Now Reading: How to Eliminate Manual Governance…
-
01
How to Eliminate Manual Governance…
1
00:00:00,000 –> 00:00:03,660
You spent 15 years clicking buttons so the organization wouldn’t break.
2
00:00:03,660 –> 00:00:08,300
Access reviews, quarterly approvals, permission audits, life cycle policies,
3
00:00:08,300 –> 00:00:11,240
you were the arbiter of every decision the system couldn’t make alone.
4
00:00:11,240 –> 00:00:15,140
You were competent, you were careful, you documented everything, you stayed late,
5
00:00:15,140 –> 00:00:21,280
you got paged at 2 in the morning because some regional manager needed access to a sharepoint site that no longer had an owner.
6
00:00:21,280 –> 00:00:25,940
The system didn’t fail because you failed, the system failed because it required you to exist.
7
00:00:25,940 –> 00:00:29,460
Think about that for a moment, not as criticism, as architecture.
8
00:00:29,460 –> 00:00:33,260
You were the compensation mechanism for a platform that operated at machine speed,
9
00:00:33,260 –> 00:00:37,520
provisioning identities in milliseconds, creating teams’ workspaces instantly,
10
00:00:37,520 –> 00:00:42,620
inheriting permissions automatically, while demanding human oversight in quarterly batches.
11
00:00:42,620 –> 00:00:47,380
Every moment you weren’t reviewing something, the system continued making decisions without you.
12
00:00:47,380 –> 00:00:51,300
Every policy you wrote was static, every exception you granted became permanent.
13
00:00:51,300 –> 00:00:56,260
Configuration drifted, entropy accumulated, by the time you realized the policies were un-maintainable,
14
00:00:56,260 –> 00:00:58,420
they were already un-maintainable, you weren’t slow.
15
00:00:58,420 –> 00:01:01,180
The system was designed to move faster than humans can govern.
16
00:01:01,180 –> 00:01:04,220
That’s not a failure of execution, but that’s a design omission.
17
00:01:04,220 –> 00:01:10,500
What replaced you wasn’t a tool, it wasn’t copilot, it wasn’t power automate or some new Microsoft 365 feature bundle,
18
00:01:10,500 –> 00:01:15,320
what replaced you was the removal of the need for human latency from the authorization loop entirely.
19
00:01:15,320 –> 00:01:18,860
Decisions that once required your approval now happen continuously.
20
00:01:18,860 –> 00:01:22,140
Access that once lived forever now expires by default.
21
00:01:22,140 –> 00:01:26,620
Policies that once required manual tuning now are just based on real-time signals.
22
00:01:26,620 –> 00:01:28,260
The system doesn’t wait for you anymore.
23
00:01:28,260 –> 00:01:29,940
It enforces intent.
24
00:01:29,940 –> 00:01:31,700
This is satisfying because it’s honest.
25
00:01:31,700 –> 00:01:33,420
It acknowledges what was always true.
26
00:01:33,420 –> 00:01:36,460
You were a bottleneck in an authorization engine that needed to move faster.
27
00:01:36,460 –> 00:01:40,380
Not because you were bad at it, because no human can keep pace with machine speed at scale.
28
00:01:40,380 –> 00:01:44,540
By the end of this you’ll understand why the downfall of manual administration wasn’t a tragedy.
29
00:01:44,540 –> 00:01:45,700
It was inevitable.
30
00:01:45,700 –> 00:01:51,660
You’ll see how the gap between decision speed and approval speed created entropy that no amount of diligence could manage.
31
00:01:51,660 –> 00:01:56,860
You’ll understand why the system needed something else, not better admins, but no admins in the decision loop at all.
32
00:01:56,860 –> 00:01:58,420
And here’s the part that matters.
33
00:01:58,420 –> 00:02:02,620
The architects who understood this early are now designing the systems that replaced them.
34
00:02:02,620 –> 00:02:04,060
They’re not clicking buttons anymore.
35
00:02:04,060 –> 00:02:05,460
They are defining intent.
36
00:02:05,460 –> 00:02:07,540
They’re writing the rules that agents enforce.
37
00:02:07,540 –> 00:02:13,900
They’re the difference between a system that moves faster than it can be governed and a system that’s deterministic by design.
38
00:02:13,900 –> 00:02:16,900
The question isn’t whether manual administration is going away.
39
00:02:16,900 –> 00:02:17,780
It’s already gone.
40
00:02:17,780 –> 00:02:21,780
The question is whether you’ll be the one who understands why or the one still defending the buttons.
41
00:02:21,780 –> 00:02:23,020
The illusion of control.
42
00:02:23,020 –> 00:02:25,740
Let’s start where every manual admin story begins.
43
00:02:25,740 –> 00:02:27,180
The belief that you were in control.
44
00:02:27,180 –> 00:02:28,700
You had the global admin role.
45
00:02:28,700 –> 00:02:30,140
You had permissions to everything.
46
00:02:30,140 –> 00:02:33,220
Exchange teams, SharePoint, Entra, Perview.
47
00:02:33,220 –> 00:02:35,700
Every system in the tenant flowed through your credentials.
48
00:02:35,700 –> 00:02:37,980
You were the apex of the organizational hierarchy.
49
00:02:37,980 –> 00:02:39,500
The system deferred to you.
50
00:02:39,500 –> 00:02:41,060
Except that’s not what was happening.
51
00:02:41,060 –> 00:02:42,340
That’s not what it ever was.
52
00:02:42,340 –> 00:02:45,460
The global admin role wasn’t an expression of your authority.
53
00:02:45,460 –> 00:02:46,900
It was an architectural confession.
54
00:02:46,900 –> 00:02:49,940
It existed because the system couldn’t decide what you should have.
55
00:02:49,940 –> 00:02:51,260
It couldn’t define scope.
56
00:02:51,260 –> 00:02:52,860
It couldn’t enforce boundaries.
57
00:02:52,860 –> 00:02:56,260
So it gave you everything and hoped you’d use good judgment.
58
00:02:56,260 –> 00:02:57,340
That’s not governance.
59
00:02:57,340 –> 00:02:59,300
That’s delegation of the problem too.
60
00:02:59,300 –> 00:03:01,340
Maybe someday we’ll fix this.
61
00:03:01,340 –> 00:03:03,780
Look at what actually happened when you tried to use that power.
62
00:03:03,780 –> 00:03:06,340
Every quarterly access review landed on your desk.
63
00:03:06,340 –> 00:03:11,060
You dutifully sent out notifications asking owners to certify that users still needed their roles.
64
00:03:11,060 –> 00:03:12,460
40% didn’t respond.
65
00:03:12,460 –> 00:03:15,180
You couldn’t revoke access from people who didn’t say anything.
66
00:03:15,180 –> 00:03:17,020
The organization needed them to work.
67
00:03:17,020 –> 00:03:18,260
So you approved by default.
68
00:03:18,260 –> 00:03:19,580
You documented the approval.
69
00:03:19,580 –> 00:03:20,660
You moved to the next one.
70
00:03:20,660 –> 00:03:22,180
That wasn’t you reviewing access.
71
00:03:22,180 –> 00:03:24,300
That was you documenting compliance theater.
72
00:03:24,300 –> 00:03:26,340
The real architecture was simpler and darker.
73
00:03:26,340 –> 00:03:32,420
Every person who had ever been granted access to something kept that access until someone explicitly removed them.
74
00:03:32,420 –> 00:03:36,140
And since no one was going to take the political risk of removing someone’s access
75
00:03:36,140 –> 00:03:38,620
without explicit instruction, the access persisted.
76
00:03:38,620 –> 00:03:39,460
It compounded.
77
00:03:39,460 –> 00:03:40,500
Permissions inherited.
78
00:03:40,500 –> 00:03:41,660
Users changed roles.
79
00:03:41,660 –> 00:03:44,300
The systems they’d been granted access to were forgotten.
80
00:03:44,300 –> 00:03:48,300
New SharePoint sites were created with the same default permissions as the old ones.
81
00:03:48,300 –> 00:03:51,100
By year three, half your organization had standing privilege
82
00:03:51,100 –> 00:03:52,580
to systems they’d never used.
83
00:03:52,580 –> 00:03:53,900
You weren’t failing to manage it.
84
00:03:53,900 –> 00:03:56,220
The system was designed to prevent you from managing it.
85
00:03:56,220 –> 00:03:57,980
Standing privilege isn’t security.
86
00:03:57,980 –> 00:04:01,140
It’s architectural laziness wrapped in permission inheritance.
87
00:04:01,140 –> 00:04:04,300
The system couldn’t decide this person should have access to this.
88
00:04:04,300 –> 00:04:08,820
But only during work hours, only from a managed device, only if risk signals don’t spike.
89
00:04:08,820 –> 00:04:10,140
So it chose the default.
90
00:04:10,140 –> 00:04:13,660
Access is on forever until someone cares enough to turn it off.
91
00:04:13,660 –> 00:04:17,660
And since no one cares because caring means managing permissions, it stays on.
92
00:04:17,660 –> 00:04:20,020
Every exception you granted became a permanent rule.
93
00:04:20,020 –> 00:04:22,300
Someone needed elevated access for 72 hours.
94
00:04:22,300 –> 00:04:23,300
You granted it.
95
00:04:23,300 –> 00:04:24,180
They used it.
96
00:04:24,180 –> 00:04:25,740
Then you forgot to revoke it.
97
00:04:25,740 –> 00:04:27,100
Or they asked for a grace period.
98
00:04:27,100 –> 00:04:28,180
Or there was a change freeze.
99
00:04:28,180 –> 00:04:30,860
Or you documented it for later review and later never came.
100
00:04:30,860 –> 00:04:32,100
The access didn’t expire.
101
00:04:32,100 –> 00:04:33,860
Standing privilege expanded.
102
00:04:33,860 –> 00:04:36,100
The system continued making decisions without you.
103
00:04:36,100 –> 00:04:37,220
Here’s the part that matters.
104
00:04:37,220 –> 00:04:38,420
You could see this happening.
105
00:04:38,420 –> 00:04:39,140
You understood it.
106
00:04:39,140 –> 00:04:44,140
Every competent admin I’ve ever known spent at least 20% of their time managing the consequences
107
00:04:44,140 –> 00:04:46,820
of permanent access and permission inheritance.
108
00:04:46,820 –> 00:04:49,900
But understanding the problem and fixing it are different things.
109
00:04:49,900 –> 00:04:53,740
You couldn’t fix it because the system was broken by design, not by implementation.
110
00:04:53,740 –> 00:04:55,540
The platform operated at machine speed.
111
00:04:55,540 –> 00:04:57,260
Identities were provisioned in seconds.
112
00:04:57,260 –> 00:04:58,740
Teams were created instantly.
113
00:04:58,740 –> 00:05:01,100
Permissions were inherited automatically.
114
00:05:01,100 –> 00:05:03,580
But access governance operated at human speed.
115
00:05:03,580 –> 00:05:07,300
Quarterly batches, manual reviews, documented approvals.
116
00:05:07,300 –> 00:05:11,300
The gap between how fast the system created things and how fast you could govern them grew
117
00:05:11,300 –> 00:05:12,300
every quarter.
118
00:05:12,300 –> 00:05:15,220
You weren’t overworked because access management was complicated.
119
00:05:15,220 –> 00:05:19,380
You were overworked because the system had decided to give every user access to everything
120
00:05:19,380 –> 00:05:21,380
until you personally revoked it.
121
00:05:21,380 –> 00:05:23,300
And you can’t revoke what you don’t know exists.
122
00:05:23,300 –> 00:05:24,900
That wasn’t control.
123
00:05:24,900 –> 00:05:29,020
Control would have meant the system made decisions based on defined rules.
124
00:05:29,020 –> 00:05:33,380
What you had was the illusion of control, the authority to document choices that were already
125
00:05:33,380 –> 00:05:34,780
made.
126
00:05:34,780 –> 00:05:36,820
Why human speed was never going to work?
127
00:05:36,820 –> 00:05:38,860
The fundamental flaw wasn’t operational.
128
00:05:38,860 –> 00:05:40,420
It was architectural.
129
00:05:40,420 –> 00:05:42,900
Microsoft 365 doesn’t operate at human speed.
130
00:05:42,900 –> 00:05:43,900
It operates at machine speed.
131
00:05:43,900 –> 00:05:44,900
That’s not a metaphor.
132
00:05:44,900 –> 00:05:47,540
That’s a measurable gap that grows wider every day.
133
00:05:47,540 –> 00:05:50,500
That team’s workspace is created in milliseconds.
134
00:05:50,500 –> 00:05:51,860
Permissions are inherited instantly.
135
00:05:51,860 –> 00:05:54,940
A user gets access to a file by virtue of being in a group.
136
00:05:54,940 –> 00:05:58,340
A distribution list expands automatically and approval workflow triggers.
137
00:05:58,340 –> 00:05:59,860
A compliance rule applies.
138
00:05:59,860 –> 00:06:01,980
All of this happens at nanosecond scale.
139
00:06:01,980 –> 00:06:05,700
The system makes thousands of authorization decisions every second without waiting for
140
00:06:05,700 –> 00:06:06,700
you to blink.
141
00:06:06,700 –> 00:06:09,100
Then you review that team’s workspace in days.
142
00:06:09,100 –> 00:06:11,460
You audit the permission inheritance in quarters.
143
00:06:11,460 –> 00:06:14,300
You notice the compliance drift in the monthly report.
144
00:06:14,300 –> 00:06:18,060
At that time, the system has already made the next thousand decisions and moved on.
145
00:06:18,060 –> 00:06:19,220
You were never fast enough.
146
00:06:19,220 –> 00:06:23,300
Not because you were slow, because the system was designed to move faster than humans can
147
00:06:23,300 –> 00:06:24,300
govern.
148
00:06:24,300 –> 00:06:25,900
A permission is inherited in nanoseconds.
149
00:06:25,900 –> 00:06:27,380
You audit it in 90 days.
150
00:06:27,380 –> 00:06:31,100
In that gap, the system has made 90 million authorization decisions.
151
00:06:31,100 –> 00:06:34,700
You’re reviewing one, thinking you found the problem, not understanding that by the time
152
00:06:34,700 –> 00:06:38,700
you documented, the system has already created 10 new variants of the same problem.
153
00:06:38,700 –> 00:06:41,340
This isn’t about hiring faster admins or better tools.
154
00:06:41,340 –> 00:06:45,540
This is about the mathematical impossibility of human oversight, keeping pace with automated
155
00:06:45,540 –> 00:06:46,940
decision making at scale.
156
00:06:46,940 –> 00:06:48,980
Here’s how entropy accumulates in that gap.
157
00:06:48,980 –> 00:06:52,580
Every moment you don’t act, the system continues making decisions without you.
158
00:06:52,580 –> 00:06:54,780
A team site is created with default settings.
159
00:06:54,780 –> 00:06:55,780
You don’t know about it.
160
00:06:55,780 –> 00:06:57,140
The system didn’t ask permission.
161
00:06:57,140 –> 00:06:58,140
It just created it.
162
00:06:58,140 –> 00:07:00,820
Ownership gets assigned to the person who created the team.
163
00:07:00,820 –> 00:07:01,820
They leave the company.
164
00:07:01,820 –> 00:07:02,820
The team stays.
165
00:07:02,820 –> 00:07:03,820
Now it’s orphaned.
166
00:07:03,820 –> 00:07:04,820
The system doesn’t care.
167
00:07:04,820 –> 00:07:07,100
The system has moved on to creating the next thousand teams.
168
00:07:07,100 –> 00:07:09,540
You find the orphaned team three months later.
169
00:07:09,540 –> 00:07:11,100
You check whether it has sensitive data.
170
00:07:11,100 –> 00:07:12,100
It does.
171
00:07:12,100 –> 00:07:13,100
You check who has access.
172
00:07:13,100 –> 00:07:14,860
40 people from three different departments.
173
00:07:14,860 –> 00:07:16,420
You check whether it was supposed to be there.
174
00:07:16,420 –> 00:07:17,420
No one knows.
175
00:07:17,420 –> 00:07:18,420
You reach out to the original owner.
176
00:07:18,420 –> 00:07:19,420
They’ve already left.
177
00:07:19,420 –> 00:07:20,620
You document that it needs review.
178
00:07:20,620 –> 00:07:22,660
You schedule it for the next governance meeting.
179
00:07:22,660 –> 00:07:23,980
The meeting is in six weeks.
180
00:07:23,980 –> 00:07:27,900
By then, someone will have shared another hundred files into that same team because the system
181
00:07:27,900 –> 00:07:29,100
doesn’t know it’s orphaned.
182
00:07:29,100 –> 00:07:32,260
It just knows the team exists and the permissions allow it.
183
00:07:32,260 –> 00:07:33,260
That’s entropy.
184
00:07:33,260 –> 00:07:34,260
Configuration drift.
185
00:07:34,260 –> 00:07:35,260
Shadow sites.
186
00:07:35,260 –> 00:07:36,260
Ungoverned access.
187
00:07:36,260 –> 00:07:38,100
It’s not created by chaos.
188
00:07:38,100 –> 00:07:43,000
It’s created by the deliberate gap between machine speed decision making and human speed
189
00:07:43,000 –> 00:07:44,000
oversight.
190
00:07:44,000 –> 00:07:46,340
You are not hired to move faster than the system.
191
00:07:46,340 –> 00:07:48,980
You are hired because the system couldn’t move slower.
192
00:07:48,980 –> 00:07:53,900
The platform was built for distributed teams, instant collaboration, automatic inheritance,
193
00:07:53,900 –> 00:07:55,900
and ask forgiveness later permissions.
194
00:07:55,900 –> 00:07:56,900
It was built for speed.
195
00:07:56,900 –> 00:07:57,900
It was built to scale.
196
00:07:57,900 –> 00:08:01,940
It was built for a world where the bottleneck was collaboration, not governance.
197
00:08:01,940 –> 00:08:02,940
And it worked.
198
00:08:02,940 –> 00:08:05,060
The system enabled organizations to move fast.
199
00:08:05,060 –> 00:08:06,900
Teams could be created in minutes.
200
00:08:06,900 –> 00:08:09,700
Teams could get access to resources instantly.
201
00:08:09,700 –> 00:08:11,100
Collaboration happened without friction.
202
00:08:11,100 –> 00:08:15,420
The trade-off was that governance had to happen later after the fact in cleanup mode and
203
00:08:15,420 –> 00:08:17,460
cleanup mode at scale is not governance.
204
00:08:17,460 –> 00:08:18,660
It’s damage assessment.
205
00:08:18,660 –> 00:08:20,700
Every competent admin understood this trade-off.
206
00:08:20,700 –> 00:08:22,900
You could move fast or you could be certain, but not both.
207
00:08:22,900 –> 00:08:24,380
The system chose fast.
208
00:08:24,380 –> 00:08:28,340
You are hired to manage the certainty debt that accumulated as a consequence.
209
00:08:28,340 –> 00:08:29,540
But here’s what you couldn’t do.
210
00:08:29,540 –> 00:08:31,540
You couldn’t make the system move slower.
211
00:08:31,540 –> 00:08:34,460
You couldn’t convince it to ask permission before creating things.
212
00:08:34,460 –> 00:08:37,380
You couldn’t make it wait for approval before inheriting permissions.
213
00:08:37,380 –> 00:08:42,100
You couldn’t reprogram 90 years of Microsoft’s automation philosophy because one administrator
214
00:08:42,100 –> 00:08:43,300
was struggling to keep up.
215
00:08:43,300 –> 00:08:44,700
You were not solving a problem.
216
00:08:44,700 –> 00:08:48,740
You were managing the consequences of a design choice that was made before you arrived and
217
00:08:48,740 –> 00:08:50,540
would persist long after you left.
218
00:08:50,540 –> 00:08:54,020
The gap between machine speed and human speed isn’t closing.
219
00:08:54,020 –> 00:08:55,620
Every year the system gets faster.
220
00:08:55,620 –> 00:08:57,660
Every quarter there are more decisions to govern.
221
00:08:57,660 –> 00:08:59,060
Every month the entropy grows.
222
00:08:59,060 –> 00:09:03,140
And every day you’re trying to do something that was always mathematically impossible.
223
00:09:03,140 –> 00:09:06,860
It’s a proof decisions at human speed for a system that operates at machine speed.
224
00:09:06,860 –> 00:09:08,740
That’s not a failure of administration.
225
00:09:08,740 –> 00:09:13,620
That’s the architectural inevitability that makes manual administration obsolete by definition.
226
00:09:13,620 –> 00:09:14,940
The entropy generator.
227
00:09:14,940 –> 00:09:18,140
This gap between speed and oversight didn’t create isolated problems.
228
00:09:18,140 –> 00:09:22,300
It created a system-wide mechanism that guaranteed entropy at scale.
229
00:09:22,300 –> 00:09:25,300
Every policy exception you granted became a permanent rule.
230
00:09:25,300 –> 00:09:28,140
Someone needed access to a sensitive SharePoint site for a project.
231
00:09:28,140 –> 00:09:29,140
They made the request.
232
00:09:29,140 –> 00:09:30,140
You reviewed it.
233
00:09:30,140 –> 00:09:31,140
You approved it.
234
00:09:31,140 –> 00:09:32,140
The project ended.
235
00:09:32,140 –> 00:09:34,140
Six months later they left the company.
236
00:09:34,140 –> 00:09:35,940
The access persisted a year later.
237
00:09:35,940 –> 00:09:38,100
Someone asked why they had access to the site.
238
00:09:38,100 –> 00:09:39,100
No one knew.
239
00:09:39,100 –> 00:09:40,100
You looked it up.
240
00:09:40,100 –> 00:09:41,620
The original justification was archived.
241
00:09:41,620 –> 00:09:42,780
The project was complete.
242
00:09:42,780 –> 00:09:44,140
But removing it felt risky.
243
00:09:44,140 –> 00:09:45,140
What if something broke?
244
00:09:45,140 –> 00:09:46,700
What if they still needed it for something?
245
00:09:46,700 –> 00:09:50,700
So you documented it for review and scheduled the removal for next quarter.
246
00:09:50,700 –> 00:09:51,700
Next quarter came.
247
00:09:51,700 –> 00:09:53,060
There were 50 items in the queue.
248
00:09:53,060 –> 00:09:56,540
You got to this one so there was no recent activity marked it as will investigate further
249
00:09:56,540 –> 00:09:57,540
and move on.
250
00:09:57,540 –> 00:09:59,260
That’s not a policy exception anymore.
251
00:09:59,260 –> 00:10:01,180
That’s standing privilege.
252
00:10:01,180 –> 00:10:05,620
Every just this one’s access became permanent standing access because you couldn’t revoke.
253
00:10:05,620 –> 00:10:07,100
What was never formally granted.
254
00:10:07,100 –> 00:10:08,980
What had no documented reason.
255
00:10:08,980 –> 00:10:10,700
What no one remembered requesting.
256
00:10:10,700 –> 00:10:14,460
The system had no concept of this access was supposed to be temporary.
257
00:10:14,460 –> 00:10:15,460
In new access existed.
258
00:10:15,460 –> 00:10:16,820
It didn’t know why.
259
00:10:16,820 –> 00:10:18,860
Without explicit reason you couldn’t revoke it.
260
00:10:18,860 –> 00:10:21,500
Every unlabeled file became a governance blind spot.
261
00:10:21,500 –> 00:10:23,260
SharePoint stores millions of files.
262
00:10:23,260 –> 00:10:24,740
Most are never labeled.
263
00:10:24,740 –> 00:10:27,340
Most never touch a sensitivity classification.
264
00:10:27,340 –> 00:10:31,420
One puts a spreadsheet in a public sharePoint site because that’s where their team collaborates.
265
00:10:31,420 –> 00:10:33,260
The spreadsheet contains salary data.
266
00:10:33,260 –> 00:10:34,260
No one labeled it.
267
00:10:34,260 –> 00:10:35,260
No one encrypted it.
268
00:10:35,260 –> 00:10:36,460
No one restricted access to it.
269
00:10:36,460 –> 00:10:40,340
The system doesn’t flag it because the system has no way to know what a spreadsheet contains
270
00:10:40,340 –> 00:10:42,340
without opening it and analyzing it.
271
00:10:42,340 –> 00:10:46,060
You need to scan every file, classify every document, apply every label.
272
00:10:46,060 –> 00:10:49,460
You could hire three people and run them full time for a year and still not finish.
273
00:10:49,460 –> 00:10:50,780
So the files stay unlabeled.
274
00:10:50,780 –> 00:10:53,020
The governance blind spot persists.
275
00:10:53,020 –> 00:10:55,060
Configuration drift isn’t caused by bad configuration.
276
00:10:55,060 –> 00:10:57,500
It was caused by the absence of continuous evaluation.
277
00:10:57,500 –> 00:11:00,020
This is where the mechanism accelerates.
278
00:11:00,020 –> 00:11:01,740
Configuration drift wasn’t a bug you could patch.
279
00:11:01,740 –> 00:11:06,820
It was the inevitable outcome of a system designed to operate faster than humans can govern.
280
00:11:06,820 –> 00:11:09,620
Every policy you didn’t enforce created a precedent.
281
00:11:09,620 –> 00:11:12,740
Every exception you allowed became a template for the next exception.
282
00:11:12,740 –> 00:11:16,580
Every compromise you made to keep the business moving was a data point that the system remembered.
283
00:11:16,580 –> 00:11:18,980
You approved external sharing for one user.
284
00:11:18,980 –> 00:11:22,140
Now every user assumes external sharing is allowed.
285
00:11:22,140 –> 00:11:24,340
You granted elevated privilege for one team.
286
00:11:24,340 –> 00:11:25,340
Now every team requests it.
287
00:11:25,340 –> 00:11:26,340
You exempted one policy.
288
00:11:26,340 –> 00:11:29,020
Now every department claims they deserve the same exemption.
289
00:11:29,020 –> 00:11:30,020
Entropy compounds.
290
00:11:30,020 –> 00:11:32,780
One exception becomes 10 becomes 100 becomes 10,000.
291
00:11:32,780 –> 00:11:33,780
The rules fragment.
292
00:11:33,780 –> 00:11:35,180
The policies contradict.
293
00:11:35,180 –> 00:11:37,540
The system operates according to competing precedents.
294
00:11:37,540 –> 00:11:39,300
Configuration becomes subjective.
295
00:11:39,300 –> 00:11:41,140
Enforcement becomes inconsistent.
296
00:11:41,140 –> 00:11:43,460
Governance becomes theater.
297
00:11:43,460 –> 00:11:49,660
By 2026 most organizations had accumulated so much entropy that manual review was mathematically impossible.
298
00:11:49,660 –> 00:11:51,340
You couldn’t audit your way out of it.
299
00:11:51,340 –> 00:11:52,900
You couldn’t enforce your way through it.
300
00:11:52,900 –> 00:11:57,500
The system had created too many exceptions, too many special cases, too many workarounds.
301
00:11:57,500 –> 00:12:02,740
A competent admin looked at the state of permission inheritance across a mid-size tenant and understood.
302
00:12:02,740 –> 00:12:04,740
This isn’t something that can be manually governed.
