hover response3. Theme JSON as Controlled CodeValidate against schemaStore in Git/Azure DevOps with versioningRequire PR reviews including screenshots + validation PBIXBlock overrides in governed workspaces4. Deployment Workflow Design → Peer Review → Validation Report PASS → PR Approval → Tenant Deployment → ChangelogNo AA ...
    Show More Show Less
    27 mins
No reviews yet
In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.