303
00:12:04,740 –> 00:12:07,540
This is something that has to be completely rebuilt from first principles.
304
00:12:07,540 –> 00:12:09,380
And by then you were already years behind.
305
00:12:09,380 –> 00:12:11,780
You weren’t behind on work that the work was behind on you.
306
00:12:11,780 –> 00:12:16,780
The system had been making unauthorized decisions faster than you could document what decisions were already made.
307
00:12:16,780 –> 00:12:18,500
That’s not administrative failure.
308
00:12:18,500 –> 00:12:22,780
That’s the mechanics of entropy in a system where decisions are made automatically.
309
00:12:22,780 –> 00:12:24,660
And governance happens in batches.
310
00:12:24,660 –> 00:12:28,380
The system wins every time because the system doesn’t need your permission to run.
311
00:12:28,380 –> 00:12:31,500
It just needs you to approve its decisions after they’re already made.
312
00:12:31,500 –> 00:12:36,220
And by then it’s already made the next 10,000 said the conditional chaos problem.
313
00:12:36,220 –> 00:12:38,620
The real architectural failure wasn’t in what you did.
314
00:12:38,620 –> 00:12:41,740
It was in how the system forced you to make decisions.
315
00:12:41,740 –> 00:12:46,860
Conditional access policies started as clean logic, simple, deterministic.
316
00:12:46,860 –> 00:12:52,500
If user is in high risk group then deny access unless they’re using a compliant device and have MFA enabled.
317
00:12:52,500 –> 00:12:53,780
That’s a rule. That’s governance.
318
00:12:53,780 –> 00:12:57,820
That’s a statement of security intent that a machine can enforce consistently.
319
00:12:57,820 –> 00:12:59,860
But then the business needed an exception.
320
00:12:59,860 –> 00:13:02,180
Sales needed access from home on personal devices.
321
00:13:02,180 –> 00:13:03,660
So you added an exception clause.
322
00:13:03,660 –> 00:13:06,780
If user is in sales and it’s after hours then allow it.
323
00:13:06,780 –> 00:13:09,780
Now your policy reads if high risk group deny,
324
00:13:09,780 –> 00:13:11,780
acceptive sales after hours.
325
00:13:11,780 –> 00:13:15,900
Then I’d needed to disable the rule for their own team during maintenance windows.
326
00:13:15,900 –> 00:13:17,100
So you added another clause.
327
00:13:17,100 –> 00:13:22,060
Unless the user is in IT and the time is 2am to 4am on Tuesday.
328
00:13:22,060 –> 00:13:25,180
Then there was a contractor who needed access just for the fiscal year.
329
00:13:25,180 –> 00:13:26,620
So you added temporal logic.
330
00:13:26,620 –> 00:13:29,660
But if the user’s access expires on this date allow it anyway,
331
00:13:29,660 –> 00:13:34,780
then there was the executive who needed access from anywhere anytime for anything because executives never follow policies.
332
00:13:34,780 –> 00:13:38,860
So you added a carve out maybe Q if the user is flagged as executive.
333
00:13:38,860 –> 00:13:40,220
You didn’t make bad decisions.
334
00:13:40,220 –> 00:13:42,860
You made reasonable exceptions to reasonable policies.
335
00:13:42,860 –> 00:13:47,620
But each exception clause converted your deterministic security model into something else entirely.
336
00:13:47,620 –> 00:13:53,620
A probabilistic system where the outcome of any given access attempt depended on a tangle of overlapping exceptions,
337
00:13:53,620 –> 00:13:57,700
carve-outs, temporal rules and special cases.
338
00:13:57,700 –> 00:14:04,940
By the time you had written five policies covering the main security posture and added exceptions for sales, IT, contractors, executives,
339
00:14:04,940 –> 00:14:09,220
regional requirements and compliance exceptions, you were no longer writing policy.
340
00:14:09,220 –> 00:14:10,660
You were writing conditional chaos.
341
00:14:10,660 –> 00:14:12,300
Here’s what happened to the next audit.
342
00:14:12,300 –> 00:14:16,460
You inherited someone else’s conditional access policies from the previous admin.
343
00:14:16,460 –> 00:14:18,860
You need to understand where the access is being controlled properly.
344
00:14:18,860 –> 00:14:20,140
So you read the policy.
345
00:14:20,140 –> 00:14:25,820
If location is not trusted, deny access except if device is managed unless the user is in a group called exec exceptions.
346
00:14:25,820 –> 00:14:30,180
But if the user has activated PIM in the last 10 minutes, allow them anyway.
347
00:14:30,180 –> 00:14:32,820
You stop reading. You have no idea what this policy actually does.
348
00:14:32,820 –> 00:14:34,620
Not because you’re not smart enough.
349
00:14:34,620 –> 00:14:40,900
Because the policy itself is incoherent, the logic has become so layered that predicting the outcome of any specific access attempt
350
00:14:40,900 –> 00:14:46,460
requires you to trace through six nested conditions, each of which depends on states that change in real time.
351
00:14:46,460 –> 00:14:48,500
You can’t audit that. You can’t reason about it.
352
00:14:48,500 –> 00:14:52,300
You can’t predict whether a new threat pattern will be caught or will slip through.
353
00:14:52,300 –> 00:14:55,020
Each exception made the next threat respond slower.
354
00:14:55,020 –> 00:14:56,500
A new attack vector emerges.
355
00:14:56,500 –> 00:14:58,860
You need to block access from a certain country,
356
00:14:58,860 –> 00:15:01,620
but you have to check whether any of your exceptions would allow it anyway.
357
00:15:01,620 –> 00:15:04,900
You find that your executives can access from anywhere,
358
00:15:04,900 –> 00:15:07,180
carve-out, bypasses the country-based block.
359
00:15:07,180 –> 00:15:09,420
So you add another exception to the exception.
360
00:15:09,420 –> 00:15:11,860
Unless the threat is a country-based block.
361
00:15:11,860 –> 00:15:14,580
Now you have a policy about a policy about a policy.
362
00:15:14,580 –> 00:15:17,380
The system didn’t fail because you made bad decisions.
363
00:15:17,380 –> 00:15:21,220
The system failed because humans can’t maintain logical consistency at scale.
364
00:15:21,220 –> 00:15:23,060
You understood every individual exception.
365
00:15:23,060 –> 00:15:24,620
Each one made sense in the moment,
366
00:15:24,620 –> 00:15:29,740
but the aggregate, the interaction of 20 exception clauses across 10 policies affecting 300 users,
367
00:15:29,740 –> 00:15:33,220
was no longer something a human brain could coherently hold.
368
00:15:33,220 –> 00:15:37,540
By the time you realized the policies were unmanageable, they were already unmentainable,
369
00:15:37,540 –> 00:15:40,260
you couldn’t simplify them without potentially breaking something,
370
00:15:40,260 –> 00:15:42,340
you couldn’t audit them without spending weeks,
371
00:15:42,340 –> 00:15:43,580
reverse engineering the logic,
372
00:15:43,580 –> 00:15:46,380
you couldn’t update them without risking unforeseen consequences.
373
00:15:46,380 –> 00:15:49,540
So you stopped updating them, they calcified, they became legacy,
374
00:15:49,540 –> 00:15:52,060
they persisted not because they were good policy,
375
00:15:52,060 –> 00:15:54,500
but because no one was confident enough to change them.
376
00:15:54,500 –> 00:15:57,660
That’s when you understood, you weren’t managing a security model,
377
00:15:57,660 –> 00:15:59,700
you were managing the wreckage of a security model
378
00:15:59,700 –> 00:16:02,700
that had been undermined by a thousand reasonable compromises.
379
00:16:02,700 –> 00:16:04,220
Access reviews as theater.
380
00:16:04,220 –> 00:16:06,940
Let’s talk about the ritual that every admin knows is broken.
381
00:16:06,940 –> 00:16:08,260
The quarterly access review.
382
00:16:08,260 –> 00:16:11,740
The checkbox that made leadership feel secure while being entirely theater.
383
00:16:11,740 –> 00:16:12,740
Here’s how it works.
384
00:16:12,740 –> 00:16:15,740
Microsoft says you should review access every 90 days.
385
00:16:15,740 –> 00:16:17,580
It’s a best practice, it’s a control.
386
00:16:17,580 –> 00:16:19,020
It demonstrates due diligence.
387
00:16:19,020 –> 00:16:23,020
So you set it up every quarter, you send notifications to team owners.
388
00:16:23,020 –> 00:16:26,580
Please certify that the following users still need access to this team.
389
00:16:26,580 –> 00:16:28,780
Respond by Friday or we’ll assume you approve.
390
00:16:28,780 –> 00:16:30,180
40% don’t respond.
391
00:16:30,180 –> 00:16:32,820
You can’t block 40% of your organization’s access.
392
00:16:32,820 –> 00:16:34,100
The business breaks.
393
00:16:34,100 –> 00:16:36,460
Teams can’t communicate, project stall.
394
00:16:36,460 –> 00:16:37,740
Users call the help desk.
395
00:16:37,740 –> 00:16:38,900
The help desk calls you.
396
00:16:38,900 –> 00:16:41,540
You’re blamed for blocking access that the business needed.
397
00:16:41,540 –> 00:16:43,900
So you approve by default, you document the approval,
398
00:16:43,900 –> 00:16:45,180
you move to the next batch.
399
00:16:45,180 –> 00:16:47,220
What you’ve just done is perform an access review
400
00:16:47,220 –> 00:16:51,100
where access that no one confirmed is required now has documented approval.
401
00:16:51,100 –> 00:16:54,020
You’ve created a compliance artifact that proves you reviewed it.
402
00:16:54,020 –> 00:16:55,580
You haven’t actually reviewed anything.
403
00:16:55,580 –> 00:16:58,620
You’ve documented that the owner didn’t respond and you approved it anyway.
404
00:16:58,620 –> 00:17:00,500
Consider what’s actually in those permissions.
405
00:17:00,500 –> 00:17:03,580
Some of it is there because someone granted it four years ago.
406
00:17:03,580 –> 00:17:05,300
That person left the company two years ago.
407
00:17:05,300 –> 00:17:06,260
The access remained.
408
00:17:06,260 –> 00:17:07,260
It never expires.
409
00:17:07,260 –> 00:17:10,100
It’s never reviewed because the original owner can’t respond.
410
00:17:10,100 –> 00:17:11,780
They’re not in the organization anymore.
411
00:17:11,780 –> 00:17:13,660
But their legacy access persists.
412
00:17:13,660 –> 00:17:17,260
Now you’re approving access that was granted by someone who isn’t employed anymore
413
00:17:17,260 –> 00:17:21,500
for reasons that are undocumented to resources they may no longer even know exist.
414
00:17:21,500 –> 00:17:22,700
That’s not governance.
415
00:17:22,700 –> 00:17:24,380
That’s necromancy.
416
00:17:24,380 –> 00:17:25,820
The real problem is this.
417
00:17:25,820 –> 00:17:28,500
The system requires you to make a decision every 90 days
418
00:17:28,500 –> 00:17:30,700
that should never have needed making in the first place.
419
00:17:30,700 –> 00:17:33,660
If access was supposed to be temporary, it should have expired.
420
00:17:33,660 –> 00:17:35,220
If it required periodic review,
421
00:17:35,220 –> 00:17:37,660
the system should have built in expiration criteria.
422
00:17:37,660 –> 00:17:40,060
If it should have been revoked when someone changed roles,
423
00:17:40,060 –> 00:17:42,060
the system should have revoked it automatically.
424
00:17:42,060 –> 00:17:44,660
Instead, the system creates access that lives forever.
425
00:17:44,660 –> 00:17:48,420
Then it requires humans to remember that it exists, verify that it’s still needed
426
00:17:48,420 –> 00:17:51,420
and manually revoke it on a 90 day cycle forever.
427
00:17:51,420 –> 00:17:54,020
For every user, for every role, for every resource.
428
00:17:54,020 –> 00:17:56,820
Multiply that by thousands of users and hundreds of resources
429
00:17:56,820 –> 00:17:59,460
and you’re asking humans to make millions of decisions
430
00:17:59,460 –> 00:18:03,980
that a machine should have made once at creation time with clear expiration built in.
431
00:18:03,980 –> 00:18:05,460
Here’s what makes it theatre.
432
00:18:05,460 –> 00:18:07,940
The approval you’re documenting isn’t based on information.
433
00:18:07,940 –> 00:18:09,540
It’s based on absence of objection.
434
00:18:09,540 –> 00:18:10,900
You approve because no one said no.
435
00:18:10,900 –> 00:18:12,580
That’s not review. That’s default permit.
436
00:18:12,580 –> 00:18:15,180
And default permit is what you get when the system is designed
437
00:18:15,180 –> 00:18:16,980
to assume access should be granted
438
00:18:16,980 –> 00:18:19,380
unless there’s a specific reason to revoke it.
439
00:18:19,380 –> 00:18:21,460
The system didn’t start this way by accident.
440
00:18:21,460 –> 00:18:24,900
It started this way because access decisions are philosophically hard
441
00:18:24,900 –> 00:18:26,620
to make at the moment of grant.
442
00:18:26,620 –> 00:18:28,420
So the system defers the decision.
443
00:18:28,420 –> 00:18:30,380
Access is granted tentatively.
444
00:18:30,380 –> 00:18:32,860
The decision to revoke is pushed to the future.
445
00:18:32,860 –> 00:18:34,620
Now it’s quarterly. Now it’s your problem.
446
00:18:34,620 –> 00:18:36,020
But here’s the architectural truth.
447
00:18:36,020 –> 00:18:39,580
If you needed human review every 90 days to decide whether to keep access
448
00:18:39,580 –> 00:18:43,420
then the system created access that was already uncertain at grant time.
449
00:18:43,420 –> 00:18:45,900
The system didn’t know whether the access should exist.
450
00:18:45,900 –> 00:18:48,620
So it created it anyway and asked you to figure it out later.
451
00:18:48,620 –> 00:18:51,340
By doing quarterly access reviews, you’re not governing access.
452
00:18:51,340 –> 00:18:53,500
You’re performing the illusion of governance.
453
00:18:53,500 –> 00:18:56,140
You’re creating artifacts that prove someone examined it.
454
00:18:56,140 –> 00:18:57,540
The examination is nonexistent.
455
00:18:57,540 –> 00:18:58,860
The approval is automatic.
456
00:18:58,860 –> 00:19:01,740
The whole exercise is theatre designed to satisfy auditors
457
00:19:01,740 –> 00:19:03,740
while not addressing the fundamental problem.
458
00:19:03,740 –> 00:19:06,540
Access that should have expiration criteria built in
459
00:19:06,540 –> 00:19:09,740
is treated as if it should live forever and be reviewed periodically
460
00:19:09,740 –> 00:19:11,980
to justify that eternal existence.
461
00:19:11,980 –> 00:19:15,580
That’s the system you were asked to defend and the system is indefensible.
462
00:19:15,580 –> 00:19:17,020
The life cycle sprawl.
463
00:19:17,020 –> 00:19:19,820
Teams and SharePoints sites tell the same story as everything else
464
00:19:19,820 –> 00:19:21,260
you’ve been trying to govern.
465
00:19:21,260 –> 00:19:24,620
The story of a system that creates complexity faster than you can manage it.
466
00:19:24,620 –> 00:19:26,260
A team is created in seconds.
467
00:19:26,260 –> 00:19:28,540
Someone clicks a button. The team exists.
468
00:19:28,540 –> 00:19:30,780
Ownership is assigned to whoever created it.
469
00:19:30,780 –> 00:19:32,460
The team has default settings.
470
00:19:32,460 –> 00:19:34,140
Everyone in the organization can find it.
471
00:19:34,140 –> 00:19:35,340
Some teams are for projects.
472
00:19:35,340 –> 00:19:36,540
Some are for departments.
473
00:19:36,540 –> 00:19:38,300
Some are for informal collaboration.
474
00:19:38,300 –> 00:19:40,700
Some are created as experiments and abandoned.
475
00:19:40,700 –> 00:19:42,540
The system doesn’t distinguish between them.
476
00:19:42,540 –> 00:19:44,140
It creates them all at the same speed.
477
00:19:44,140 –> 00:19:45,980
It stores them all with the same resources.
478
00:19:45,980 –> 00:19:47,100
It keeps them all forever.
479
00:19:47,100 –> 00:19:47,980
That’s the design.
480
00:19:47,980 –> 00:19:49,100
Create instantly.
481
00:19:49,100 –> 00:19:50,460
Store indefinitely.
482
00:19:50,460 –> 00:19:52,380
Expect humans to clean up later.
483
00:19:52,380 –> 00:19:53,980
Owners leave the organization.
484
00:19:53,980 –> 00:19:55,020
The team persists.
485
00:19:55,020 –> 00:19:57,020
No one knows who owns it anymore.
486
00:19:57,020 –> 00:19:59,740
You might have automation that detects often teams.
487
00:19:59,740 –> 00:20:00,380
Someone left.
488
00:20:00,380 –> 00:20:01,820
The owner flag is no longer valid.
489
00:20:01,820 –> 00:20:02,860
But you can’t delete it.
490
00:20:02,860 –> 00:20:05,500
What if someone in a different department is still using it for something?
491
00:20:05,500 –> 00:20:08,460
What if there’s data in the team that’s needed for compliance purposes?
492
00:20:08,460 –> 00:20:10,060
What if a user calls in a panic?
493
00:20:10,060 –> 00:20:13,500
Because a team they didn’t know they were a member of suddenly became inaccessible?
494
00:20:13,500 –> 00:20:14,860
You’re liable for the data loss.
495
00:20:14,860 –> 00:20:16,620
You’re liable for the access disruption.
496
00:20:16,620 –> 00:20:18,700
You’re liable for the archive that wasn’t preserved.
497
00:20:18,700 –> 00:20:22,140
So the often team stays unowned, ungoverned,
498
00:20:22,140 –> 00:20:25,260
slowly accumulating data that no one intends to be there anymore
499
00:20:25,260 –> 00:20:28,140
because the system keeps accepting uploads and file shares
500
00:20:28,140 –> 00:20:30,540
from anyone who has access to the team.
501
00:20:30,540 –> 00:20:32,620
Data retention policies are written once.
502
00:20:32,620 –> 00:20:33,740
Never tuned.
503
00:20:33,740 –> 00:20:35,020
You set a policy.
504
00:20:35,020 –> 00:20:37,660
Delete teams after two years of inactivity.
505
00:20:37,660 –> 00:20:38,700
It sounds reasonable.
506
00:20:38,700 –> 00:20:39,740
Two years is a long time.
507
00:20:39,740 –> 00:20:42,780
If a team hasn’t been used in two years, it’s probably dead.
508
00:20:42,780 –> 00:20:44,620
Except you wrote that policy three years ago.
509
00:20:44,620 –> 00:20:46,140
You never checked whether it’s working.
510
00:20:46,140 –> 00:20:47,980
You never looked at what’s being deleted.
511
00:20:47,980 –> 00:20:50,780
You never measured whether two years is actually the right threshold.
512
00:20:50,780 –> 00:20:52,860
It just sits there firing automatically,
513
00:20:52,860 –> 00:20:55,420
deleting things according to logic that made sense
514
00:20:55,420 –> 00:20:56,860
in a different business context.
515
00:20:56,860 –> 00:20:59,900
By year three, no one knows what half the site’s contain.
516
00:20:59,900 –> 00:21:01,180
SharePoint storage is cheap.
517
00:21:01,180 –> 00:21:03,340
It’s easier to archive sites than delete them.
518
00:21:03,340 –> 00:21:04,860
It’s easier to let them sit there
519
00:21:04,860 –> 00:21:07,580
than to investigate whether they contain important data.
520
00:21:07,580 –> 00:21:08,780
A site gets archived.
521
00:21:08,780 –> 00:21:12,380
Then someone asks for files from a project that ended five years ago.
522
00:21:12,380 –> 00:21:13,260
The site is archived.
523
00:21:13,260 –> 00:21:14,220
You have to restore it.
524
00:21:14,220 –> 00:21:15,340
The restore takes time.
525
00:21:15,340 –> 00:21:16,780
The files are recovered.
526
00:21:16,780 –> 00:21:18,700
No one has time to re-archive it properly.
527
00:21:18,700 –> 00:21:20,620
So it sits in the archive queue half restored.
528
00:21:20,620 –> 00:21:21,820
This happens a thousand times.
529
00:21:21,820 –> 00:21:25,020
Now you have thousands of sites in unknown states of partial restoration.
530
00:21:25,020 –> 00:21:27,260
You can’t delete them because someone might need them.
531
00:21:27,260 –> 00:21:29,580
That’s the phrase you hear every time you propose cleanup.
532
00:21:29,580 –> 00:21:30,860
Someone might need them.
533
00:21:30,860 –> 00:21:32,300
In a hundred person organization,
534
00:21:32,300 –> 00:21:35,260
there are probably five hundred archived or dormant sites.
535
00:21:35,260 –> 00:21:36,700
One of them might contain something
536
00:21:36,700 –> 00:21:38,460
that a single person needs one day.
537
00:21:38,460 –> 00:21:39,260
So you keep them all.
538
00:21:39,260 –> 00:21:40,140
You pay for storage.
539
00:21:40,140 –> 00:21:41,660
You pay for the backup licensing.
540
00:21:41,660 –> 00:21:44,460
You pay for the compliance burden of keeping data.
541
00:21:44,460 –> 00:21:45,900
You don’t know exists anymore.
542
00:21:45,900 –> 00:21:48,460
You can’t keep them because they’re consuming resources
543
00:21:48,460 –> 00:21:49,980
and creating security surface.
544
00:21:49,980 –> 00:21:51,820
An archived site is still a site.
545
00:21:51,820 –> 00:21:53,500
It still has a SharePoint structure.
546
00:21:53,500 –> 00:21:55,180
It still has permission inheritance.
547
00:21:55,180 –> 00:21:56,940
It still has potential vulnerabilities.
548
00:21:56,940 –> 00:21:58,780
If the owning team no longer exists,
549
00:21:58,780 –> 00:22:00,700
who’s responsible for security?
550
00:22:00,700 –> 00:22:02,380
If the site wasn’t reviewed in five years,
551
00:22:02,380 –> 00:22:03,420
what’s the permission state?
552
00:22:03,420 –> 00:22:04,300
Who can access it?
553
00:22:04,300 –> 00:22:05,260
What if there’s a breach?
554
00:22:05,260 –> 00:22:07,020
And the attacker finds an orphaned site
555
00:22:07,020 –> 00:22:10,220
with four years of unencrypted email export sitting in it?
556
00:22:10,220 –> 00:22:11,660
This is the life cycle sprawl.
557
00:22:11,660 –> 00:22:14,860
The system created sites faster than you could govern them.
558
00:22:14,860 –> 00:22:15,820
They accumulate.
559
00:22:15,820 –> 00:22:16,620
They persist.
560
00:22:16,620 –> 00:22:17,580
They fragment.
561
00:22:17,580 –> 00:22:20,380
The state of any given site becomes unknowable.
562
00:22:20,380 –> 00:22:22,460
You spend your time arguing with business units
563
00:22:22,460 –> 00:22:23,980
about whether sites can be deleted.
564
00:22:23,980 –> 00:22:25,740
You send compliance notifications.
565
00:22:25,740 –> 00:22:27,180
You set up retention policies.
566
00:22:27,180 –> 00:22:28,700
You create archive workflows.
567
00:22:28,700 –> 00:22:30,700
You build your entire administrative practice
568
00:22:30,700 –> 00:22:32,700
around managing the consequences of a system
569
00:22:32,700 –> 00:22:34,940
that decided to create unlimited sites
570
00:22:34,940 –> 00:22:36,220
and store them indefinitely.
571
00:22:36,220 –> 00:22:38,220
By 2026, the life cycle sprawl
572
00:22:38,220 –> 00:22:39,500
was one of the primary reasons
573
00:22:39,500 –> 00:22:41,340
that co-pilot deployment stalled.
574
00:22:41,340 –> 00:22:42,860
You couldn’t deploy an AI system
575
00:22:42,860 –> 00:22:44,540
that could see and act on this data
576
00:22:44,540 –> 00:22:46,540
until you’d cleaned up the data itself.
577
00:22:46,540 –> 00:22:47,580
And you couldn’t clean it up
578
00:22:47,580 –> 00:22:49,340
because the system had been creating it faster
579
00:22:49,340 –> 00:22:50,620
than you could categorize it.
580
00:22:50,620 –> 00:22:51,820
That’s not a cleaner problem.
581
00:22:51,820 –> 00:22:53,020
That’s a design problem.
582
00:22:53,020 –> 00:22:54,860
And clean up is the wrong answer.
583
00:22:54,860 –> 00:22:56,460
The shadow AI moment.
584
00:22:56,460 –> 00:22:58,140
This is where the story gets interesting.
585
00:22:58,140 –> 00:23:00,700
This is where manual administration finally broke.
586
00:23:00,700 –> 00:23:03,740
57% of employees use personal accounts for AI tools
587
00:23:03,740 –> 00:23:05,660
because IT approval takes too long.
588
00:23:05,660 –> 00:23:07,260
Not because they’re insubordinate,
589
00:23:07,260 –> 00:23:08,300
because they’re pragmatic,
590
00:23:08,300 –> 00:23:10,940
because they understand something you haven’t articulated yet.
591
00:23:10,940 –> 00:23:13,580
The system moves faster than the governance process.
592
00:23:13,580 –> 00:23:14,780
The business needs an answer.
593
00:23:14,780 –> 00:23:16,460
ChatGPT provides it in two minutes.
594
00:23:16,460 –> 00:23:18,060
Your approval process takes two weeks.
595
00:23:18,060 –> 00:23:19,660
The business uses ChatGPT.
596
00:23:19,660 –> 00:23:21,740
Your approval process becomes irrelevant.
597
00:23:21,740 –> 00:23:24,460
They’re not bypassing you because you’re incompetent.
598
00:23:24,460 –> 00:23:26,780
They’re bypassing you because you represent latency
599
00:23:26,780 –> 00:23:29,260
and latency is now a competitive disadvantage.
600
00:23:29,260 –> 00:23:30,540
Think about the timeline.
601
00:23:30,540 –> 00:23:32,300
An employee needs to analyze data.
602
00:23:32,300 –> 00:23:33,500
They ask IT for a tool.
603
00:23:33,500 –> 00:23:34,380
I’d create a ticket.
604
00:23:34,380 –> 00:23:35,820
IT assigns it to someone.
605
00:23:35,820 –> 00:23:39,020
Someone checks whether the tool is on the approved list.
606
00:23:39,020 –> 00:23:39,660
It’s not.
607
00:23:39,660 –> 00:23:41,260
Someone starts the evaluation process.
608
00:23:41,260 –> 00:23:42,220
Is this tool compliant?
609
00:23:42,220 –> 00:23:43,740
Does it meet security standards?
610
00:23:43,740 –> 00:23:44,700
Is there licensing?
611
00:23:44,700 –> 00:23:45,900
What’s the data exposure?
612
00:23:45,900 –> 00:23:47,100
The evaluation takes weeks.
613
00:23:47,100 –> 00:23:47,820
Maybe a month.
614
00:23:47,820 –> 00:23:51,020
Meanwhile, the employee has already used ChatGPT to solve the problem.
615
00:23:51,020 –> 00:23:52,380
They’ve moved on to the next problem.
616
00:23:52,380 –> 00:23:54,380
They’ve actually forgotten they made the request.
617
00:23:54,380 –> 00:23:55,980
Then the approval comes through.
618
00:23:55,980 –> 00:23:57,020
The tool is now approved.
619
00:23:57,020 –> 00:23:58,380
The employee doesn’t need it anymore.
620
00:23:58,380 –> 00:23:59,260
But it’s approved.
621
00:23:59,260 –> 00:24:00,620
So someone else uses it.
622
00:24:00,620 –> 00:24:01,660
Then someone else.
623
00:24:01,660 –> 00:24:03,820
Now you have shadow tools proliferating
624
00:24:03,820 –> 00:24:06,460
because the approval process finally caught up to a problem
625
00:24:06,460 –> 00:24:07,500
that was already solved.
626
00:24:07,500 –> 00:24:09,660
Shadow AI isn’t a security failure.
627
00:24:09,660 –> 00:24:12,460
It’s proof that the manual approval process was already dead.
628
00:24:12,460 –> 00:24:15,100
Here’s what you couldn’t see from inside the approval workflow.
629
00:24:15,100 –> 00:24:16,620
Every day that approval took,
630
00:24:16,620 –> 00:24:18,060
the system moved faster.
631
00:24:18,060 –> 00:24:20,060
Every week that you were evaluating compliance,
632
00:24:20,060 –> 00:24:22,940
the employee was already compliant with the business requirement.
633
00:24:22,940 –> 00:24:24,140
They’d solved it themselves.
634
00:24:24,140 –> 00:24:26,220
Every month that you documented due diligence,
635
00:24:26,220 –> 00:24:28,700
the business had already moved on to a new problem.
636
00:24:28,700 –> 00:24:30,860
The approval was no longer about enabling the business.
637
00:24:30,860 –> 00:24:33,020
It was about creating audit artifacts for decisions
638
00:24:33,020 –> 00:24:34,540
that had already been made without you.
639
00:24:34,540 –> 00:24:36,220
The system didn’t need you to approve it.
640
00:24:36,220 –> 00:24:38,300
The system needed you to get out of the way.
641
00:24:38,300 –> 00:24:39,180
And when you didn’t,
642
00:24:39,180 –> 00:24:41,180
when you insisted on your gatekeeping role,
643
00:24:41,180 –> 00:24:42,780
when you enforced your approval process,
644
00:24:42,780 –> 00:24:44,300
the business simply worked around you,
645
00:24:44,300 –> 00:24:46,300
not maliciously, pragmatically.
646
00:24:46,300 –> 00:24:48,380
Because the cost of waiting for approval
647
00:24:48,380 –> 00:24:50,460
became greater than the risk of shadow tools.
648
00:24:50,460 –> 00:24:51,820
This is the moment that mattered.
649
00:24:51,820 –> 00:24:54,060
This is when you realized the manual admin bottleneck
650
00:24:54,060 –> 00:24:56,940
had become more dangerous than the risks you were trying to prevent.
651
00:24:56,940 –> 00:25:00,300
When employees chose unsanctioned tools over approved workflows,
652
00:25:00,300 –> 00:25:01,980
when the business voted with their feet.
653
00:25:01,980 –> 00:25:03,740
When they looked at your governance process
654
00:25:03,740 –> 00:25:06,620
and decided that not waiting for it was worth the security risk,
655
00:25:06,620 –> 00:25:09,260
that’s not criticism, that’s the system telling you something.
656
00:25:09,260 –> 00:25:11,820
It’s telling you that your approval was the bottleneck,
657
00:25:11,820 –> 00:25:14,460
not the tool, not the security, your approval.
658
00:25:14,460 –> 00:25:16,780
By 2026, shadow AI was massive.
659
00:25:16,780 –> 00:25:21,260
60 to 70% of organizations reported that employees were using unsanctioned tools.
660
00:25:21,260 –> 00:25:23,180
Not because of malice, because of speed,
661
00:25:23,180 –> 00:25:26,860
because asking for permission took longer than solving the problem themselves.
662
00:25:26,860 –> 00:25:29,020
Organizations tried to crack down on shadow AI.
663
00:25:29,020 –> 00:25:31,580
They blocked download sites, they monitored proxy logs,
664
00:25:31,580 –> 00:25:33,100
they sent compliance training.
665
00:25:33,100 –> 00:25:35,660
And employees kept using unsanctioned tools anyway
666
00:25:35,660 –> 00:25:38,300
because the business moved faster than the governance process.
667
00:25:38,300 –> 00:25:40,460
This was the moment the architecture revealed itself.
668
00:25:40,460 –> 00:25:43,660
The system was designed to operate at machine speed.
669
00:25:43,660 –> 00:25:45,340
Decisions happened instantly.
670
00:25:45,340 –> 00:25:47,100
Users got things done fast.
671
00:25:47,100 –> 00:25:48,860
But approvals happened at human speed
672
00:25:48,860 –> 00:25:51,580
and human speed was now slower than no approval at all.
673
00:25:51,580 –> 00:25:55,340
It was better for the business to operate in shadow than to wait for official sanction.
674
00:25:55,340 –> 00:25:57,100
You understood finally what was happening.
675
00:25:57,100 –> 00:25:59,420
You weren’t protecting the organization from risk.
676
00:25:59,420 –> 00:26:02,860
You were slowing down the organization to the point where they chose risk over speed.
677
00:26:02,860 –> 00:26:03,820
That’s not governance.
678
00:26:03,820 –> 00:26:05,660
That’s organizational friction.
679
00:26:05,660 –> 00:26:08,300
So severe that the organization has to root around you.
680
00:26:08,300 –> 00:26:11,420
And that’s the moment you realized manual administration didn’t fail
681
00:26:11,420 –> 00:26:12,620
because it was done wrong.
682
00:26:12,620 –> 00:26:16,300
It failed because approval itself had become the wrong answer.
683
00:26:16,300 –> 00:26:17,420
The realization.
684
00:26:17,420 –> 00:26:20,060
This is the moment when the architecture becomes undeniable.
685
00:26:20,060 –> 00:26:21,180
You’re sitting in a meeting.
686
00:26:21,180 –> 00:26:24,540
Someone is asking you to implement yet another policy exception.
687
00:26:24,540 –> 00:26:26,460
Another carve-out, another temporal rule,
688
00:26:26,460 –> 00:26:28,700
another special case for another business unit.
689
00:26:28,700 –> 00:26:31,100
And you realize suddenly that you’re not solving anything.
690
00:26:31,100 –> 00:26:32,220
You’re not building governance.
691
00:26:32,220 –> 00:26:33,420
You’re not creating policy.
692
00:26:33,420 –> 00:26:36,380
You’re performing the illusion of control by adding complexity
693
00:26:36,380 –> 00:26:38,860
to a system that’s already too complex to reason about.
694
00:26:38,860 –> 00:26:39,820
And then it hits you.
695
00:26:39,820 –> 00:26:44,220
This isn’t a problem you can solve by clicking faster or documenting better or staying later.
696
00:26:44,220 –> 00:26:46,380
This isn’t a problem that another admin could fix.
697
00:26:46,380 –> 00:26:49,260
This isn’t even a problem that a team of admins could fix.
698
00:26:49,260 –> 00:26:51,180
Manual administration wasn’t inefficient.
699
00:26:51,180 –> 00:26:53,020
It was architecturally impossible.
700
00:26:53,020 –> 00:26:54,460
You didn’t fail because you were slow.
701
00:26:54,460 –> 00:26:57,580
You failed because no human can maintain logical consistency
702
00:26:57,580 –> 00:27:00,460
at the speed and scale that Microsoft 365 operates.
703
00:27:00,460 –> 00:27:04,060
No person can approve decisions faster than a system creates them.
704
00:27:04,060 –> 00:27:07,660
No policy can adapt to exceptions faster than exceptions emerge.
705
00:27:07,660 –> 00:27:11,180
No governance framework can remain coherent once you’ve added enough carve-outs
706
00:27:11,180 –> 00:27:13,580
that the base policy is no longer recognizable.
707
00:27:13,580 –> 00:27:15,820
Every policy you wrote was a temporary band-aid
708
00:27:15,820 –> 00:27:17,740
on a permanent architectural problem.
709
00:27:17,740 –> 00:27:18,860
You’d identify a risk.
710
00:27:18,860 –> 00:27:19,900
You’d write a policy.
711
00:27:19,900 –> 00:27:21,580
The policy would work for three months.
712
00:27:21,580 –> 00:27:23,180
Then exceptions would start emerging.
713
00:27:23,180 –> 00:27:24,780
Then the exceptions would accumulate.
714
00:27:24,780 –> 00:27:27,100
Then the policy would be so covered in caveats
715
00:27:27,100 –> 00:27:28,700
that it no longer meant anything.
716
00:27:28,700 –> 00:27:31,100
Then you’d write a new policy and the cycle would repeat.
717
00:27:31,100 –> 00:27:32,380
You were never going to win.
718
00:27:32,380 –> 00:27:34,220
Not because you weren’t trying hard enough
719
00:27:34,220 –> 00:27:37,180
because the system was designed to move faster than you could govern it.
720
00:27:37,180 –> 00:27:38,780
Here’s the realization that matters.
721
00:27:38,780 –> 00:27:40,220
The flow wasn’t in execution.
722
00:27:40,220 –> 00:27:43,820
The flow was in the assumption that humans could be the control mechanism
723
00:27:43,820 –> 00:27:46,140
for a system operating at machine speed.
724
00:27:46,140 –> 00:27:48,940
The system creates thousands of identities a minute,
725
00:27:48,940 –> 00:27:51,340
thousands of permissions, thousands of decisions.
726
00:27:51,340 –> 00:27:55,340
And the assumption was that a human could review these decisions quarterly and keep up.
727
00:27:55,340 –> 00:27:56,780
That assumption was never valid.
728
00:27:56,780 –> 00:27:59,420
It was valid for an organization with a hundred users.
729
00:27:59,420 –> 00:28:01,180
Maybe a thousand, but at scale,
730
00:28:01,180 –> 00:28:04,220
with tens of thousands of users and millions of decisions happening daily,
731
00:28:04,220 –> 00:28:05,980
the assumption broke down completely.
732
00:28:05,980 –> 00:28:09,820
Every quarter you’d fall further behind every new feature Microsoft released
733
00:28:09,820 –> 00:28:11,820
would create new decisions to govern.
734
00:28:11,820 –> 00:28:14,540
Every new user would inherit permissions from predecessors.
735
00:28:14,540 –> 00:28:17,580
Every team would spawn new sites with default settings.
736
00:28:17,580 –> 00:28:19,820
The system would accelerate and you would decelerate
737
00:28:19,820 –> 00:28:21,740
and the gap between them would widen.
738
00:28:21,740 –> 00:28:24,380
By the time you understood that you were losing, you’d already lost.
739
00:28:24,380 –> 00:28:25,580
The entropy had compounded.
740
00:28:25,580 –> 00:28:27,100
The policies had calcified.
741
00:28:27,100 –> 00:28:28,700
The exceptions had become rules.
742
00:28:28,700 –> 00:28:31,100
The system was operating according to its own logic,
743
00:28:31,100 –> 00:28:33,420
not according to any governance you’d imposed.
744
00:28:33,420 –> 00:28:36,140
You were just documenting what it had already decided.
745
00:28:36,140 –> 00:28:38,620
The real question wasn’t, how do we do this faster?
746
00:28:38,620 –> 00:28:39,660
That was the wrong question.
747
00:28:39,660 –> 00:28:41,580
That question assumed that the problem was speed.
748
00:28:41,580 –> 00:28:43,180
That if you just moved faster,
749
00:28:43,180 –> 00:28:44,780
clicked buttons more efficiently,
750
00:28:44,780 –> 00:28:46,620
reviewed policies more rigorously,
751
00:28:46,620 –> 00:28:47,980
you could keep up with the system.
752
00:28:47,980 –> 00:28:49,260
You couldn’t, no human could.
753
00:28:49,260 –> 00:28:50,460
Speed wasn’t the constraint.
754
00:28:50,460 –> 00:28:53,580
The constraint was that humans had to be in the decision loop at all.
755
00:28:53,580 –> 00:28:54,940
The real question was different.
756
00:28:54,940 –> 00:28:58,300
The real question was, how do we remove the need for human approval
757
00:28:58,300 –> 00:29:00,540
from the authorization engine entirely?
758
00:29:00,540 –> 00:29:02,460
Not how do we make human approval faster?
759
00:29:02,460 –> 00:29:05,100
Not how do we make human approval more consistent?
760
00:29:05,100 –> 00:29:09,180
How do we eliminate human approval as the governing mechanism
761
00:29:09,180 –> 00:29:11,260
for a system that operates at machine speed?
762
00:29:11,260 –> 00:29:12,940
That question changed everything.
763
00:29:12,940 –> 00:29:14,060
Because once you asked it,
764
00:29:14,060 –> 00:29:16,780
you understood that the system didn’t need you to approve better.
765
00:29:16,780 –> 00:29:18,860
The system needed you to stop approving
766
00:29:18,860 –> 00:29:20,460
and start defining intent.
767
00:29:20,460 –> 00:29:22,460
It needed you to write rules once,
768
00:29:22,460 –> 00:29:24,140
cleanly, without exceptions,
769
00:29:24,140 –> 00:29:26,460
and let the system enforce them deterministically.
770
00:29:26,460 –> 00:29:28,300
It needed the authorization engine
771
00:29:28,300 –> 00:29:31,020
to make decisions based on defined policy
772
00:29:31,020 –> 00:29:32,380
not based on human review.
773
00:29:32,380 –> 00:29:34,300
It needed the removal of human latency
774
00:29:34,300 –> 00:29:35,980
from the authorization loop entirely.
775
00:29:35,980 –> 00:29:37,580
That’s not an operational improvement.
776
00:29:37,580 –> 00:29:39,580
That’s an architectural revolution.
777
00:29:39,580 –> 00:29:41,260
Enter the agente control plane.
778
00:29:41,260 –> 00:29:43,900
What replaced manual administration isn’t a tool.
779
00:29:43,900 –> 00:29:44,700
It’s a system,
780
00:29:44,700 –> 00:29:46,620
and the system doesn’t wait for you anymore.
781
00:29:46,620 –> 00:29:48,460
Agent 365 is the control plane
782
00:29:48,460 –> 00:29:51,420
that removes human latency from decision making entirely.
783
00:29:51,420 –> 00:29:52,300
It’s not copilot.
784
00:29:52,300 –> 00:29:53,260
It’s not automation.
785
00:29:53,260 –> 00:29:54,940
It’s not another feature bundle.
786
00:29:54,940 –> 00:29:57,020
It’s the architectural answer to the question.
787
00:29:57,020 –> 00:29:58,300
You finally asked,
788
00:29:58,300 –> 00:30:01,340
how do we eliminate human approval from the authorization engine?
789
00:30:01,340 –> 00:30:03,260
Here’s how it works at the foundation level.
790
00:30:03,260 –> 00:30:05,180
Every AI agent in your organization
791
00:30:05,180 –> 00:30:06,940
gets a Microsoft Entra agent ID,
792
00:30:06,940 –> 00:30:07,900
not a service account,
793
00:30:07,900 –> 00:30:09,100
not a shared credential.
794
00:30:09,100 –> 00:30:11,340
An identity, first class, treated like a user,
795
00:30:11,340 –> 00:30:13,100
assigned to a principle, accountable.
796
00:30:13,100 –> 00:30:14,300
Every agent has an owner,
797
00:30:14,300 –> 00:30:15,900
every agent has a defined purpose,
798
00:30:15,900 –> 00:30:17,340
every agent has a lifecycle,
799
00:30:17,340 –> 00:30:19,020
birth, operation, retirement,
800
00:30:19,020 –> 00:30:20,460
just like a human identity,
801
00:30:20,460 –> 00:30:21,340
just like you.
802
00:30:21,340 –> 00:30:22,940
This is the first revolution.
803
00:30:22,940 –> 00:30:25,020
You no longer approve access for agents.
804
00:30:25,020 –> 00:30:26,460
The system does.
805
00:30:26,460 –> 00:30:29,020
An agent is created with defined scope.
806
00:30:29,020 –> 00:30:31,500
The exact permissions it needs to accomplish its function
807
00:30:31,500 –> 00:30:32,220
and nothing more,
808
00:30:32,220 –> 00:30:33,180
not standing privilege,
809
00:30:33,180 –> 00:30:34,620
not access to everything
810
00:30:34,620 –> 00:30:36,540
until someone remembers to revoke it.
811
00:30:36,540 –> 00:30:37,500
Defined scope.
812
00:30:37,500 –> 00:30:38,620
Entra enforces it.
813
00:30:38,620 –> 00:30:40,300
Conditional access applies to it.
814
00:30:40,300 –> 00:30:41,580
Risk signals flow through it.
815
00:30:41,580 –> 00:30:43,340
If the agent behaves anomalously,
816
00:30:43,340 –> 00:30:44,700
access is revoked.
817
00:30:44,700 –> 00:30:46,460
Automatically, not after review,
818
00:30:46,460 –> 00:30:48,300
not after approval, immediately.
819
00:30:48,300 –> 00:30:50,780
Access decisions are no longer made
820
00:30:50,780 –> 00:30:52,860
by humans checking boxes quarterly.
821
00:30:52,860 –> 00:30:55,820
They’re made by systems evaluating signals continuously.
822
00:30:55,820 –> 00:30:57,660
Risk scores change in real time.
823
00:30:57,660 –> 00:30:58,940
Device compliance changes.
824
00:30:58,940 –> 00:30:59,820
Location changes.
825
00:30:59,820 –> 00:31:00,780
Time of day changes.
826
00:31:00,780 –> 00:31:02,220
Threat patterns emerge.
827
00:31:02,220 –> 00:31:03,340
The system responds.
828
00:31:03,340 –> 00:31:04,940
No human approval required.
829
00:31:04,940 –> 00:31:05,980
No checkbox theater.
830
00:31:05,980 –> 00:31:07,980
No, I’ll review it next quarter.
831
00:31:07,980 –> 00:31:10,220
The system enforces intent in real time,
832
00:31:10,220 –> 00:31:12,060
every millisecond, every decision.
833
00:31:12,060 –> 00:31:14,540
The AI administrator role doesn’t click buttons anymore.
834
00:31:14,540 –> 00:31:16,540
It defines the rules that agents enforce.
835
00:31:16,540 –> 00:31:17,580
You write policy once.
836
00:31:17,580 –> 00:31:18,540
You define it cleanly.
837
00:31:18,540 –> 00:31:19,580
You specify the intent.
838
00:31:19,580 –> 00:31:22,380
You say an agent can provision users to this group.
839
00:31:22,380 –> 00:31:25,260
But only if the requesting user is in the HR department,
840
00:31:25,260 –> 00:31:27,260
only if they’re using a managed device,
841
00:31:27,260 –> 00:31:29,660
only if they’re within the allowed time window,
842
00:31:29,660 –> 00:31:32,220
only if there’s no risk signal on their account.
843
00:31:32,220 –> 00:31:33,180
You write that once.
844
00:31:33,180 –> 00:31:35,180
The system enforces it millions of times.
845
00:31:35,180 –> 00:31:36,620
You don’t approve each provisioning.
846
00:31:36,620 –> 00:31:37,980
You don’t review each decision.
847
00:31:37,980 –> 00:31:39,580
You define the rule once,
848
00:31:39,580 –> 00:31:41,260
correctly, without exceptions.
849
00:31:41,260 –> 00:31:42,540
The system handles the rest.
850
00:31:42,540 –> 00:31:43,900
This is the satisfaction.
851
00:31:43,900 –> 00:31:45,740
Policies are no longer static documents
852
00:31:45,740 –> 00:31:47,740
that calcify under the weight of exceptions.
853
00:31:47,740 –> 00:31:50,060
Their continuous evaluations of risk and intent.
854
00:31:50,060 –> 00:31:52,060
The policy doesn’t say access is approved.
855
00:31:52,060 –> 00:31:53,100
The policy says,
856
00:31:53,100 –> 00:31:55,500
access is evaluated based on these signals.
857
00:31:55,500 –> 00:31:56,700
Is the device managed?
858
00:31:56,700 –> 00:31:58,140
Is the user location trusted?
859
00:31:58,140 –> 00:31:59,420
Is there a risk indicator?
860
00:31:59,420 –> 00:32:01,180
Is the time within the defined window?
861
00:32:01,180 –> 00:32:03,420
The system evaluates these signals continuously.
862
00:32:03,420 –> 00:32:06,300
The answer changes in real time based on current state.
863
00:32:06,300 –> 00:32:08,460
Not based on a decision made months ago.
864
00:32:08,460 –> 00:32:10,620
Here’s the architectural shift that matters.
865
00:32:10,620 –> 00:32:12,940
The system no longer waits for you to approve.
866
00:32:12,940 –> 00:32:16,620
It acts based on deterministic rules you’ve defined once.
867
00:32:16,620 –> 00:32:18,140
You don’t approve teams provisioning.
868
00:32:18,140 –> 00:32:20,300
You define the rules for teams provisioning.
869
00:32:20,300 –> 00:32:22,460
The system creates teams according to those rules.
870
00:32:22,460 –> 00:32:23,980
You don’t approve access requests.
871
00:32:23,980 –> 00:32:27,420
You define the conditions under which access is automatically granted.
872
00:32:27,420 –> 00:32:29,900
The system evaluates those conditions and acts.
873
00:32:29,900 –> 00:32:32,140
Approval isn’t the governance mechanism anymore.
874
00:32:32,140 –> 00:32:33,020
Definition is,
875
00:32:33,020 –> 00:32:35,340
you govern by defining intent clearly once,
876
00:32:35,340 –> 00:32:36,380
without exceptions.
877
00:32:36,380 –> 00:32:38,380
The system enforces it continuously.
878
00:32:38,380 –> 00:32:39,900
And here’s the satisfying part.
879
00:32:39,900 –> 00:32:41,180
There’s no theater anymore.
880
00:32:41,180 –> 00:32:43,100
No checkbox approval that no one read.
881
00:32:43,100 –> 00:32:44,300
No quarterly review,
882
00:32:44,300 –> 00:32:46,300
where 40% of owners don’t respond.
883
00:32:46,300 –> 00:32:49,500
No compliance artifacts documenting decisions that were already made.
884
00:32:49,500 –> 00:32:51,740
The system enforces policy according to
885
00:32:51,740 –> 00:32:52,940
defined rules.
886
00:32:52,940 –> 00:32:55,980
Either the decision is made automatically according to those rules,
887
00:32:55,980 –> 00:32:58,860
or it’s escalated to a human if the rules don’t cover it.
888
00:32:58,860 –> 00:33:01,020
No default permit, no standing privilege,
889
00:33:01,020 –> 00:33:03,420
no I approved it because no one said no.
890
00:33:03,420 –> 00:33:06,220
By 2026, organizations that implemented this model
891
00:33:06,220 –> 00:33:08,060
reported something that had never happened before
892
00:33:08,060 –> 00:33:09,260
under manual administration,
893
00:33:09,260 –> 00:33:11,500
they actually understood their permission state.
894
00:33:11,500 –> 00:33:12,700
Not perfectly.
895
00:33:12,700 –> 00:33:16,700
But actually, they could reason about why a user had access to a resource.
896
00:33:16,700 –> 00:33:19,740
Because access had been granted according to defined criteria,
897
00:33:19,740 –> 00:33:21,580
not according to historical precedent.
898
00:33:21,580 –> 00:33:23,180
They could audit the system.
899
00:33:23,180 –> 00:33:26,380
Because every decision was made according to documented rules,
900
00:33:26,380 –> 00:33:28,700
they could enforce policy consistently.
901
00:33:28,700 –> 00:33:30,780
Because the system didn’t have human inconsistency.
902
00:33:30,780 –> 00:33:32,780
This is what replaced you, not a faster admin,
903
00:33:32,780 –> 00:33:34,300
not a better approval process,
904
00:33:34,300 –> 00:33:36,780
a system that removed the need for human approval
905
00:33:36,780 –> 00:33:38,780
from the authorization engine entirely.
906
00:33:38,780 –> 00:33:40,460
Identity as the decision engine,
907
00:33:40,460 –> 00:33:42,700
the first layer of replacement is identity governance.
908
00:33:42,700 –> 00:33:44,780
This is where the transformation becomes visible.
909
00:33:44,780 –> 00:33:48,220
This is where intra-ID stops being an authentication system
910
00:33:48,220 –> 00:33:50,460
and becomes something else entirely.
911
00:33:50,460 –> 00:33:53,500
For years, intra-ID was the thing that verified you were
912
00:33:53,500 –> 00:33:54,620
who you claimed to be.
913
00:33:54,620 –> 00:33:56,860
You logged in, entra checked your credentials.
914
00:33:56,860 –> 00:33:58,700
If they were valid, you got in.
915
00:33:58,700 –> 00:33:59,740
That was the extent of it.
916
00:33:59,740 –> 00:34:01,900
Authentication was a checkpoint, pass or fail.
917
00:34:01,900 –> 00:34:02,700
Yes or no.
918
00:34:02,700 –> 00:34:05,100
Once you passed, the system assumed your access was good
919
00:34:05,100 –> 00:34:07,180
until someone explicitly revoked it.
920
00:34:07,180 –> 00:34:08,380
Standing privilege.
921
00:34:08,380 –> 00:34:10,460
Permanent, unless someone remembered to remove it,
922
00:34:10,460 –> 00:34:11,900
entra-ID is not that anymore.
923
00:34:11,900 –> 00:34:14,860
Entra-ID is now the authorization decision engine.
924
00:34:14,860 –> 00:34:17,100
Every access decision flows through it,
925
00:34:17,100 –> 00:34:19,500
not once per login, continuously, every request,
926
00:34:19,500 –> 00:34:21,260
every resource, every moment.
927
00:34:21,260 –> 00:34:23,740
The system is asking, given the current state of this user,
928
00:34:23,740 –> 00:34:25,020
given the current risk environment,
929
00:34:25,020 –> 00:34:26,460
given the current policies,
930
00:34:26,460 –> 00:34:28,060
should access be granted right now.
931
00:34:28,060 –> 00:34:29,340
That’s not authentication.
932
00:34:29,340 –> 00:34:31,420
That’s continuous authorization.
933
00:34:31,420 –> 00:34:33,260
Watch how this works in practice.
934
00:34:33,260 –> 00:34:35,180
A user logs in from a managed device.
935
00:34:35,180 –> 00:34:36,140
Risk score is low.
936
00:34:36,140 –> 00:34:37,500
Time is business hours.
937
00:34:37,500 –> 00:34:38,860
Location is a trusted office.
938
00:34:38,860 –> 00:34:41,260
Conditional access evaluates all of these factors.
939
00:34:41,260 –> 00:34:44,140
Access is granted, but the user opens a file
940
00:34:44,140 –> 00:34:46,060
that triggers a data-loss prevention rule.
941
00:34:46,060 –> 00:34:47,500
The system notes the activity.
942
00:34:47,500 –> 00:34:49,100
Risk score adjusts.
943
00:34:49,100 –> 00:34:51,580
The user then attempts to access a sensitive resource
944
00:34:51,580 –> 00:34:53,180
that they’ve never accessed before.
945
00:34:53,180 –> 00:34:55,020
The risk calculation changes again.
946
00:34:55,020 –> 00:34:57,260
Access is denied, not because they did something wrong,
947
00:34:57,260 –> 00:34:59,820
because the pattern changed, because the signals shifted,
948
00:34:59,820 –> 00:35:01,260
because the system detected something
949
00:35:01,260 –> 00:35:02,860
that looked different from normal behavior.
950
00:35:02,860 –> 00:35:05,420
This happens continuously, not quarterly, not manually.
951
00:35:05,420 –> 00:35:07,740
The system doesn’t wait for a human to notice the pattern.
952
00:35:07,740 –> 00:35:08,860
The system notices it.
953
00:35:08,860 –> 00:35:09,900
The system acts.
954
00:35:09,900 –> 00:35:12,220
The second shift is in how privilege operates,
955
00:35:12,220 –> 00:35:14,700
just in time access means privilege is a femoral.
956
00:35:14,700 –> 00:35:16,860
Temporary defined you need elevated access.
957
00:35:16,860 –> 00:35:18,860
You requested the system grants it for exactly
958
00:35:18,860 –> 00:35:21,660
as long as you specified, four hours, eight hours, one day,
959
00:35:21,660 –> 00:35:22,300
not longer.
960
00:35:22,300 –> 00:35:23,500
The access expires.
961
00:35:23,500 –> 00:35:24,780
The system revokes it.
962
00:35:24,780 –> 00:35:26,460
You don’t have to remember to ask for removal.
963
00:35:26,460 –> 00:35:28,540
The system removes it automatically.
964
00:35:28,540 –> 00:35:31,340
Standing privilege becomes the exception, not the default.
965
00:35:31,340 –> 00:35:33,340
This inverts the entire permission model.
966
00:35:33,340 –> 00:35:35,900
Instead of access lives forever until revoked,
967
00:35:35,900 –> 00:35:39,500
it becomes access expires unless explicitly extended.
968
00:35:39,500 –> 00:35:41,180
Instead of quarterly reviews certifying
969
00:35:41,180 –> 00:35:42,460
that people should keep access,
970
00:35:42,460 –> 00:35:45,020
it becomes automatic revocation unless someone
971
00:35:45,020 –> 00:35:47,020
actively justifies the extension.
972
00:35:47,020 –> 00:35:48,860
The justification changes everything.
973
00:35:48,860 –> 00:35:51,260
When you request extended access, you have to say why.
974
00:35:51,260 –> 00:35:52,860
The system records the justification.
975
00:35:52,860 –> 00:35:54,860
The next time the access is about to expire,
976
00:35:54,860 –> 00:35:57,420
the system checks, is this justification still valid?
977
00:35:57,420 –> 00:35:58,620
Has the situation changed?
978
00:35:58,620 –> 00:36:00,300
If the justification no longer applies,
979
00:36:00,300 –> 00:36:01,340
the access expires.
980
00:36:01,340 –> 00:36:03,500
If it still applies, the extension is auto-approved
981
00:36:03,500 –> 00:36:05,020
based on documented criteria.
982
00:36:05,020 –> 00:36:07,100
You’re no longer approving access arbitrarily.
983
00:36:07,100 –> 00:36:09,020
You’re evaluating whether documented reasons
984
00:36:09,020 –> 00:36:10,700
still justify extended privilege.
985
00:36:10,700 –> 00:36:12,460
The approval is tied to facts,
986
00:36:12,460 –> 00:36:15,500
not to hope that someone will remember to revoke it later.
987
00:36:15,500 –> 00:36:17,660
The third shift is in risk-based revocation.
988
00:36:17,660 –> 00:36:20,300
The system continuously monitors behavioral signals,
989
00:36:20,300 –> 00:36:23,100
login patterns, resource access patterns,
990
00:36:23,100 –> 00:36:25,420
data movements, unusual activities.
991
00:36:25,420 –> 00:36:27,500
If something triggers a risk indicator,
992
00:36:27,500 –> 00:36:30,300
compromise, anomalous behavior, threat pattern match,
993
00:36:30,300 –> 00:36:32,460
the system doesn’t wait for a review cycle.
994
00:36:32,460 –> 00:36:34,700
The system revokes access immediately,
995
00:36:34,700 –> 00:36:36,940
automatically, not after investigation,
996
00:36:36,940 –> 00:36:38,140
not after approval.
997
00:36:38,140 –> 00:36:38,940
Immediately.
998
00:36:38,940 –> 00:36:41,900
The user can request reinstatement once the risk is cleared.
999
00:36:41,900 –> 00:36:45,180
This removes the window where an attacker could maintain persistence.
1000
00:36:45,180 –> 00:36:46,700
Under manual administration,
1001
00:36:46,700 –> 00:36:48,700
a compromised account could persist for weeks
1002
00:36:48,700 –> 00:36:51,100
before someone noticed it in an access review.
1003
00:36:51,100 –> 00:36:52,140
Under this system,
1004
00:36:52,140 –> 00:36:54,540
risk signals trigger immediate revocation.
1005
00:36:54,540 –> 00:36:56,140
The final shift is in automation.
1006
00:36:56,140 –> 00:36:57,660
You don’t approve each decision.
1007
00:36:57,660 –> 00:36:58,460
You define the rules.
1008
00:36:58,460 –> 00:37:01,100
You say, “I’m a user requests access to this resource.”
1009
00:37:01,100 –> 00:37:02,540
Granted, if they’re in this department
1010
00:37:02,540 –> 00:37:04,700
and using a managed device and risk score
1011
00:37:04,700 –> 00:37:06,140
is below this threshold.
1012
00:37:06,140 –> 00:37:07,340
Otherwise, escalate.
1013
00:37:07,340 –> 00:37:08,300
You write that once.
1014
00:37:08,300 –> 00:37:10,860
The system makes that decision thousands of times per day.
1015
00:37:10,860 –> 00:37:11,660
You don’t touch it.
1016
00:37:11,660 –> 00:37:12,860
Human latency is gone.
1017
00:37:12,860 –> 00:37:14,700
The authorization engine makes decisions
1018
00:37:14,700 –> 00:37:16,780
in milliseconds based on real-time signals.
1019
00:37:16,780 –> 00:37:18,380
It doesn’t wait for quarterly approval.
1020
00:37:18,380 –> 00:37:19,660
It doesn’t wait for anything.
1021
00:37:19,660 –> 00:37:21,500
This is identity as the decision engine,
1022
00:37:21,500 –> 00:37:23,420
not identity as the gatekeeper.
1023
00:37:23,420 –> 00:37:25,500
Identity as the continuous evaluator
1024
00:37:25,500 –> 00:37:27,660
of who should have access right now,
1025
00:37:27,660 –> 00:37:30,380
based on current state, current signals, current policy.
1026
00:37:30,380 –> 00:37:32,780
This is what removes the need for you to approve access.
1027
00:37:32,780 –> 00:37:34,060
The system approves it.
1028
00:37:34,060 –> 00:37:35,980
Based on rules, you define ones.
1029
00:37:35,980 –> 00:37:37,740
Per view as the intent enforcer.
1030
00:37:37,740 –> 00:37:40,860
The second layer of replacement is data governance.
1031
00:37:40,860 –> 00:37:43,420
This is where intent becomes enforceable policy.
1032
00:37:43,420 –> 00:37:45,820
This is where per view stops being a compliance tool
1033
00:37:45,820 –> 00:37:47,980
and becomes the mechanism through which the system
1034
00:37:47,980 –> 00:37:49,740
enforces what you intended to happen.
1035
00:37:49,740 –> 00:37:51,980
Sensitivity labels used to be metadata.
1036
00:37:51,980 –> 00:37:54,060
A file was marked as confidential.
1037
00:37:54,060 –> 00:37:55,420
That label sat on the file.
1038
00:37:55,420 –> 00:37:57,340
It communicated something to anyone reading it,
1039
00:37:57,340 –> 00:37:58,620
but enforcement was optional.
1040
00:37:58,620 –> 00:38:01,020
A user could see the label and choose to ignore it.
1041
00:38:01,020 –> 00:38:02,460
They could share a confidential file
1042
00:38:02,460 –> 00:38:03,820
with someone outside the organization
1043
00:38:03,820 –> 00:38:05,740
because nothing technically prevented it.
1044
00:38:05,740 –> 00:38:07,020
The label was a suggestion.
1045
00:38:07,020 –> 00:38:08,140
It was documentation.
1046
00:38:08,140 –> 00:38:10,300
It was a hint about how you should treat the file.
1047
00:38:10,300 –> 00:38:11,660
It wasn’t enforcement.
1048
00:38:11,660 –> 00:38:13,820
Sensitivity labels are not that anymore.
1049
00:38:13,820 –> 00:38:15,340
A file is labeled as confidential.
1050
00:38:15,340 –> 00:38:16,860
The label isn’t metadata anymore.
1051
00:38:16,860 –> 00:38:17,660
It’s policy.
1052
00:38:17,660 –> 00:38:18,780
It’s executable.
1053
00:38:18,780 –> 00:38:20,220
The system evaluates the label
1054
00:38:20,220 –> 00:38:22,220
and enforces consequences based on it.
1055
00:38:22,220 –> 00:38:23,340
Who can access the file?
1056
00:38:23,340 –> 00:38:25,180
The system determines that from the label.
1057
00:38:25,180 –> 00:38:26,380
Can the file be copied?
1058
00:38:26,380 –> 00:38:28,380
The label says no, so the system prevents it.
1059
00:38:28,380 –> 00:38:29,420
Can it be forwarded?
1060
00:38:29,420 –> 00:38:31,580
The label specifies who it can be forwarded to.
1061
00:38:31,580 –> 00:38:32,700
The system enforces that.
1062
00:38:32,700 –> 00:38:33,500
Can it be printed?
1063
00:38:33,500 –> 00:38:34,540
The label controls that.
1064
00:38:34,540 –> 00:38:35,420
Can it be edited?
1065
00:38:35,420 –> 00:38:36,540
The label controls that.
1066
00:38:36,540 –> 00:38:37,900
The label isn’t documentation.
1067
00:38:37,900 –> 00:38:39,820
It’s a set of executable enforcement rules.
1068
00:38:39,820 –> 00:38:41,900
This is the shift from hope to certainty.
1069
00:38:41,900 –> 00:38:43,660
You no longer hope that users understand
1070
00:38:43,660 –> 00:38:45,420
confidential means confidential.
1071
00:38:45,420 –> 00:38:46,940
You no longer rely on training
1072
00:38:46,940 –> 00:38:48,940
or policy documents to guide behavior.
1073
00:38:48,940 –> 00:38:50,540
The system enforces the label.
1074
00:38:50,540 –> 00:38:51,660
The label contains intent.
1075
00:38:51,660 –> 00:38:53,020
The system executes intent.
1076
00:38:53,020 –> 00:38:55,180
If the label says this data is restricted
1077
00:38:55,180 –> 00:38:56,620
to the HR department,
1078
00:38:56,620 –> 00:38:59,580
the system will not allow anyone outside HR to access it.
1079
00:38:59,580 –> 00:39:00,540
Not because they’re trained,
1080
00:39:00,540 –> 00:39:02,460
not because they understand the policy,
1081
00:39:02,460 –> 00:39:04,380
because the system prevented it technically.
1082
00:39:04,380 –> 00:39:06,140
Data loss prevention no longer requires
1083
00:39:06,140 –> 00:39:07,020
manual review.
1084
00:39:07,020 –> 00:39:09,900
Someone attempts to share a file containing credit card numbers.
1085
00:39:09,900 –> 00:39:11,020
The system detects it.
1086
00:39:11,020 –> 00:39:11,980
The system blocks it.
1087
00:39:11,980 –> 00:39:12,700
Not after audit.
1088
00:39:12,700 –> 00:39:13,900
Not after compliance review.
1089
00:39:13,900 –> 00:39:14,700
Immediately.
1090
00:39:14,700 –> 00:39:17,660
The system evaluated the content against defined rules.
1091
00:39:17,660 –> 00:39:19,420
The content violated policy.
1092
00:39:19,420 –> 00:39:20,860
The system prevented the action.
1093
00:39:20,860 –> 00:39:22,220
No human approval required.
1094
00:39:22,220 –> 00:39:23,660
No remediation after the fact.
1095
00:39:23,660 –> 00:39:24,940
Prevention at the point of action.
1096
00:39:24,940 –> 00:39:27,980
Autoclassification means the system identifies what data is.
1097
00:39:27,980 –> 00:39:29,980
Not humans hoping they remember to label it.
1098
00:39:29,980 –> 00:39:32,300
A file is created containing salary information.
1099
00:39:32,300 –> 00:39:33,260
The system scans it.
1100
00:39:33,260 –> 00:39:34,780
The system detects that it contains
1101
00:39:34,780 –> 00:39:37,580
personally identifiable information and financial data.
1102
00:39:37,580 –> 00:39:40,540
The system applies the confidential label automatically.
1103
00:39:40,540 –> 00:39:42,700
The user doesn’t have to remember to classify it.
1104
00:39:42,700 –> 00:39:45,500
The user doesn’t have to know what the classification policy is.
1105
00:39:45,500 –> 00:39:47,500
The system knows the system enforces it.
1106
00:39:47,500 –> 00:39:49,340
This inverts the entire governance model.
1107
00:39:49,340 –> 00:39:51,500
Instead of documents being unlabeled by default
1108
00:39:51,500 –> 00:39:53,660
and requiring humans to remember to label them,
1109
00:39:53,660 –> 00:39:55,420
documents are classified automatically.
1110
00:39:55,420 –> 00:39:57,420
Instead of policy being enforced by user behavior,
1111
00:39:57,420 –> 00:39:59,020
policy is enforced by the system.
1112
00:39:59,020 –> 00:40:00,380
Instead of governance being something
1113
00:40:00,380 –> 00:40:02,700
that depends on user training and compliance culture,
1114
00:40:02,700 –> 00:40:04,860
governance is something that happens automatically
1115
00:40:04,860 –> 00:40:06,460
regardless of user behavior.
1116
00:40:06,460 –> 00:40:08,780
Retention policies execute automatically.
1117
00:40:08,780 –> 00:40:10,780
Data is retained according to defined schedules.
1118
00:40:10,780 –> 00:40:13,020
When retention expires, data is deleted.
1119
00:40:13,020 –> 00:40:14,220
Not after manual review.
1120
00:40:14,220 –> 00:40:15,260
Not after audit.
1121
00:40:15,260 –> 00:40:16,220
Automatically.
1122
00:40:16,220 –> 00:40:19,260
The system executes the policy without human intervention.
1123
00:40:19,260 –> 00:40:21,660
Your quarterly cleaner project becomes irrelevant
1124
00:40:21,660 –> 00:40:23,900
because the system cleaned it up according to policy.
1125
00:40:23,900 –> 00:40:25,660
This is the satisfaction of the system.
1126
00:40:25,660 –> 00:40:27,180
You don’t manage governance anymore.
1127
00:40:27,180 –> 00:40:28,140
You define it once.
1128
00:40:28,140 –> 00:40:29,580
You specify intent.
1129
00:40:29,580 –> 00:40:31,660
You say what should be true of the system.
1130
00:40:31,660 –> 00:40:33,340
The system enforces what you intended.
1131
00:40:33,340 –> 00:40:35,020
If you intended for confidential data
1132
00:40:35,020 –> 00:40:37,340
to be restricted to certain users, the system restricts it.
1133
00:40:37,340 –> 00:40:40,460
If you intended for personal data to be deleted after two years,
1134
00:40:40,460 –> 00:40:41,420
the system deletes it.
1135
00:40:41,420 –> 00:40:43,900
If you intended for payment card data to never be copied,
1136
00:40:43,900 –> 00:40:45,260
the system prevents copying.
1137
00:40:45,260 –> 00:40:47,260
Governance is no longer a process you manage.
1138
00:40:47,260 –> 00:40:48,940
It’s a policy, the system enforces.
1139
00:40:48,940 –> 00:40:52,380
And the system is far better at enforcement than humans ever worth.
1140
00:40:52,380 –> 00:40:53,740
The system doesn’t forget.
1141
00:40:53,740 –> 00:40:55,340
The system doesn’t make exceptions.
1142
00:40:55,340 –> 00:40:57,260
The system doesn’t get tired or distracted
1143
00:40:57,260 –> 00:40:59,500
or compromise its standards under business pressure.
1144
00:40:59,500 –> 00:41:04,220
The system enforces exactly what you told it to enforce millions of times a day
1145
00:41:04,220 –> 00:41:05,820
with perfect consistency.
1146
00:41:05,820 –> 00:41:09,180
This is what replaced the hope that users would follow policy.
1147
00:41:09,180 –> 00:41:10,540
This is what replaced the assumption
1148
00:41:10,540 –> 00:41:12,300
that training would change behavior.
1149
00:41:12,300 –> 00:41:14,780
The system doesn’t need users to understand policy.
1150
00:41:14,780 –> 00:41:16,380
The system needs you to define it.
1151
00:41:16,380 –> 00:41:18,380
Then the system enforces it.
1152
00:41:18,380 –> 00:41:20,620
Agent 365 as the orchestration layer.
1153
00:41:20,620 –> 00:41:23,660
The third layer of replacement is where the revolution becomes complete.
1154
00:41:23,660 –> 00:41:24,860
This is Agent 365.
1155
00:41:24,860 –> 00:41:25,980
This is not a dashboard.
1156
00:41:25,980 –> 00:41:27,260
This is not a monitoring tool.
1157
00:41:27,260 –> 00:41:30,300
This is the control plane that orchestrates the autonomous actors
1158
00:41:30,300 –> 00:41:31,660
within your infrastructure.
1159
00:41:31,660 –> 00:41:33,820
You’ve spent years orchestrating humans,
1160
00:41:33,820 –> 00:41:35,900
assigning tasks, defining who does what,
1161
00:41:35,900 –> 00:41:40,300
managing dependencies, ensuring that complex work flows through the right sequence of people.
1162
00:41:40,300 –> 00:41:43,100
Someone provisioned a user, someone else configured their email,
1163
00:41:43,100 –> 00:41:44,780
someone else applied group memberships,
1164
00:41:44,780 –> 00:41:46,700
someone else granted access to SharePoint,
1165
00:41:46,700 –> 00:41:48,460
each step required human action.
1166
00:41:48,460 –> 00:41:53,020
Each step was a delay, each step was a chance for something to be missed or misconfigured.
1167
00:41:53,020 –> 00:41:56,380
Agent 365 removes the human from that orchestration entirely.
1168
00:41:56,380 –> 00:41:57,580
Here’s what it means in practice.
1169
00:41:57,580 –> 00:41:59,100
An AI agent is created.
1170
00:41:59,100 –> 00:42:00,620
The agent has a defined purpose,
1171
00:42:00,620 –> 00:42:02,540
provision users to a specific group.
1172
00:42:02,540 –> 00:42:05,180
The agent is assigned identity in Entra.
1173
00:42:05,180 –> 00:42:09,020
The agent receives exactly the permissions it needs to accomplish that one task.
1174
00:42:09,020 –> 00:42:11,500
Not standing privilege, not access to everything
1175
00:42:11,500 –> 00:42:13,820
until someone remembers to revoke it.
1176
00:42:13,820 –> 00:42:15,500
Exactly the permissions required.
1177
00:42:15,500 –> 00:42:17,180
The agent can create user accounts.
1178
00:42:17,180 –> 00:42:19,180
The agent can add them to the specific group.
1179
00:42:19,180 –> 00:42:20,940
The agent cannot access any other data.
1180
00:42:20,940 –> 00:42:22,860
The agent cannot modify any other systems.
1181
00:42:22,860 –> 00:42:25,020
The agent cannot escalate its own privilege.
1182
00:42:25,020 –> 00:42:26,140
This is the first principle.
1183
00:42:26,140 –> 00:42:27,340
Every agent is scoped.
1184
00:42:27,340 –> 00:42:28,700
Every agent has boundaries.
1185
00:42:28,700 –> 00:42:30,540
Every agent operates under constraint.
1186
00:42:30,540 –> 00:42:32,300
But here’s where it becomes orchestration.
1187
00:42:32,300 –> 00:42:35,100
That provisioning agent can be one step in a larger workflow.
1188
00:42:35,100 –> 00:42:36,140
A request comes in.
1189
00:42:36,140 –> 00:42:39,340
An agent evaluates whether it meets defined criteria.
1190
00:42:39,340 –> 00:42:41,180
Another agent provisions the user.
1191
00:42:41,180 –> 00:42:43,180
A third agent sends a notification email.
1192
00:42:43,180 –> 00:42:45,340
A fourth agent updates a tracking system.
1193
00:42:45,340 –> 00:42:47,420
A fifth agent creates a calendar entry.
1194
00:42:47,420 –> 00:42:49,100
The workflow executes automatically.
1195
00:42:49,100 –> 00:42:51,340
No human deciding which step comes next.
1196
00:42:51,340 –> 00:42:53,180
No human coordinating between systems.
1197
00:42:53,180 –> 00:42:55,180
No human reviewing the intermediate states.
1198
00:42:55,180 –> 00:42:58,300
The agents coordinate with each other based on defined workflow logic.
1199
00:42:58,300 –> 00:43:00,140
Watch what happens when something goes wrong.
1200
00:43:00,140 –> 00:43:02,540
An agent attempts an action that violates policy.
1201
00:43:02,540 –> 00:43:03,500
The system detects it.
1202
00:43:03,500 –> 00:43:04,780
The agent is autoblocked.
1203
00:43:04,780 –> 00:43:06,060
Not after investigation.
1204
00:43:06,060 –> 00:43:08,060
Not after someone decides it’s a problem.
1205
00:43:08,060 –> 00:43:11,180
Automatically, the agent is removed from operation immediately.
1206
00:43:11,180 –> 00:43:12,380
Risk signal detected.
1207
00:43:12,380 –> 00:43:13,340
Access revoked.
1208
00:43:13,340 –> 00:43:14,220
System protected.
1209
00:43:14,220 –> 00:43:15,260
No human latency.
1210
00:43:15,260 –> 00:43:17,660
No delay waiting for someone to notice the problem.
1211
00:43:17,660 –> 00:43:19,340
Watch what happens to inactive agents.
1212
00:43:19,340 –> 00:43:21,820
An agent hasn’t executed any actions in 30 days.
1213
00:43:21,820 –> 00:43:23,260
The system marks it for review.
1214
00:43:23,260 –> 00:43:24,540
60 days of inactivity.
1215
00:43:24,540 –> 00:43:25,740
The system auto-deletes it.
1216
00:43:25,740 –> 00:43:28,140
You don’t have to remember to clean up old agents.
1217
00:43:28,140 –> 00:43:31,100
You don’t have to audit the agent inventory annually.
1218
00:43:31,100 –> 00:43:33,180
The system maintains inventory automatically.
1219
00:43:33,180 –> 00:43:34,540
Inactive agents are removed.
1220
00:43:34,540 –> 00:43:35,900
Dead agents are retired.
1221
00:43:35,900 –> 00:43:38,460
Often agents are reassigned to managers.
1222
00:43:38,460 –> 00:43:40,620
The system manages the agent life cycle.
1223
00:43:40,620 –> 00:43:42,780
The way it manages the user life cycle.
1224
00:43:42,780 –> 00:43:44,460
Automatically, continuously.
1225
00:43:44,460 –> 00:43:45,820
This is the shift that matters.
1226
00:43:45,820 –> 00:43:47,900
You no longer orchestrate agents manually.
1227
00:43:47,900 –> 00:43:49,180
The system orchestrates them.
1228
00:43:49,180 –> 00:43:51,500
You define the orchestration rules once.
1229
00:43:51,500 –> 00:43:53,980
You specify what agents should do in what sequence
1230
00:43:53,980 –> 00:43:54,940
under what conditions.
1231
00:43:54,940 –> 00:43:57,340
The system executes that orchestration millions of times
1232
00:43:57,340 –> 00:43:58,380
without human involvement.
1233
00:43:58,380 –> 00:44:00,220
Here’s the architectural truth that emerges.
1234
00:44:00,220 –> 00:44:02,060
Humans were the bottleneck in orchestration.
1235
00:44:02,060 –> 00:44:03,980
You had to decide which tool to use.
1236
00:44:03,980 –> 00:44:05,420
You had to decide in what sequence.
1237
00:44:05,420 –> 00:44:07,180
You had to coordinate between systems.
1238
00:44:07,180 –> 00:44:10,220
You had to escalate when something didn’t fit the defined workflow.
1239
00:44:10,220 –> 00:44:11,260
You had to make exceptions.
1240
00:44:11,260 –> 00:44:12,940
You had to document decisions.
1241
00:44:12,940 –> 00:44:14,300
Every decision was a delay.
1242
00:44:14,300 –> 00:44:17,100
Every delay was an opportunity for the business to work around you.
1243
00:44:17,100 –> 00:44:19,100
Now, the orchestration happens automatically.
1244
00:44:19,100 –> 00:44:21,660
The system coordinates actions across multiple agents.
1245
00:44:21,660 –> 00:44:23,660
The system makes decisions about sequencing
1246
00:44:23,660 –> 00:44:25,260
based on defined rules.
1247
00:44:25,260 –> 00:44:27,260
The system escalates only when something
1248
00:44:27,260 –> 00:44:29,100
genuinely requires human judgment.
1249
00:44:29,100 –> 00:44:30,620
The system doesn’t wait for approval.
1250
00:44:30,620 –> 00:44:32,700
It acts according to defined intent.
1251
00:44:32,700 –> 00:44:35,580
And it acts faster than any human could ever coordinate manually.
1252
00:44:35,580 –> 00:44:37,740
By 2026, organizations that implemented
1253
00:44:37,740 –> 00:44:40,700
a genetic orchestration reported something unprecedented.
1254
00:44:40,700 –> 00:44:43,980
Workflows that used to take days now completed in minutes.
1255
00:44:43,980 –> 00:44:45,740
Provisioning that required coordination
1256
00:44:45,740 –> 00:44:48,540
across four departments now happened automatically.
1257
00:44:48,540 –> 00:44:50,540
Access requests that used to pass through
1258
00:44:50,540 –> 00:44:52,620
multiple approval gates now executed
1259
00:44:52,620 –> 00:44:54,140
according to defined criteria.
1260
00:44:54,140 –> 00:44:55,820
The complexity didn’t decrease.
1261
00:44:55,820 –> 00:44:57,260
But the human latency disappeared.
1262
00:44:57,260 –> 00:44:59,100
This is what replaced the orchestration admin,
1263
00:44:59,100 –> 00:45:01,420
not a faster person coordinating between systems.
1264
00:45:01,420 –> 00:45:03,180
A system that coordinates automatically
1265
00:45:03,180 –> 00:45:04,780
according to defined rules.
1266
00:45:04,780 –> 00:45:06,860
A system that manages agent life cycle
1267
00:45:06,860 –> 00:45:08,220
without human involvement.
1268
00:45:08,220 –> 00:45:10,460
A system that detects and prevents problems
1269
00:45:10,460 –> 00:45:12,140
before they affect the business.
1270
00:45:12,140 –> 00:45:13,820
This is agent 365.
1271
00:45:13,820 –> 00:45:15,580
The orchestration layer that removes humans
1272
00:45:15,580 –> 00:45:17,660
from orchestration entirely.
1273
00:45:17,660 –> 00:45:20,380
The copilot shift, from assistance to autonomy.
1274
00:45:20,380 –> 00:45:23,340
Copilot represents the moment when the system stopped asking
1275
00:45:23,340 –> 00:45:25,580
for permission and started asking for intent.
1276
00:45:25,580 –> 00:45:26,700
This distinction matters.
1277
00:45:26,700 –> 00:45:27,580
It’s not semantic.
1278
00:45:27,580 –> 00:45:29,340
It’s architectural.
1279
00:45:29,340 –> 00:45:31,660
For years, you’ve thought of copilot as a helper.
1280
00:45:31,660 –> 00:45:32,380
A tool you use.
1281
00:45:32,380 –> 00:45:33,340
You ask it a question.
1282
00:45:33,340 –> 00:45:34,220
It gives you an answer.
1283
00:45:34,220 –> 00:45:35,660
You ask it to draft something.
1284
00:45:35,660 –> 00:45:36,540
It suggests text.
1285
00:45:36,540 –> 00:45:37,900
You ask it to analyze data.
1286
00:45:37,900 –> 00:45:38,860
It shows you patterns.
1287
00:45:38,860 –> 00:45:40,060
Copilot is an assistant.
1288
00:45:40,060 –> 00:45:41,100
It’s there when you need it.
1289
00:45:41,100 –> 00:45:41,980
You initiate.
1290
00:45:41,980 –> 00:45:43,020
Copilot responds.
1291
00:45:43,020 –> 00:45:44,220
That’s assistance.
1292
00:45:44,220 –> 00:45:45,820
That’s not what copilot is anymore.
1293
00:45:45,820 –> 00:45:47,740
Copilot has shifted into something else.
1294
00:45:47,740 –> 00:45:49,740
Agent mode in word excel and PowerPoint
1295
00:45:49,740 –> 00:45:52,140
means copilot doesn’t wait for your request anymore.
1296
00:45:52,140 –> 00:45:53,260
You describe what you want.
1297
00:45:53,260 –> 00:45:55,820
You say, make this document match the brand guidelines.
1298
00:45:55,820 –> 00:45:56,700
You don’t tell it how.
1299
00:45:56,700 –> 00:45:57,900
You don’t click buttons.
1300
00:45:57,900 –> 00:45:58,940
You describe intent.
1301
00:45:58,940 –> 00:46:00,300
Copilot understands intent.
1302
00:46:00,300 –> 00:46:01,340
Copilot executes it.
1303
00:46:01,340 –> 00:46:03,580
Copilot edits the document autonomously.
1304
00:46:03,580 –> 00:46:05,340
Without asking permission for each change,
1305
00:46:05,340 –> 00:46:06,300
you review what it did.
1306
00:46:06,300 –> 00:46:07,180
You accept or reject.
1307
00:46:07,180 –> 00:46:08,620
But copilot made the decisions.
1308
00:46:08,620 –> 00:46:09,900
Copilot determined the edits.
1309
00:46:09,900 –> 00:46:12,700
Copilot moved from suggesting changes to making them.
1310
00:46:12,700 –> 00:46:13,500
This is the shift.
1311
00:46:13,500 –> 00:46:15,100
From assistance to autonomy.
1312
00:46:15,100 –> 00:46:17,020
Watch what happens when you shift that paradigm.
1313
00:46:17,020 –> 00:46:18,220
Under the assistance model,
1314
00:46:18,220 –> 00:46:19,500
you have to know what you want.
1315
00:46:19,500 –> 00:46:20,620
You describe the problem.
1316
00:46:20,620 –> 00:46:21,820
Copilot helps you solve it.
1317
00:46:21,820 –> 00:46:22,780
You’re still the director.
1318
00:46:22,780 –> 00:46:24,220
You’re still making decisions.
1319
00:46:24,220 –> 00:46:26,540
Copilot is providing suggestions and information
1320
00:46:26,540 –> 00:46:27,980
to help you decide better.
1321
00:46:27,980 –> 00:46:29,020
Under the autonomy model,
1322
00:46:29,020 –> 00:46:30,380
you describe the outcome you want.
1323
00:46:30,380 –> 00:46:31,980
You don’t describe the steps.
1324
00:46:31,980 –> 00:46:33,500
Copilot determines the steps.
1325
00:46:33,500 –> 00:46:35,500
Copilot doesn’t show you its work for approval.
1326
00:46:35,500 –> 00:46:37,580
Copilot acts according to defined intent.
1327
00:46:37,580 –> 00:46:39,580
You’re no longer deciding what changes to make.
1328
00:46:39,580 –> 00:46:42,540
You’re deciding whether the outcome matches what you intended.
1329
00:46:42,540 –> 00:46:44,380
The first model requires you to understand
1330
00:46:44,380 –> 00:46:46,540
the problem deeply enough to direct the solution.
1331
00:46:46,540 –> 00:46:48,540
The second model requires you to understand
1332
00:46:48,540 –> 00:46:49,660
the desired outcome,
1333
00:46:49,660 –> 00:46:51,260
but not the path to get there.
1334
00:46:51,260 –> 00:46:52,620
The system determines the path.
1335
00:46:52,620 –> 00:46:53,740
This is why it matters.
1336
00:46:53,740 –> 00:46:57,100
The assistance model still requires human direction at each step.
1337
00:46:57,100 –> 00:46:58,300
You have to know what to ask for.
1338
00:46:58,300 –> 00:46:59,980
You have to know what information matters.
1339
00:46:59,980 –> 00:47:01,740
You have to understand the domain well enough
1340
00:47:01,740 –> 00:47:03,340
to evaluate Copilot’s suggestions.
1341
00:47:03,340 –> 00:47:04,780
The human is still the bottleneck.
1342
00:47:04,780 –> 00:47:07,580
You’re just using a better tool to help you think.
1343
00:47:07,580 –> 00:47:10,540
The autonomy model removes human direction from the execution.
1344
00:47:10,540 –> 00:47:11,660
You describe intent.
1345
00:47:11,660 –> 00:47:13,100
The system executes.
1346
00:47:13,100 –> 00:47:15,420
The human becomes a validator, not a director.
1347
00:47:15,420 –> 00:47:18,300
You’re no longer making decisions about how to accomplish the task.
1348
00:47:18,300 –> 00:47:20,780
You’re evaluating whether the task was accomplished correctly.
1349
00:47:20,780 –> 00:47:22,300
This is the architectural revolution.
1350
00:47:22,300 –> 00:47:24,540
You’ve moved from human decides, AI helps,
1351
00:47:24,540 –> 00:47:26,540
to human describes, AI decides it.
1352
00:47:26,540 –> 00:47:28,540
The decision making moves from you to the system.
1353
00:47:28,540 –> 00:47:29,900
The system is now the actor.
1354
00:47:29,900 –> 00:47:30,780
You’re now the arbiter.
1355
00:47:30,780 –> 00:47:32,060
But here’s where it gets interesting.
1356
00:47:32,060 –> 00:47:35,100
This only works if the system actually understands intent.
1357
00:47:35,100 –> 00:47:38,540
An understanding intent requires something more than just answering questions.
1358
00:47:38,540 –> 00:47:40,540
It requires the system to know what you value.
1359
00:47:40,540 –> 00:47:42,620
It requires organizational context.
1360
00:47:42,620 –> 00:47:46,140
It requires understanding your business logic, your standards, your constraints.
1361
00:47:46,140 –> 00:47:50,300
It requires the system to have access to what you intended to build.
1362
00:47:50,300 –> 00:47:52,140
Not just what you asked it to do.
1363
00:47:52,140 –> 00:47:53,660
This is where work IQ enters.
1364
00:47:53,660 –> 00:47:56,060
This is where the system learns organizational memory.
1365
00:47:56,060 –> 00:47:58,380
Every meeting you attend, every document you create,
1366
00:47:58,380 –> 00:48:00,460
every decision you make, the system observes it.
1367
00:48:00,460 –> 00:48:02,460
The system builds a model of how you think.
1368
00:48:02,460 –> 00:48:05,660
What you value, what you consider correct, what your standards are.
1369
00:48:05,660 –> 00:48:08,060
When you describe intent, the system doesn’t just guess.
1370
00:48:08,060 –> 00:48:09,500
The system knows your preferences.
1371
00:48:09,500 –> 00:48:10,860
The system knows your domain.
1372
00:48:10,860 –> 00:48:15,740
The system knows what success looks like because it’s seen thousands of examples of your work.
1373
00:48:15,740 –> 00:48:17,980
Now, copilot doesn’t just execute instructions.
1374
00:48:17,980 –> 00:48:21,180
Copilot executes intent according to your specific context.
1375
00:48:21,180 –> 00:48:23,500
When you say make this compliant with our guidelines,
1376
00:48:23,500 –> 00:48:26,220
copilot knows your guidelines because it’s seen your documents.
1377
00:48:26,220 –> 00:48:27,660
It’s seen your standards.
1378
00:48:27,660 –> 00:48:29,420
It knows what you consider compliant.
1379
00:48:29,420 –> 00:48:31,900
This is what separates a general purpose assistant
1380
00:48:31,900 –> 00:48:34,860
from an autonomous actor working within organizational context.
1381
00:48:34,860 –> 00:48:37,260
The general assistant needs you to specify everything.
1382
00:48:37,260 –> 00:48:40,380
The organizational agent understands context, understands intent.
1383
00:48:40,380 –> 00:48:43,180
Executes according to your specific business logic.
1384
00:48:43,180 –> 00:48:45,100
By 2026, this shift was complete.
1385
00:48:45,100 –> 00:48:46,780
Copilot moved from helper to actor.
1386
00:48:46,780 –> 00:48:48,780
From suggestion based to autonomy based.
1387
00:48:48,780 –> 00:48:51,260
From here’s information to help you decide to,
1388
00:48:51,260 –> 00:48:53,660
here’s what I did based on what you intended.
1389
00:48:53,660 –> 00:48:56,060
The human moved from director to validator.
1390
00:48:56,060 –> 00:48:59,500
From making decisions to evaluating whether decisions were made correctly.
1391
00:48:59,500 –> 00:49:03,580
From active participation in execution to oversight of autonomous execution.
1392
00:49:03,580 –> 00:49:07,100
This is the moment when you stopped being the operator and became the supervisor.
1393
00:49:07,100 –> 00:49:10,300
The skill shift, from operator to architect.
1394
00:49:10,300 –> 00:49:12,140
If the system replaced manual operators,
1395
00:49:12,140 –> 00:49:13,980
what happened to the people who were operators?
1396
00:49:13,980 –> 00:49:17,180
The answer matters because the answer determines whether you survived this transition
1397
00:49:17,180 –> 00:49:18,140
or became obsolete.
1398
00:49:18,140 –> 00:49:19,660
The admin role didn’t disappear.
1399
00:49:19,660 –> 00:49:22,940
It transformed and transformation is harsher than replacement
1400
00:49:22,940 –> 00:49:25,820
because transformation requires you to become someone different
1401
00:49:25,820 –> 00:49:27,820
while still being responsible for the work.
1402
00:49:27,820 –> 00:49:29,180
You used to be an operator.
1403
00:49:29,180 –> 00:49:32,220
You managed systems, you clicked buttons, you ran scripts,
1404
00:49:32,220 –> 00:49:34,620
you approved requests, you reviewed policies,
1405
00:49:34,620 –> 00:49:37,500
you executed decisions, your value was in execution.
1406
00:49:37,500 –> 00:49:39,100
How fast could you provision a user?
1407
00:49:39,100 –> 00:49:40,940
How many access reviews could you process?
1408
00:49:40,940 –> 00:49:42,940
How quickly could you respond to requests?
1409
00:49:42,940 –> 00:49:44,700
You were measured on speed and thoroughness.
1410
00:49:44,700 –> 00:49:46,060
How many tickets did you close?
1411
00:49:46,060 –> 00:49:47,820
How many configurations did you deploy?
1412
00:49:47,820 –> 00:49:49,900
Your work was visible, your impact was measurable,
1413
00:49:49,900 –> 00:49:51,180
you did things, things happened.
1414
00:49:51,180 –> 00:49:52,620
That’s not what the architect does.
1415
00:49:52,620 –> 00:49:54,540
The architect no longer manages systems.
1416
00:49:54,540 –> 00:49:57,180
The architect designed systems, you don’t click buttons anymore.
1417
00:49:57,180 –> 00:49:58,940
You define the rules that buttons follow,
1418
00:49:58,940 –> 00:50:00,460
you don’t approve requests anymore.
1419
00:50:00,460 –> 00:50:02,780
You design the logic that approves requests automatically.
1420
00:50:02,780 –> 00:50:04,300
You don’t review policies anymore.
1421
00:50:04,300 –> 00:50:06,780
You architect the policies that enforce themselves.
1422
00:50:06,780 –> 00:50:08,620
Your value is no longer in execution.
1423
00:50:08,620 –> 00:50:09,900
Your value is in design.
1424
00:50:09,900 –> 00:50:11,260
This requires different skills,
1425
00:50:11,260 –> 00:50:12,940
completely different execution skills,
1426
00:50:12,940 –> 00:50:15,980
how to use the interface, how to navigate complex configurations,
1427
00:50:15,980 –> 00:50:18,620
how to remember the sequence of steps become irrelevant.
1428
00:50:18,620 –> 00:50:21,340
The interface doesn’t matter if the system is executing automatically.
1429
00:50:21,340 –> 00:50:23,980
The configuration steps don’t matter if your defining rules,
1430
00:50:23,980 –> 00:50:25,340
not executing them.
1431
00:50:25,340 –> 00:50:28,300
The sequence of actions doesn’t matter if the system is orchestrating actions,
1432
00:50:28,300 –> 00:50:28,940
not humans.
1433
00:50:28,940 –> 00:50:30,540
What matters now is system thinking,
1434
00:50:30,540 –> 00:50:31,820
how do policies interact?
1435
00:50:31,820 –> 00:50:33,980
What happens when this rule meets this other rule?
1436
00:50:33,980 –> 00:50:35,660
Where are the logical inconsistencies?
1437
00:50:35,660 –> 00:50:37,020
Where will exceptions accumulate?
1438
00:50:37,020 –> 00:50:38,300
How do you define intent?
1439
00:50:38,300 –> 00:50:41,500
Clearly enough that a machine can enforce it consistently.
1440
00:50:41,500 –> 00:50:46,060
How do you scope agent permissions so that the agent can accomplish its purpose
1441
00:50:46,060 –> 00:50:47,580
without introducing new risks?
1442
00:50:47,580 –> 00:50:50,700
How do you design for the exceptions that don’t yet exist?
1443
00:50:50,700 –> 00:50:52,060
These are architect skills,
1444
00:50:52,060 –> 00:50:54,060
and they’re the opposite of operator skills.
1445
00:50:54,060 –> 00:50:55,660
An operator memorizes steps.
1446
00:50:55,660 –> 00:50:57,180
An architect thinks about systems.
1447
00:50:57,180 –> 00:50:58,780
An operator executes decisions.
1448
00:50:58,780 –> 00:51:00,540
An architect defines decision logic.
1449
00:51:00,540 –> 00:51:02,300
An operator manages complexity.
1450
00:51:02,300 –> 00:51:06,380
An architect eliminates complexity by designing systems that prevent it.
1451
00:51:06,380 –> 00:51:07,740
Here’s what the research showed.
1452
00:51:07,740 –> 00:51:11,100
Entry level IT admin positions declined 13%.
1453
00:51:11,100 –> 00:51:12,380
Not because there’s less work.
1454
00:51:12,380 –> 00:51:14,620
Because the work that entry level admins used to do,
1455
00:51:14,620 –> 00:51:17,500
the ticket processing, the provisioning, the policy application,
1456
00:51:17,500 –> 00:51:18,540
is now automated.
1457
00:51:18,540 –> 00:51:20,780
You don’t need someone to process provisioning tickets.
1458
00:51:20,780 –> 00:51:22,460
The system provisions automatically.
1459
00:51:22,460 –> 00:51:24,540
You don’t need someone to apply policies.
1460
00:51:24,540 –> 00:51:25,660
The system applies them.
1461
00:51:25,660 –> 00:51:28,940
You don’t need entry level admins doing task execution anymore.
1462
00:51:28,940 –> 00:51:32,220
But mid-level architects, the people with five to ten years of experience,
1463
00:51:32,220 –> 00:51:35,260
the people who understood why policies were written the way they were,
1464
00:51:35,260 –> 00:51:38,460
the people who understood the business logic behind the configurations.
1465
00:51:38,460 –> 00:51:39,900
Demand for those people went up.
1466
00:51:39,900 –> 00:51:42,860
Because those are the people who can design systems that work.
1467
00:51:42,860 –> 00:51:45,100
Who can translate business intent into policy?
1468
00:51:45,100 –> 00:51:47,820
Who can architect governance frameworks that actually scale?
1469
00:51:47,820 –> 00:51:49,420
This is the skillshift that matters.
1470
00:51:49,420 –> 00:51:52,060
The operator who got really good at clicking buttons,
1471
00:51:52,060 –> 00:51:53,580
who memorized the interface,
1472
00:51:53,580 –> 00:51:55,820
who could provision faster than anyone else.
1473
00:51:55,820 –> 00:51:57,580
That person became obsolete.
1474
00:51:57,580 –> 00:51:59,500
Not because they were replaced by a tool.
1475
00:51:59,500 –> 00:52:01,260
Because the tool eliminated the work they did.
1476
00:52:01,260 –> 00:52:03,260
The operator’s skillset speed,
1477
00:52:03,260 –> 00:52:06,300
thoroughness, attention to detail in task execution,
1478
00:52:06,300 –> 00:52:09,500
became irrelevant in a system where tasks execute automatically.
1479
00:52:09,500 –> 00:52:12,860
But the operator who also understood why the system was designed that way,
1480
00:52:12,860 –> 00:52:15,260
who understood the intent behind the policies,
1481
00:52:15,260 –> 00:52:17,340
who could think about how systems interact.
1482
00:52:17,340 –> 00:52:18,780
That person became an architect.
1483
00:52:18,780 –> 00:52:21,500
That person learned to think about design instead of execution.
1484
00:52:21,500 –> 00:52:22,540
That person survived.
1485
00:52:22,540 –> 00:52:23,500
That person thrived.
1486
00:52:23,500 –> 00:52:25,420
That person is now in higher demand than ever.
1487
00:52:25,420 –> 00:52:26,540
The brutal part is this.
1488
00:52:26,540 –> 00:52:29,500
If you’ve spent five years getting really good at operator skills,
1489
00:52:29,500 –> 00:52:32,700
if your entire value is tied to execution speed and thoroughness,
1490
00:52:32,700 –> 00:52:35,900
you have to learn entirely new skills or you become irrelevant.
1491
00:52:35,900 –> 00:52:39,260
And learning entirely new skills is harder than learning to execute faster.
1492
00:52:39,260 –> 00:52:41,660
It requires you to unlearn what made you valuable.
1493
00:52:41,660 –> 00:52:43,260
It requires you to think differently.
1494
00:52:43,260 –> 00:52:45,500
It requires you to understand systems at a level
1495
00:52:45,500 –> 00:52:47,580
that task execution never required.
1496
00:52:47,580 –> 00:52:52,540
Entry level hiring dropped because the system doesn’t need entry level operators anymore.
1497
00:52:52,540 –> 00:52:55,580
Mid-level hiring increased because the system needs architects.
1498
00:52:55,580 –> 00:52:59,340
The people who survived the transition were the ones who learned to think like architects.
1499
00:52:59,340 –> 00:53:01,740
The ones who didn’t became the unemployment statistics.
1500
00:53:01,740 –> 00:53:03,180
This is the uncomfortable truth.
1501
00:53:03,180 –> 00:53:05,740
The system didn’t need you to get better at what you were doing.
1502
00:53:05,740 –> 00:53:08,860
The system needed you to stop doing it and become someone else.
1503
00:53:08,860 –> 00:53:12,780
And becoming someone else is harder than getting faster at what you already do.
1504
00:53:12,780 –> 00:53:14,220
The governance stack.
1505
00:53:14,220 –> 00:53:15,420
How it all connects.
1506
00:53:15,420 –> 00:53:17,260
The real power isn’t in any single tool.
1507
00:53:17,260 –> 00:53:19,260
The real power is in how they work together.
1508
00:53:19,260 –> 00:53:22,300
And that coherence is what manual administration could never achieve.
1509
00:53:22,300 –> 00:53:25,100
Think about what happens when a provisioning request comes in.
1510
00:53:25,100 –> 00:53:28,620
Under manual administration, the request would pass through human hands.
1511
00:53:28,620 –> 00:53:33,100
It would approve it, HR would verify it, security would check it, finance would confirm budget,
1512
00:53:33,100 –> 00:53:37,340
each person would review, add comments, escalate if needed, weeks would pass.
1513
00:53:37,340 –> 00:53:39,740
Then someone would finally execute the provisioning.
1514
00:53:39,740 –> 00:53:43,180
Under the agentic model, the request flows through the governance stack.
1515
00:53:43,180 –> 00:53:45,100
And every layer adds something different.
1516
00:53:45,100 –> 00:53:46,780
Every layer enforces something different.
1517
00:53:46,780 –> 00:53:49,180
Every layer makes the final outcome more certain.
1518
00:53:49,180 –> 00:53:50,940
The request enters Entry ID first.
1519
00:53:50,940 –> 00:53:52,300
This is the identity layer.
1520
00:53:52,300 –> 00:53:55,340
Entry evaluates the request against identity governance rules.
1521
00:53:55,340 –> 00:53:58,780
Is the requesting user authorized to make provisioning requests?
1522
00:53:58,780 –> 00:53:59,980
Are they in the right department?
1523
00:53:59,980 –> 00:54:01,260
Are their credentials valid?
1524
00:54:01,260 –> 00:54:02,940
Has their account been flagged for risk?
1525
00:54:02,940 –> 00:54:05,820
Entry makes these decisions in milliseconds based on signals.
1526
00:54:05,820 –> 00:54:09,580
The request either passes through or is rejected at the identity layer.
1527
00:54:09,580 –> 00:54:11,580
If it passes, it moves to conditional access.
1528
00:54:11,580 –> 00:54:13,180
This is the temporal and risk layer.
1529
00:54:13,180 –> 00:54:15,020
Conditional access evaluates context.
1530
00:54:15,020 –> 00:54:17,180
Is the request coming from a trusted location?
1531
00:54:17,180 –> 00:54:18,780
Is it coming at a reasonable time?
1532
00:54:18,780 –> 00:54:20,380
Is the requesting device managed?
1533
00:54:20,380 –> 00:54:21,660
Is there an anomaly in the pattern?
1534
00:54:21,660 –> 00:54:24,700
Conditional access applies time-based and signal-based rules.
1535
00:54:24,700 –> 00:54:27,820
The request either proceeds or triggers additional verification.
1536
00:54:27,820 –> 00:54:31,340
If it passes conditional access, it moves to the authorization engine.
1537
00:54:31,340 –> 00:54:33,020
This is where scope is determined.
1538
00:54:33,020 –> 00:54:34,700
What exactly can this request create?
1539
00:54:34,700 –> 00:54:35,980
Not what the user asked for.
1540
00:54:35,980 –> 00:54:37,500
What the governance rules permit?
1541
00:54:37,500 –> 00:54:39,180
Can this user provision to this group?
1542
00:54:39,180 –> 00:54:40,860
Can this user assign this license?
1543
00:54:40,860 –> 00:54:42,300
Can this user grant this access?
1544
00:54:42,300 –> 00:54:45,900
The authorization engine answers these questions based on defined policy.
1545
00:54:45,900 –> 00:54:47,180
It doesn’t ask for approval.
1546
00:54:47,180 –> 00:54:49,900
It evaluates policy and determines what’s permissible.
1547
00:54:49,900 –> 00:54:53,100
If authorization passes the request reaches Agent 365,
1548
00:54:53,100 –> 00:54:54,380
this is the agent layer.
1549
00:54:54,380 –> 00:54:57,820
Agent 365 determines which agents can execute this request.
1550
00:54:57,820 –> 00:55:01,020
What automation should run in what sequence with what constraints?
1551
00:55:01,020 –> 00:55:03,260
Agent 365 orchestrates the agents.
1552
00:55:03,260 –> 00:55:04,940
One agent creates the user account.
1553
00:55:04,940 –> 00:55:06,380
Another applies the license.
1554
00:55:06,380 –> 00:55:08,060
Another adds the user to the group.
1555
00:55:08,060 –> 00:55:09,420
Another sends notification.
1556
00:55:09,420 –> 00:55:11,180
Another updates the tracking system.
1557
00:55:11,180 –> 00:55:12,700
All coordinated automatically.
1558
00:55:12,700 –> 00:55:14,700
All executing in defined sequence.
1559
00:55:14,700 –> 00:55:17,980
All operating within the scope determined by the authorization layer.
1560
00:55:17,980 –> 00:55:20,540
During execution, power automate handles the workflow logic.
1561
00:55:20,540 –> 00:55:22,700
Power automate doesn’t execute autonomously.
1562
00:55:22,700 –> 00:55:25,660
Power automate executes what the agents tell it to execute.
1563
00:55:25,660 –> 00:55:27,660
But power automate enforces the workflow.
1564
00:55:27,660 –> 00:55:29,660
It ensures steps happen in the right order.
1565
00:55:29,660 –> 00:55:31,740
It handles escalations if something fails.
1566
00:55:31,740 –> 00:55:35,100
It manages the state of the provisioning throughout execution.
1567
00:55:35,100 –> 00:55:36,380
While all this is happening,
1568
00:55:36,380 –> 00:55:38,220
Microsoft Graph is being accessed.
1569
00:55:38,220 –> 00:55:39,900
Graph retrieves the information needed.
1570
00:55:39,900 –> 00:55:41,100
Graph updates the directory.
1571
00:55:41,100 –> 00:55:42,940
Graph notifies dependent systems.
1572
00:55:42,940 –> 00:55:45,100
Graph is the data layer underlying everything.
1573
00:55:45,100 –> 00:55:46,540
Every layer reads from Graph.
1574
00:55:46,540 –> 00:55:47,820
Every layer writes to Graph.
1575
00:55:47,820 –> 00:55:49,580
Graph maintains the source of truth.
1576
00:55:49,580 –> 00:55:52,860
And throughout this entire flow, PerView is evaluating data.
1577
00:55:52,860 –> 00:55:54,300
What data is being accessed.
1578
00:55:54,300 –> 00:55:55,580
What data is being created.
1579
00:55:55,580 –> 00:55:57,500
What data sensitivity labels apply.
1580
00:55:57,500 –> 00:56:00,060
PerView enforces data governance rules in real time.
1581
00:56:00,060 –> 00:56:02,780
If someone attempts to share sensitive data inappropriately,
1582
00:56:02,780 –> 00:56:04,380
PerView detects it and blocks it.
1583
00:56:04,380 –> 00:56:05,580
PerView doesn’t wait.
1584
00:56:05,580 –> 00:56:07,180
PerView enforces continuously.
1585
00:56:07,180 –> 00:56:09,340
Finally, Defender is observing.
1586
00:56:09,340 –> 00:56:10,780
Defender watches every action.
1587
00:56:10,780 –> 00:56:11,900
Is the provisioning normal?
1588
00:56:11,900 –> 00:56:13,020
Is the scope appropriate?
1589
00:56:13,020 –> 00:56:14,860
Is the agent behaving as expected?
1590
00:56:14,860 –> 00:56:16,060
Is there a threat signal?
1591
00:56:16,060 –> 00:56:17,660
Defender maintains visibility.
1592
00:56:17,660 –> 00:56:19,420
If something looks wrong, Defender alerts.
1593
00:56:19,420 –> 00:56:22,220
If something looks like compromise, Defender revokes access.
1594
00:56:22,220 –> 00:56:24,620
Defender is the eyes that never stop watching.
1595
00:56:24,620 –> 00:56:27,980
This entire flow from request entry to execution to monitoring
1596
00:56:27,980 –> 00:56:29,100
happens in seconds.
1597
00:56:29,100 –> 00:56:30,220
No human approval.
1598
00:56:30,220 –> 00:56:30,860
No waiting.
1599
00:56:30,860 –> 00:56:31,660
No exceptions.
1600
00:56:31,660 –> 00:56:32,700
No theater.
1601
00:56:32,700 –> 00:56:35,500
The request either completes according to defined governance
1602
00:56:35,500 –> 00:56:38,460
or fails at a specific layer with documented reason.
1603
00:56:38,460 –> 00:56:39,820
The coherence is what matters.
1604
00:56:39,820 –> 00:56:41,420
Each layer enforces something different.
1605
00:56:41,420 –> 00:56:43,340
Identity enforces who can request.
1606
00:56:43,340 –> 00:56:44,940
Context enforces when and where.
1607
00:56:44,940 –> 00:56:47,260
Authorization enforces what scope is permissible.
1608
00:56:47,260 –> 00:56:49,020
Agents enforce execution order.
1609
00:56:49,020 –> 00:56:50,780
Graph enforces data consistency.
1610
00:56:50,780 –> 00:56:52,460
PerView enforces data protection.
1611
00:56:52,460 –> 00:56:54,780
Defender enforces security.
1612
00:56:54,780 –> 00:56:56,780
Together, they form a unified system
1613
00:56:56,780 –> 00:56:59,020
where governance is embedded at every layer.
1614
00:56:59,020 –> 00:57:00,860
Manual administration couldn’t achieve this
1615
00:57:00,860 –> 00:57:02,380
because no human could coordinate
1616
00:57:02,380 –> 00:57:05,020
across seven different governance layers simultaneously.
1617
00:57:05,020 –> 00:57:07,100
But the system doesn’t need humans to coordinate.
1618
00:57:07,100 –> 00:57:09,340
The system is designed for automatic coordination.
1619
00:57:09,340 –> 00:57:10,460
Each layer does its job.
1620
00:57:10,460 –> 00:57:11,900
Each layer trusts the others.
1621
00:57:11,900 –> 00:57:14,060
The result is governance that’s comprehensive,
1622
00:57:14,060 –> 00:57:16,300
consistent and enforced automatically.
1623
00:57:16,300 –> 00:57:17,580
This is the governance stack.
1624
00:57:17,580 –> 00:57:19,500
Not a dashboard, not a reporting tool.
1625
00:57:19,500 –> 00:57:21,980
A system where every decision point is governed.
1626
00:57:21,980 –> 00:57:23,980
Where every layer enforces something.
1627
00:57:23,980 –> 00:57:27,020
Where the entire flow is auditable, repeatable and deterministic.
1628
00:57:27,020 –> 00:57:28,700
This is what replaced the administrator
1629
00:57:28,700 –> 00:57:30,300
who had to manually enforce governance
1630
00:57:30,300 –> 00:57:31,980
across seven different tools.
1631
00:57:31,980 –> 00:57:34,620
The uncomfortable truth about job displacement.
1632
00:57:34,620 –> 00:57:36,620
Let’s address what everyone is thinking.
1633
00:57:36,620 –> 00:57:38,140
But no one is saying clearly.
1634
00:57:38,140 –> 00:57:41,180
30% of US companies have replaced some workers with AI,
1635
00:57:41,180 –> 00:57:43,340
not reduced their hours, not reassigned them,
1636
00:57:43,340 –> 00:57:45,180
replaced them, they’re gone.
1637
00:57:45,180 –> 00:57:47,020
30% that’s not a rounding error.
1638
00:57:47,020 –> 00:57:48,780
That’s a significant portion of the market
1639
00:57:48,780 –> 00:57:50,620
making the decision that the work those people did
1640
00:57:50,620 –> 00:57:52,300
could be done by a system instead.
1641
00:57:52,300 –> 00:57:56,300
38% of employers have cut entry-level roles due to AI,
1642
00:57:56,300 –> 00:57:57,660
entry-level positions.
1643
00:57:57,660 –> 00:57:59,820
The positions that were supposed to be the pipeline,
1644
00:57:59,820 –> 00:58:02,700
the positions that trained people to become architects.
1645
00:58:02,700 –> 00:58:04,780
The positions that taught the fundamentals
1646
00:58:04,780 –> 00:58:06,140
of how systems work.
1647
00:58:06,140 –> 00:58:08,780
Those positions are disappearing, not transforming,
1648
00:58:08,780 –> 00:58:09,820
disappearing.
1649
00:58:09,820 –> 00:58:13,260
Organizations are deciding they don’t need entry-level workers anymore
1650
00:58:13,260 –> 00:58:15,420
because the system handles the entry-level work.
1651
00:58:15,420 –> 00:58:22,780
In the first half of 2025 alone, 77,999 tech jobs were lost to AI.
1652
00:58:22,780 –> 00:58:25,020
Not reductions, not salary cuts, jobs eliminated.
1653
00:58:25,020 –> 00:58:28,060
That’s hundreds of people every single day losing employment
1654
00:58:28,060 –> 00:58:29,820
because a system could do what they did.
1655
00:58:29,820 –> 00:58:31,420
And that number is accelerating.
1656
00:58:31,420 –> 00:58:33,020
Every quarter the number gets larger.
1657
00:58:33,020 –> 00:58:35,100
Every wave of automation removes more jobs.
1658
00:58:35,100 –> 00:58:36,460
But here’s what the headlines miss.
1659
00:58:36,460 –> 00:58:39,180
While 77,000 jobs were being eliminated,
1660
00:58:39,180 –> 00:58:42,300
1.3 million new jobs were being created globally.
1661
00:58:42,300 –> 00:58:44,780
AI-related jobs, prompt engineers,
1662
00:58:44,780 –> 00:58:48,060
AI strategists, system designers, risk managers,
1663
00:58:48,060 –> 00:58:49,100
governance specialists.
1664
00:58:49,100 –> 00:58:52,380
Jobs that didn’t exist three years ago are now in high demand.
1665
00:58:52,380 –> 00:58:53,740
The net effect isn’t negative.
1666
00:58:53,740 –> 00:58:57,740
The net effect by 2030 is projected to be 78 million more jobs
1667
00:58:57,740 –> 00:58:59,900
created than eliminated globally.
1668
00:58:59,900 –> 00:59:01,180
A massive net positive.
1669
00:59:01,180 –> 00:59:02,860
But, and this is the uncomfortable part,
1670
00:59:02,860 –> 00:59:05,580
those aren’t the same jobs in the same places filled by the same people.
1671
00:59:05,580 –> 00:59:08,700
The IT support person who spent a decade getting good at troubleshooting,
1672
00:59:08,700 –> 00:59:11,740
the job they did is now handled by an AI ticketing system.
1673
00:59:11,740 –> 00:59:14,460
They can’t migrate that expertise to a prompt engineer role
1674
00:59:14,460 –> 00:59:18,140
the skills don’t transfer, the tickets they used to handle are gone.
1675
00:59:18,140 –> 00:59:20,220
The job they were good at no longer exists.
1676
00:59:20,220 –> 00:59:24,060
The young person who was going to spend three years as an entry-level admin,
1677
00:59:24,060 –> 00:59:25,580
learning the fundamentals,
1678
00:59:25,580 –> 00:59:27,500
building toward a mid-level role,
1679
00:59:27,500 –> 00:59:29,580
there is no entry-level admin role anymore.
1680
00:59:29,580 –> 00:59:30,780
The system does that work,
1681
00:59:30,780 –> 00:59:33,020
so that person either doesn’t enter IT at all
1682
00:59:33,020 –> 00:59:35,260
or they enter at a higher skill level immediately
1683
00:59:35,260 –> 00:59:37,260
with less training and less safety net.
1684
00:59:37,260 –> 00:59:39,740
The mid-level admin who had 12 years of experience
1685
00:59:39,740 –> 00:59:41,180
who understood the business deeply
1686
00:59:41,180 –> 00:59:43,100
who could architect governance frameworks.
1687
00:59:43,100 –> 00:59:44,860
That person is in higher demand than ever.
1688
00:59:44,860 –> 00:59:47,340
Demand for mid-level architects is up, way up.
1689
00:59:47,340 –> 00:59:49,420
The person with five to ten years of experience
1690
00:59:49,420 –> 00:59:51,820
is the most valuable person in the market right now
1691
00:59:51,820 –> 00:59:54,380
because those are the people who can design systems that work.
1692
00:59:54,380 –> 00:59:55,820
The people who understand intent,
1693
00:59:55,820 –> 00:59:57,660
the people who can think about consequences.
1694
00:59:57,660 –> 00:59:59,100
So, the displacement is real,
1695
00:59:59,100 –> 01:00:00,700
but it’s not displacement of all jobs.
1696
01:00:00,700 –> 01:00:02,540
It’s displacement of entry-level jobs
1697
01:00:02,540 –> 01:00:04,620
and displacement of pure operator roles.
1698
01:00:04,620 –> 01:00:06,940
It’s replacement of high volume, low skill work,
1699
01:00:06,940 –> 01:00:08,700
with high value, high skill work.
1700
01:00:08,700 –> 01:00:12,140
This matters because it determines whether you survived or became a statistic.
1701
01:00:12,140 –> 01:00:15,580
If your entire value was tied to how fast you could click buttons,
1702
01:00:15,580 –> 01:00:16,620
you’re in the statistics.
1703
01:00:16,620 –> 01:00:18,300
The system clicks buttons faster.
1704
01:00:18,300 –> 01:00:20,620
If your entire value was tied to being the person
1705
01:00:20,620 –> 01:00:23,180
who processes tickets, you’re in the statistics.
1706
01:00:23,180 –> 01:00:24,700
The system processes tickets.
1707
01:00:24,700 –> 01:00:27,260
If your entire value was tied to being the gatekeeper
1708
01:00:27,260 –> 01:00:29,580
who approves access, you’re in the statistics.
1709
01:00:29,580 –> 01:00:30,940
The system approves access,
1710
01:00:30,940 –> 01:00:32,540
but if your value was in understanding
1711
01:00:32,540 –> 01:00:34,300
why the system was designed that way,
1712
01:00:34,300 –> 01:00:36,460
if your value was in knowing what decisions matter
1713
01:00:36,460 –> 01:00:37,420
and which don’t,
1714
01:00:37,420 –> 01:00:40,060
if your value was in seeing how policies interact
1715
01:00:40,060 –> 01:00:42,940
and preventing entropy before it becomes unmanageable,
1716
01:00:42,940 –> 01:00:45,100
then you became more valuable, not less.
1717
01:00:45,100 –> 01:00:47,500
The demand for people who can think about these things went up
1718
01:00:47,500 –> 01:00:49,820
while the demand for people who execute them went down.
1719
01:00:49,820 –> 01:00:51,180
This is the uncomfortable truth.
1720
01:00:51,180 –> 01:00:53,100
The system didn’t replace bad admins.
1721
01:00:53,100 –> 01:00:54,620
It replaced operator-level work
1722
01:00:54,620 –> 01:00:58,380
and replacing operator-level work is what transforms an industry.
1723
01:00:58,380 –> 01:00:59,820
It eliminates the entry point.
1724
01:00:59,820 –> 01:01:01,020
It removes the training ground.
1725
01:01:01,020 –> 01:01:02,860
It forces everyone who enters the field
1726
01:01:02,860 –> 01:01:05,820
to enter with more existing knowledge and fewer safety nets.
1727
01:01:05,820 –> 01:01:08,300
This isn’t tragedy, it’s evolution.
1728
01:01:08,300 –> 01:01:09,740
But evolution is uncomfortable.
1729
01:01:09,740 –> 01:01:11,420
Evolution eliminates niches.
1730
01:01:11,420 –> 01:01:13,820
Evolution removes species that can’t adapt
1731
01:01:13,820 –> 01:01:15,820
and evolution doesn’t care about your plans.
1732
01:01:15,820 –> 01:01:17,820
The people who survived were the ones who understood
1733
01:01:17,820 –> 01:01:19,180
this was happening and adapted.
1734
01:01:19,180 –> 01:01:22,220
The people who didn’t became the employment statistics.
1735
01:01:22,220 –> 01:01:24,540
And by 2026, the statistics were clear.
1736
01:01:24,540 –> 01:01:26,780
Entry-level hiring was down 13%.
1737
01:01:26,780 –> 01:01:28,780
Mid-level architect demand was up dramatically.
1738
01:01:28,780 –> 01:01:30,940
The market had spoken, the system had changed
1739
01:01:30,940 –> 01:01:33,340
and the people who survived were the ones who saw it coming
1740
01:01:33,340 –> 01:01:34,540
and changed with it.
1741
01:01:34,540 –> 01:01:36,060
The governance first imperative.
1742
01:01:36,060 –> 01:01:37,180
This is the critical insight
1743
01:01:37,180 –> 01:01:38,620
that separates the organizations
1744
01:01:38,620 –> 01:01:41,020
that thrived from the ones that merely survived.
1745
01:01:41,020 –> 01:01:43,740
Most organizations treat governance as a break on innovation.
1746
01:01:43,740 –> 01:01:44,700
A checkbox.
1747
01:01:44,700 –> 01:01:46,700
Something compliance requires you to do.
1748
01:01:46,700 –> 01:01:48,300
Something security insists on.
1749
01:01:48,300 –> 01:01:49,660
Something that slows down deployment
1750
01:01:49,660 –> 01:01:51,260
and makes business teams frustrated.
1751
01:01:51,260 –> 01:01:54,140
Governance is the thing you do after you’ve proven the value of something.
1752
01:01:54,140 –> 01:01:55,660
You build a proof of concept.
1753
01:01:55,660 –> 01:01:57,180
You show the business impact.
1754
01:01:57,180 –> 01:01:59,020
Then, reluctantly, you add governance.
1755
01:01:59,020 –> 01:02:00,540
You implement controls.
1756
01:02:00,540 –> 01:02:02,620
You slow things down to acceptable risk.
1757
01:02:02,620 –> 01:02:04,780
Governance is the cost you pay for innovation.
1758
01:02:04,780 –> 01:02:07,420
The overhead, the bureaucracy that prevents
1759
01:02:07,420 –> 01:02:09,180
good things from happening fast.
1760
01:02:09,180 –> 01:02:09,980
That’s backwards.
1761
01:02:09,980 –> 01:02:12,620
That’s the thinking that created Shadow AI in the first place.
1762
01:02:12,620 –> 01:02:14,620
That’s the thinking that makes organizations
1763
01:02:14,620 –> 01:02:17,580
choose unsanctioned tools over approved workflows.
1764
01:02:17,580 –> 01:02:21,180
That’s the thinking that makes employees wait two weeks for approval
1765
01:02:21,180 –> 01:02:24,060
and then solve the problem themselves on personal accounts.
1766
01:02:24,060 –> 01:02:26,700
Leading organizations understood something different.
1767
01:02:26,700 –> 01:02:29,580
They understood that governance isn’t a break on innovation.
1768
01:02:29,580 –> 01:02:31,740
Governance is the foundation for scaling it.
1769
01:02:31,740 –> 01:02:34,780
Think about what happens when you deploy agents without governance.
1770
01:02:34,780 –> 01:02:36,060
You want to move fast.
1771
01:02:36,060 –> 01:02:37,820
You build an agent to automate something.
1772
01:02:37,820 –> 01:02:38,780
You test it.
1773
01:02:38,780 –> 01:02:39,260
It works.
1774
01:02:39,260 –> 01:02:40,060
You deploy it.
1775
01:02:40,060 –> 01:02:40,540
Great.
1776
01:02:40,540 –> 01:02:42,380
But you didn’t define scope clearly.
1777
01:02:42,380 –> 01:02:43,740
You didn’t document intent.
1778
01:02:43,740 –> 01:02:45,420
You didn’t establish lifecycle rules.
1779
01:02:45,420 –> 01:02:47,100
So now you have an agent that does work.
1780
01:02:47,100 –> 01:02:48,540
And you have no idea what it’s doing.
1781
01:02:48,540 –> 01:02:49,260
How to revoke it.
1782
01:02:49,260 –> 01:02:49,900
Who’s using it?
1783
01:02:49,900 –> 01:02:51,900
Or what happens if it behaves unexpectedly?
1784
01:02:51,900 –> 01:02:53,100
The agent is operational.
1785
01:02:53,100 –> 01:02:54,380
But it’s also a risk.
1786
01:02:54,380 –> 01:02:56,780
You’re moving fast towards something you don’t understand.
1787
01:02:56,780 –> 01:02:58,540
Then another team builds another agent.
1788
01:02:58,540 –> 01:02:59,660
They do the same thing.
1789
01:02:59,660 –> 01:03:00,700
Fast deployment.
1790
01:03:00,700 –> 01:03:01,820
Minimal governance.
1791
01:03:01,820 –> 01:03:03,020
No documentation.
1792
01:03:03,020 –> 01:03:04,220
No scope definition.
1793
01:03:04,220 –> 01:03:05,420
No lifecycle management.
1794
01:03:05,420 –> 01:03:07,660
Now you have two agents and you understand neither of them.
1795
01:03:07,660 –> 01:03:08,860
They might interact with each other.
1796
01:03:08,860 –> 01:03:09,660
They might conflict.
1797
01:03:09,660 –> 01:03:10,620
You don’t know.
1798
01:03:10,620 –> 01:03:12,860
By the time you have 10 agents without governance,
1799
01:03:12,860 –> 01:03:13,900
you’re in chaos.
1800
01:03:13,900 –> 01:03:15,500
You’ve built 10 things fast.
1801
01:03:15,500 –> 01:03:16,620
But you can’t manage them.
1802
01:03:16,620 –> 01:03:17,820
You can’t audit them.
1803
01:03:17,820 –> 01:03:19,500
You can’t understand what they’re doing.
1804
01:03:19,500 –> 01:03:22,620
And by then, the cost of adding governance is massive.
1805
01:03:22,620 –> 01:03:24,700
You have to retrofit controls onto systems
1806
01:03:24,700 –> 01:03:25,900
that were never designed for them.
1807
01:03:25,900 –> 01:03:27,500
You have to untangle dependencies.
1808
01:03:27,500 –> 01:03:28,620
You didn’t know existed.
1809
01:03:28,620 –> 01:03:29,580
This is the alternative.
1810
01:03:29,580 –> 01:03:31,100
Define governance first.
1811
01:03:31,100 –> 01:03:32,460
Before you build the agent,
1812
01:03:32,460 –> 01:03:33,900
define its scope.
1813
01:03:33,900 –> 01:03:35,100
Document its purpose.
1814
01:03:35,100 –> 01:03:36,700
Specify what access it needs.
1815
01:03:36,700 –> 01:03:38,060
Define how it will behave.
1816
01:03:38,060 –> 01:03:39,900
Establish lifecycle rules.
1817
01:03:39,900 –> 01:03:42,380
Then build the agent according to the governance framework.
1818
01:03:42,380 –> 01:03:44,460
The agent is born into a controlled environment.
1819
01:03:44,460 –> 01:03:46,220
It operates within defined boundaries.
1820
01:03:46,220 –> 01:03:47,100
It can be audited.
1821
01:03:47,100 –> 01:03:48,060
It can be revoked.
1822
01:03:48,060 –> 01:03:49,100
It can be monitored.
1823
01:03:49,100 –> 01:03:50,060
It has lifecycle.
1824
01:03:50,060 –> 01:03:51,260
It has accountability.
1825
01:03:51,260 –> 01:03:52,700
Now you build another agent.
1826
01:03:52,700 –> 01:03:53,500
Same process.
1827
01:03:53,500 –> 01:03:54,300
Define governance.
1828
01:03:54,300 –> 01:03:54,860
Clear scope.
1829
01:03:54,860 –> 01:03:55,900
Documented intent.
1830
01:03:55,900 –> 01:03:57,020
The system is coherent.
1831
01:03:57,020 –> 01:03:59,900
You understand how this agent relates to the previous one.
1832
01:03:59,900 –> 01:04:01,580
You understand what data they might access.
1833
01:04:01,580 –> 01:04:03,180
You understand what controls apply.
1834
01:04:03,180 –> 01:04:04,780
The organizations that moved fastest
1835
01:04:04,780 –> 01:04:08,300
to agentex systems weren’t the ones with the most resources.
1836
01:04:08,300 –> 01:04:10,140
They weren’t the ones with the biggest budgets.
1837
01:04:10,140 –> 01:04:12,140
They were the ones that implemented governance first.
1838
01:04:12,140 –> 01:04:14,460
They were the ones that understood this principle.
1839
01:04:14,460 –> 01:04:17,100
And the database is out by Q22026.
1840
01:04:17,100 –> 01:04:19,660
Governance first organizations had deployment cycles
1841
01:04:19,660 –> 01:04:21,340
that were three to five times faster
1842
01:04:21,340 –> 01:04:22,780
than governance reactive ones.
1843
01:04:22,780 –> 01:04:23,740
Three to five times.
1844
01:04:23,740 –> 01:04:24,940
Not marginally better.
1845
01:04:24,940 –> 01:04:26,060
Not slightly ahead.
1846
01:04:26,060 –> 01:04:27,740
Dramatically faster.
1847
01:04:27,740 –> 01:04:28,940
This is counterintuitive
1848
01:04:28,940 –> 01:04:30,940
because governance feels like constraint.
1849
01:04:30,940 –> 01:04:32,620
It feels like it slows things down.
1850
01:04:32,620 –> 01:04:34,300
But when you implement governance first,
1851
01:04:34,300 –> 01:04:35,820
governance becomes infrastructure.
1852
01:04:35,820 –> 01:04:38,860
Governance becomes the foundation that makes scale possible.
1853
01:04:38,860 –> 01:04:41,020
You’re not adding governance to existing systems
1854
01:04:41,020 –> 01:04:42,460
and trying to retrofit controls.
1855
01:04:42,460 –> 01:04:45,420
You’re building new systems within a governance framework.
1856
01:04:45,420 –> 01:04:47,260
The framework is there from the beginning.
1857
01:04:47,260 –> 01:04:48,700
The system is born compliant.
1858
01:04:48,700 –> 01:04:50,140
The system is born auditable.
1859
01:04:50,140 –> 01:04:52,140
The system is born within constraint.
1860
01:04:52,140 –> 01:04:53,500
And constraints enable speed.
1861
01:04:53,500 –> 01:04:54,540
They enable confidence.
1862
01:04:54,540 –> 01:04:57,580
They enable scaling because you know exactly what the system can do.
1863
01:04:57,580 –> 01:04:59,020
You know exactly what it cannot do.
1864
01:04:59,020 –> 01:05:00,380
You know exactly how to monitor it.
1865
01:05:00,380 –> 01:05:03,260
You know exactly how to revoke it if something goes wrong.
1866
01:05:03,260 –> 01:05:05,740
Governance first organizations deployed agents faster
1867
01:05:05,740 –> 01:05:08,460
because they didn’t spend three months retrofitting controls
1868
01:05:08,460 –> 01:05:10,220
after the agent was already operational.
1869
01:05:10,220 –> 01:05:11,740
But they didn’t inherit shadow AI
1870
01:05:11,740 –> 01:05:13,660
because agents were governed from inception.
1871
01:05:13,660 –> 01:05:15,340
They didn’t struggle with agents sprawl
1872
01:05:15,340 –> 01:05:18,380
because life cycle rules were defined before agents existed.
1873
01:05:18,380 –> 01:05:19,900
This is not a security tradeoff.
1874
01:05:19,900 –> 01:05:22,060
This is not a choice between speed and safety.
1875
01:05:22,060 –> 01:05:24,780
Governance first is faster and safer simultaneously.
1876
01:05:24,780 –> 01:05:26,940
Governance first is the competitive advantage.
1877
01:05:26,940 –> 01:05:28,700
The deterministic intent model.
1878
01:05:28,700 –> 01:05:31,660
This is the architectural principle that makes everything work.
1879
01:05:31,660 –> 01:05:34,460
This is the foundation that separates a system that scales
1880
01:05:34,460 –> 01:05:37,420
from a system that eventually collapses under its own weight.
1881
01:05:37,420 –> 01:05:39,820
Manual administration was reactive, something breaks.
1882
01:05:39,820 –> 01:05:40,460
You fix it.
1883
01:05:40,460 –> 01:05:41,820
A user loses access.
1884
01:05:41,820 –> 01:05:43,420
You investigate and re-ground it.
1885
01:05:43,420 –> 01:05:44,460
The policy is violated.
1886
01:05:44,460 –> 01:05:45,500
You remediate it.
1887
01:05:45,500 –> 01:05:46,860
A site is over permissioned.
1888
01:05:46,860 –> 01:05:47,740
You tighten it.
1889
01:05:47,740 –> 01:05:49,820
You react to problems as they emerge.
1890
01:05:49,820 –> 01:05:50,700
You fix fires.
1891
01:05:50,700 –> 01:05:51,980
You restore things that broke.
1892
01:05:51,980 –> 01:05:54,140
You are always one step behind the chaos.
1893
01:05:54,140 –> 01:05:56,540
Always cleaning up the entropy that the system created
1894
01:05:56,540 –> 01:05:58,140
while you weren’t watching.
1895
01:05:58,140 –> 01:05:59,660
Agenteic administration is different.
1896
01:05:59,660 –> 01:06:00,780
It’s proactive.
1897
01:06:00,780 –> 01:06:03,260
You define intent before the system operates.
1898
01:06:03,260 –> 01:06:04,940
You specify what should be true.
1899
01:06:04,940 –> 01:06:08,140
Access expires by default unless explicitly extended.
1900
01:06:08,140 –> 01:06:10,700
Sites are archived automatically after inactivity.
1901
01:06:10,700 –> 01:06:13,580
Data is classified at creation, not after discovery.
1902
01:06:13,580 –> 01:06:16,140
Permissions are scoped at provisioning, not loosened,
1903
01:06:16,140 –> 01:06:18,780
and then tightened when someone notices they’re too broad.
1904
01:06:18,780 –> 01:06:20,220
You don’t react to problems.
1905
01:06:20,220 –> 01:06:22,140
You define rules that prevent them.
1906
01:06:22,140 –> 01:06:24,060
This distinction matters architecturally.
1907
01:06:24,060 –> 01:06:26,220
It’s the difference between a probabilistic system
1908
01:06:26,220 –> 01:06:27,500
and a deterministic one.
1909
01:06:27,500 –> 01:06:29,260
A deterministic system means
1910
01:06:29,260 –> 01:06:31,740
the same input always produces the same output.
1911
01:06:31,740 –> 01:06:34,460
You request access to a resource under these conditions.
1912
01:06:34,460 –> 01:06:36,220
The system evaluates those conditions
1913
01:06:36,220 –> 01:06:37,340
against defined policy.
1914
01:06:37,340 –> 01:06:39,420
The system grants or denies access.
1915
01:06:39,420 –> 01:06:41,660
Every time consistently, auditably.
1916
01:06:41,660 –> 01:06:43,580
The decision is tied to documented rules.
1917
01:06:43,580 –> 01:06:44,780
The outcome is predictable.
1918
01:06:44,780 –> 01:06:46,620
You can reason about what the system will do
1919
01:06:46,620 –> 01:06:49,180
because the system behaves according to defined logic.
1920
01:06:49,180 –> 01:06:51,500
A probabilistic system means the outcome depends on
1921
01:06:51,500 –> 01:06:52,860
who’s making the decision.
1922
01:06:52,860 –> 01:06:53,900
You request access.
1923
01:06:53,900 –> 01:06:56,540
It depends on which admin reviews it, one admin approves it,
1924
01:06:56,540 –> 01:06:57,740
another admin denies it.
1925
01:06:57,740 –> 01:07:00,460
The outcome is inconsistent because humans are inconsistent.
1926
01:07:00,460 –> 01:07:01,820
You can’t predict what will happen
1927
01:07:01,820 –> 01:07:03,980
because the decision isn’t tied to defined logic.
1928
01:07:03,980 –> 01:07:05,900
The decision is tied to human judgment.
1929
01:07:05,900 –> 01:07:07,260
And human judgment varies.
1930
01:07:07,260 –> 01:07:09,500
Every exception you granted in the manual era
1931
01:07:09,500 –> 01:07:11,100
made the system more probabilistic.
1932
01:07:11,100 –> 01:07:13,580
You said yes to a request that didn’t quite fit the policy.
1933
01:07:13,580 –> 01:07:14,540
You made an exception.
1934
01:07:14,540 –> 01:07:16,140
The exception documented one outcome.
1935
01:07:16,140 –> 01:07:18,620
But next time someone else faced a similar request
1936
01:07:18,620 –> 01:07:20,460
and didn’t know about your exception,
1937
01:07:20,460 –> 01:07:21,660
they made a different decision.
1938
01:07:21,660 –> 01:07:23,180
The system became less consistent,
1939
01:07:23,180 –> 01:07:25,340
less predictable, less auditable.
1940
01:07:25,340 –> 01:07:27,980
Every exception added a branch in the decision tree.
1941
01:07:27,980 –> 01:07:29,820
Every branch made the tree more complex.
1942
01:07:29,820 –> 01:07:31,740
Every branch made it harder to reason about
1943
01:07:31,740 –> 01:07:32,940
what the system would do.
1944
01:07:32,940 –> 01:07:34,940
By the end, the system wasn’t following policy.
1945
01:07:34,940 –> 01:07:36,380
The system was following precedent.
1946
01:07:36,380 –> 01:07:38,460
And precedent is just the accumulated weight
1947
01:07:38,460 –> 01:07:39,580
of previous exceptions.
1948
01:07:39,580 –> 01:07:41,900
Every policy you define in the agentic era
1949
01:07:41,900 –> 01:07:43,740
makes the system more deterministic.
1950
01:07:43,740 –> 01:07:44,540
You write a rule.
1951
01:07:44,540 –> 01:07:45,900
The system enforces it.
1952
01:07:45,900 –> 01:07:47,020
Millions of times.
1953
01:07:47,020 –> 01:07:49,180
Every decision is made according to the same logic.
1954
01:07:49,180 –> 01:07:52,300
Every decision produces the same outcome given the same input.
1955
01:07:52,300 –> 01:07:55,020
The system is consistent, auditable, predictable.
1956
01:07:55,020 –> 01:07:56,860
You can reason about what the system will do
1957
01:07:56,860 –> 01:07:59,420
because the system’s behavior is defined in code,
1958
01:07:59,420 –> 01:08:00,860
not in human judgment.
1959
01:08:00,860 –> 01:08:03,180
Deterministic systems are auditable.
1960
01:08:03,180 –> 01:08:06,060
You can trace every decision back to the rule that produced it.
1961
01:08:06,060 –> 01:08:07,420
You can investigate incidents
1962
01:08:07,420 –> 01:08:09,260
because the decision logic is documented.
1963
01:08:09,260 –> 01:08:10,460
You can defend your decisions
1964
01:08:10,460 –> 01:08:12,220
because they’re tied to defined policy
1965
01:08:12,220 –> 01:08:13,820
not to individual judgment.
1966
01:08:13,820 –> 01:08:15,900
Deterministic systems are predictable.
1967
01:08:15,900 –> 01:08:17,500
You know what access a user will receive
1968
01:08:17,500 –> 01:08:18,700
because you know the policy.
1969
01:08:18,700 –> 01:08:20,220
You know what will happen to a resource
1970
01:08:20,220 –> 01:08:22,780
after inactivity because you know the life cycle rules.
1971
01:08:22,780 –> 01:08:23,980
You know what will happen to data
1972
01:08:23,980 –> 01:08:25,980
because you know the classification logic.
1973
01:08:25,980 –> 01:08:27,820
Predictability enables confidence.
1974
01:08:27,820 –> 01:08:29,340
Confidence enables scaling.
1975
01:08:29,340 –> 01:08:31,180
Deterministic systems are scalable.
1976
01:08:31,180 –> 01:08:33,500
You can apply the same policy to millions of decisions
1977
01:08:33,500 –> 01:08:35,980
without hiring more people to make those decisions.
1978
01:08:35,980 –> 01:08:39,180
You can audit millions of actions without manual review.
1979
01:08:39,180 –> 01:08:40,940
You can enforce consistency at scale
1980
01:08:40,940 –> 01:08:43,500
because the system doesn’t have human inconsistency.
1981
01:08:43,500 –> 01:08:45,020
Probabilistic systems are fragile.
1982
01:08:45,020 –> 01:08:46,620
They break under their own weight.
1983
01:08:46,620 –> 01:08:48,220
Every exception adds complexity.
1984
01:08:48,220 –> 01:08:49,740
Every special case adds a branch.
1985
01:08:49,740 –> 01:08:51,900
Eventually the decision tree is so complex
1986
01:08:51,900 –> 01:08:53,260
that no one understands it.
1987
01:08:53,260 –> 01:08:54,940
The system becomes un-maintainable.
1988
01:08:54,940 –> 01:08:56,380
The system becomes a liability.
1989
01:08:56,380 –> 01:08:58,700
The shift from probabilistic to deterministic
1990
01:08:58,700 –> 01:09:00,700
is the real architectural revolution.
1991
01:09:00,700 –> 01:09:03,900
This is why the downfall of manual admin is satisfying.
1992
01:09:03,900 –> 01:09:05,900
You’re not just replacing a person with a system.
1993
01:09:05,900 –> 01:09:08,300
You’re moving from a system that depends on human judgment
1994
01:09:08,300 –> 01:09:10,380
to a system that depends on defined logic.
1995
01:09:10,380 –> 01:09:12,380
You’re moving from hope to certainty,
1996
01:09:12,380 –> 01:09:14,300
from inconsistency to determinism.
1997
01:09:14,300 –> 01:09:17,100
From reactive firefighting to proactive enforcement.
1998
01:09:17,100 –> 01:09:19,900
This is what makes the agentech model work at scale.
1999
01:09:19,900 –> 01:09:22,300
Not the speed, not the automation, the determinism,
2000
01:09:22,300 –> 01:09:24,780
the certainty, the audibility, the ability to reason
2001
01:09:24,780 –> 01:09:26,140
about what the system will do
2002
01:09:26,140 –> 01:09:28,940
because the system’s behavior is defined, not decided.
2003
01:09:28,940 –> 01:09:31,740
The three scenarios transformed.
2004
01:09:31,740 –> 01:09:33,580
Let’s bring this back to concrete examples
2005
01:09:33,580 –> 01:09:35,100
that every admin recognizes.
2006
01:09:35,100 –> 01:09:36,460
Let’s take the three scenarios
2007
01:09:36,460 –> 01:09:38,300
that defined manual administration
2008
01:09:38,300 –> 01:09:40,620
and watch them transform under the agentech model.
2009
01:09:40,620 –> 01:09:42,300
Scenario one, access reviews.
2010
01:09:42,300 –> 01:09:45,260
This is the checkbox theater that every organization practices.
2011
01:09:45,260 –> 01:09:47,980
Manual administration made you review access quarterly.
2012
01:09:47,980 –> 01:09:49,580
Owners receive a notification.
2013
01:09:49,580 –> 01:09:50,700
40% don’t respond.
2014
01:09:50,700 –> 01:09:53,340
You approve anyway because the alternative is blocking access
2015
01:09:53,340 –> 01:09:54,860
to people who need it.
2016
01:09:54,860 –> 01:09:57,580
Risky access remains standing because the person who granted it
2017
01:09:57,580 –> 01:09:59,020
is no longer in the organization.
2018
01:09:59,020 –> 01:10:00,540
You’re not reviewing access.
2019
01:10:00,540 –> 01:10:02,540
You’re documenting compliance theater.
2020
01:10:02,540 –> 01:10:05,020
You’re creating artifacts that prove you tried,
2021
01:10:05,020 –> 01:10:07,100
knowing the whole time that standing access
2022
01:10:07,100 –> 01:10:11,100
is still sitting there, unchanged, unreviewed, unrevoked.
2023
01:10:11,100 –> 01:10:13,980
Under the agentech model, access reviews don’t happen quarterly.
2024
01:10:13,980 –> 01:10:14,860
They happen continuously.
2025
01:10:14,860 –> 01:10:16,220
The system is asking constantly,
2026
01:10:16,220 –> 01:10:17,900
is this access still justified?
2027
01:10:17,900 –> 01:10:19,420
Has the risk profile changed?
2028
01:10:19,420 –> 01:10:20,700
Has the user’s role shifted?
2029
01:10:20,700 –> 01:10:22,060
Has their department changed?
2030
01:10:22,060 –> 01:10:23,420
Has there been a threat signal?
2031
01:10:23,420 –> 01:10:25,900
The system evaluates these questions continuously,
2032
01:10:25,900 –> 01:10:28,220
not waiting for a quarterly calendar event,
2033
01:10:28,220 –> 01:10:31,740
not waiting for someone to remember to run the review continuously.
2034
01:10:31,740 –> 01:10:34,140
Risk signals trigger automatic evaluation.
2035
01:10:34,140 –> 01:10:36,780
If the signal indicates the access should be revoked,
2036
01:10:36,780 –> 01:10:38,620
the system revokes it immediately,
2037
01:10:38,620 –> 01:10:41,500
not after investigation, not after approval immediately.
2038
01:10:41,500 –> 01:10:43,820
The shift is from, “Did we review it?”
2039
01:10:43,820 –> 01:10:45,660
2. Is it still justified?
2040
01:10:45,660 –> 01:10:47,180
Access expires by default.
2041
01:10:47,180 –> 01:10:49,100
Extension requires justification.
2042
01:10:49,100 –> 01:10:51,980
Justification is evaluated against current context.
2043
01:10:51,980 –> 01:10:54,860
If the justification no longer applies, access expires.
2044
01:10:54,860 –> 01:10:56,380
No theater, no checkbox.
2045
01:10:56,380 –> 01:10:59,420
Just continuous evaluation and automatic enforcement.
2046
01:10:59,420 –> 01:11:01,340
Scenario 2. Team life cycle.
2047
01:11:01,340 –> 01:11:03,580
Manual administration created a simple problem.
2048
01:11:03,580 –> 01:11:05,020
Teams are created in seconds.
2049
01:11:05,020 –> 01:11:05,900
They live forever.
2050
01:11:05,900 –> 01:11:07,260
Owners leave the organization.
2051
01:11:07,260 –> 01:11:08,380
Sites become orphaned.
2052
01:11:08,380 –> 01:11:10,380
Data retention policies are written once.
2053
01:11:10,380 –> 01:11:11,420
Never tuned.
2054
01:11:11,420 –> 01:11:14,380
By year three, no one knows what half the sites contain.
2055
01:11:14,380 –> 01:11:16,380
You can’t delete them because someone might need them.
2056
01:11:16,380 –> 01:11:18,620
You can’t keep them because they’re consuming resources
2057
01:11:18,620 –> 01:11:20,540
and creating security surface.
2058
01:11:20,540 –> 01:11:23,660
The system created complexity faster than you could govern it.
2059
01:11:23,660 –> 01:11:24,940
Under the agentic model,
2060
01:11:24,940 –> 01:11:27,980
teams are auto-provisioned based on organizational intent.
2061
01:11:27,980 –> 01:11:30,380
Teams are created with defined retention policies.
2062
01:11:30,380 –> 01:11:31,820
Teams are automatically archived
2063
01:11:31,820 –> 01:11:33,820
after defined in activity periods.
2064
01:11:33,820 –> 01:11:34,940
If a team owner leaves,
2065
01:11:34,940 –> 01:11:37,500
ownership is automatically reassigned to their manager.
2066
01:11:37,500 –> 01:11:39,180
If ownership cannot be established,
2067
01:11:39,180 –> 01:11:41,820
the team is automatically flagged for review.
2068
01:11:41,820 –> 01:11:43,580
After a defined retention period,
2069
01:11:43,580 –> 01:11:45,020
the team is automatically deleted
2070
01:11:45,020 –> 01:11:46,620
unless explicitly extended.
2071
01:11:46,620 –> 01:11:49,020
The system doesn’t ask whether you should clean this up.
2072
01:11:49,020 –> 01:11:51,740
The system enforces that cleanup happens automatically.
2073
01:11:51,740 –> 01:11:53,740
The shift is from, should we clean this up?
2074
01:11:53,740 –> 01:11:55,180
To why does this still exist?
2075
01:11:55,180 –> 01:11:57,020
If a team exists, there’s a documented reason.
2076
01:11:57,020 –> 01:11:58,220
The reason is auditable.
2077
01:11:58,220 –> 01:11:59,580
The reason is justified.
2078
01:11:59,580 –> 01:12:01,100
If the reason no longer applies,
2079
01:12:01,100 –> 01:12:03,100
the team expires automatically.
2080
01:12:03,100 –> 01:12:05,260
Scenario three, data governance.
2081
01:12:05,260 –> 01:12:07,100
Manual administration treated governance
2082
01:12:07,100 –> 01:12:08,620
as a documentation exercise.
2083
01:12:08,620 –> 01:12:09,740
Policies are written once.
2084
01:12:09,740 –> 01:12:10,780
They’re never tuned.
2085
01:12:10,780 –> 01:12:13,660
Users bypass controls because controls are inconvenient.
2086
01:12:13,660 –> 01:12:15,020
Shadow sharing happens everywhere
2087
01:12:15,020 –> 01:12:16,940
because the approved process is too slow.
2088
01:12:16,940 –> 01:12:19,180
The policy document sits in a shared drive.
2089
01:12:19,180 –> 01:12:19,980
No one reads it.
2090
01:12:19,980 –> 01:12:21,820
The system violates the policy daily
2091
01:12:21,820 –> 01:12:23,660
because enforcement was never built in.
2092
01:12:23,660 –> 01:12:24,700
Under the agentech model,
2093
01:12:24,700 –> 01:12:26,620
data is auto-classified at creation.
2094
01:12:26,620 –> 01:12:28,380
The system identifies what data is.
2095
01:12:28,380 –> 01:12:30,860
The system applies sensitivity labels automatically.
2096
01:12:30,860 –> 01:12:32,700
The system enforces protection policies
2097
01:12:32,700 –> 01:12:34,060
based on those labels.
2098
01:12:34,060 –> 01:12:35,500
Users don’t bypass controls
2099
01:12:35,500 –> 01:12:37,100
because controls aren’t inconvenient.
2100
01:12:37,100 –> 01:12:38,380
Controls are automatic.
2101
01:12:38,380 –> 01:12:40,620
If you try to share a file with a sensitivity label
2102
01:12:40,620 –> 01:12:42,060
that prohibits external sharing,
2103
01:12:42,060 –> 01:12:43,180
the system prevents it.
2104
01:12:43,180 –> 01:12:45,260
Not after-ordered, not after-review.
2105
01:12:45,260 –> 01:12:47,420
Immediately, real-time enforcement,
2106
01:12:47,420 –> 01:12:49,420
the policy adapts continuously
2107
01:12:49,420 –> 01:12:51,420
as new threats emerge, new signals feed
2108
01:12:51,420 –> 01:12:52,780
into the classification logic.
2109
01:12:52,780 –> 01:12:55,100
If a file is being accessed in an anomalous way,
2110
01:12:55,100 –> 01:12:57,100
protection is automatically strengthened.
2111
01:12:57,100 –> 01:12:59,180
If a data subject is flagged for risk,
2112
01:12:59,180 –> 01:13:02,540
data they access is automatically protected more strictly.
2113
01:13:02,540 –> 01:13:04,140
The shift is from, are we compliant?
2114
01:13:04,140 –> 01:13:06,380
To is the system enforcing intent?
2115
01:13:06,380 –> 01:13:09,180
Compliance is not something you achieve through documentation.
2116
01:13:09,180 –> 01:13:11,740
Compliance is something the system enforces continuously.
2117
01:13:11,740 –> 01:13:13,500
These three scenarios are the foundation
2118
01:13:13,500 –> 01:13:15,420
of manual administration.
2119
01:13:15,420 –> 01:13:18,540
Access reviews, team life cycle, data governance.
2120
01:13:18,540 –> 01:13:20,300
They’re also the first things that get replaced
2121
01:13:20,300 –> 01:13:21,740
when you move to an agentech model.
2122
01:13:21,740 –> 01:13:24,220
Not because agentech systems are better at doing the same work,
2123
01:13:24,220 –> 01:13:26,940
but because agentech systems eliminate the work entirely,
2124
01:13:26,940 –> 01:13:28,620
they make the scenarios irrelevant
2125
01:13:28,620 –> 01:13:31,500
by building enforcement into the system from the beginning.
2126
01:13:31,500 –> 01:13:35,180
The implementation reality is what actually changed by May 2026.
2127
01:13:35,180 –> 01:13:36,060
Theories elegant.
2128
01:13:36,060 –> 01:13:37,500
Implementation is messy,
2129
01:13:37,500 –> 01:13:39,020
but here’s what actually happened.
2130
01:13:39,020 –> 01:13:42,940
Agent 365 entered public preview in March 2026.
2131
01:13:42,940 –> 01:13:45,180
General availability came May 1st, 2026.
2132
01:13:45,180 –> 01:13:47,100
This wasn’t a surprise product launch.
2133
01:13:47,100 –> 01:13:49,260
This was the culmination of everything that came before.
2134
01:13:49,260 –> 01:13:52,060
By May, organizations weren’t discovering agentech systems.
2135
01:13:52,060 –> 01:13:53,900
They were finally getting the control plane
2136
01:13:53,900 –> 01:13:55,900
that had been improvising without for months.
2137
01:13:55,900 –> 01:13:56,860
But here’s what matters.
2138
01:13:56,860 –> 01:13:59,820
Organizations that adopted early didn’t replace all their admins.
2139
01:13:59,820 –> 01:14:00,940
They transformed them.
2140
01:14:00,940 –> 01:14:04,300
The global admin who’d spent 10 years approving access requests
2141
01:14:04,300 –> 01:14:05,260
didn’t get fired.
2142
01:14:05,260 –> 01:14:07,260
That person became an AI administrator.
2143
01:14:07,260 –> 01:14:10,460
Same person, different role, no longer approving individual requests.
2144
01:14:10,460 –> 01:14:13,580
Now defining the rules that approve requests automatically.
2145
01:14:13,580 –> 01:14:15,420
The skills didn’t transfer seamlessly.
2146
01:14:15,420 –> 01:14:18,860
The work didn’t feel similar, but the person survived, the person adapted.
2147
01:14:18,860 –> 01:14:21,420
The person became valuable in a different way.
2148
01:14:21,420 –> 01:14:23,500
The AI administrator role was the mechanism
2149
01:14:23,500 –> 01:14:25,260
that made this transformation possible.
2150
01:14:25,260 –> 01:14:27,420
This role didn’t exist before 2026.
2151
01:14:27,420 –> 01:14:29,740
By May 26, it was critical infrastructure.
2152
01:14:29,740 –> 01:14:32,220
AI admins could now manage agent life cycle
2153
01:14:32,220 –> 01:14:34,300
without requiring global admin elevation.
2154
01:14:34,300 –> 01:14:36,940
They could define rules for auto-blocking risky agents.
2155
01:14:36,940 –> 01:14:39,260
They could specify auto-deletion for inactive agents.
2156
01:14:39,260 –> 01:14:41,260
They could set policies for auto-reassigning
2157
01:14:41,260 –> 01:14:42,700
often agents to manage.
2158
01:14:42,700 –> 01:14:45,260
Automated agent life cycle rules rolled out that month.
2159
01:14:45,260 –> 01:14:48,700
The system started managing agent sprawl without human intervention.
2160
01:14:48,700 –> 01:14:51,020
This matters because it solved the fundamental problem.
2161
01:14:51,020 –> 01:14:52,940
Without automated life cycle management,
2162
01:14:52,940 –> 01:14:54,860
agents would proliferate indefinitely.
2163
01:14:54,860 –> 01:14:57,820
The system would create complexity faster than anyone could manage.
2164
01:14:57,820 –> 01:15:01,980
But with automated life cycle, agents are born into a governance framework.
2165
01:15:01,980 –> 01:15:03,180
They live under constraint.
2166
01:15:03,180 –> 01:15:04,860
They die when they’re no longer needed.
2167
01:15:04,860 –> 01:15:06,060
The system maintains itself.
2168
01:15:06,060 –> 01:15:08,140
Copilot tasks went live that same month.
2169
01:15:08,140 –> 01:15:09,340
This wasn’t a small feature.
2170
01:15:09,340 –> 01:15:12,860
This was multi-step workflow automation from natural language prompts.
2171
01:15:12,860 –> 01:15:14,940
You could describe a complex workflow in English.
2172
01:15:14,940 –> 01:15:16,060
Copilot would understand it.
2173
01:15:16,060 –> 01:15:17,100
The system would build it.
2174
01:15:17,100 –> 01:15:18,140
No coding required.
2175
01:15:18,140 –> 01:15:19,260
No workflow designer.
2176
01:15:19,260 –> 01:15:20,380
Just description intent.
2177
01:15:20,380 –> 01:15:21,660
The system executed it.
2178
01:15:21,660 –> 01:15:23,740
Organizations that understood this capability
2179
01:15:23,740 –> 01:15:27,340
deployed workflows in days that used to take weeks to build manually.
2180
01:15:27,340 –> 01:15:30,380
Power user reports in the Copilot dashboard went live in February.
2181
01:15:30,380 –> 01:15:32,620
By May, organizations had months of data
2182
01:15:32,620 –> 01:15:35,580
showing them exactly how users were engaging with Copilot.
2183
01:15:35,580 –> 01:15:37,980
The reports classified users as power users,
2184
01:15:37,980 –> 01:15:40,780
habitual users, novices or non-users.
2185
01:15:40,780 –> 01:15:44,460
Organizations could target enablement based on actual usage patterns.
2186
01:15:44,460 –> 01:15:46,620
You didn’t need to guess who would benefit from training.
2187
01:15:46,620 –> 01:15:47,980
You could see it in the data.
2188
01:15:47,980 –> 01:15:50,380
You could see who was adopting and who was resistant.
2189
01:15:50,380 –> 01:15:52,060
You could intervene where it mattered.
2190
01:15:52,060 –> 01:15:55,260
Risk-based AI agent inventories in Microsoft Defender
2191
01:15:55,260 –> 01:15:57,180
rolled out worldwide in February.
2192
01:15:57,180 –> 01:15:59,660
By May, security teams had complete visibility
2193
01:15:59,660 –> 01:16:02,140
into every agent operating in the environment.
2194
01:16:02,140 –> 01:16:03,980
They could see which agents posed risk.
2195
01:16:03,980 –> 01:16:06,300
They could see which agents were behaving anomalously.
2196
01:16:06,300 –> 01:16:08,780
They could see which agents needed immediate attention.
2197
01:16:08,780 –> 01:16:10,540
This inventory wasn’t theoretical.
2198
01:16:10,540 –> 01:16:11,420
It was operational.
2199
01:16:11,420 –> 01:16:12,540
Security teams were using it.
2200
01:16:12,540 –> 01:16:14,220
They were making decisions based on it.
2201
01:16:14,220 –> 01:16:16,700
They were blocking risky agents before they caused damage.
2202
01:16:16,700 –> 01:16:18,940
Federated Copilot connectors enabled real-time
2203
01:16:18,940 –> 01:16:21,260
external data access without indexing.
2204
01:16:21,260 –> 01:16:24,540
Copilot could connect to Canva, HubSpot, Google Calendar,
2205
01:16:24,540 –> 01:16:27,180
Google contacts, not by indexing their data.
2206
01:16:27,180 –> 01:16:29,740
By connecting directly, querying in real-time,
2207
01:16:29,740 –> 01:16:31,740
the data never left the external system.
2208
01:16:31,740 –> 01:16:32,780
The connection was governed.
2209
01:16:32,780 –> 01:16:33,900
The access was logged.
2210
01:16:33,900 –> 01:16:35,340
But the capability was there.
2211
01:16:35,340 –> 01:16:37,500
Users could use external data within Copilot
2212
01:16:37,500 –> 01:16:39,820
without copying it into Microsoft 365.
2213
01:16:39,820 –> 01:16:43,020
Here’s the architectural truth that emerged by May, 2026.
2214
01:16:43,020 –> 01:16:44,300
The system wasn’t perfect.
2215
01:16:44,300 –> 01:16:45,260
It wasn’t complete.
2216
01:16:45,260 –> 01:16:46,460
It was sufficient.
2217
01:16:46,460 –> 01:16:49,100
Sufficient to remove human latency from most decisions.
2218
01:16:49,100 –> 01:16:50,940
Sufficient to automate most routine work.
2219
01:16:50,940 –> 01:16:54,060
Sufficient to scale governance without hiring more governance staff.
2220
01:16:54,060 –> 01:16:55,260
That’s all that was required.
2221
01:16:55,260 –> 01:16:56,220
Not perfection.
2222
01:16:56,220 –> 01:16:57,260
Sufficientcy.
2223
01:16:57,260 –> 01:16:59,260
Organizations that adapted thrived.
2224
01:16:59,260 –> 01:17:01,740
They deployed agent 365 early.
2225
01:17:01,740 –> 01:17:03,740
They defined governance frameworks in March.
2226
01:17:03,740 –> 01:17:06,060
They had months of operational experience by May.
2227
01:17:06,060 –> 01:17:07,740
They’d worked through the hard problems.
2228
01:17:07,740 –> 01:17:09,900
They’d figured out what worked and what didn’t.
2229
01:17:09,900 –> 01:17:12,700
By mid-2026, they were operating at scale.
2230
01:17:12,700 –> 01:17:16,140
Organizations that resisted found themselves managing legacy chaos.
2231
01:17:16,140 –> 01:17:17,340
They delayed adoption.
2232
01:17:17,340 –> 01:17:19,420
They’d questioned whether this was really necessary.
2233
01:17:19,420 –> 01:17:21,740
They’d wanted to wait for the technology to mature.
2234
01:17:21,740 –> 01:17:24,220
By May 2026, they were four months behind.
2235
01:17:24,220 –> 01:17:26,060
Four months behind in governance maturity.
2236
01:17:26,060 –> 01:17:27,660
Four months behind in automation.
2237
01:17:27,660 –> 01:17:30,700
Four months behind in understanding their own agents’ brawl.
2238
01:17:30,700 –> 01:17:34,220
This is the gap that opens between early adopters and everyone else.
2239
01:17:34,220 –> 01:17:35,820
Not because early adoption was better.
2240
01:17:35,820 –> 01:17:38,300
Because early adoption gives you months of learning time.
2241
01:17:38,300 –> 01:17:39,820
Months to figure out what works.
2242
01:17:39,820 –> 01:17:41,660
Months to build institutional knowledge.
2243
01:17:41,660 –> 01:17:43,100
Months to establish patterns.
2244
01:17:43,100 –> 01:17:47,820
By the time the technology is stable, early adopters are already operating at scale.
2245
01:17:47,820 –> 01:17:49,500
The cost of not adapting.
2246
01:17:49,500 –> 01:17:52,380
For those who didn’t make the shift, the consequences were clear.
2247
01:17:52,380 –> 01:17:54,540
And they were measured in months, not years.
2248
01:17:54,540 –> 01:17:57,020
Organizations that treated governance as a checkbox.
2249
01:17:57,020 –> 01:17:59,660
The ones that had written policies but never enforced them.
2250
01:17:59,660 –> 01:18:01,020
Discovered something brutal.
2251
01:18:01,020 –> 01:18:03,820
Co-pilot deployments stalled between weeks 6 and 12.
2252
01:18:03,820 –> 01:18:05,660
Not because co-pilot stopped working.
2253
01:18:05,660 –> 01:18:09,260
Because the organization couldn’t articulate what co-pilot should be allowed to do.
2254
01:18:09,260 –> 01:18:10,780
They had no governance framework.
2255
01:18:10,780 –> 01:18:11,740
They had no controls.
2256
01:18:11,740 –> 01:18:13,660
They had no way to answer basic questions.
2257
01:18:13,660 –> 01:18:15,340
Can co-pilot access this data?
2258
01:18:15,340 –> 01:18:17,180
Should co-pilot be allowed to edit this document?
2259
01:18:17,180 –> 01:18:19,020
What data is co-pilot allowed to see?
2260
01:18:19,020 –> 01:18:22,620
They’d never had to answer these questions before because co-pilot had been optional.
2261
01:18:22,620 –> 01:18:24,700
Now co-pilot was becoming mandatory.
2262
01:18:24,700 –> 01:18:26,060
Now these questions mattered.
2263
01:18:26,060 –> 01:18:28,460
And the organizations that had no answers stalled.
2264
01:18:28,460 –> 01:18:32,620
They spent weeks 6 through 12 trying to figure out governance that should have been defined
2265
01:18:32,620 –> 01:18:34,220
before co-pilot was even turned on.
2266
01:18:34,220 –> 01:18:39,420
Organizations that didn’t define agent governance before agents proliferated inherited agent sprawl.
2267
01:18:39,420 –> 01:18:40,620
Not controlled sprawl.
2268
01:18:40,620 –> 01:18:41,580
Chaotic sprawl.
2269
01:18:41,580 –> 01:18:43,020
50 agents running in production.
2270
01:18:43,020 –> 01:18:45,500
No documentation, no life cycle management,
2271
01:18:45,500 –> 01:18:47,660
no understanding of what they’re doing or why.
2272
01:18:47,660 –> 01:18:49,980
No ability to revoke them if something goes wrong.
2273
01:18:49,980 –> 01:18:51,660
These organizations faced a choice.
2274
01:18:51,660 –> 01:18:54,620
Spend months retrofitting governance onto existing agents.
2275
01:18:54,620 –> 01:18:58,380
Expensive, error prone, disruptive, or accept operating in chaos.
2276
01:18:58,380 –> 01:18:59,660
Many chose chaos.
2277
01:18:59,660 –> 01:19:02,060
They operated with agents they didn’t understand.
2278
01:19:02,060 –> 01:19:05,740
Accessing data they couldn’t audit, performing actions they couldn’t predict.
2279
01:19:05,740 –> 01:19:07,420
And they called it business as usual.
2280
01:19:07,420 –> 01:19:08,700
It wasn’t business as usual.
2281
01:19:08,700 –> 01:19:11,420
It was operational recklessness disguised as pragmatism.
2282
01:19:11,420 –> 01:19:16,540
Organizations that didn’t implement sensitivity labels created data exposure vulnerabilities.
2283
01:19:16,540 –> 01:19:18,780
The new co-pilot was accessing their data.
2284
01:19:18,780 –> 01:19:22,380
They didn’t know what data co-pilot was accessing or who could see the responses.
2285
01:19:22,380 –> 01:19:25,180
A user asked co-pilot a question about salary information.
2286
01:19:25,180 –> 01:19:28,220
Co-pilot had access to that data because the user had access.
2287
01:19:28,220 –> 01:19:29,420
Co-pilot returned it.
2288
01:19:29,420 –> 01:19:32,620
The user shared the response with someone outside the organization.
2289
01:19:32,620 –> 01:19:33,820
The data left the system.
2290
01:19:33,820 –> 01:19:35,180
The organization never knew.
2291
01:19:35,180 –> 01:19:36,300
The data wasn’t labeled.
2292
01:19:36,300 –> 01:19:37,180
It wasn’t protected.
2293
01:19:37,180 –> 01:19:39,420
It wasn’t governed by the time they discovered it.
2294
01:19:39,420 –> 01:19:41,260
The data had already been shared.
2295
01:19:41,260 –> 01:19:43,020
The vulnerability had already been exploited.
2296
01:19:43,020 –> 01:19:45,500
Organizations that didn’t move to time-bound access
2297
01:19:45,500 –> 01:19:47,260
maintain standing privilege.
2298
01:19:47,260 –> 01:19:50,220
Standing privilege is the default state of manual administration.
2299
01:19:50,220 –> 01:19:51,180
Users have access.
2300
01:19:51,180 –> 01:19:53,260
Access stays until someone remembers to revoke it.
2301
01:19:53,260 –> 01:19:55,500
Which usually means access stays forever.
2302
01:19:55,500 –> 01:19:57,420
These organizations faced a choice.
2303
01:19:57,420 –> 01:20:01,180
Audit standing privilege continuously and revoke it when it’s no longer justified.
2304
01:20:01,180 –> 01:20:03,820
Expensive error pro never finished or accept the risk.
2305
01:20:03,820 –> 01:20:04,860
Many accepted the risk.
2306
01:20:04,860 –> 01:20:08,780
They maintained environments where users had standing access to data they no longer needed.
2307
01:20:08,780 –> 01:20:10,620
Access that should have expired years ago.
2308
01:20:10,620 –> 01:20:13,820
Privileged that was never questioned because no one was questioning it.
2309
01:20:13,820 –> 01:20:17,980
Organizations that didn’t adopt continuous risk evaluation continued quarterly theater.
2310
01:20:17,980 –> 01:20:19,660
Still running access reviews.
2311
01:20:19,660 –> 01:20:21,580
Still getting 40% response rates.
2312
01:20:21,580 –> 01:20:22,940
Still approving by default.
2313
01:20:22,940 –> 01:20:24,220
Still documenting compliance.
2314
01:20:24,220 –> 01:20:26,460
Knowing the whole time they weren’t actually reviewing anything.
2315
01:20:26,460 –> 01:20:27,740
The theater continued.
2316
01:20:27,740 –> 01:20:29,020
The checkbox got marked.
2317
01:20:29,020 –> 01:20:31,180
The governance obligation was satisfied.
2318
01:20:31,180 –> 01:20:33,020
And the standing privilege remained standing.
2319
01:20:33,020 –> 01:20:34,460
The cost wasn’t just operational.
2320
01:20:34,460 –> 01:20:35,580
The cost was competitive.
2321
01:20:35,580 –> 01:20:38,140
By Q42026 the gap was undeniable.
2322
01:20:38,140 –> 01:20:41,500
Organizations with agenteic governance deployed three to five times faster
2323
01:20:41,500 –> 01:20:43,580
than organizations still clicking buttons.
2324
01:20:43,580 –> 01:20:45,660
Three to five times not marginally faster.
2325
01:20:45,660 –> 01:20:46,860
Dramatically faster.
2326
01:20:46,860 –> 01:20:50,140
Organizations with governance frameworks could add a new agent in days.
2327
01:20:50,140 –> 01:20:52,620
Organizations without governance needed weeks or months
2328
01:20:52,620 –> 01:20:54,460
because they had to retrofit controls,
2329
01:20:54,460 –> 01:20:56,460
document intent established oversight.
2330
01:20:56,460 –> 01:20:58,140
The fast organization shipped features.
2331
01:20:58,140 –> 01:21:01,820
The slow organizations debated whether they could afford to take the risk.
2332
01:21:01,820 –> 01:21:04,940
The manual era didn’t end because someone decided it should.
2333
01:21:04,940 –> 01:21:07,260
It didn’t end because Microsoft made it obsolete.
2334
01:21:07,260 –> 01:21:09,100
It ended because it became uncompetitive.
2335
01:21:09,100 –> 01:21:11,260
The organizations that adapted moved faster,
2336
01:21:11,260 –> 01:21:13,740
scaled better, took less risk and reduced costs.
2337
01:21:13,740 –> 01:21:17,660
The organizations that didn’t were slower fragile, risky and expensive.
2338
01:21:17,660 –> 01:21:19,900
In competitive markets, slow and risky lose.
2339
01:21:19,900 –> 01:21:22,620
And by the end of 2026 the market had made its judgment.
2340
01:21:22,620 –> 01:21:24,220
The manual era wasn’t just over.
2341
01:21:24,220 –> 01:21:25,100
It was unviable.
2342
01:21:25,100 –> 01:21:28,460
The cost of not adapting had become the cost of being in business.
2343
01:21:28,460 –> 01:21:31,180
What you do this week, this is where theory becomes action.
2344
01:21:31,180 –> 01:21:35,420
And action is where most organizations fail because action requires you to do something uncomfortable.
2345
01:21:35,420 –> 01:21:37,580
Action requires you to question assumptions
2346
01:21:37,580 –> 01:21:40,220
that have been embedded in your infrastructure for years.
2347
01:21:40,220 –> 01:21:42,700
Action requires you to break things that people depend on.
2348
01:21:42,700 –> 01:21:44,140
But in action is no longer an option.
2349
01:21:44,140 –> 01:21:46,380
The window for gradual transition has closed.
2350
01:21:46,380 –> 01:21:50,380
By 2026 organizations are either adapting or falling behind.
2351
01:21:50,380 –> 01:21:52,140
This week you pick which one you are.
2352
01:21:52,140 –> 01:21:53,180
Action one.
2353
01:21:53,180 –> 01:21:55,180
Implement time bound access.
2354
01:21:55,180 –> 01:21:59,340
Enable Entra-Privileged Identity Management for your key roles immediately.
2355
01:21:59,340 –> 01:22:01,580
Not all roles, key roles, the ones that matter,
2356
01:22:01,580 –> 01:22:03,420
set a maximum activation duration.
2357
01:22:03,420 –> 01:22:06,060
Eight hours, not more, not indefinitely.
2358
01:22:06,060 –> 01:22:08,700
Eight hours means the access expires by default.
2359
01:22:08,700 –> 01:22:11,020
When the eight hours ends, the privilege is gone.
2360
01:22:11,020 –> 01:22:13,340
If the user needs it again, they request it again.
2361
01:22:13,340 –> 01:22:15,740
Require justification for every activation.
2362
01:22:15,740 –> 01:22:18,060
Require multi-factor authentication.
2363
01:22:18,060 –> 01:22:20,700
This is the direct attack on standing privilege.
2364
01:22:20,700 –> 01:22:23,740
This is the symbolic act that proves you understand the principle.
2365
01:22:23,740 –> 01:22:26,380
If your access doesn’t expire, you don’t have governance.
2366
01:22:26,380 –> 01:22:27,180
You have hope.
2367
01:22:27,180 –> 01:22:28,860
The prerequisites are straightforward.
2368
01:22:28,860 –> 01:22:30,940
Entra-IDP2 licensing.
2369
01:22:30,940 –> 01:22:31,980
A role inventory.
2370
01:22:31,980 –> 01:22:33,100
Basic RBAC hygiene.
2371
01:22:33,100 –> 01:22:34,540
The resistance will be immediate.
2372
01:22:34,540 –> 01:22:36,860
Legacy automation will break because that automation
2373
01:22:36,860 –> 01:22:38,860
depended on standing privilege.
2374
01:22:38,860 –> 01:22:42,220
Users will complain because requesting access again is inconvenient.
2375
01:22:42,220 –> 01:22:45,340
Leadership may resist because it seems like extra friction.
2376
01:22:45,340 –> 01:22:45,980
Ignore them.
2377
01:22:45,980 –> 01:22:46,940
The friction is the point.
2378
01:22:46,940 –> 01:22:50,140
The friction is what prevents unauthorized access from living indefinitely.
2379
01:22:50,140 –> 01:22:52,140
The friction is what creates accountability.
2380
01:22:52,140 –> 01:22:53,180
Do this action this week.
2381
01:22:53,180 –> 01:22:53,900
Action 2.
2382
01:22:53,900 –> 01:22:55,660
Deploy one deny first policy.
2383
01:22:55,660 –> 01:22:57,020
Pick external sharing.
2384
01:22:57,020 –> 01:22:58,220
Block it by default.
2385
01:22:58,220 –> 01:23:00,700
Require explicit approval for exceptions.
2386
01:23:00,700 –> 01:23:03,420
This single policy shifts your entire governance posture
2387
01:23:03,420 –> 01:23:05,100
from reactive to proactive.
2388
01:23:05,100 –> 01:23:07,020
Instead of hoping people share safely,
2389
01:23:07,020 –> 01:23:08,940
you enforce safe sharing by default.
2390
01:23:08,940 –> 01:23:11,500
Instead of discovering oversharing after it happens,
2391
01:23:11,500 –> 01:23:13,580
you prevent it before it happens.
2392
01:23:13,580 –> 01:23:16,140
This is your first step toward deterministic systems.
2393
01:23:16,140 –> 01:23:17,180
Not probabilistic.
2394
01:23:17,180 –> 01:23:17,900
Deterministic.
2395
01:23:17,900 –> 01:23:20,140
The same input always produces the same outcome.
2396
01:23:20,140 –> 01:23:21,820
External sharing requests denied.
2397
01:23:21,820 –> 01:23:22,540
Every time.
2398
01:23:22,540 –> 01:23:25,020
Unless explicitly approved, this policy sounds simple.
2399
01:23:25,020 –> 01:23:25,420
It’s not.
2400
01:23:25,420 –> 01:23:26,540
It will break workflows.
2401
01:23:26,540 –> 01:23:27,340
People will complain.
2402
01:23:27,340 –> 01:23:28,780
Departments will escalate.
2403
01:23:28,780 –> 01:23:30,220
Your job is not to apologize.
2404
01:23:30,220 –> 01:23:33,020
Your job is to explain that safe is the default now.
2405
01:23:33,020 –> 01:23:34,940
Unsafe requires justification.
2406
01:23:34,940 –> 01:23:36,540
Do this action this week.
2407
01:23:36,540 –> 01:23:37,340
Action 3.
2408
01:23:37,340 –> 01:23:38,540
Audit your agents sprawl.
2409
01:23:38,540 –> 01:23:39,100
Inventory.
2410
01:23:39,100 –> 01:23:41,020
Every agent running in your environment.
2411
01:23:41,020 –> 01:23:42,780
Co-pilot studio agents.
2412
01:23:42,780 –> 01:23:44,140
Foundry agents.
2413
01:23:44,140 –> 01:23:45,420
Third party agents.
2414
01:23:45,420 –> 01:23:46,140
Everything.
2415
01:23:46,140 –> 01:23:47,340
Document ownership.
2416
01:23:47,340 –> 01:23:48,060
Who built it?
2417
01:23:48,060 –> 01:23:49,020
Who maintains it?
2418
01:23:49,020 –> 01:23:50,540
Assign life cycle rules.
2419
01:23:50,540 –> 01:23:51,900
When should this agent expire?
2420
01:23:51,900 –> 01:23:53,740
Under what conditions should it be deleted?
2421
01:23:53,740 –> 01:23:55,420
What signals trigger auto blocking?
2422
01:23:55,420 –> 01:23:56,860
This inventory will terrify you.
2423
01:23:56,860 –> 01:23:59,020
You’ll discover agents you didn’t know existed.
2424
01:23:59,020 –> 01:24:01,340
Agents built by departments without IT approval.
2425
01:24:01,340 –> 01:24:03,820
Agents that are accessing data you didn’t know they could access.
2426
01:24:03,820 –> 01:24:04,780
That terror is good.
2427
01:24:04,780 –> 01:24:06,060
That terror is awareness.
2428
01:24:06,060 –> 01:24:08,060
That awareness is the foundation for governance.
2429
01:24:08,060 –> 01:24:09,180
Do this action this week.
2430
01:24:09,180 –> 01:24:09,820
Action 4.
2431
01:24:09,820 –> 01:24:10,620
Define intent.
2432
01:24:10,620 –> 01:24:11,260
Not tasks.
2433
01:24:11,260 –> 01:24:13,420
Stop writing policies about how to do things.
2434
01:24:13,420 –> 01:24:15,900
Start writing policies about what should be true.
2435
01:24:15,900 –> 01:24:18,220
Don’t write these steps provision a user.
2436
01:24:18,220 –> 01:24:21,900
Write new employees receive access within one business day.
2437
01:24:21,900 –> 01:24:24,220
Don’t write run this script quarterly.
2438
01:24:24,220 –> 01:24:27,020
Write inactive accounts expire automatically.
2439
01:24:27,020 –> 01:24:29,420
Don’t write review this policy annually.
2440
01:24:29,420 –> 01:24:31,980
Write policy enforcement is continuous.
2441
01:24:31,980 –> 01:24:35,820
This mental shift is the bridge between manual and agentic administration.
2442
01:24:35,820 –> 01:24:37,820
Manual administration thinks in tasks.
2443
01:24:37,820 –> 01:24:39,980
Agentic administration thinks in intent.
2444
01:24:39,980 –> 01:24:41,980
Tasks require humans to execute them.
2445
01:24:41,980 –> 01:24:44,060
Intent requires systems to enforce it.
2446
01:24:44,060 –> 01:24:47,420
The shift is uncomfortable because you’re thinking at a different level of abstraction.
2447
01:24:47,420 –> 01:24:48,780
You’re not describing work.
2448
01:24:48,780 –> 01:24:50,540
You’re describing desired states.
2449
01:24:50,540 –> 01:24:51,820
Do this action this week.
2450
01:24:51,820 –> 01:24:53,020
All four, not eventually.
2451
01:24:53,020 –> 01:24:56,700
This week because every week you delay is a week you’re falling further behind.
2452
01:24:56,700 –> 01:25:00,460
Every week you delay is a week your agents are operating without governance.
2453
01:25:00,460 –> 01:25:04,380
Every week you delay is a week your standing privilege is standing.
2454
01:25:04,380 –> 01:25:05,100
Move.
2455
01:25:05,100 –> 01:25:07,500
Now the architecture of the future.
2456
01:25:07,500 –> 01:25:11,580
The satisfying part of the downfall of manual admin isn’t that the work went away.
2457
01:25:11,580 –> 01:25:13,900
It’s that the wrong kind of work went away.
2458
01:25:13,900 –> 01:25:17,820
You spent 15 years approving decisions that the system should have been making automatically.
2459
01:25:17,820 –> 01:25:21,340
You spent 15 years catching configuration drift that should never have happened.
2460
01:25:21,340 –> 01:25:24,940
You spent 15 years in quarterly theater pretending you were reviewing access
2461
01:25:24,940 –> 01:25:27,820
when you were actually just documenting compliance theater.
2462
01:25:27,820 –> 01:25:28,620
All of that work.
2463
01:25:28,620 –> 01:25:29,500
All of that effort.
2464
01:25:29,500 –> 01:25:33,580
All of that expertise applied to problems that shouldn’t have existed in the first place.
2465
01:25:33,580 –> 01:25:35,340
The system didn’t fail because you failed.
2466
01:25:35,340 –> 01:25:37,180
It failed because it required you to exist.
2467
01:25:37,180 –> 01:25:40,140
What replaced you is colder, more consistent and more scalable.
2468
01:25:40,140 –> 01:25:41,020
It doesn’t get tired.
2469
01:25:41,020 –> 01:25:42,380
It doesn’t make exceptions.
2470
01:25:42,380 –> 01:25:43,820
It doesn’t hope things will work out.
2471
01:25:43,820 –> 01:25:45,740
It enforces intent every time.
2472
01:25:45,740 –> 01:25:46,860
Consistently.
2473
01:25:46,860 –> 01:25:47,820
At machine speed.
2474
01:25:47,820 –> 01:25:50,940
By 2026 the admin role transformed.
2475
01:25:50,940 –> 01:25:53,900
The operators who understood this was coming became architects.
2476
01:25:53,900 –> 01:25:55,180
They saw this shift happening.
2477
01:25:55,180 –> 01:25:55,740
They adapted.
2478
01:25:55,740 –> 01:25:58,060
They learned to think about systems instead of tasks.
2479
01:25:58,060 –> 01:26:00,620
They learned to define intent instead of execute decisions.
2480
01:26:00,620 –> 01:26:02,380
Those people survived more than survived.
2481
01:26:02,380 –> 01:26:04,700
Those people became more valuable than ever.
2482
01:26:04,700 –> 01:26:07,100
The operators who didn’t understand became obsolete.
2483
01:26:07,100 –> 01:26:09,740
They spent years getting better at clicking buttons.
2484
01:26:09,740 –> 01:26:11,420
They optimized their task execution.
2485
01:26:11,420 –> 01:26:14,220
They got really good at the work the system could do better.
2486
01:26:14,220 –> 01:26:17,020
When the system replaced them, they had no place to land.
2487
01:26:17,020 –> 01:26:18,380
Their skills were irrelevant.
2488
01:26:18,380 –> 01:26:19,820
Their expertise was obsolete.
2489
01:26:19,820 –> 01:26:21,500
They became the employment statistics.
2490
01:26:21,500 –> 01:26:22,460
This isn’t a tragedy.
2491
01:26:22,460 –> 01:26:23,580
It’s evolution.
2492
01:26:23,580 –> 01:26:26,940
The agente control plane removes human latency from decision making.
2493
01:26:26,940 –> 01:26:29,740
It makes governance deterministic instead of probabilistic.
2494
01:26:29,740 –> 01:26:32,380
It enforces intent instead of hoping for compliance.
2495
01:26:32,380 –> 01:26:34,540
Your job now is to define that intent.
2496
01:26:34,540 –> 01:26:36,540
To architect the rules that agents enforce.
2497
01:26:36,540 –> 01:26:38,300
To think in systems instead of tasks.
2498
01:26:38,300 –> 01:26:39,900
This is harder than clicking buttons.
2499
01:26:39,900 –> 01:26:41,100
It’s also more valuable.
2500
01:26:41,100 –> 01:26:43,820
It’s also the only way to scale governance in an environment
2501
01:26:43,820 –> 01:26:45,900
where decisions are made at machine speed.
2502
01:26:45,900 –> 01:26:47,900
The downfall of manual admin is satisfying
2503
01:26:47,900 –> 01:26:49,980
because it proves something architects have known for years.
2504
01:26:49,980 –> 01:26:51,500
The human was never the bottleneck.
2505
01:26:51,500 –> 01:26:52,220
The system was.
2506
01:26:52,220 –> 01:26:53,420
And systems can be fixed.
2507
01:26:53,420 –> 01:26:54,540
You didn’t need to get faster.
2508
01:26:54,540 –> 01:26:56,540
You needed to remove the requirement for speed.
2509
01:26:56,540 –> 01:26:58,220
You needed to make decisions automatic.
2510
01:26:58,220 –> 01:27:01,580
You needed to build systems that don’t require human approval to operate.
2511
01:27:01,580 –> 01:27:03,420
By 2026 those systems existed.
2512
01:27:03,420 –> 01:27:04,860
Agent 365 was live.
2513
01:27:04,860 –> 01:27:06,620
Agente administration was operational.
2514
01:27:06,620 –> 01:27:07,980
The manual era was over.
2515
01:27:07,980 –> 01:27:10,220
Not because it was replaced by something better.
2516
01:27:10,220 –> 01:27:12,620
Because it was revealed as architecturally broken.
2517
01:27:12,620 –> 01:27:14,940
It required humans to make decisions at scale.
2518
01:27:14,940 –> 01:27:17,820
And no human can make decisions at the speed systems need.
2519
01:27:17,820 –> 01:27:20,140
If you understand this, you’re ready for what comes next.
2520
01:27:20,140 –> 01:27:21,980
If you don’t, you’re already obsolete.
2521
01:27:21,980 –> 01:27:24,300
Subscribe to the M365FM podcast
2522
01:27:24,300 –> 01:27:27,500
for more deep dives into the architecture of Microsoft 365,
2523
01:27:27,500 –> 01:27:29,980
Copilot, and the systems reshaping enterprise IT.
2524
01:27:29,980 –> 01:27:31,100
Connect with me on LinkedIn.
2525
01:27:31,100 –> 01:27:32,940
I want to hear what you’re building, what’s breaking,
2526
01:27:32,940 –> 01:27:36,140
what you’re learning about, the shift from manual to agentic administration.
2527
01:27:36,140 –> 01:27:37,100
The future isn’t coming.
2528
01:27:37,100 –> 01:27:38,060
It’s already here.
